How do You Protect Your Online Privacy?

P asks: "In the light of the recent discussions about on-line privacy: What can one do to protect his/her on-line privacy, while still having a enjoyable web experience? For example, are you using PGP for all your emails and Zfone for all your VOIP traffic? Or are there better ways of protecting oneself? Share your tips and tricks."

GPG and Thunderbird

[chicken_tonight]

I was using GPG in Thunderbird, linked to my gmail account. This was just for signing though, so it was more to protect my identity than my privacy. I believe GPG does encryption too. It was seamless once it was setup, but I use gmail from too many places. It just wasn't worth it. Here's hoping Google adds support for this sort of thing to Gmail.

built-in security?

[Anonymous Coward]

This isn't a direct answer, but it's directly related. I've always wondered why network applications don't use encryption by default. For practically everything, from web servers to instant message apps, you have to go out of your way to set it up with any decent level of security.

Why aren't all connections passed over ssl or ssh? I know it's a bit of overhead, but it's not that significant for modern desktops.

Why isn't it the norm to see web servers running SSL? Why is SSL reserved for only financial transactions? For high-traffic web sites, this will slow the server down a little, but isn't that a valid tradeoff?

People seem concerned about the NSA wiretapping scandal, but this would be largely moot if the traffic they were snooping were encrypted. I can't be the only person who wishes encryption was the standard rather than the exception.

Re:built-in security?

[Musteval]

Because it would be just awful if the NSA knew that you were going to Slashdot ... ?

There is almost nothing online that necessitates encryption, except for things involving money, which already encrypt things. If you personally want privacy for something that most people don't care about privacy for, use Tor. Not that hard.

Re:built-in security?

[redelm]

One more thing to go wrong and increase support costs. Or if you like tinfoil, 'cuz the NSA want their job easier. There's no way they could snarf anything beyond src/dst/vol/time traffic analysis if most of the net were encrypted.

I suspect some netzis like China (Singapore?) would ban encrypted traffic if they could.

Re:Forget it

[QuantumG]

Back in 1998 I was raided by the Australia Federal Police. They were looking for evidence on computer crimes allegedly committed by people I had allegedly spoken to on IRC. They weren't after me, but I was still thankful that my harddrive was encrypted and there we no laws, at the time, that could be used to force me to give up my encryption keys. Had there been evidence on my harddrive that I had committed a crime (there wasn't, unless I'm committing crimes and I'm not aware of it) I would have been facing jail time, even though the AFP did not have any justification to search that computer because of anything I had done.

Whois records

[Centurix]

I once received an abusive e-mail from some guy who was receiving loads of spam from a source using a rotation of from addresses. My address happened to appear on the mail he received and it he snapped, firing back at me. His mail address was from his family business, looked up the whois information which was correctly filled in. Phone number, address etc, simple google of the domain name showed me forums in which members of the family had posted in, different topics, cars, real-estate. From there I could build quite a profile of this person, his family, where they lived, google earth supplied satellite images of their house. I knew what kind of cars they owned, how much their house cost and when they bought it (purchasing records of individual houses was available online as part of the council areas statistics).

I sent him a mail explaining that it wasn't me sending the spam, and he wrote back apologising, then I explained to him all the information that I'd found including the google earth picture and he couldn't believe what I'd come up with by just roaming around the net.

agreed

[Anonymous Coward]

Long live cash!

And fuck grocery store 'discount cards'. I've found it is best to get a new card with application, then discard application and continue to use card. If the application is necessary, the store's address and name of "General Manager" usually works for as long as you need the card.

Re:Forget it

[Anonymous Coward]

seriously, if "They" want your data, They will go through your trash, subpoena your pay records and phone records, and tap your phone line. "They" will know more about you than you can imagine, regardless of whether you use encrypted VoIP or not.

I don't know where you're from, but here in the US if "they" want to tap my phone or see my data and pay records "they" just do it. Subpoenas are for people who hate America.

Remember kids: If you're not doing anything wrong, then the fact that you're gathering huge amounts of information about everyone is all you have to hide. Or something like that.

Re:Disable Cookies

[linvir]

For those of us who don't use Firefox, it's easier and way more satisfying to blacklist those domains completely. Tacoda.net could be in the business of giving away free signed copies of Windows 98 to 3rd world puppies for all I know, but as far as I'm concerned they've dirtied their name with the crappy type of advertising, and I don't want to see anything from their servers. It'll be an annoying day when google catches on and brings google-analytics.com under google.co.uk, though.

Re:Here it is take it!

[RedOregon]

It's not a "throw-off" credit card, but my MBNA card has a nice downloadable app called ShopSafe that I *love* and use religiously.

It lets you generate a "one-time use" number, with a limit on the amount and expiration date. Once that number is used, it can't be used again. I just used it to buy a radio for my Harley; the price was about $700 plus shipping, so I made the amount $800 and expiration date two months out.

Once the company uses that number, it's locked. I can go into ShopSafe and reclaim the unused amount afterwards. Even if that company's server (or any other broker company they might use) gets cracked, my *real* credit card number is still safe. I've been using ShopSafe for at least two or three years, for *every* purchase I make online, and only had the throwaway number rejected *once*.

I went to a competitor's site and ordered there.

No affiliation with MBNA, I don't gain anything from this, bla bla bla....

Re:Electronic Frontier Foundation, Tor, & Priv

[Anonymous Coward]

or join the underground network named AnoNet [brinkster.net], stops snoops on both the inside and the outside. its a self contained internet on top of the internet running over multiple vpn's, it might even have holes to the outside via a tor or proxy servers, i use it all the time, not only from an anonymous point of view but also the networking experiments, great community, great spirit.

free the nerd inside you!