Skip to main content

Securing yourself online - a beginning (101)

Online presence is very different from physical life. Our intuitions aren't good at all, when it comes to protecting ourselves. No amount of clever habits will be enough. Having said that, I hope that a small effort by each of us can help our network be more secure, gradually.

Here is a simplistic view of how you get hit by vulnerabilities and infections in the digital universe:

WARNING: "Diffuse, hand waving kind of math" alert! Yes, I'm working on a virtual Ph.D :)
your possibility of getting hit =
   SUM over all i ( virility_of_attack * rate of spread * impact-level * network-size * habit_probability * hours spent online)
where,
  i is in the set of all vulnerabilities and attack vectors.
  habit_probability = f(browsers, machines, apps, shop, online_vendor_site)
  network = {home | work | public_wifi | private_net | mesh_net }

You will be under constant attack. No question.

Your basic actionable item is to minimize your attack surface. 


Like a hunter girl (with essential hunger needs), crouch, be silent, do not get into the vision field of a foe easily, watch your step, carry your bows and arrows, stop shouting in an open valley, cover your back, cover your tracks, and stay on the downwind side of any animal. Like a farm boy, remove your weeds constantly, water your good plants often, eat healthy, be happy with repetitive monotonous but essential discipline of your field, and always expect the weather to fail you.

So, here are some things to do:

 1. Get an anti-virus software (or equivalent for your device)
 2. Always use https (encrypted http). Use the "https anywhere" browser plugin
 3. Never conduct privacy sensitive transactions on public networks. Always use a VPN.
 4. If (3) is not possible, always use TOR Browser in a virtual machine.
 5. Never download anything when you are on a public network. Always use VPN.
 6. Never visit a site that has blinking images or too much bright contrasting color/image layouts. At very least, walk away after first sign of trouble.
 7. Set up your browser to expire cookies/passwords/history every time you quit the browser. This is a browser setting. It is painful to do, but saves your Bass.
 8. Clean out your browser cookies every week. Sunday night is best, since you'd have finished polluting your environment by then, ready to infect yourself tomorrow, on a fresh week.
 9. For your sensitive transactions, always use a linux/*nix virtual guest OS (even on windows).
10. Never click on a URL immediately. Pause/Hover on the URL,  verify that the actual link is the same as the link it appears to be. Click only when you see a valid website when you hover. 
11. Sorry googlers, but try using "https://startpage.com/" or "https://duckduckgo.com/" for sensitive searches. They preserve the original site's URL in the result link. They also don't pass on upstream info to their providers or consumers (the ones who pay for ads and such on their properties).
12. Disable search history tracking on your gmail account. Now would be nice.
13. Disable facebook public visibility for your posts/profiles. Also spend time on security settings.
14. Disable LinkedIn public visibility for your networks/posts/profiles. Don't friend a person on linkedin that you didn't think of friending/connecting by yourself (i:e, think twice before you act on that email).
15. Always disable background refresh on your iPhone (or equivalent settings on your Droids)
17. Disable popups on your browsers. It is a setting that can be enabled on per-site basis.
18. Enable Do-Not-Track on your browsers. Now.
19. Use Ubuntu/CentOS linux wherever you can. It is really easy nowadays. Only use windows in a work/secure VPN, when protected by an anti-virus.
20. Limit your apps to about 10-15. Some suggestions: Email, Phone, Fitness, Chat, Video-chat, Task-manager/Notes, Presentation/Video/Browser, 1 Game, 1 RSS feed, 1 Sound/Podfeed. That's it. You don't need anything more if you want to live safely. The app that tells you your inner nature? Forget it. You already know it.
21. Invest in learning about security. This is your only bow/arrow/tool/weapon. Nothing else matters as much as learning and practicing safe netizenry habits.

You may still fail.

The car may hit you. But, at the very least, you'll see the license-plate and the driver's face as the headlights slam on to you as you dive for cover. You may save your life, although you may still be limping for a while.

But don't be a deer in the headlights. You deserve better.



Comments

Post a Comment

Popular posts from this blog

Why PI is not 4, math is great, and other mysteries.

The other day, I found myself with an interesting problem of approximating a circle with the enclosing square which seems to prove pi = 4. The paradox was forwarded by a most interesting puzzle collector, Surajit Basu, a friend and life long inspiration. See Sonata for Unaccompanied Tortoise for why! Here is the offending paradox: This is an example of how counterintuitive questions can be answered with a little calculus. The key is to realize that no matter how closely we approximate the circle, the orthogonal lines of the approximation formed by inverting the square corners will never actually be tangential to the circle. Note carefully that as you get closer to 90 degrees, the horizontal line is much longer than the vertical. Same goes with the approximation at 0 and 180 - the vertical line is much larger than the horizontal component. If we take a quadrant of the circle - let's say the top left quadrant, moving counter clockwise from to
5 comments
Read more

Architecture, Engineering, Operations - 1

The world has infinitely more stuff to be "done" nowadays. At least in the sense of building/running an institution that uses technology, there are many roles that are involved in making things work. The world of IT and technology in general makes the speed and variety possible. We now have a platform of IT that is globally scale-able if we can put some new thinking to the old problems of "getting things done". There are great organizations that do this well, and they use modern IT principles to achieve this. Fundamental to engineering a modern IT (or infrastructure organization) are the three roles of Architecture, Engineering and Operations. Some would say Architecture is encoded Engineering-history, but for now, we will keep them separate. The popular definitions for these roles are about output delivered or the domain of discourse. The personality drives that determine the actual performance are not discussed, as far as I can see, in a holistic fashion i
Read more

Ambition vs. Fear.

Most important things in life don't come to us. Nor do we get them by seeking/wanting them. It comes from letting go of the unimportant stuff. The hardest part is letting go of the tendency to take the world as is. This is a habit of our past successes. But success is not a destination, it is a STOP sign. You stop, wait, and move on. Too often, we are paralyzed by success into the fear of the new. We stall on the road to a new life. We need to break our inertia and move. Our thoughts and thought habits are hard to break. But that is where we have to spend the most energy. Thoughts are always competing strands  - of worries of the past and anxieties for the future. For some of us, they are cleanly separated into rivers that nurture every place they travel. For most, they are like the torrents and trickles -- competing, rushing somewhere, stopping completely elsewhere, always mixing, morphing, competing, winning, losing. Our thoughts are the potential difference between the t
5 comments
Read more