A few days ago around the dinner table, my family was talking about how police can monitor everything you do on the web and track you. Because he is registered as the owner of the router, my father says that he can view everything I do as it passes through the router. Is this true? And if so, how can I bypass this?
Yes, it’s true.
But before you focus on it too much, there are two things to keep in mind:
First, it’s not really easy for the average consumer.
Second, there are easier alternatives to monitoring than your router.
Let me explain what I mean and what you can do to protect yourself — if, indeed, you can protect yourself at all.
I just saw this article where a company did a forensic investigation of one of their employee’s computers. How do they find searches and network activity if one clears their cookies and uses CCleaner?
There’s so much more to your computer, as well as your activity history, than just cookies and whatever tools like CCleaner can clean.
So much more.
I’ll review a few of the more obvious ways employers can recover or collect information about your activity. Realize, though, it’s not with the intent that you be able to hide what you’re doing, but to illustrate the futility of even trying.
One of the hidden issues in online storage is privacy. Almost all online storage providers have the ability to examine your data or hand it over to law enforcement even if the provider has encrypted your data.
Hopefully, most of us will never have to deal with the law-enforcement scenario, but even the realization that a rogue employee at an online data storage provider could peek into what we keep online can cause concern. For some, it’s enough concern to avoid using cloud storage at all.
The solution is simple: encrypt the data yourself.
Unfortunately, implementing that “simple” solution isn’t always that simple or transparent, and can add a layer of complexity to online storage some find intimidating.
BoxCryptor is a nicely unobtrusive encryption solution that is free for personal use.
I recently had to send some very private identification papers over email. Now normally I wouldn’t do this and I would use snail mail instead but this was very urgent and I thought I would take a chance. As far as I know, no ill has come of it but I was wondering what ways are there to send emails securely across all platforms and also be sure that the right person on the other end gets it?
I’m occasionally faced with this same dilemma. Either for expediency or convenience, I want to email something I wouldn’t want to fall into the hands of anyone else.
While there are many approaches, there’s really only one pragmatic approach.
When I visit a web site that collects visitor statistics, I understand they can see my IP which will tell them my ISP, that I have a Mac, the area where I may live, what browser I use, if I’m new to the site, or if I click information on the site. But can the site collect the following information:
My computer name (the name I assigned to my computer)?
My browsing history (any/all sites I’ve visited and when) or can they just tell the number of items in my history?
Email addresses associated with my computer?
I’ve reviewed similar questions but I’m not sure I truly understand what information a web server can collect from my connection/browser.
This turns into a fairly complex answer pretty quickly. It’s both more and less than you might think.
There’s been a tremendous amount of discussion relating to the amount of data kept, shared, sold — and occasionally leaked — by large service providers like Facebook and Google.
Regardless of how you feel about it, it highlights something I believe is important to realize: these services collect a lot of data. We may never know just how much is being collected or with whom it is being shared.
However, both Facebook and Google allow you to download data they’ve collected relating to your account. It’s unlikely to be everything, but even so, it’s a heck of a lot. It’s worth understanding what they have.
A few minutes ago I scanned a page on generators from a Harbor Freight catalog and sent it to my son using Gmail. A few minutes later I got an email from Harbor Freight — in Yahoo, via Thunderbird — with this subject line: “You Can Rely on These Predator Generators on Sale Now.”
How does this happen? How does Harbor Freight know that I’m thinking about generators? Seems like there’s something on my computer monitoring my outgoing emails and alerting sellers to send me an ad on the item.
Or is it my son’s computer that’s doing it?
Either way, it’s creepy and something I’d like to stop.
I understand it feels creepy, but many aspects of what you describe represent the “cost” of free services like Gmail and Yahoo! Mail: advertising.
There’s not enough information for me to say exactly what happened, but I’ll describe some possibilities. There’s also one aspect of it I can’t explain at all.
I was dating a guy who installed Linux on my computer and is also the administrator on my computer. He can completely monitor my computer from his home. We are no longer dating but he is still screwing around with my computer. What can I do? He also knows my passwords.
I normally avoid these types of relationship-related tech questions, because they’re more about relationships than about technology. And I’m certainly no therapist.
However, I get this type of question often enough that I’m going to use it as an example of the technological implications when good relationships go bad.
Short answer: you’re in trouble until you take some drastic action.
In one of my more important articles — A One Step Way to Lose Your Account … Forever — I discuss the sad reality that accounts are frequently lost because people fail to set up recovery information (or keep that recovery information current).
In most cases, it’s a simple oversight with disastrous results. One day, your account gets compromised somehow, and you have no way to prove you are the legitimate owner. Without that proof (in the form of recovery information used to verify your identity), your account is no longer your account. Period. Forever.
Sometimes, however, there’s a much more frustrating reason people fail to provide recovery information — in particular, their phone number.
This is a multi-part question and pertains to computer forensics. Specifically, locating those mysterious, deeply hidden files that (supposedly) contain your computer’s entire history – every keystroke ever made. Accessing those files. Viewing the contents. Deleting the contents. Understanding how a utility like DBAN can “find” and nuke them, but I as the computer owner can’t. And finally, if every keystroke really has been recorded to some hidden file, how come it doesn’t wipe out available space on my hard drive.
This is a relatively persistent family of questions that comes around from time to time, particularly in times of concern about individual privacy.
There are several misconceptions in the question.
Further, those misconceptions are based on kernels of truth, which means I can’t just say “that’s wrong”; instead, it’s more a case of “it’s not like that — it’s like this”.
Let’s see if I can clear up the confusion. To do so, we’ll need to talk about keystrokes, loggers, hidden files, erasing files, and really erasing files.
Our computer’s hardware – the circuits, chips, disks, memory, cables, and connectors – are all things we rarely think about when it comes to considering our privacy.
We would be wise to.
While not as easily compromised, since it requires some form of physical access, hackers know we take our hardware for granted, and when it comes to gaining intrusive access to our information, hardware represents a way in.
For a variety of reasons, VPNs, or Virtual Private Networks, have suddenly become quite popular. It seems like you can’t open a tech web site or news source without hearing that VPNs are the solution to all your security and privacy issues.
Sadly, that’s not the case.
VPNs can be useful to solve a handful of specific problems:
Sniffing: protecting your communications from being intercepted when using open WiFi hotspots.
Relocation: making it appear as if you are located somewhere other than your actual location.
Surveillance: protecting your communications from being monitored by certain third parties, such as your ISP.
Exactly what to look for in a VPN provider varies depending on exactly which of these problems you’re attempting to solve.
I was taught that it is impossible to delete, I mean totally delete, anything on the internet. The protocol of the computer or network simply buries it deeper in the systems and scrambles a random password to recall it. Find that scramble code and Presto! You can recall the deleted item(s).
Um…. no. There’s no magical “scramble code” to recover anything.
But that does raise a very interesting conundrum. We often say “the internet is forever”, while at the same time saying, “be sure to back up, because once you delete it, it’s gone”.
The ways of both the internet and deletion are more complex than most people realize. While these two statements appear to be diametrically opposed, they’re both very, very true, often at exactly the wrong time.
I’ve written several privacy-related articles discussing the various aspects of risk we assume when we use technology. From the computers we use to the systems that run them, as well as the applications and tools we rely on, each adds risk of some kind of exposure.
And yet, in my experience, the greatest risk we’re exposed to has little do with technology.
It’s a risk we don’t think of – and yet I see privacy directly invaded more often due to this than any other reason.
That’s a phrase I’ve used in several articles on security, but with the recent emphasis on privacy as well, I’ve decided it deserves its own dedicated discussion.
You can have the best security software. You can be the greatest at identifying and avoiding phishing and other attempts to trick you into downloading malware. You can have the greatest, strongest passwords, doubly secured with two-factor authentication….
… and it’s all for naught the moment someone else gets their hands on your machine.
In a previous article, I discussed the fundamental nature of our computer’s operating system: its absolute power to see, and potentially expose, anything we do. We frequently assume, often without actually thinking about it, that the OS is trustworthy.
That may or may not be true.
When it comes to the operating system, our options are limited. There’s really no choice: in order to use our device, we must use an operating system of some sort.
When it comes to the applications we install on our computers, we have both more choice and more risk.
With the release of Windows 10, Microsoft took a lot of heat for particularly permissive default privacy settings, as well as being unclear about exactly what information is sent back to Microsoft, and under what conditions.
While they’ve addressed some of those issues in the months since, it all serves to highlight an important concept that many people all too readily overlook: the operating system on your machine has a tremendous capability to protect – or violate – your privacy.
My friend’s husband has been getting into her email even though she’s not given him her password. He has confronted his sister about an email and when asked how he got into the email he says that where he works (a large hotel chain), they have a program that searches emails for keywords and brings info up. Could that be true? Can they snoop on hotel internet traffic?
Hotel internet security is one of the most overlooked risks travelers face. I’m not just talking wireless – I’m talking any internet connection provided by your hotel.
In fact, I’m actually writing this in a hotel room, and yes, I have taken a few precautions.
Hi, Leo, when I logged on to eBay it’s using https. But when I then move off the sign-in page, it’s evidently no longer https; it’s plain old http. If we’re traveling and we use Wi-Fi, will our eBay activities be secure?
Your instincts are right. An http page does not provide a secured connection. This is a very important thing to realize about the difference between http and https. The fact that eBay uses https for the login means that yes; your login at least is protected. That means someone in an open Wi-Fi hotspot, or with some other kind of network access, can’t easily sniff the traffic and determine your eBay login credentials. That’s a good thing.
However the fact that after you log in it switches back to http means that the rest of your activity is not protected by encryption.
Leo, you’ve made a big deal about how insecure it is for an internet browser to remember your login information because it can be viewed by anyone using that browser. However, what about websites that offer to remember your login information for you? An example of this is Google. When you are logging in you can simply check a box that says, “Stay signed in” and unless you actually physically log off, you’ll remain logged in. If you don’t check that box, simply closing the browser will log you off.
Let’s say I’m taking my neighbors laptop on a business trip for several days. If I stay logged into Google with the “stay logged in” button for the duration of the trip and I physically log off before I return the laptop, will my neighbor have access to my account information like he would if I had Chrome remember any of my passwords? This is assuming that I don’t delete any sort of browser information. All I do is log off.
The good news is that as long as you remember to log out, you’re relatively safe. The bad news (besides my having to use the word “relatively”) is of course what happens when you forget to explicitly log out.
The scenario looks like this: you’re ending a long and successful relationship with your employer (or maybe a not so long or successful one). But while you were there, you were allowed to make use of your assigned computer to do things like check your personal email, use an instant messaging client, check in on Facebook, and maybe even surf the web occasionally for non-work related things.
Now on your way out the door, you’d like to make sure that your personal account information isn’t left behind. And perhaps clean up a few other traces of your activities as well.
I recently put my name into the Norton search engine and came across the following:
Ad related to (the person asking the question’s name appears). (His name) “was arrested?” and then the name of a website that promises to check your records with the phrase “free public record search application.”
Not only was I shocked (to see his name in the ad) but felt that anybody repeating a search on my name would infer I had a criminal record, I have written to the company demanding that the offensive link of my name with a criminal history be removed – although I’m not sure that they would be responsible for the context of my name in their advertisement for checking on an individual’s criminal history. The sad thing is that if you put anybody’s name into this company’s search engine, until a fee is actually paid, it conveys the impression that a specific inquiry would lead to a criminal background. Your words of advice would be appreciated.
First, I’ll explain what you can do about ads like this. Then, I’ll try to explain why this misleading ad is popping up in the first place.
What identifying signatures are given off by my laptop when I’m connected to a wireless network? I’m sure that my WiFi card, hard drive, Windows ID, and other identifying information is broadcast, but what is it? Would I guess that a traffic sniffer would show the make and model of my computer? Or does it go deeper than that?
Actually, it doesn’t go that deep at all. In general, it’s not as much information as you list… as long as you’re doing things right.
My daughter is using my email address to purchase goods instead of using her own email address. Is this a dangerous procedure?
It depends on two things: what you think of your daughter and what she thinks of you. 🙂
Now, I’m assuming that we are only talking about your email address and not your credit card. When you are handing over financial information to someone else, even your daughter, that’s a whole other game and a different set of issues.
When we come down to just the email address, things are actually relatively safe, but there are a few risks that you (and she) should keep in mind.
In your articles, you often mention that an IP address cannot find out my actual location. OK. Then how does Google know my location … my actual location?
That’s an interesting conundrum. I’m actually somewhat surprised at how accurate Google can be at times, but you also have to realize that you give Google a lot more information than just your IP address.
At the start of a public gathering event for my child’s school today, the principal surprised me by requesting that parents who took photos of the event with their mobile phones should switch off the geotagging function because it can expose the children to risks associated with privacy. I later took her aside and she explained to me about having recently learned that hackers are able to steal an image uploaded to one of the many image sharing sites or the iCloud as she described it, merely by using the geodetic coordinates of the location where the picture was taken. Is this true or yet another contemporary urban myth?
Urban myth or true fact? Well, it’s somewhere in-between.
Let’s begin by talking about what the principal said. Then, I’ll explain where she might be getting confused about geotagging.
Hi Leo. I read your bank app article from last August of 2012 but what I’m still wondering is if I’m ok or safe to use my Bank of the West iPad, iPhone app at a McDonald’s or motel’s Wi-Fi and how do I know if my app is using https or not? I should note that our devices are Wi-Fi only – no data and the Bank of the West, my example, has always seemed very security conscience. Thanks.
Well, to answer the question in the middle of this, “How do you know whether your app is using https or not?”
The bad news is you don’t.
And there’s no way to tell which technique a mobile app on an iPad or an iPhone, or on an Android device may use to confirm that it’s using secure connections.
I would like to clear off/erase all of the programs on my hard drive and clean it up before I donate my computer to a worthy cause. What’s the best/simplest way to do this?
To begin with, good on you not only for your donation, but for thinking to do this. All too frequently we hear of computers being donated by banks, hospitals, or other institutions and then turning up with all sorts of private information that should have been erased first. The best way? Well … how paranoid are you?
I recently changed from Verizon DSL to Charter Cable internet services. About a week later, I started receiving warnings via email from Charter telling me to stop downloading music from limewire (copyright infringement?). After that they sent notices to stop downloading movies from UTorrent. What’s funny is that both were files that never finished downloading. What I want to know is how do they know who I am, where I go on the internet and when I choose to save something to my computer? How does someone else know when your on a website downloading anything?
Well to start with, Charter isn’t just any “someone else” … they’re your ISP.
And as your ISP they know a lot about you, and have the ability to do a lot with that information.
Verizon could have but for whatever reason chose not to.