# Lifestyles & Discussion > Privacy & Data Security >  How do you protect your internet privacy?

## Sematary

As we all know, big brother is watching, and keeping records. So how do you protect your privacy?

Currently, I am connected to the TOR network, which gives me both internet and email privacy. Very nice. I think I'll be going to a full blown VPN service fairly certain but for free, this is a great way to protect your privacy and keep big brother from following your every cyber move.

----------


## CPUd

TOR provides anonymity, not privacy.  Anyone can set up a TOR endpoint, and everything you do is visible on that machine.  If you are using email through TOR, this means if they really wanted to, whoever is running the machine at that endpoint could read your email.  I've known people who set up TOR endpoints just so they could sniff usernames/passwords.

To have 'strong privacy', a VPN is the way to go.  With encryption, your ISP will only see you making connection to the VPN.  Assuming you set it up properly, they won't know what sites you visit, and can't read the data that passes through.

----------


## DGambler

What are you connecting to if you setup this VPN?

----------


## CPUd

The VPN is a service on a remote server; it sits there and listens for its client to connect.  Many companies provide dedicated VPN service, but you could do it yourself on any remote server you have root access to by running your own, such as OpenVPN.

Back in the day, you had phone numbers you could dial into via modem and connect directly, but this was mostly used by people working from home who needed to connect to their company's network.  Nowadays, the dialup connection doesn't provide the necessary bandwidth for most users, the users are no longer just corporate users, so the thing to do now is to connect over an existing internet connection.

To make it secure, it uses what is called a 'tunnel', so the tunnel can exist over HTTP, but outside the tunnel, all you see is encrypted traffic between 2 points.

----------


## Sematary

> The VPN is a service on a remote server; it sits there and listens for its client to connect.  Many companies provide dedicated VPN service, but you could do it yourself on any remote server you have root access to by running your own, such as OpenVPN.
> 
> Back in the day, you had phone numbers you could dial into via modem and connect directly, but this was mostly used by people working from home who needed to connect to their company's network.  Nowadays, the dialup connection doesn't provide the necessary bandwidth for most users, the users are no longer just corporate users, so the thing to do now is to connect over an existing internet connection.
> 
> To make it secure, it uses what is called a 'tunnel', so the tunnel can exist over HTTP, but outside the tunnel, all you see is encrypted traffic between 2 points.


Ya, I recently set mine up. There are a possibility of about 8 different servers I could be connecting to at any given time from Canada, to Germany or even the Netherlands. Much better than TOR and it's faster, too.

----------


## Dr.3D

So how do you know you can trust the VPN provider?   Suppose it's something the FEDS set up and they are monitoring it 24/7?

----------


## RickyJ

> So how do you know you can trust the VPN provider?   Suppose it's something the FEDS set up and they are monitoring it 24/7?


You can't. The only way to have real privacy over the Internet is by encrypting anything you send out that you want to remain private. A VPN is not needed for this. Even then, if you can't trust who you are sending it to to keep it private, it won't work. 

It is kind of like telling a secret to someone, if they don't keep it then it is no longer between just the two of you.

----------


## JoshLowry

They'd probably just quietly install something on your machine if you are trying to hide. Keyloggers, backdoors, recordings of screens, etc...

----------


## pcosmar

> They'd probably just quietly install something on your machine if you are trying to hide. Keyloggers, backdoors, recordings of screens, etc...


Then you need an Operating System that does not just install things without your knowledge.

----------


## JoshLowry

> Then you need an Operating System that does not just install things without your knowledge.


Is there one?  I seriously doubt anything is secure.

It also is one less worry for me.  No way I would want to try and attempt to cover my tracks.

----------


## DGambler

> Is there one?  I seriously doubt anything is secure.
> 
> It also is one less worry for me.  No way I would want to try and attempt to cover my tracks.


One of the Linux flavors.

----------


## Dr.3D

> One of the Linux flavors.


You don't believe there might be a very talented coder that could write something that would install on that system without you knowing?

----------


## pcosmar

> You don't believe there might be a very talented coder that could write something that would install on that system without you knowing?


Anything is possible,, but with Linux there are a lot of eyes on it. The Code is open and constantly (daily) updated.
there is nothing hidden and any flaws found are published to the web, and fixed .

Inherent to the system is security. and nothing installs without Root Permissions.
There are a few known Rootkits,,but scanning for them is easy..
Essentially,, you may be able to trick a few users to install something nasty,, but nothing that would be widespread.

In order to pull off a Linux backdoor,, you would have to get it past the entire Linux Community, from developers, to testers and users.
And they, as a whole are a rather  Freedom oriented bunch, with a natural paranoia of government.

Not likely.

----------


## opal

Tor question ... I've just recently gotten tor and it's DOG ASS SLOW.. is it that way by design?  is there any way to speed it up?   over half the sites I try to go to (including my email and here) time out more than they load

----------


## cjm

> Tor question ... I've just recently gotten tor and it's DOG ASS SLOW.. is it that way by design?  is there any way to speed it up?   over half the sites I try to go to (including my email and here) time out more than they load


It is somewhat by design.  With your regular browser, you can make a direct connection to a web server in the US with just a few hops.  With tor, your request for a page is being routed through Finland or South Africa or some other remote place first (and so is the web server's response).

----------


## opal

Gotcha.. thanks

----------


## cjm

> Anything is possible,, but with Linux there are a lot of eyes on it. The Code is open and constantly (daily) updated.
> there is nothing hidden and any flaws found are published to the web, and fixed .
> 
> Inherent to the system is security. and nothing installs without Root Permissions.
> There are a few known Rootkits,,but scanning for them is easy..
> Essentially,, you may be able to trick a few users to install something nasty,, but nothing that would be widespread.
> 
> In order to pull off a Linux backdoor,, you would have to get it past the entire Linux Community, from developers, to testers and users.
> And they, as a whole are a rather  Freedom oriented bunch, with a natural paranoia of government.
> ...


This is true.  I have a high confidence that the operating system I receive from a Linux distributor is free of backdoors and other malware.  As pcosmar notes, anything is possible, but it's not likely.  

Once the operating system is in the hands of a user, however, poor practices can make a Linux distribution just as weak as any other operating system.  If you turn up a Linux box and give root a weak password like "6yh7uj8ik" and have no firewall in front of it, it will be compromised.  For those that think this password looks random enough, look down at your keyboard.  Keyboard patterns like this are stored in password databases and used by the bad guys to try to log in as root.  Even replacing letters with numerals like r0nP4u1 isn't safe.  Standard dictionaries are used with these common numeral replacements to generate more guesses.   There are password databases with Klingon words in them.  You want to have a truly random password for root.

To prevent the bad guys from accessing your system with a brute force attack (guessing random character strings) you should either disable sshd or put a firewall between your computer and the internet.  If your sshd port will be exposed to unknown computers at starbucks or the public library, or if you have allowed traffic on that port in your firewall, you should disable remote password login for root and only use public key authentication.

Pcosmar also notes that the code is updated constantly.  Users need to make sure that code gets installed.  If you ignore the security patches, your computer will become less secure over time.

Locking down root/sshd and applying security updates will protect you from most of the nastiness out there.  Most bad guys go for the low hanging fruit so if they can't get into your system with a remote ssh script, they move on to the next IP address or whatever.  I have had Linux servers exposed directly to the internet for about 12 years now and the only time I had a problem was when I got lazy and used a keyboard pattern for root's password after a fresh installation with the intent to lock it down later.  I knew better, I just got lazy.  Luckily it was a fresh installation so I just wiped it and started over with a random password, set my rsa keys, and disabled password login for root.

It's a good idea to disable daemons that are not being used and a few other things, but for home computers behind a typical linksys type firewall that really isn't necessary.  If anyone is intimidated by any of the jargon in this thread like "rootkit" or "sshd," you can always find local help in a linux users group.  Most large universities and metro areas have them.  They will have people who are happy to take a look at your computer and help you set it up -- much easier than trying to understand forum posts or security how-to guides if you're new to all of this.

----------


## cjm

> Gotcha.. thanks


No problem.  And if it's so slow that it's unusable, you can click on the onion icon in the upper left corner of the browser and select "New Identity" -- that will route you through a different tor server giving you a new IP address and hopefully better performance.  You will lose all the pages you have open when you do this though.

----------


## opal

Good to know    thanks
my little onion is on my task bar at the bottom

----------


## tangent4ronpaul

Keep an eye on where your exit point is.  NSA has a TOR server that I have never seen as anything except an exit point - when things go unencrypted, and apparently can reset your connection with their being the tail.

-t

----------


## CaptainAmerica

sometimes the best anonymity is to not be noticed,to not stand out like a sore thumb. Imagine it like a painting and every brush stroke represents a person...if you intentionally try to hide everything you will stick out like a dark blue shadow stroke of paint over a wide area of white paint strokes, although you may look unformed and unshaped etc.. you are noticed right away for trying not to have form or shape in the painting. Sometimes its best to just not stand out,especially in this era of internet surveillance

----------

