Overview: How to reduce the likelihood of personal data leakage

Six years have passed since the revelations of Edward Snowden, but the privacy situation on the Internet is not getting better. Intelligence agencies around the world are still eager to learn as much information as possible about ordinary users of the network, and cybercriminals seek to use this data for personal gain. Plums about new global surveillance programs, botnets from hundreds of thousands of hacked home devices regularly appear.

And although it is clear that it’s unlikely that you will be completely interested in protecting privacy if the security services are interested in you, there are still means to reduce the likelihood of leakage of your data into the hands of government agencies and intruders from around the world.
')

Encryption tools

Tools that allow users to encrypt data and communications do not like special services all over the world. They look for vulnerabilities in encryption algorithms, inject backdoors into them, try to block access to such services. A complete guarantee of protection will not be provided by any tool, but their combination can significantly reduce the likelihood of the leakage of your personal data. Here are some of them worth using:

• Install Tor and VPN (I use iNinja ), always use them for web surfing.
• For email communications, use encrypted clients, like ProtonMail .
• Files on the disk can be encrypted using FileVault for Mac and BitLocker for Windows .
• Use instant messengers that allow you to encrypt correspondence ( Signal , Telegram ).

Restrictions on Internet access for different gadgets

The development of the Internet of things, on the one hand, is convenient, and on the other hand, more and more devices are being connected to the network, and even those who don’t really need it. Smart TV, baby monitors, webcams - all these devices can be hacked, often remotely and at no cost.

Studies show that developers of connected gadgets do not really care about security and leave a lot of vulnerabilities in firmware, including stitched default passwords - you don’t need to be a hacker to read them in the documentation, find a device sticking into the network through Shodan and take complete control over by him. As a result, situations are possible when hackers managed to spy on families that used baby monitors, and even talk to children through the built-in microphone or photograph them and upload pictures to the network.



One of the leaked images

Security researchers found that approximately 15 out of 100 devices have never changed passwords from default values. And knowing only the five most popular couples, you can get access to the "admin" of every tenth device:



Popular standard logins / passwords that are set by default by manufacturers of IoT devices

Since you will not be able to affect vulnerabilities of this kind, the only way out is to disable Internet access for all devices that do not need it to perform basic functions. If a smart refrigerator can cool food without connecting to the network - let it work.

Install Updates

It’s amazing how many people don’t follow this simple but effective advice. According to statistics, the average age of the firmware on an average home router is 3-4 years. During this time dozens of vulnerabilities are found in them, including critical ones. As a result, anyone who wants to penetrate the home network does not need to make an effort, but simply use the exploit to an already known error.

Installing updates is not the most fun thing in the world, but it really increases the level of security.

Security cannot be exchanged for convenience.

Mostly, this tip implies a limited use of cloud services. You can not be sure of the security of your data and files if they are not stored on your server, somewhere in the cloud. Even in case of leakage from a personal server, it will be easier to track its source.

The intelligence services of the United States and other countries use filtering systems for Internet traffic, so data sent to cloud services can be intercepted.

Use services and tools with a focus on privacy

It is clear that it will not be possible to completely abandon the use of various digital services, but you can always select those that will help protect privacy. Here is a list of useful tools:

• DuckDuckGo - search engine, the main priority of which is privacy.
• Haveibeenpwned.com is a website with which you can find information about the availability of your data among the leaks available online.
• Fastmail is an email hosting service that allows you to use many different domains and one-time addresses like first@me.nospammail.net. If you register somewhere with their help, and then receive spam, then you know for sure who exactly leaked your data.
• Tails OS is a full-fledged operating system whose main task is to protect the privacy of users. Runs from disk or flash drive, allows you to use the Tor Network and Tor Browser, as well as the built-in instant messenger. It is not intended for daily use, but can be extremely useful.

Screenshot Tails OS

Conclusion: only comprehensive measures give results

Ensuring privacy is a process that should never end. To achieve the result, it is necessary to dive into the subject more deeply than reading a couple of superficial articles on the Internet.

For example, there are a lot of articles in the network that tell about the benefits of using incognito mode in the browser - in fact, it doesn’t prevent the special services and ordinary hackers from tracking the user's online activity. Much the same is written about Bitcoin anonymity, but in practice a cryptocurrency is not private - all transactions are recorded in the blockchain, and using services like cryptocurrents allows you to associate a person with specific transactions.

Only comprehensive measures that include analyzing network connections, installing updates, encrypting, and using secure tools will make it harder for those who want to spy on you.