Blog

General practices in protecting the privacy of your data

Tags: Security

Published on: October 8, 2019 by Albert Reilly

General practices in protecting the privacy of your data

Scenario:

The ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively is called Privacy. With the advancement of the digital age, personal information vulnerabilities have increased and data security has become a concern. A need to limit the information to be made available public came along with this. Information privacy is considered an important aspect of information sharing which can be applied in numerous ways, including encryption, authentication and data masking, each attempting to ensure that information is available only to those with authorized access. These protective measures are geared toward preventing data mining and the unauthorized use of personal information, which are illegal in many parts of the world.

Here, we will list or discuss some measures or guidelines that can be followed while using Linux to make information restricted or private.

Command Line Methods:

Using shred command

Normally, when you delete a file, that portion of the disk is marked as being ready for another file to be written to it, but the data will be still there. If a third party were to gain physical access to your disk, using advanced techniques, they could access the data that you thought you had deleted. shred is a program that will overwrite your files in a way that makes them very difficult to recover by a third party. The way that shred accomplishes this is to overwrite repeatedly, as many times as you specify, the data you want to destroy, replacing it with some random data.

If you just want to overwrite a file, use

$ shred <filename>

By default, shred overwrites a file 3 times. However, you can change this number (say 10) using the -n option.

$ shred -n 10 <filename>

If you want to delete the file as well, use the -u option

$ shred -u <filename>

If you require only to overwrite a set number (say 10) of bytes from the file, you can use the -s option.

$ shred -s 10 <filename>
$ cat a
012345678901234567890123456789
$ shred -s 10 a
$ cat a
�ಽ�V#n�C01234567890123456789

To show verbose information about the shredding progress, use -v option.

$ shred -v a
shred: a: pass 1/3 (random)...
shred: a: pass 2/3 (random)...
shred: a: pass 3/3 (random)...

To add a final overwrite with zeros to hide shredding, use -z option. You will see an empty file when using cat command, but the file will be of some size.

$ cat a
012345678901234567890123456789
$ shred -z a
$ cat a
$ ll a
-rw-rw-r-- 1 user user 1048576 Aug 30 21:33 a

Linux Bash Shell History

We can make the command executed in the terminal to be hidden from the bash history. This can be done by adding a space “ “ before the command. However, even these can be captured in the history. We can alter this using the HISTCONTROL variable. HISTCONTROL controls how bash stores command history. There are two possible flags: ignorespace and ignoredups. The ignorespace flag tells bash to ignore commands that start with spaces. The other flag, ignoredups, tells bash to ignore duplicates. You can concatenate and separate the values with a colon, ignorespace:ignoredups, if you wish to specify both values, or you can just specify ignoreboth.

$ history
1 whoami
2 pwd
3 history

$ HISTCONTROL= ignorespace
$ touch test.txt

$ history
1 whoami
2 pwd
3 history
4 HISTCONTROL= ignorespace

To clear the history, you can use the -c option with history command.

$ history -c

This will clear all the commands in the current session. We can clear an individual line using the -d option and full wipe using -cw.

$ history -d 
$ history -cw

Encrypting File in CLI

A file can be encrypted and decrypted from the command line using openssl.

The syntax for encrypting a file using an algorithm is as below. You can enter the input filename (with-in option) and the required output filename (with-out option). Furthermore, you can securely remove the original file using the shred command as we discussed above. To see the available algorithms, you can press “tab” key twice after openssl.

$ openssl aes-128-cbc -in testin -out testout
enter aes-128-cbc encryption password:
Verifying - enter aes-128-cbc encryption password:

Do remember the password to decrypt the file. Use -d option to decrypt.

$ openssl aes-128-cbc -d -in testout -out testresult
enter aes-128-cbc decryption password:

Encrypting in VI Editor

We have dealt with encrypting a file from the command line. We can furthermore encrypt a file using the Vi/Vim editor. For this, you will need to type the :X in the command line mode. Then save and quit using :wq.

To see the contents of the file, you will need to open it using the vi editor and enter the secret key.

By default Vi will use the zip algorithm to encrypt. You can change it using the below.

:setlocal cm=zip

:setlocal cm=blowfish

:setlocal cm=blowfish2

To show the encryption method for the current file, use

:setlocal cm?

To decrypt the file permanently, use

:set key=

Browser related Methods:

Choosing a browser

Chrome is the most used web browser. Chrome is owned by Google and acts as a gateway between us and the Internet. A large amount of our data is been collected by Google through Chrome and this is used for ads. Its entire business model is based on using that data to generate revenue through ads. Privacy is probably Chrome’s biggest weakness as a browser. Although it’s possible to delete the data Google has on you, it’s difficult to trust how effective this is. That’s because the company has been involved in various privacy scandals, such as cooperating with the NSA’s PRISM program and continuing to collect location data, despite users turning off location services.

There’s plenty of Google services enabled by default in Chrome that collects tons of data on users, such as URL prediction and search suggestions. The privacy policy is also needlessly complicated and hard to read, making it difficult for most users to track exactly what of their information Chrome collects.

Mozilla Firefox is an open-source and is not dominated by a single company. Firefox is great with privacy. The company is a nonprofit and doesn’t derive any revenue from ads, which means it’s much easier to trust what Firefox says about protecting your data. Mozilla’s privacy policy clearly lays out what information it collects and what it is or isn’t used for, as well as that it never sells or gives your data to third parties for any reason. The browser also has excellent tracking protection controls, which are very flexible. You can individually block trackers, cookies, crypto miners and finger printers, letting you pick and choose exactly what you want to allow.

The best browser used for anonymity is the Tor browser. Tor directs Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity to the user. This includes visits to websites, online posts, instant messages, and other communication forms. Tor’s intended use is to protect the personal privacy of its users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored.

The advantages include these:

  • Individual data packets bounce through multiple nodes, making surveillance impractical. IP addresses are also impossible to track or trace.
  • Because it’s open-source software, it’s difficult to hide malware in Tor. There’s protection against malicious code, but few criminals bother targeting this niche browser.
  • Downloading Tor costs nothing, and it works on PCs, Macs and Linux computers. There’s no intrusive advertising or cookies, either.
  • Any site with a .onion suffix (most of the deep web) is visible through Tor, but not through other mainstream web browsers.
  • The absurdly-named DuckDuckGo is to search engines what Tor is to web browsers – the most secure and anonymous choice.

Tor has some disadvantages also:

  • Tor takes ages to load its homepage. That will shock regular users of the streamlined Chrome browser.
  • Because of its layer-like data distribution, Tor runs extremely slowly. You’d struggle to watch streaming media content, even across fiber broadband.
  • Because it’s effectively anonymous, Tor doesn’t bother encrypting data. A separate VPN is required for encryption, further slowing average transfer times.
  • With its grey banners and retro fonts, Tor resembles the defunct 1990s Netscape Navigator browser rather than modern-day rivals like Safari or Firefox.
  • Information is delivered anonymously, but the browser software contains vulnerabilities, especially when viewing HTTP sites rather than encrypted HTTPS ones.

Apart from this, there are a few more browsers that have improved privacy protection. They include Epic, Brave and Safari. You will have the option to choose the data collected by most of the browsers from its preference. However, opting out may not completely stop it.

Choosing a Search Engine

Using a secure search engine is becoming more common and popular as privacy concerns grow in and increased public awareness of the problems. Some of the best ones with improved privacy features are listed below.

Search Encrypt uses local encryption to secure your searches. It combines AES-256 encryption with SSL encryption. Search Encrypt then retrieves your search results from its network of search partners. After you’re done the searching, your search terms expire so they are private even if someone else has access to your computer. Features include privacy-friendly news, videos, and maps that can be viewed right on their search interface, search terms and history expire when the session is done, eliminates pre-roll adds when viewing the video.

DuckDuckGo is probably the most well-known alternative search engine. Searches are sourced mostly from Yahoo and brought to users via a secure search interface. Users can directly search other sites, like Amazon, Wikipedia, or Youtube, by starting their query with an exclamation mark without collecting cookies and other user data from you.

StartPage uses results from Google, which is a good thing if you prefer Google’s result without tracking. Ixquick, which is an independent search engine that uses its own results, developed StartPage to include results from Google. Its features include a proxy service, URL generator, and HTTPS support. The URL generator is a unique feature that eliminates the need for cookies. It remembers your settings in a privacy friendly way. StartPage conducts searches via a proxy server. It doesn’t record IP addresses, location, or search terms.

Gibiru sources its search results from a modified Google algorithm. It provides reliable search results without all the tracking that Google does today. It can be used with a VPN and employs HTTPS 256-bit encryption. There is no cookies or IP address tracking and follows a strict no-log policy.

Other secure search engines include Privatelee, Swisscows, Disconnect Search, WolframAlpha, Yippy, and Qwant.

Category : Customer Care, Security

Albert Reilly

Albert Reilly

Albert likes to explore and learn new things. He is hardworking, enthusiastic and is getting expertise in Linux administration, Networking and Security areas. He understands client requirements and is able to act accordingly. He has been working for 2 years with us.

You may also read:

Comments

Add new commentSIGN IN

Let's Connect

Categories

Your Cart

Cart is empty.

Subtotal
₹0.00
APPLY
0
Send this to a friend