Category: Software

Microsoft and Privacy

Posted on

hal9000_win10Satya Nadella, Microsoft’s CEO, says he cares about your privacy. He wants to make sure “you get meaningful choices about how and why data is collected and used”. Except those “meaningful choices” don’t really include the “how” because where data collection is concerned, you really have no choice.

Further on he says, “We will put you in control of your privacy with easy-to-use tools and clear choices”, but there aren’t any choices — at least about the basic information Microsoft collect.

Their Privacy Statement spells it out, but the details are carefully hidden away. Take the first item, Personal Data We Collect, for example. You’ll find an anodyne, 95-word description followed by the next heading, How We Use Personal Data, but only by clicking the Learn More link do you find the full 800-word horror.

win10_privacy

Here’s a summary of what they collect:

Personal data

  • first and last name
  • email address
  • postal address
  • phone number

“and other similar contact data“

Credentials

  • passwords
  • password hints
  • security information used for authentication and account access.

Demographic data

  • your age
  • gender
  • country
  • preferred language

Interests and favourites

Your interests and favourites, (sports teams, the stocks you follow, favourite cities, cars, etc.)

“In addition to those you explicitly provide, your interests and favorites may also be inferred or derived from other data we collect.”

(My italics)

Just think about that for a moment. It’s a biggie.  They’ll infer, with some degree of accuracy, your income, political sympathies, occupation, socio-economic standing, health status and health concerns, marital status, sexual preferences, personal problems, family life, number of offspring, their ages … the list goes on and on …

Payment data

  • credit card numbers and the security codes associated with them

So much for that CCV code on the back of your card!

Program usage data

  • the features you use
  • the items you purchase
  • the web pages you visit
  • the search terms you enter

This also includes data about your device, the network you use, IP address, device identifiers (such as the unique IMEI number in phones), regional and language settings, information about the operating systems and other software installed on your device (including product keys).

Contacts and relationships

  • Data about your contacts and relationships, with other people and organizations.

Location data

Your location, either precisely via GPS or Wi-Fi hotspots, or imprecisely via your IP address “or data that indicates where you are located … such as at a city or postal code level.”

Content

“We collect content of your files and communications when necessary to provide you with the services you use … Examples of this data include: the content of your documents, photos, music or video you upload to a Microsoft service such as OneDrive, as well as the content of your communications sent or received using Microsoft services such Outlook.com or Skype, including the:

  • subject line and body of an email,
  • text or other content of an instant message,
  • audio and video recording of a video message, and
  • audio recording and transcript of a voice message you receive or a text message you dictate. “

 

But sometimes all that’s just not enough:

“… we supplement the data we collect by purchasing demographic data from other companies.”

And, no doubt, they sell it too.

 

Of course, Microsoft aren’t alone in capturing vast swathes of personal data about us. Google and Facebook are a couple of standout examples. But Microsoft – with its unique position as the world’s Number One operating system supplier – is perfectly placed to be become the first integrated 24/7 global surveillance system, whether it’s via your daily interactions with Windows 10, Office and Outlook.com, via your gaming activities on Xbox, your searches on Bing, the files you store on OneDrive, your personal chats on Skype, or your work history and CV on LinkedIn.

Windows 10 is a nice operating system, no question, but it’s horribly compromised. So much so that it blurs the line between operating systems, keyloggers and spyware.

If Satya Nadella really wanted to provide us with a choice about who’s looking over our shoulders, Microsoft would produce a neutral, open source operating system from which users could make their own informed choices.

Actually, there’s no need. We already have one. It’s call Linux.

 

Share this ...
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on TumblrShare on LinkedInDigg thisShare on RedditShare on StumbleUponEmail this to someonePrint this page

Know your onions

Posted on

tor

Tor is a browser you should add to your desktop if you want to surf anonymously. It was originally developed to protect government communications — the US Navy, no less — but can be used to protect anyone against a common form of internet surveillance called “traffic analysis“.

But before we get into that, try it out for yourself.

First off, visit this site, www.systemdetails.com in your regular, day-to-day browser.

You’ll find it returns a surprising amount of data under five different tabs, including your location, operating system name, browser type and version, even your screen resolution. All of this can be used to uniquely fingerprint your browser, but the most telling detail is your IP address.

Now install Tor. It’s free and available for Linux, Mac and Windows. You’ll find full instructions on the site.

With Tor running, click on the Test Tor Network Settings link, or try this one. It’ll return a message saying whether Tor is working (or not!) and what your new IP address is.

If you revisit www.systemdetails.com you’ll find all your details suggest your browser is now located somewhere else on the planet.

Woot, anonymity!

tor2

How it works

Tor uses a process called “onion routing”. (In fact its name was originally an acronym for “The Onion Router”.) The eye-watering bit refers to its layers, nested like the layers of an onion, that distribute your traffic around numerous places on the internet so that your data packets take random pathways through various relays. The result is that no observer at any single point can tell where traffic has come from or where it’s going to.

There’s a full illustrated explanation of the system here.

 

Bad habits

Of course no system is foolproof — because fools are ingenious — so there are one or two things to watch out for that may compromise your anonymity.

Don’t torrent over Tor
File-sharing applications often ignore proxy servers and invariably send out your real IP address in tracker GET requests. That’s how torrents work, so layering on Tor will give you no protection.

Don’t add other browser plugins
The Tor browser actively blocks plugins like Flash, RealPlayer and Quicktime because they absolutely compromise your anonymity. Other plugins may do likewise. So that means YouTube videos are blocked by default, but YouTube do have an opt-in feature, which you can enable here. It seems to work fine with Tor.

Lookout for HTTPS sites
The ‘S’ stands for ‘Secure’ and Tor tries to enforce that end-to-end encryption by using the HTTPS Everywhere plugin. Most major sites support HTTPS, but double-check the URL bar if you’re asked for sensitive information.

Don’t open the documents you download while on Tor
This particularly applies to DOC and PDF files which can contain internet resources that will be downloaded outside of Tor. That will of course reveal you non-Tor IP address. Here’s what the Tor site has to say on the matter:

If you must work with DOC and/or PDF files, we strongly recommend either using a disconnected computer, downloading the free VirtualBox and using it with a virtual machine image with networking disabled.

Share this ...
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on TumblrShare on LinkedInDigg thisShare on RedditShare on StumbleUponEmail this to someonePrint this page

Death of a hard drive

Posted on

The first sign you’re likely to get of a failing hard drive is a SMART warning when you boot your computer. Something like this …

fig1

Which is exactly what I got recently on a relatively new 1TB drive.

SMART stands for Self-Monitoring, Analysis, and Reporting Technology and there’s really not much you can do except be grateful for the warning, get a replacement drive and start moving data off the failing one as soon as possible.

SMART records all sorts of information about your HDD, some of which is used to predict future drive fails. The most common is the Reallocated Sectors Count fault — which is what my dying drive has.

fig2

What that means is that the hard drive has found a read, write or verification error on a part of the disk, marked the dodgy sector as “reallocated” and moved the data to a working sector. As you can see above, this has happened 3,995 times so far. As a predictor of impending failure, it’s a good one.

The BIOS warning doesn’t give you much information about precisely what’s going wrong with your disk. To find that, you’ll need to add some software appropriate to your operating system.

The best package I’ve come across for Linux is simply called Disks. It’s included in Debian, Ubuntu, Fedora, Red Hat Enterprise Linux and CentOS, and typically filed under the Utilities menu. If it’s not already installed, just grab it with your usual package manager.

fig3

Of course, SMART can’t anticipate all hard drive failures. In the case of a sudden failure, your only realistic recourse is to your backups. If you don’t have any, and the data’s critical, you can get the drive rebuilt, but it’s going to cost in time and $$$s. A quick local Google found one firm with a turnaround of 5-10 working days at a cost of about $600. Considering the price of a new 1TB drive is only about $100, I’m happy to heed the warning!

 

Share this ...
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on TumblrShare on LinkedInDigg thisShare on RedditShare on StumbleUponEmail this to someonePrint this page

Free file recovery

Posted on

Deleted some vital files or trashed your hard drive? Have I got a couple of fantastic free tools for you!

photorecPhotoRec recovers lost files from hard disks, CDs and DVDs, USB stick and camera memory cards. Don’t be fooled by its name — it recovers way more than just photos. 440 different file types to be exact.

Photorec runs under the following operating systems:

  • DOS/Windows 9x
  • Windows NT 4/2000/XP/2003/Vista/2008/7
  • Linux
  • FreeBSD, NetBSD, OpenBSD
  • Sun Solaris
  • Mac OS X

and can recover data from the following file systems:

  • FAT
  • NTFS
  • exFAT
  • ext2/ext3/ext4 filesystem
  • HFS+

Testdisklogo_clear_100

PhotoRec’s companion program, TestDisk, is designed to recover lost partitions and make non-booting disks bootable again. Whether caused by faulty software, viruses or human error, TestDisk makes partition table recovery easy.

In addition, TestDisk can:

  • Fix partition table, recover deleted partition
  • Recover FAT32 boot sector from its backup
  • Rebuild FAT12/FAT16/FAT32 boot sector
  • Fix FAT tables
  • Rebuild NTFS boot sector
  • Recover NTFS boot sector from its backup
  • Fix MFT using MFT mirror
  • Locate ext2/ext3/ext4 Backup SuperBlock
  • Undelete files from FAT, exFAT, NTFS and ext2 filesystem
  • Copy files from deleted FAT, exFAT, NTFS and ext2/ext3/ext4 partitions

TestDisk runs under the following operating systems:

  • DOS (either real or in a Windows 9x DOS-box),
  • Windows (NT4, 2000, XP, 2003, Vista, 2008, Windows 7 (x86 & x64),
  • Linux,
  • FreeBSD, NetBSD, OpenBSD,
  • SunOS and
  • MacOS X

 

Both programs have extensive documentation and walk-throughs, and both are open source software and licensed under the GNU General Public License, meaning they’re free to use and free to copy.

 

 

Share this ...
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on TumblrShare on LinkedInDigg thisShare on RedditShare on StumbleUponEmail this to someonePrint this page

Secure data deletion

Posted on

In my last blog I detailed why it wasn’t necessary to take a hammer to your hard drive to protect your data. So what can you do if you’re sending an old PC off for recycling and don’t want Joe Random looking over your supposedly deleted files?

.

Whole disk deletion

The simplest whole-disk solution is DBan — Darik’s Boot and Nuke — “a self-contained boot disk that automatically deletes the contents of any hard disk that it can detect.”

DBANDBan is an open source program that securely erases hard disks by overwriting them with with random garbage. It can be run from a CD, DVD or USB stick and can even be configured to automatically wipe every disk that it finds on a system or network. Download it here.

.

File-by-file deletion

Linux users have a built-in command-line tool called shred. It overwrites the specified file(s) with random junk — 25 times by default.

Here’s how to use it:

shred secrets.txt
Will shred the contents of secrets.txt but it leaves the file in place! While this is a good way of checking what shred does, you probably really want to …

shred -u secrets.txt
… remove the file after you’ve shredded it. For extra security you can …

shred -u -n 100 secrets.txt
… tell it to overwrite the file 100 times instead of the default 25, and even …

shred -u -n 100 -z secrets.txt
… overwrite the file with zeros on its last pass. This disguises the fact that there was ever any file there at all!

Note that shred does however come with a couple of caveats. The man shred command will give you the full details, but essentially it assumes that the file system overwrites data in place. That’s the usual way of doing things, but Linux has a wide variety of possible file systems and they don’t all work the same way! Still, shred works just fine with the default ext3 file system used on most distributions.

.

The full kit

The Secure-Delete toolkit provides a suite of tools to:

  • securely wipe files
  • wipe free disk space
  • wipe swap space and computer memory

All work in a similar fashion; writing and rewriting random data, then a set of special cryptographic values, followed by more random data. In addition, the file tool also randomly renames and truncates the file.

Secure-delete may not be installed by default, so use your package manager to add it. Debian / Ubuntu / Mint users can just do:
sudo apt-get install secure-delete

Here’s a quick run-down of the SD tools and how to use them:

.

srm (secure remove) :
wipes files or directories currently on your hard disk. The algorithm used is based on this paper by local boy Peter Gutmann.

To wipe a file:
srm filename.txt

To wipe a directory:
srm -r folder_name

.

sfill (secure free space wiper) :
wipes the free space areas on your disk. If you haven’t used secure deletion tools before, chances are there’s still a lot of recoverable data in regions where files have been unsecurely deleted. sfill will clean this up!

Clean up your home folder:
sfill /home/yourname

.

smem (secure memory wipe) :
deletes data stored in your computer’s memory. Why? Because data held in SDRAM doesn’t “fade away” and can be easily recovered!

To wipe memory:
smem

Note: a full smem run can take some time! Try
smem -l
or
smem -ll for a quicker (though less secure) run.

.

sswap (secure swap space wipe) :
does a secure wipe of your swap partition.

Find your swap partition:
cat /proc/swaps
Disable swap:
sudo swapoff /dev/swap_partition
Securely wipe it:
sudo sswap /dev/swap_partition
Re-enable swap:
sudo swapon /dev/swap_partition

 

Share this ...
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on TumblrShare on LinkedInDigg thisShare on RedditShare on StumbleUponEmail this to someonePrint this page