Some simple things to improve your online privacy

Reading about all the ways a user is identified, tracked, and sold  across the web can make it seem like the only way to avoid this fate is to turn off your computer. But why deprive yourself of the wonderful tools available online? You shouldn’t have to.  In this post I will describe a few simple things a computer user can do to guard their privacy online.  This list is by no means exhaustive, not is it meant to me.  But these are some easy things you can do today to begin making a difference.

Take a good hard look at what web browser you’re using and consider also installing  the Brave web browser.  It blocks (most) advertising, (all known) malvertisingtracking pixels and tracking cookies , and upgrades connections to https.  Brave is available for Windows, Mac, Linux (I’m writing this in Brave for Ubuntu right now), as well as iOS and Android.  Over time, you’ll block a LOT:  Brave also gives you information about the page you’re on. This can be done via extensions with other web browsers as well but it’s built in to Brave.  For example, here’s information about the Wall Street Journal web site:

Mind you, this is a site I pay a (hefty) subscription fee to.

Finally, the team behind brave is trying to fundamentally change how online advertising works via a block-chain-based Basic Attention Token, but that’s a subject for another post.

I say also installing the Brave web browser because there may be situations where you want to use Chrome or Safari for some feature they offer that Brave doesn’t (yet). For example, when I’m doing cryptocurrency stuff, I use Chrome with the MetaMask extension to let me access blockchain-requiring sites.

Think about which search engine you use, then take a look at DuckDuckGo. They don’t collect
or share any of your personal information.  They have a helpful page on how to install DuckDuckGo as your default search engine in a range of browser:  What does the Brave panel look like for DuckDuckGo? I’m glad you asked:


Pay attention to the your privacy settings with online services. For example, the Electonic Frontier Foundation (EFF) has a nice summary of why recent Twitter privacy policy changes are not necessarily in the users’ privacy interests. For any online service you use, it’s worth looking at the settings.  Canceling your account is the ultimate opt-out.

What’s in  your traffic? We no longer have an expectation of privacy from internet service providers (ISPs) due to repeal of the Broadband Privacy Rules. In other words, ISP’s can monitor, store, and sell our browsing history to a third party, hijack our searches, insert ads, and insert tracking cookies (see Five Creepy Things Your ISP Could Do……). Probably the best way to prevent this is to use a Virtual Private Network service. Most cost money, so that’s a privacy tax.  I use VyprVPN from Golden Frog and have been very happy with their product.

Finally, get serious about your passwords.  You need to be using strong, unique passwords across web sites.  Where available, two factor authentication should be enabled.  One of the interesting tidbits from the Edward Snowden movie Citizen Four is that the NSA can track you across the internet if you use the same passwords!  There are great password managers available. Brave has support for several baked right in (LastPass, DashLane, 1Password).  I’ve been using AgileBits’ One Password since it came out in 2006 but having been (slowly) moving over to LastPass since they have a Linux version.

A little time spent making these changes will go a long way toward regaining some of your online privacy.  Even just using the Brave browser and changing your search engine will help a great deal.

Credit Freeze: And Then There Were Four

This post by Brian Krebs is a great FAQ on Freezing your credit:

How I Learned to Stop Worrying and Embrace the Security Freeze

I find myself discussing the issue with colleagues frequently enough that I just want to post links to initiate a credit freeze here again:





An Open Letter to Audi

Dear Audi,

I have been an Audi owner since 1998 when I bought a new Audi A4. Since that A4 I’ve owned an A3, another A3, an S5, and now an A6…..TDI. And that’s where your streak stops.

My 2014 A6 TDI is one of the vehicles for which you and Bosch committed fraud in order to get it to pass emission tests here in the United States. Yes, you’re going to fix it. Yes, you’ve already thrown a thousand dollars at me and will surely throw seven to sixteen thousand more. But it doesn’t matter.

So, even though I have loved the cars, their interiors, their sound systems, have taken classes to learn to drive them safely and fast, and have trusted your all wheel drive systems to keep my family safe, I will not be purchasing another Audi–not even that nifty electric one you’re hoping will distract me from the fact that you acted criminally.

When you think about the cars you’ve already sold me, and the cars you were hoping to sell to me over the next twenty years I hope it becomes clear that opting to commit fraud was a really, really stupid business decision.


n.b. I see there’s a book coming out about the whole thing:  Faster, Higher, Farther: The Volkswagen Scandal (Amazon).

Hello, ProtonMail

After reading this blog post about how Google was able to influence traffic to the secure email provider Proton Mail, I’ve been pushed past the tipping point with regard to Google.  Here’s a short excerpt:

The short summary is that for nearly a year, Google was hiding ProtonMail from search results for queries such as ‘secure email’ and ‘encrypted email’. This was highly suspicious because ProtonMail has long been the world’s largest encrypted email provider.

My response? I canceled my paid Google email account and opened a ProtonMail account and am happily paying for it. Not hard, and costs roughly the same. Yes, there is a free version.

Qubes may be the perfect OS for the Linux newbie

Qubes OS is thought of as a unique OS which emphasizes security, in this case security by compartmentalization, and this is why people like Edward Snowden and Micah F Lee have said positive things about it (see the Qubes home page).  But could it also be a great OS for someone trying to learn Linux?  Let me explain why I think the answer is YES.

I’ve installed Ubuntu linux multiple times on older Macs (and Canonical has done a fantastic job of making it easy to install on a wide variety of hardware).  Just like when they were running OS X, these old Macs booted into Ubuntu on startup and I could practice using the GUI programs and even a little command line interface (CLI).  The file system was written to the physical disk.  This worked great…..until I broke something. I would either spend hours trying to figure out how to fix it or (more likely) just re-install Ubuntu Linux and start again. This became quite frustrating and time consuming.

In Qubes, each operating system installed is running in its’ own virtual machine (VM), something that’s made possible by the Xen hypervisor.  (This also means you can install a variety of operating systems, even Windows.)  Put another way, the bare metal of the computer, instead of just running one operating system for one user, can run multiple operating systems for multiple users with multiple roles and levels of trust.  The key here is that a virtual machine can be easily duplicated (and erased).  And that is why it’s great for beginners.  Install Qubes (my installation of Qubes OS 3.1 came with VMs for Fedora 23, Debian 8, and whonix), duplicate one of these VM’s, then tinker away on the copy. Screw it up? No problem! Shut down the VM, delete it, duplicate yourself a new one from the template and start from scratch… minutes.

The VM Manager in Qubes OS
The VM Manager in Qubes OS

Qubes OS on my System76 Lemur. Working out the kinks.

Although I apparently successfully installed Qubes OS 3.1 on the Lemur (got a screen with VM Manager open), I had no network connection. Some reading and help on the Qubes users Google Group helped me figure out how to get around the problem (though not solve it).  There was an issue between my ethernet card and SD card reader such that I couldn’t even see that the laptop had a wireless card.  I won’t try to describe my understanding of it because I’m sure it will be superficial and probably incorrect, strictly speaking.

Continue reading “Qubes OS on my System76 Lemur. Working out the kinks.”

QubesOS on a System 76 Lemur

lemurI’ve been fascinated by the security-by-compartmentalization model used in Qubes OS, a Linux-based operating system.  I even managed to get it running as a virtual machine in VMWare Fusion on OS X, but wanted  to get dedicated hardware to run it on.  Failing on several older macs I had around the house, I decided to ante up for a Linux laptop.  With some encouragement from Micah  F. Lee via Twitter, I decided to order a System76 Lemur  14″ laptop for my experiment.  The Lemur arrived today and it looks like I have successfully installed Qubes 3.1!  I’m happy to say the hardest part was figuring out how to get a boot menu (F7 after powering on in System76 computers).

My plan is to post about my experience as I go along.

Speeding up Ethereum-Wallet initial sync on MacOS X

After experimenting with the Ethereum Wallet client on a linux machine I decided to install on my MacPro with OS X 10.11.5.  I installed the latest Ethereum-Wallet 0.8.1 app from github and launched the app.  I soon noticed that the sync would appear to freeze at various points and never achieved a full sync. This despite multiple force quits and restarts.

Close, but never closer!

After some poking around I found a nice summary of the problem and a workaround I wanted to share.

Continue reading “Speeding up Ethereum-Wallet initial sync on MacOS X”