Posted on 03/31/2017 7:39:38 PM PDT by markomalley
One thing we do that’s not super high-tech is this: We have two separate PCs so infected emails can’t invade our financial information.
On one, we surf the net and have our email account. We do nothing related to finances or anything personal. No passwords or credit card info. (It’s our FR device!)
On the other we handle financial business — shopping, banking, investments etc. NO email for any reason.
For example, if we order from Amazon it’s done on the financial system. The confirmation emails come to the other system.
It may have helped; we don’t know for sure. But about two weeks ago ransomware took over the non-financial PC but we didn’t care, since nothing private was being kidnapped. Still, it pissed us off. We had bought a Geek Squad support contract with the laptop. I know GS isn’t always the best and there are a lot of haters, but they were on it immediately and restored everything. Then they bumped it up to a higher level that deals with fraud. Worked out well for us.
We believe the hit came through an email with subject line that some UPS- or FedEx-type company couldn’t deliver something.
bookmark
Anyone have an opinion on password manager software? I am thinking of trying Sticky Password. I did a little research and this one bubbled to the top of my list.
Newer editions of the Opera browser have built-in VPN. The VPN can access servers in 5 world locations.
FYI
https://www.opera.com/computer/features/free-vpn
As far as software and password management, I’m sure it’s beneficial against all but the most persistent and ingenious private sector hacking. But, stop and think about software of any kind and the cloud. What a treasure trove, and we’re seeing that it does get used on high level actors. I guess the answer is keep your head down and don’t get yourself noticed in order to be “safe.”
This is close to the method that I use. When I advise them to do the same I usually get rolled eyes and “That takes too much time” responses. I reply “How much time is all your data worth?” and then let it go.
Speaking of which, you say GS was able to restore your data? May I ask - do you know which variation of ransomware you were plagued with? Did GS actually decrypt your stuff or did they have access to an external backup? I have a relative that I am working with to try to recover his stuff (I warned him!) and looking for any angle that might get him there. Thanks!
Re your questions, I don’t know the answers to any of them except that GS did NOT have access to external backup because we don’t do external backup. Every couple of weeks, my husband backs up files to an external hard drive so we weren’t panicked about this invasion. If on the other one... oy!!
I don’t know the variation, or decryption, etc. Sorry. :(
I hear you -- that's why I asked. I am looking at Sticky Password specifically because it does not use cloud storage. All on local hardware only. And it is not free, which gives it at least some credibility (compared to others.) But there is still a level of trust required.
It is becoming impossible to have a strong unique password for every login in my life, and rotate them regularly. Most people use the same password for everything, or at least a similar one. The hacker bastards are on to us, and its only a matter of time.
I am much more concerned about intrusion from criminals than from government entities. But that's just me.
This is a good solution if your only concern is what goes through your web browser. It won't help those who download torrents or use Kodi; a free entertainment software that's the next best thing to the Internet.
A person could use the Projectfreetv.x (it changes domains sometimes) website to watch tv without commercials but some kind of script and ad blocking software like Noscript (in Firefox) or adblock plus is highly recommended when using that site. As always an up to date anti-virus program should always be running. I like the free version of Avast but AVG and possibly others are likely okay.
True, nothing is foolproof, but it would likely be easier to find a VPN with a business model to protect privacy than find one amongst whatever few local choices for ISP a person might have.
Forgot to mention, DuckDuckGo is your best bet to not be watched and tracked when you do searches. Also your first page results are more likely not to be forced on you by paid advertising which means they may be more pertinent to your search criteria than Google or Bing.
Apparently this did not get posted. . . strange.
You are pretty safe. Nothing will be sent to the website showing your address or any personal data about you. No cookies, history, or cache will be retained on your personal computer for future use or discovery once you close the Private browsing session. However, if the website you are visiting demands your location, Internet address, or personal data or previous cookies, it may not allow you access if you are using Private Browsing mode.
“Get an offshore VPN”
I hear CyberGhost (Romania) and NordVPN (Panama) are good.
bump
S: Nothing will be sent to the website showing your address or any personal data about you.
While the answer is 90% correct, it's not 100% correct.
First of all, as Swordmaker says, private search engines (such as DuckDuckGo and StartPage) are good options as far as being able to do searches without the host site tracking you.
However, Private Browsing is NOT a Panacea. Private Browsing basically sets up a separate "cookie jar" that stores that browser history and cookies created until you end that browsing session (then dumps the cookies and crumbs in the garbage). Sure, private browsing will not permanently store will keep it so your spouse and your boss can't see the porn sites you visit (just kidding about the porn sites) by viewing your browser history or saved cookies, and, yes, they can allow you to bypass sites that use cookies to meter your visits (like the Washington Compost), but that's largely it. There are a few more nefarious methods that can be used.
First of all, there is a tremendous amount of information that a browser (even in "private mode") sends to a website. This information can be collated into a "fingerprint" that pretty uniquely identifies the specific browser. To see what information can be collected about you, please go to the EFF Panopticlick website and test your browser. You can test it both in regular mode and private mode...while I'm not 100% familiar with Safari, it's likely that the "fingerprint" on both modes will be the same. If a website stores that fingerprint, it will know if a computer with the same fingerprint (i.e., yours) comes back to visit.
There is also something known as a "Supercookie" (read about it here). Essentially, it's a misapplication of a security protocol known as "HSTS" that forces you to go to HTTPS mode for a site even if you attempt to access it using HTTP (with no "S"). Not sure how Safari deals with Supercookies in private mode, but in a lot of browsers, if a supercookie is set in regular browsing mode, you can access that same supercookie in private mode. And, oh, by the way, those supercookies can be shared across domains. The way to get rid of those is to delete your browsing history and cache as well as your cookies.
Note that if you pick up a supercookie in private mode, it will be dumped when you end that browsing session. The danger is that if you pick up a supercookie while in regular mode, it's readable in private mode.
Bottom line is that private mode does some good, but it's not a panacea. Yes, it makes you safER, but don't kid yourself that it makes you SAFE.
I had set up two factor authentication but I just now canceled it. It is more trouble than it’s worth I always have to have another Apple device with me in order to get the verification code in order to get into my phone and wow it’s way more complicated than I want my life to be.
That's a point, but you probably should not be trying anything that requires accessing a need to use the Two factor authentication when you don't have a means of confirming it. Out on the road away from your other devices is not a time to be doing it. I usually have both my iPhone and iPad with me, however, so for me it is not a problem.
But it you have information on your devices or iCloud account that has be kept secure, don't risk it.
Apple's Keychain system is actually quite good. It manages passwords across devices very well. . . and over the iCloud so that if you have multiple devices, they share the same keychain.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.