Any complete/exhaustive reference about privacy?


#1

One of the computer-related most important concerns I have nowadays is privacy, but with a focus in e-commerce, online services, marketing, etc…

What I mean is that I don’t really wish to be anonymous in the web, but, I don’t want that any company in the world uses my browsing history, my e-shopping history, my searches history, my GPS positions, etc… for anything no matter the purpose.

Do you know of any book/website which is updated with the current procedures in companies that track the users data, perhaps with some advice to counteract them?


Librem best practices
#2

I don’t know. But I’m interested if you find any.
The links below are significant to me on this topic:
https://www.fsf.org/about/free-software-foundation-privacy-policy

This conference could be promising:
https://www.fsf.org/events/john-sullivan-20180124-sydney-lca


#3

As if in response:


#4

Thanks for your suggestions. If anybody else has additional references to suggest, please tell.

I’ve been worried for years, about how companies are tracking us. But it was not until last year, when my iPhone shamelessly displayed a notice telling me where I had parked my car, that I realized the privacy issue has changed from worrying to a serious risk. A big number of companies have taken the user-tracking way. It’s shocking how TomTom has changed for example: nowadays you don’t have total control about your device contents, and, the default setting is to send them your GPS history (yes, they “anonimize” it, blah, blah, but they make money from your private data). You can disable it, but they try that you don’t disable it (and, at some point I guess it won’t be possible to disable it anymore).

So, thanks a lot for the references. If anybody knows more (mainly focused in protecting your privacy against commercial brands and marketing companies), please tell. I’m not interested in privacy protection against the government, though, only against companies tracking.


#5

I would add the Privacy Subreddit for general knowledge and dicussions about privacy
https://www.reddit.com/r/privacy/

You will probably often read about the privacy tools there as well


#6

Fair enough, but consider that:

  • there are multiple governments in the world, each with different abilities to access data about any given person and different ideas about what to do with those powers, including in relation to sharing data with private companies; and
  • if you want to block most companies from accessing your data, you may also end up blocking some governments either inadvertently or intentionally.

Anyhow, links:


#7

This thread is a bit old, but folks seem to be interested for good reason. I am. Aside from some of the links already mentioned, I have bookmarked a few others. The privacy tools link posted by @thib is a really good one.

I do not endorse The Teaching Company, and its courses are not free. I found this course, however, to be interesting:

The instructor discusses how technology is changing legal views on privacy and freedom, but I would not say it is about government surveillance.

The key with The Teaching Company is to wait until this, and other courses they offer, are on sale. Courses generally go on sale at least once per year.

Others:

I do not think this following is relevant for PureBrowser, but it would be for Firefox Quantum:

I would regard the International Association of Privacy Professionals as more of “HOWTO” for its members. Nevertheless, I check the IAPP site once a week for news, particularly about legislation around the world and about what companies and industries are doing (or not doing).

This presentation, “Privacy is Dead - Get over it.” by Steven Rambam is very, very old but still enlightening and a bit scary. Give it several seconds to get going.


#8

I have no idea how old this thread is but I thought I’d add my 2 cents worth.

I knew what the government was doing 10+ years before Edward Snowden did what he did. There was nothing I, or anyone else could do about it. I suspect that if targeted by the government they can get into a Purism laptop pretty easy if they want to. I’m like most people. I’m not a criminal and don’t engage in anything illegal but the government and these big tech companies need to stay out of my business.

What most people don’t understand is that all of the big tech companies are the same thing as your government. They work hand in hand which is why NOTHING I’ve ever done is in “The Cloud”. Not anything I ever gave anyone any permission to put there anyway. I don’t keep anything except phone numbers on my dumb phone either. There is nothing “safe and secure” in The Cloud as far as I am concerned. How do I know that? I don’t but I’ll never trust it. It’s like putting Alexa and Blink in your house.

Not a chance. Maybe when pigs fly.


#9

I have another question for the “tech savy” on this forum. When you’re credit card number gets stolen and someone starts charging things to it where does the breach happen? On my end with my Windows 10 computer or at the site you ordered from?

Also, can the Librem laptops stop this or just reduce the risk and by how much? I do realize it is impossible to stop everything.


#10

I think the answer is both, but there is another possibility: the physical card is skimmed locally by a vendor’s employee or with an installed skimmer.

Unfortunately, my experience and observations with some companies is that security breaches are now the ‘cost of doing business.’ I stop reading and start rolling my eyes when I see the words “We take security seriously.” They may pay for credit card monitoring for a couple of years–in my opinion, worthless–and there may be a lawsuit in which the lawyers get most of the money. But, it is largely forgotten after the next incident, which happens too frequently.

I do not mean to confuse security with privacy, but I have a point. Some companies’ privacy policies are not worth the bits used to store them. I have found customer service representatives who have not read them and do not know what they are. They also cannot answer questions about the terms.

In one case, I could never get past ‘Customer Service’ to find someone who could answer my questions about possible violations of their privacy policy and the PCI-DSS standard, which I had read for work. In my opinion, they were not complying with either, and my complaint eventually went into their virtual trash. (I do not do business with them anymore.)

Companies’ employees need to understand and be educated on both security and privacy to have any chance.

As for users’ systems, I sometimes work on my laptop near a public system, and I am absolutely astonished at how clueless about security and privacy some people are. I try not to pay attention, but I have seen people use it to access their e-mail, apply for credit, and do tax forms! Just browsing the system when it was not being used, I have found SSNs and dates of birth. One guy even left his Google accounts connected. My evil twin could have had a good time that day.

Those are the people who laugh at me about my dumb, flip phone.

Security is hard enough on one’s personal system, and it is easy to overlook something, whether it is a Librem/PureOS system or not.

When I do discuss security and privacy with folks who are not ‘computer’ people, I tend to get shrugged shoulders and the fallacious “I have nothing to hide.” argument. But, they will not give me their passwords or the keys to their homes.

I think it is only when people have to pay a significant amount of money or someone is held accountable that things will start changing. GDPR may be a good start and maybe we will see something like that in the US eventually. (I am not holding my breath. We have a decentralized model, and politicians would rather spend their time campaigning and lambasting each other, which never ends.) GDPR has its flaws, however. Asking a user to accept cookies without him or her knowing how the cookies are going to used is a problem to me. So what?

Sorry for being long-winded, but you hit a hot button. :slight_smile:


#11

I had another thought about your post. In spite of my long reply, I will risk another comment.

I suggested that attitude and behavior are generally parts of the scenario you mention. (You seem rather protective and conservative in your approach. I think we are cut from the same cloth.)

If you are really trying to decide whether to use a Librem/PureOS vs. a Windows 10 system, I think you will get a different answer depending on which user group you ask, the risk you are willing to assume, etc. Obviously, I made my choice. The operating system, however, is only part of the question. You must also consider your browser, the other software on your system, and how you use them. They can sometimes have even more impact on your vulnerability, depending on the circumstances.


#12

Yes, I understand about the browser as well as various apps. I think I will better served with the Librem than with the usual OS’s and computers. I also realize the different opinions on OS’s just as with everything else in life. “Mine is always the best”.

What anyone does online is where they open themselves up to problems. That is the biggest key to any type of protection online. Don’t go where you shouldn’t and if you end up there don’t stay.

I also understand about “privacy policies”. It’s just like “safety” policies. They don’t exist. Just follow the money on either subject and you will get the real reasoning behind it all.

I’ve been using Startpage for about 15 years and a VPN for about 2. Neither does much, I don’t think, but I have noticed the internet has gotten slightly smaller with the both of them. Banks and online businesses don’t seem to like VPN’s and some online vendors refuse to sell you something if you’re billing address is different than the shipping address which I’ve been doing for about 20 years.

It’s amazing how they respond when they can’t get into your system to look around.


#13

I agree. I try to keep my footprint small, both in software and when moving around the Internet. This forum is the most “social media” thing I do, and I respond here when I can because people have helped me.

I recently changed VPN providers and found a big difference when it came to rejecting the IP address. With my prior service, it appeared I could not even get to the Debian wiki. (One time I tried without the VPN connection, and I was able to access it. I left that service because of their insufficient Linux support, not this problem.) I have not been blocked anywhere with my new one, but I have less than a month’s time on it.

I too have encountered the problem where the IP address location does not match my physical one, so I get rejected or encounter difficulties. One woman to whom I was talking on the phone and had a small business said my order was flagged as possibly “fraudulent.” That explained a lot. In one sense, I am glad the difference got attention; on the other, I think a lot more people should use a VPN which should make that situation common.

I fear we have strayed from the subject of this thread. You sound cautious, and I think that is good. I hope that the links here will help you too. I am always learning. Good luck with whatever you choose.


#14

I don’t think we strayed too far at all since the subject is about privacy. In any case, my Librem shipped today.