Online privacy in the year of the dragon

I was honored to be asked to speak at yesterday’s SecureWorld St. Louis, my talk was titled_ Online Privacy in the Year of the Dragon_. My short abstract; “Businesses change online privacy policies to make user’s data, and their interaction with websites, more profitable for the website’s owners. Users need to understand what privacy is being lost, how their data is being used and how they can improve their online privacy with knowledge and open source software.

HOWTO run a Tor node in the cloud for free

Tor (The Onion Router) is a network of virtual tunnels that improve privacy and security online **UPDATE 2 **a friend has posted an awesome overview of Tips to running tor bridges on the site. Plenty of details so you really know what you’re getting into, bandwidth and cost-wise when running your own Tor bridge. Great stuff! UPDATE after running Tor on Amazon EC2 I have not been charged anything additional.

HOWTO run a secure, caching DNS server in chroot

Unbound DNS I want to run my own DNS server, while I’ve done this before it was always a one off that I never spent much time researching or implementing it as well, and securely, as I wanted. When I tried out DNSCrypt from the OpenDNS folks, I emailed them and asked if it was available to run on a server, and sure enough, they have it in their Github repo, ready to compile in Linux.

The Filter Bubble

This TED Talk from Eli Pariser covers his concept of The Filter Bubble, and is a must watch for anyone concerned about internet privacy and what’s being done with personal data we’re freely exposing to companies. “Every year, thousands of entrepreneurs, change-makers, innovators and scientists gather in Long Beach, California for TED, the world’s leading thought conference. In 2011, the audience included executives from Facebook, Google, Microsoft, Yahoo, and many other Silicon Valley startups.

LinkedIn is spamming all of my Gmail contacts

**UPDATE2 **I finally got a response on Thu, Oct 27, 2011 at 7:24 AM, it said, “I would first like to apologize for the delay in responding to your inquiry. This is certainly not the customary wait time for a reply from LinkedIn Customer Support. We have been experiencing higher than expected volumes, and your patience is greatly appreciated.” So, they’ve been so busy that it took 2 1⁄2 weeks to get back to me?

HOWTO set Facebook privacy settings

** UPDATE ** (2017-09-20) added a link to Comparitech’s Reclaim Privacy which looks at securing Facebook as well as other accounts and online applications. Thanks! While I’m working on a Facebook inspired privacy discovery project, I need to highly recommend that everyone take the time to review their the official Facebook privacy settings page to understand how data about you is used and shared, but in a nutshell Facebook tells us:

School spies on student, busts him for...eating candy

[caption id=“attachment_2112” align=“alignright” width=“358” caption=“Prototype of the school’s proposed catcam 3000”][/caption] **UPDATE: **it looks like this case has been settled, Pennsylvania school settles laptop webcam spying suits for $610,000 -but- Less than a third of that will go to the students. “A total of $185,000 will be put in trust for the students. Their lawyer will receive $425,000.” ** **_Today fak3r from fak3r.com_ and Matt from are working together to bring you a multi-perspective piece on internet security.

New phisher site to fight!

I just got another PayPal phishing email, as always they include a link to ‘login’ to ‘PayPal’ to verify something or another in an effort to learn your username and password. Of course MailScanner tagged the bogus URL within the HTML, and SpamAssasin (this time Razor2) found that it was spam from content and a DCC (distributed checksum clearinghouse) list, so I really couldn’t accidentally fall for the scam, but after a good defense we need a good offense; it’s time to fight back.