Interestingly, I think we were actually discussing different topics this whole time.
That’s just — weird how that can happen.

Anyway, I’m off to bed, now.

“…I wouldn’t go so far as to say it’s an “all or nothing choice” myself…”

We are on the same page, but I feel the need to clarify this one.
You spoke of backing up your data, and regular reinstalls of your system, etc.
These things have absolutely nothing to do with where I was going.

I was speaking mostly of securing a system and protecting *personal info* from being extracted or tracked (”data mining”), and not necessarily about protecting computer *files* from deletion or corruption.

The reason security IS an all or nothing thing is because ANY hole in your system can allow the rest of it to fall. That’s why I say, if you only do so much to lock it down, and forget the rest, you might as well not do any of it at all.

As for inexperience leaning toward panic… yes, this is somewhat of a natural human quality.
Experience tends to cure it. Another reason to self-educate, perhaps. (Or self-medicate!) : )

So from my point of view (since I tend to do a reinstall at least on a yearly basis anyway), reasonable security precautions coupled with at least a fairly-consistent backup strategy is sufficient for my needs.

Having said that, I don’t want to give anybody here the impression that I’m one of those “don’t give a crap about security” type people. Like I said, I respect your concerns as regards how my previous comments could have been taken by “average joe user”, but, from my point of view, the less knowledgable a particular person is, the more panicky and easily manipulated they tend to be.

Case in point (and this is actually kinda clever):
Lately, one of the prevalent ways to infect people is to include an email attachment talking about “click here, you gotta see this!”, with something about, say, http://www.funnycutekittens.com (it has to be a “.com” for this to work.)

What happens is, the “black-hat” has actually attached a “Com” file — NOT a web address link.

Unfortunately, since a lot of people leave file extensions hidden, and tend to just “click past” various warnings/popups, etc. — they end up running the file. So really, ultimately, no matter what precautions you take, the only sure-fire method for preventing data loss on YOUR side (the only place you can control anyway), is at least semi-regular backups.

Another thing to consider is that your “personal data” can be — and is probably always being — “leaked” in far more visible and fundamental ways than anything that could be communicated by a 5k flash cookie. A lot of the stuff in cookies and “Adobe shared obects” and suchlike really IS just “user preferences” and “cusomization” and suchlike.

But yeah, I think we’re basically on the same page.

I think I’m just gonna go with your “agree that we actually agree” methodology, as it would appear we actually do. I think some reactions to other comments may have confused things early in the game.

The bottom line for me is that, computer security is an “all or nothing” choice. Regardless of whether or not you’re driven by a “tinfoil hat paranoia”, you need to do the same correct things to achieve protection. Nothing you’re saying contradicted that anyway.

Besides, if I keep having to use the words “false flag”, I’ll just end up talking about something that’s (probably) unrelated to this thread.
: )

Cheers, Henry!

I mean, wow — what do you take me for? (grin)

For instance, WE here understand that there are a host of more important aspects to the “debate” over p2p than just preserving somebody’s “business model”, but some people don’t “get” that. Interestingly (again, as we both know) many of them continue to not “get” it even when pointed to the information repeatedly.

Respectfully, I still think you’re misunderstanding my stance here.

1. I said I’m not “expert” on this, yes. But that’s partially because I’m smart enough to admit that I’m not “expert” at ANYTHING. (Not that I’m all that into Buddhism or anything, but there’s a concept called “Beginners Mind” which is also prevalent in Taoism as well. Also remember the old line about/from Socrates, where he says “the only thing I know, is that I know nothing”?

Now, I wouldn’t go so far as to say that I know “nothing” — simply that there is, as we all know — more to learn.

2. “Noot at all, because the comparison is easy, when viewed as thus:
False flag operations and misinformation campaigns are based on lies and distortion of key truthful statements. Sifting through the propaganda and fear rhetoric is difficult for the average Joe. The answers are not usually available. That’s why it “works”.

Computer threats are real, documented, and self-verifiable by simple means. Anyone at all, really, can research them, know the absolute truths, and put it behind himself with much less difficulty than the above.”

Where did I ever say that “computer threats” weren’t “real, documented, and self-verified by simple means?” I merely made the observation that there is a BIG difference between “reasonable precautions based on knowledge” and the sheer level of paranoia and idiotic hype going around. I wasn’t specifically “pointing fingers”, either.

A clear example of the kind of thing I’m talking about:
Clouseau, any “mainstream media” coverage related to the topic of “anonymous” that describes them as a “cadre of super-hackers”, etc.

And no, I wasn’t — and won’t — refrain from making such observations simply because it might give “average Joe User” the wrong idea. Quite frankly, the type of folks you’re describing are just as likely to call tech-support because they broke the “cup-holder” (CD drive) as to actually even THINK about precautions — reasonable or otherwise.

I was gonna say that we should “agree to dissagree”, but having read your last comment, it’s looking more like we should “agree to agree, while misunderstanding that we’re doing so!”.

Peace out, Y’all

“…but “false flag/misinformation designed to exploit the uneducated public” is entirely too easy of a dismissal.

Not at all, because the comparison is easy, when viewed as thus:
False flag operations and misinformation campaigns are based on lies and distortion of key truthful statements. Sifting through the propaganda and fear rhetoric is difficult for the average Joe. The answers are not usually available. That’s why it “works”.

Computer threats are real, documented, and self-verifiable by simple means. Anyone at all, really, can research them, know the absolute truths, and put it behind himself with much less difficulty than the above.

One is a war on your mind… the other is simply an attack on your computer.

“Sometimes a cigar is just a cigar”
: )

“…you’re not going to try to tell me that there AREN’T individuals and organizations out there who make out like bandits off of security and data-protection and suchlike?”

Definitely not!
There are certainly parasites that prey off others’ gullibilities.
Having said that, it’s a given in any scenario, and has little to do with what I was talking about.
_______________________________

“There’s a vast difference between “protecting your data”, and the level of tinfoil-hat paranoia going around.”

Agreed!
However, I get the impression some people (and I’m not pointing any fingers) actually EQUATE the practice of protection with paranoia. My words were directed at those people.

It’s really not rocket science. Either you’ve done enough to lock down your system, or you haven’t. If you do it properly, there’s no “self-crippling”. To me, that’s a “black and white” argument with no “middle ground”. If you don’t cover all the bases, there’s not much point in covering any of them, really.

Why did I include you with “those people”?…
Earlier, you said, “Most of the concerns over ‘datamining’ aren’t actually justified…”
That’s a dangerous attitude to encourage others to adopt. You already said you weren’t an expert on this, but you chose to offer that kind of “critical thinking” directed at something someone of my considerable experience KNOWS BETTER about. You’re certainly entitled to an “opinion”, but I draw the line at misinformation, whether intentional or not, that’s all I’m saying here.

It’s one thing to be “paranoid”, but it’s another to tell people there isn’t really a problem when it has already been proven to exist.

“On the other hand, the whole “Terrorism” / “Child Pornography” thing you get from government and special lobby groups is (obviously) FALSE FLAG / MISINFORMATION designed to exploit the uneducated public. It is thrust upon you by others, and any “punishment” you receive in the process is inflicted by others.”

Maybe so, but “false flag/misinformation designed to exploit the uneducated public” is entirely too easy of a dismissal.

Lemme see if I can summarize my position again, since I evidently didn’t explain it correctly:

There’s a vast difference between “protecting your data”, and the level of tinfoil-hat paranoia going around. You of all people should know this — both because you’re a p2p advocate, and because you’re a sensible person. No matter how blatantly stupid the “false flag/misinformation” is, it is always enabled and made to appear respectable because it’s specifically designed to mirror a ‘legitimate’ concern:

1. “War on Terrorism”: since 9/11, anti-Arab racism and race-baiting related to it has become at least implicitly respectable among a significant proportion of the population. (Hence the “I wouldn’t vote for Obama because his middle name is Hussein” fiasco. Whatever you think of Obama, that’s just a stupid reason not to vote for somebody.)
But what makes it really difficult to fight stupidity like that, is that it WAS “middle-eastern-looking men” who did the biggest act of domestic terrorism in U.S. history.

2. The new “studies” John’s been highlighting about how “movie piracy benefits terrorism” or “p2p networks contain kiddie porn.” Sometimes both are probably somewhat true. There IS at least sometimes, kiiddie porn on p2p networks. It’s not unlikely that at least some of the various terrorist organizations don’t have front-businesses selling counterfeit DVD’s or something. My point — and I still stand by it — is that whether it’s “false flag/disinformation”, they STILL piggy-back on otherwise-”reasonable” issues, which is what makes them so dangerous.

And surely you’re not going to try to tell me that there AREN’T individuals and organizations out there who make out like bandits off of security and data-protection and suchlike? Come on. It wasn’t “apples and oranges”, and you know it.

And anyway, when exactly did I defend being willfully-negligent or deliberately sloppy?
(There’s really no reason not to know this stuff, I agree — it took me all of about ten minutes to learn about flash cookies, find the adobe panel, purge my system, install “Objection”, click back into the p2pnet window (I had multiple windows open), and tell Jon/everybody else about it.

So I am most definitely not counseling negligence or willful ignorance by any stretch of the imagination. What I was — and am — against, is paranoia and self-crippling. Like I said before, if the shoe don’t fit, don’t wear it.

BTW, good info all the way around.

Kerio Personal Firewall does all of the above. Some people calim that it’s hard to use, but it seemed pretty straightforward to me. It asks if a connection should be allowed, you check the box for creating a rule and never asking again, then click Permit or Deny. Go into the admin section and you can directly edit the rules to allow only certain ports, block programs from connecting to specific sites and more.

The latest versions are commercial, but you can still download the last freeware version, 2.1.5;

http://www.321download.com/LastFreeware/page7.html

Protecting your computer and your personal info/habits is a DOABLE thing. And, the threat to those that don’t take it seriously enough is real. What you do about it is a PERSONAL choice (nobody is threatening to “enforce” that you do), and any “punishment” you receive in the process is usually self-inflicted.

On the other hand, the whole “Terrorism” / “Child Pornography” thing you get from government and special lobby groups is (obviously) FALSE FLAG / MISINFORMATION designed to exploit the uneducated public. It is thrust upon you by others, and any “punishment” you receive in the process is inflicted by others.

“Firewalls are interesting because typically they block either incoming or they block outgoing, they don’t do both. Hardware firewalls, such as routers, block incoming…”

This illustrates some common misconceptions about firewalls.
My comments:

1) Firewalls should help control BOTH incoming and outgoing traffic.

2) Good firewalls should also give you some options for controlling how APPLICATIONS are permitted to both initiate and receive connections. Some routers do this, but they generally want this activity authorized on a “port by port” basis. Quite often, the firmware doesn’t have enough “port slots” to realistically accomodate this.

3) I don’t regard a simple router as a true “hardware firewall”. Technically, a router is a piece of hardware, but most of them out there use “firmware” to carry out their duties. Firmware is just software that is “hard-coded” to the board in the equipment, and some of that still relies on your OS to communicate with it and complete some functions. A true hardware firewall is a piece of equipment that sits in front of your system that acts completely independently, making its own ultimate decisions about what packets to allow or throw away. Another system, with its own operating system is one way to have this.

4) The router, on its own, is not enough. Use a software firewall as well… period.

5) Windows Defender is a piece of useless crap. Turn it off, disable it, and get something that actually can do the job.

The more control you have of everything that connects and connects to you, the better.

However, I am saying: don’t panic. See it as commonsense practice, and nothing more than that.

DA suggested some pitfalls and Paulus thought he might want to elaborate on them. Fair enough.

DA also says general users, “need to be more interested in this stuff, and educate THEMSELVES, given how wide-spread all this information really is.” And so they should.

And as ‘interested’ says, “if you are really worried about this kind of stuff you can simply use many useful of scripts in say firefox that will help you al lot but you could also build or invest in a good linux based router and really start to control exactly what it is you allow the web to see”.

By way of a PS, while I was posting this, Henry was filing a comment – (see above) – and as he says, “Paranoia and self-crippling in the interest of ’security’ are EXACTLY what ‘they’ need most.”

Exactly.

Cheers!

That’s why I love it when studies and surveys come out that say (for instance) that a huge percentage of folks not only use p2p applications, but don’t even bother to HIDE that fact anymore. Gay people learned a hell of a long time ago that the solution isn’t to remain “in the closet”, and I’m rapidly coming to the conclusion that at least a good proportion of those proclaiming their interest to be “privacy against datamining” might simply be too chicken-shit to have the great, omnipotent “them” know things. I personally view it like this: take what you personally believe to be “reasonable precautions”, but do NOT at any time allow such “precautions” to either hamper your effectiveness, or hamstring your ability to participate in the “new digital age”.

Now — as is usual for me — if any of what I say doesn’t apply to you, then it doesn’t apply. I have no way to know that. What I DO know is that living in a chronic state of FUD (”Fear, Uncertainty, and Doubt”) is complete and utter bullshit. I also know that those who stand to benefit from such FUD the most are also apt to “sell us” on it by way of what at first seem like “reasonable concerns and precautions.”

I mean, come on: FUD about “Weapons of mass destruction” == “Iraq War”
FUD related to “Foreigners” == “If you’re vaguely Arab-looking, you’re effectively a second-class citizen in many quarters.”
FUD related to “kiddie porn” == “Let’s rape the Net!”

So, no, pardon me if I refuse to participate in stuff like that beyond a reasonable level. My politicy is: whenever I learn about something that could be protentially probmelatic, I do research (WHETHER google/Scroogle/Altavista/hotbog/dogpile/some random jackass Wardriving around listening to my WIFI connectivity) might potentially “learn” something from it or not.

Paranoia and self-crippling in the interest of “security” are EXACTLY what “they” need most.

Again, sorry if that read like a screed, and sorry if I come off sounding “intolerant” or if anybody got “offended”, but as you all know: I’m not particularly interested in how anybody may “feel” about things. That’s YOUR problem. Ultimately, only YOU can “hurt your feelings”. Not that I deliberately set out to be abrasive, but hey, pussyfooting around never gets you anything.

Good stuff, tho.

I’m sure you don’t really believe that one.
: )

couldnt agree more. in this day n age there really is no excuse apart from pure ignorance not to know your way around a basic desktop the same way you would about say a car.

i have to agree that its got nothing to do with paranoia. protecting your data is a very real and worthwhile job.

tracking cookies for instants are used with allot more frequency than most above average users realize.

i run my home server fronted by a basic linux box/load router which allows for real time monitoring of all activity over my network. java/flash/ads are banned on all my systems apart from the main one which i use and can affectively monitor without much bother myself. for years i wasnt bothered about blocking cookies and mythical tracking thingymajigas but one day i thought id try a little test, i switched off firewalls/blocking scripts etc etc and over the space of a week i noticed a alarming trend in the ads/pop ups i was receiving; they were all centered around my interests (long before dpi) or lack there of in most cases. all because i was letting through tracking cookies which basically followed me around online reporting back god knows what to god knows who. it ISNT about paranoia. its about protecting your information, protecting YOURSELF and not allowing others to invade your privacy.

if you are really worried about this kind of stuff you can simply use many useful of scripts in say firefox that will help you allot but you could also build or invest in a good linux based router and really start to control exactly what it is you allow the web to see.

I’ve been online a long time and my problems have been few — except for people wanting to sue me — and the problems I’ve had have more often than not been down to my own carelessness. I don’t think much has changed.

Cheers!

While I certainly *could* do my own full, multi-part article on this subject, I would think that’s been done to death.
If you really do know more about this subject than, say, Jon or Henry, then I’m surprised, because you’ve missed my point.

The point I was really trying to make was that the general user still hasn’t fully come to grips with the reality here. They need to be more interested in this stuff, and educate THEMSELVES, given how wide-spread all this information really is. All I did was list a handful of things that should be “standard concerns” in order to illustrate that point.

@Jakykong:
“Some problems you mentioned are problems in windows, but not in Linux…”

While I agree that certain platforms have certain strengths and weaknesses, I really wasn’t directing that list at any one OS. Having said that, yes!, Windows would seem to be of most concern right now, given its continued wide-spread use (right or wrong). The hackers will devote 99% of their “R & D” time directing their exploits at Windows.

And, while I agree that the Linux kernel is the safest of all the operating system kernels right now, I would still caution you not to get completely comfortable with the idea that “Linux is invulnerable” to ANY of these. There ARE some sigficant exploits out there now for Linux and MAC, and more are being developed all the time.

Bottom line: Unauthorized data mining is currently being done on uneducated users of ALL platforms, using the same basic avenues, when they’re made available.

Having said that, Open Source software is certainly a better scene than the commercial shit.
Unfortunately, Open Source has not yet achieved the publicly desired level of “sophistication” that would allow most “bread and butter users” to jump on the OSS bandwagon. Too many companies still refuse to consider it, therefore their employees end up continuing with Windows or MAC systems and software. Even if they wanted to use Linux at home, they still have to have the Status Quo installed to handle most work-related projects.

I’m still among those that need to stick to Windows and MAC, for work and home, for the same reason. (I’m a digital designer.) I would love to see Linux applications that could seriously compete with things like CorelDraw or Adobe CS, and be able to submit a “Linux product” that could still be effectively used by non-Linux processes. Sure, Linux has come a long way, but currently, it’s not “there” for me yet. Even if my office were to use OSS, I still have to give the printers something they can rip to plate using their MAC or Windows processes.

@Jon:
“…unless you’re doing something desperately illegal online, no need to be too paranoid.”

I disagree with that.
Just because you’re not “breaking the law” doesn’t mean it’s okay to subject your personal data to mining – the basis for posting the article I believe. And my experience has demonstrated that, if that information is accessible, so is your system! For example, if they can follow your surfing habits, they can just as easily stick you with a nasty piece of malware. That’s a case of where one vulnerability serves the other.

Recognizing facts like this is not “paranoia”.
It’s good common sense today.