A few other things one can do, that I have been doing for quite some time:
1) Use Linux (OSX as a second choice if you really must). The "other" OS has exploits designed in and is not built with your best interests at heart. Look at parts of Canada's proposed C-11 to see this in action...
2) Deploy TrueCrypt on volumes upon which you store private information.
3) Setup a proxy server or two on a local Linux box; I have two running: a) Privoxy-->TOR for private anonymous browsing with cookie blocking, add blocking, etc. I run two browsers and have one configured to use the Privoxy-->TOR proxy and the other one goes straight through to the Internet (over the VPN, of course). b) DansGuardian-->Squid - I configure my daughter's devices (Linux PCs and iPods) to use this proxy server to heavily filter web content. When they know enough to bypass this, they'll be old enough to handle the rest of the Internet.
All of this is free (except the aforementioned VPN service).
Tariq Gibran wrote:
I have done the same thing with TOR for sensitive browsing in the past and perhaps I will move all my email from gmail to my domain email or my own server. In the end, I do wonder if all this might be in vain - if someone with resources wants to find you or your activity, I suspect they can. So I often just cave to the luxury of convenience.
The point for me is that they would need far more resources and time to figure out what I am doing (which is nothing of consequence, by the way - or, at least nothing that everyone else isn't doing) than what the oblivious user is doing. It is fun too, and funny to imagine a scenario where some authorities manage to trace things back to me, get a warrant, reverse engineer TrueCrypt and crack my volumes (not feasible at this point in time) just to find some "illegal" Benny Hill episodes.
1) The scanning and tracking is all automated. "They" don't need any resources that they don't already have. And I can tell you with relatives in the NSA that there is nothing that goes over your router that isn't scanned and filed, if said router is connected to the outside world - no matter the encryption level (unless you wrote your own and your a 200+ IQ wizard!). Now what if anything "they" intend to do with it is anyone's guess. Replay the spanish inquisitions? Profile you for some evil eugenical purpose? Sell you more shit? All of the above?
2) It's not paranoia to stand up for your rights! Draw that line where you like and don't let others call you paranoid for it! It's a simple matter of ethics, rights, integrity, and voting with your wallet (or clicks as the case may be).
1) The scanning and tracking is all automated. "They" don't need any resources that they don't already have. And I can tell you with relatives in the NSA that there is nothing that goes over your router that isn't scanned and filed, if said router is connected to the outside world - no matter the encryption level (unless you wrote your own and your a 200+ IQ wizard!).
"The first key-recovery attacks on full AES due to Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger were published in 2011.[22] The attack is based on bicliques and is faster than brute force by a factor of about four. It requires 2^126.1 operations to recover an AES-128 key. For AES-192 and AES-256, 2^189.7 and 2^254.4 operations are needed, respectively... though 2^200 operations would still take far longer than the age of the universe to complete." It should be noted that these are "academic" key-recovery attacks; mathematically proven to be possible, but never actually performed because it would take millions (billions? trillions?) of years to do so.
To surmise that authorities are decrypting and scanning one's AES-256 encrypted traffic in realtime is quite laughable. Even good old Blowfish is basically impossible to crack, unless you are on Jack Bauer's team http://www.schneier.com/blog/archives/2005/04/blowfish_on_24.html
Make your email address(es) at your own domain name and you never have to worry about having it stolen. It also looks more professional and you set your own ToS (Terms of Service).
Registration is cheap and simple hosting is cheap too (like under $100 per year all in). There are so many advantages to having your own domain.
You can set up and use different email addresses for retail use and social media use and personal use. If one gets toasted by getting sold to a spammer or somebody getting a virus in their address book, then you can simply create and use another one for that contained purpose.
Not just G-Mail my Hotmail was hacked this week
They sent spam to all my contacts for two days.
on the third day Hotmail locked out my account and I had to change my password
to get it unlocked.
Paul Yi wrote:
I thank everyone for kind concern....
I was finally able to retrieve the email account...
This time, I have installed an extra safety measure...I hope...
I think responding to some emails from Craiglist was the problem...
Lesson learned in a hard way....
I've also been using a gmail address for my Craigslist postings, but lately have noticed that about 8 out 10 responders to ads have been nothing but scam artists. Luckily, I don't use my gmail address for my Paypal account, but may have to totally re-think the idea of gmail (as well as Paypal):
