Just like the Task Manager that monitors all running processes is there a Privacy Manager that monitors processes consuming users data and metadata and maybe a button that keep users all data private. Users data privacy is very important today when the data consumption is exponentially growing and on the other end of the data pipe is an operating system responsible for users data privacy.
Linux Privacy Manager is needed
Moderator: Forum moderators
- mikeslr
- Posts: 2965
- Joined: Mon Jul 13, 2020 11:08 pm
- Has thanked: 178 times
- Been thanked: 923 times
You are the Privacy Manager
There is no panacea. If your computer is connected to the internet your data is potentially exposed. viewtopic.php?f=54&t=1583. If you're clever enough to build an application which will automatically isolate data from 'prying eyes', you've created a target for someone, more clever and/or with greater resources, to circumvent or penetrate. Everyone using that application will have 'put all her eggs in one basket', creating feature-rich targets worth spending time and resources to figure out how to easily harvest.
Funded by Microsoft and the 'Big Linux Distros' that make money selling the operating systems used by commercial Web-servers, some of the best minds worked to develop UEFI as a substitute for the ‘less’ secure Bios boot-systems. In 2015, UEFI became the industry standard for personal computers. 80%+ of personal computers are sold with Windows pre-installed. Windows is what 'the public' expects to use. If a manufacturer wants to sell a computer with Windows pre-installed, it needs a license from Microsoft: that license now requires that UEFI be used. Very little time elapsed after the establishment of that industry standard before it was demonstrated that not only could the new system be hacked, but that having one 'universal' defense approach -- a Maginot Line, so to speak-- just made it easier for hackers to obtain access to the 80%+ personal computers relying on it. http://murga-linux.com/puppy/viewtopic. ... 082#859079
Data can be divided into four categories: (a) That which is protected by patents, copyrights, and trade secrets; (b) that which is available to the general public; (c ) that which is of no concern; and (d) that which you -the individual-- would prefer not to be easily available to your somewhat disreputable Uncle Bob, your neighbors, NASA, The People's Republic of China, the Russian Mafia and others.
You don't have to stay up nights worrying about (a). You can leave such worries to those holding the patents, copyrights and trade secrets. Your Puppy operating system is freely available and so falls into category (b). You've lost nothing if someone 'steals' it or publicly available ( c) information from you.
Similarly, do you really care if someone steals last week's food shopping list? or similar minutia which got written to some storage media as a matter of convenience?
Which brings us to (d): The things you actually want to keep private. Exactly what are they? The User IDs and passwords to your online financial accounts? Those to your email accounts? Those to your membership in Puppy Linux and other online organizations? Your notes about some secret project you’re working on?
Chances are if you lumped them all together they won’t take up more than 1 Gb of storage space. You can, of course, use applications such as LastPass to store that data online so that it will always be available to you. But being a student of history I’m somewhat paranoid about the fate of any location which becomes a center for storing valuables. Willie Sutton may not have said “I rob banks because that’s where the money is.” But whoever first attributed that to him got the idea right.
Or you can just not store such private information on your computer. It is generally recommended that you employ encrypted, complex and not easily remembered passwords for online accounts. Are you going to use the same User ID for each account? Chances are that if you follow the best practices for securing your online accounts against online hackers, you won’t remember your passwords or which password goes with which User ID for which account. You can write them on paper. [e.g. Print, put in a draw, delete computer file]. But people both loose written notes and other people find them.
I suggest the following:
Buy yourself several ‘small’, good quality, USB-Sticks. [They, too, have a propensity of getting lost; or finding their way into washing machines]. Make a list with a paragraph for each of your private data references: Organization, User Name, Password. Keep the list as a simple text file (i.e, without text formatting for the reason explained below). Use an encryption application to encrypt the list, or a folder enclosing the list. Use the following technique to create a password for the list:
Pick a phrase you’ll remember. As an example I’ll use ‘The Sultan of Swat’. Now modify the phrase by surrounding it with some numbers you can remember, such as your the last 4 digits of a phone number you no longer have; and ditch the spacing so it reads something like:
09TheSultanofSwat21. Then substitute some easily recognized symbols or phonetically similar letters for a couple of the letters:
09TheSultanofSwat21 becomes
09T#eZu1tinovSVV@21
It may take some doing, but you should be able to remember such a password, while it would be impossible to guess and would take years to stumble upon by trial-and-error.
Before you go online, plug in the key, decrypt the file, and copy just the User ID and password you then need to a text file somewhere: suggest /tmp. [You can reach /tmp by clicking the Up-Arrow from /root]. Delete your decrypted file. Unplug your key. Go on line. Copy & paste your user ID and password. Copy-paste avoids captures by key-loggers; word-processors may add formatting symbols, hence simple text. Delete the file ‘in /tmp’ ASAP. And, in any event, as soon as you’ve finished your online business, close your web-browser --which you’ve set to delete everything when closed-- and reboot which will, itself, wipe /tmp. [And it wouldn’t hurt to have a dedicated Web-browser* just for online translations. Using portables, you can have as many copies of any web-browser as you want. If you are able to, employ a VPN to access your financial accounts. Test from Home using VPN-Switch, http://www.murga-linux.com/puppy/viewto ... 76#1049476 before investing in a paid VPN only to discover that your bank won’t provide access. Note the criticism of free VPN before relying on one].
If you insist on storing the information on your computing device –such as a smartphone which, if you’re really dumb, you’ll use to access your bank via McDonalds or similar wifi-- see the instructions here for using peazip. http://murga-linux.com/puppy/viewtopic. ... 424#815424
* Look for the discussion about privacy oriented web-browsers. But AFAIK, only Ungoogled-Chromium has not received some criticism. But I’m not sure that it will run under any Puppy other than Fossapup. If you can’t use that, I recommend Iron. See the posts about it. Edit March 25, 2021: Mike's new Un-Googled Chromium will run under many 64-bit Puppies. But Iron provides almost the same privacy and security settings; so his Chrooted Iron-portable is very likely even more secure.