Privacy protection practices and tools?

Let's do a quick self-assessment to see if we are leaving our online "privacy" door wide open to anyone. 
- Do you see your personal information when you googled your name?
- Do you share your personal photo and data using facebook and whatsapp? 

I will not be surprised if the above are all positive response but if those information are published in the internet without your permission, this is a breach of your privacy. However, human error is one of the top contributor to data breach. Some noticeable breaches reported include OPM leaks of family background details, Sony (Email and staff confidential information such as personal data) and even security company such as TheHackingTeam leaking their customer email correspondences.

There is NO 100% secrecy once you are online. It is just a matter of time and how determined the adversary is to get your information. This article will help you to be more proactive and vigilant on your online presence and review the existing privacy safeguards.

How do I know I am one of the data breach victims?

Almost everyone uses Google as an universal search engine. This can reveal personal details published. In fact, there are online site containing such major breach leaks. I.e. "haveIbeenpwned", "leakdb", and "pastebin" sites.

Check "haveIbeenpwned" website and conducts search based on email (see example below). Alternatively, "leakdb" website can conduct password hash search.

Safeguard your privacy through quick and simple tips

Here are 5 tips to kick start your privacy safeguard journey.

1) Avoid "laissez faire" habits and help to keep ourselves less exposed to online threats and scams by cyber criminals.

• Never reveal all your information in email requests. Phishing email can comes from your loved ones.
• Never assume all your information shared in social sites are safe.
• Beware of 100% privacy safeguard claims e.g. "full delete" support. Ask for verifiable evidence. 
• Never over-share personal (or sensitive) information in non-official apps store or cloud storage services.
• Beware of leaky online services. See "Who has Your back?" survey on "leaky" popular mobile apps (e.g. WhatsApp) 
• Never assume physical device is 100% trustworthy. Beware of tampered case of stealthy ATM skimmer planted. 

2) Review your social media setting. For example, in Facebook setting (below image), it includes "Who can look me up?" and "Who can look you up using the phone number you provided?". These can be tag to only your "Friends" instead of using the default "Everyone". In addition to those settings, I recommend you look into Facebook "privacy" setting to have online "Ads" turn off.


3) Reinforce your browser with useful browser plug-ins to reduce your online footprint.

Keyboard Privacy - Randomizes the rate at which characters reach the page content. This prevents online profiling. Disconnect - Visualize and block "invisible" websites that track your search and browsing history.


4) Block online trackers using Privacy Badger (from EFF) on the left below. It blocks spying online advertisement and invisible trackers. It limits tracking by replacing them with a stand-in version.  It still allows you to "like" something. But prevents the widget sending your surfing habits to those companies.  TrackerSSL on the right monitors known online advertisement trackers. It is using secure tracking scheme (https) based on unique ID.

5)  Leverage other online sites to check on possible leaks of your personal details.

• Find your username -  Pipl.com can also help you once you find out information like First/Last name or Phone number. It is to find any registered similar username assuming yours is unique .
• Find your phone number - FoneFinder.net finds a phone now and narrow down even the location of the "user" of that number.
• Find your picture - TinEye.com with the uploaded picture onto their site can crawl the web to surface closest matches though not 100% same. You can try it on your uploaded Facebook image as test drive to surface any other using it.
• Find your footprint - SpiderFoot.net is a scavenging tool which is an all-in-one that crawls open intelligence searching for a target's details in cyberspace. These sources can come from over 40 commonly used tools like SHODAN, Whois, PasteBin, IhaveBeenPwned, Google, SANS and more.

As a whole, do not let your guard down on potential cyber traps and red flags. Maintain good cyber hygiene to better defend ourselves i.e. Be "Aware" of your online activities, "Cautious" of suspicious pop up and unsolicited email or phone call requests, and stay "Engaged" to further clarify and verify the intent of online requests prior to taking action or clicking links or opening up email attachments. Stay safe, secure and good luck in your cyber quest.