Topic: Why beginners should pay attention to their privacy - page 4. (Read 1411 times)

I know what most users are thinking, your data has likely already been compromised so why bother? Well, if you can completely detox, data six months ago could potentially be worthless, or inaccurate. So, if you can follow the privacy advise here, as well as change your personal details or anything that could have potentially been compromised to something else, then you've effectively almost got a clean slate.

It's probably true that most of us have already leaked a metric tonne of information, and that information has probably reached someone who you never thought would've been able to gain access, but the older that data is, and the less its being renewed the less valuable it is.

Unfortunately, things like addresses which unless you plan on moving aren't exactly easy to disassociate, however at the very least if you aren't renewing that information  i.e leaking out a recent address, then the malicious attacker who might have gained that information, would have to assume, and not know. That's quite a powerful thing, because more up to date information is more likely to be used, since there's a certain degree of accuracy to it.

Obviously, avoid from now on leaking any of your data that you might think compromises you in anyway, and be careful who you trust with your data. Unfortunately, in our world you will likely need to trust someone, but as suggested there's ways to at least limit it.

What I've found a useful tool over the years is using the feature of adding a "+" to your email address. For example, signing up to this forum with [email protected] instead of [email protected]. That way if your email is ever compromised or your data has been sold, you can find out exactly who sold it. If you get spam a couple of days after signing up addressed to "[email protected]" you can almost be sure that the website you signed up to using that email address has given your data away or been compromised. While this doesn't exactly prevent you from getting your data exposed, its a good way of trialling a company before inputting real information in if you absolutely need too. Otherwise, using temporary email addresses or throwaways is the way to go.

In most cases individuals on their own unknowingly will endanger their privacy, the companies are secondary. Ignorance is one of the reasons and cause of abuse of privacy. After I made this topic Identity Security: A Newbies' Priority I became very conscious of my privacy. In practice what an average Jeo does thinking it's safe, is still dangerous to privacy.
For example;

• Browsing with browser private mood: I do this with chrome by using the incognito mood. I thought I was safe but little did I know that my ISP still see my browsing activities
• When I use VPN, I had the feeling that I was so safe and my data save till o_e_l_e_o said this  Re: Identity Security: A Newbies' Priority
• More often people enjoy using known and popular search engines like Google instead of using anonymous search engines

These mistakes will ensure in as much as we live along with the technology. It is quite sad that you you know that your data is traded, you can prevent it and yet you chose not to.

Thanks for the very informative article that makes it a very helpful advice. I guess we need privacy not just in our crypto investment, but definitely in all transactions that we made either in fiat or crypto. This is why we need not to easily trust the exchanges even those decentralized ones because we don't hold guarantees that brokers can't get our personal information because once they do it as a job, they will always find ways to track our personal details and maybe in the future, expose how many bitcoins we have. So lets not wait for that to happen. Be cautious in everything we do particularly in visiting websites because that will aid them to indulge on our own privacy without our awareness. Better be safe than sorry.

I don't think that really solves anything here. Putting aside the fact that I'm not convinced that putting data on blockchain would help to prevent hacks when compared to a centralized database, the majority of the time data hacks or leaks aren't the problem. While these obviously do happen and they can be catastrophic when they do, the majority of the time your data ends up being spread across the internet is because it is being willingly shared, bought, sold, and traded, by the very companies you are trusting to look after it in the first place, rather than being accessed by some malicious hacker or thief.

The only way to be sure your data isn't being sold or shared is to not hand it over in the first place. As soon as you do, it is out of your control.

Could be. Congress have the ability to act quite quickly when it serves their own interests. Whether they will is another matter. As mentioned in the video, data brokers spend just as much on lobbying as Facebook and Google do. There will be plenty of our politicians who won't want to place any limit on the harvesting of your data since it would mean less money in their own pockets.

It's not just for beginners TBH, but also for everyone that cares about their information. It's not good that it's going to be used for marketing purposes or any other that could give harm towards anything.

It's really an eye-opener to have watched that latest video with John Oliver because he explains it clearly and has humor so that it doesn't get boring. The experiment is what makes me keep thinking about it about making it so specific that you can really pinpoint and know people's information or interests with targeted ads. That's just scary IMO that it's possible.

I do hope that the government, not just with the warrants and buying of data to get information about suspects or something, it's the information that people can get, like in the example where the rental history of the person can be exploited. So maybe if the congress' privacy is at risk, would the laws with that be already past as fast as the video act?

---

Thanks for the helpful links, o_e_l_e_o that you provided as well, it really helps a lot with all the open-source types of software and tools that we can use.

More often I have heard of data leak by large companies with huge data base. But I hardly hear of legal actions against these companies. I know victims have the right to sue the company that exposes their data, whether it is purposefully or not. Well, I still do not blame victims that doesn't take any action because most often, the victims will not know that their data has been compromised.

I was amazed at LeGualios case, where he was emailed to be informed about his data compromise. In as much as I will say that the company is being honest to him, I could also say that it may cause Brand and reputational damage to the company. More and more customers will lose trust and interest in a company that cannot secure the data of her customers. So it could be that honest companies do not deliberately sell out their customers data. Unless during attack or they are compelled by government to do so.

O_e_l_e_o, is there no how a company's database can be saved on the blockchain for optimum security?

Absolutely. I have more than one friend who has told me a story of some innocent conversation they were having with their partner, kid, parent, etc., and then later that day they start being bombarded with ads for some specific product related to that conversation which they had never searched for or so much as mentioned before in their life. Knowing that these devices are recording, storing, and analyzing everything that is said inside your home, I cannot for the life of me understand why people are happy to wiretap themselves like this.

Electrum is a good wallet for having control of your own coins and for the additional features it offers, as well as being able to be used in an airgapped manner, but by default it is bad for privacy. We know that blockchain analysis run nodes and servers for various wallets to gather data, and Electrum is no exception. Whenever you connect to random Electrum servers, there is a non-negligible chance you are connecting to a server which is gathering data on, and linking all the addresses you are querying together, along with your IP address and any other unique identifiers they can find. And as we have seen above, often that will be enough to cross reference against other data from data brokers and identify you individually.

I gave three links in my first post to decentralized, peer-to-peer, non-KYC exchanges, which you can trade fiat for bitcoin and back again in a private way without having to hand over your data to third parties.

Thanks for the advice, but there are many things in this world today that cant be purchased by any crypto and not all businesses allow crypto as means of payment, the reason why our privacy will always get fucked up is Fiat, how will you get away trying to exchange your crypto to Fiat? Someone should please explain this to me.

While it does not paint the full picture, and will make your browsing experience a bit more troublesome, just to prove what o_e_l_e_o is saying; I encourage everyone to install uBlock Origin and NoScript in your browser. Use the maximally restrictive settings and have a look at how much stuff is actually loaded in the background in terms of trackers and non-functional JavaScript. This is literally code, which is executed on your machine, just by visiting the website! It's actually shocking.

Especially when visiting mainstream news sites and such, you will sometimes notice dozens of those scripts being loaded, even though you just wanted to read some text about something.

I would really enjoy it if every website was more like bitcointalk or https://plaintextsports.com/!
Their plug:

This is a salient aspect users pay little or no attention to and it serves as the weak point attackers now use as entry point to gain access on user's data, i really appreciate your efforts towards emphasizing on this and making it loud, we got lot of newbies that had ugly experience about crypto in general on their first approach and incidents like this needed to be discussed.


I see no reason why they should first demand for users data knowing fully that they will anonymize such, that gives an indication for doubts in securing our data with such entity, a zero KYC formation should not demand for data at first place because it must have been stated in their statement of policy and privacy, then why going against the standard, else it's not secured enough. This is just an instance of me demanding for your password and telling you i will delete it later and am not going to attack you by using it against you, that's stupidity, why must i request for it at first place? If truly i don't have a hidden agenda.


You're right, i can count on several occasions I received messages on my mail without knowing how they got my email address, then i do wonder that its only the service providers that can send such unsolicited messages to me without knowing that any malicious site visited poses a risk on user's data, not to talk of apps and ads clicks which are the worse scenarios. Some websites will pop up a message requesting user to "grant access or deny access" to contacts, messages, gallery and files and so on, most users granted them such access unknowingly to them the implications thereof.

There are also situations in which even if personal data are not being sold, they can still be hacked. Companies can brag about how secure they are .... until they are exploited. There are hundreds of stories on the web with major companies.

But there are places where we have no choice. A few days ago I received a letter informing me that the National Health Service website had been exploited and my data leaked. My social security number is now known, as well as my name, first name, age, the list of the different doctors I go to, when I went to see them, the type of problem I have, and everything else you can imagine. I wonder what is the worst between this and the Ledger's data leak. LOL (or not)

Even ISPs can't be trusted. Look on google about Verizon and ATT giving data to the CIA. That's why they created the privacy patriot act in The US to help them to make it legal
Privacy is going to get harder and harder as the years go by because it's only going to get worse. The good thing is that we can reduce the footprint as much as possible: host your email, server, storage, bookmarking site, RSS,...and yeah your node

It will be good if beginners pay attention to what privacy is and know how deadly given out their identities to custodial exchanges, custodial wallets and other custododial services. I do always mention the days when people that can physical harm people will work in conjunction with hackers, this may seem not possible to some people until it will happen. KYC is extremely dangerous.

But beginners should also try and know much about the wallet they are using, over 90% of bitcoin wallets do not have some privacy enhancing features. Although, the wallets are SPV which are light clients, but the worst part of it is that they do not have coin control, address freeze and the wallets are automatically creating transaction inputs in a way many addresses can be connected together and be traced on blockchain. This has been the reason I prefer to recommend only Electrum as the best SPV wallet but which people that do not to know much about privacy or anonymity can use poorly. Newbies are using SPV wallets without Tor and making use of it in a way central server can connect their bitcoin addresses and IP address together in a way the privacy or anonymity they can have is totally lost.

I too will recommend using a decentralized exchanges for exchanging bitcoin to fiat and vice versa, https://bisq.network/ is the most decentralized among them while https://localcryptos.com/ and https://hodlhodl.com/ are far better than using centralized exchanges.

But to have privacy while using wallet, the best is to go for full client and run full node using Tor connection. I too will recommend https://bitcoin.org/en/bitcoin-core/, or going for other means like running your own Electrum server.

That was ~25 minutes well spent, or rather ~16 minutes if you count that I watched it on a faster playback speed.
Thanks for the channel recommendation, his mix of wit, humour and actually passing on useful information is something I would want to see more of..

---

To the topic in question, privacy; It is something I didn't care about before I stumbled into Bitcoin and this forum, I allowed permissions, agreed to ToC without reading the agreement, and accepted cookies without giving it a second thought, which is the same for a frightenly amount of people out there.

In addition to the privacy risk when you click on a website, there is also a risk when you simply talk to someone as some device could be "inadvertently" activated and pick up your conversation; this was covered in this guardian article. This blurs out the limits to what information companies, brokers and who knows who else can acquire about someone.

The issue I see is that the cost of keeping your privacy is constantly increasing. The populace is gradually being herded into grating access inorder to perform simple tasks, otherwise they would have to go through several hoops to remain somewhat anonymous.

Thanks a lot for your informative article. It's really very necessary to have proper safety and privacy in every sector. Because Scammers are always waiting to make us fool and they are inventing new ways for stealing funds.
In crypto, it's more important to have proper privacy for our wallets otherwise any time we might lose all the assets by being scammed.

I don't often/ever encourage people to watch videos, but this would be 30 minutes well spent, even if you don't like his humor: Data Brokers: Last Week Tonight with John Oliver (HBO)

The whole segment is pretty terrifying. Everyone knows (or should know) that most browsers, websites, and apps monitor you and collect your data. What many people don't know is that data brokers buy and sell every piece of data about you that they can, right down to your debts and your medical conditions, and they sell it to literally anyone who wants it. A broker called Epsilon settled for $150 million after selling data to people they knew were scammers for over 10 years. Data has been sold to domestic abusers and stalkers, allowing them to track down old victims. The video mentions a case of a murder after the victim's data was purchased for less than $50.

Plenty of companies say your data is anonymized, de-identified, or collated with other data before being shared or sold, and lots of people think that means they are safe. Not so. One study found that 99.98% of anonymized data could be de-anonymized and used to identify individual users. Anonymizing data is meaningless. Even simply visiting a website (but not actually doing anything on said website) still provided the website with enough information to personally identify the user in question, track down their contact information, and send them an email minutes later.

They sell your data to the government. Governments might need a warrant or other legal ruling to come and search your computer or devices, but they don't need any permission at all to simply buy that information from data brokers. Multiple three letter agencies are buying your data and using it for anything they please. This is a very similar situation to a variety of three letter agencies employing the services of various blockchain analysis companies to track your bitcoin addresses and transactions.

In addition, centralized exchanges provide all sorts of data to data brokers, especially if you willingly hand over your KYC information. So do blockchain explorers. So do servers of SPV and light wallets. So will sites like Coinmarketcap or various crypto news sites. All this bitcoin related and other crypto related information will be pooled with all the other information held about you and sold to anyone who wants it, including scammers and criminals. Remember that simply clicking on a website was enough for that website to identify that exact person. Do you really want the whole world to know how much bitcoin you are holding?

The amount of privacy invasion going on in our daily lives is staggering. Don't make it even worse by willingly violating your own privacy.

A good place to start taking back some control in general: https://www.privacyguides.org/
Peer to peer bitcoin trades, avoiding the privacy invasion of centralized exchanges: https://bisq.network/, https://localcryptos.com/, https://hodlhodl.com/
Run your own node, and avoiding leaking information about your addresses and transactions: https://bitcoin.org/en/bitcoin-core/