Disconnect Search is a specialized VPN that lets you search privately. It used to allow searches using Google, but now it only offers Bing and Yahoo search engines.
For anonymous web surfing, at a minimum, two components are required: a proxy and a browser that doesn’t identify you. At the office, I have both and much more to protect my privacy and provide anonymity. If I have to use a Windows computer at a client’s offices, then temporary measures have to be undertaken.
The simplest solution for this, without using an anonymous VPN, is the JonDo Proxy program that will hide your IP address (Java application) and JonDoFox, a Firefox profile optimized for anonymous and secure web surfing. Using the USB doesn’t leave any traces on the computer for some snoop at the client’s office to uncover. This need Windows as the OS.
For more privacy and anonymity, you can use JonDo/Tor-Secure-Live-DVD, a secure, pre-configured environment for anonymous surfing and more. This has its own OS based on the Debian GNU/Linux OS. The live system contains proxy clients for JonDonym, Tor Onion Router and Mixmaster remailer and much more.
The advantage of the live system is that it is on a DVD, which prevents any other system from writing something dangerous to the DVD.
Using these do not make it impossible to uncover individual users, as there is no such thing as a 100% security, but for most users, this will be adequate for most situations. If you are concerned about this, I suggest you read the surveillance reports on the law enforcement page.
Google maps now offers the measurement of distances. Right-click the starting point for the measurement then select “measure distance” from the menu. Next, left-click the next point of measurement. You may add segments to the existing measurements or simply right-click again and select “Clear measurement” from the menu.
In this 6 part series of articles for Canadian Security Magazine, part 1 explained the nature of security intelligence (SI) and its OPSEC challenges. Part 2 explained the OPSEC challenges facing security intelligence in an iconic commercial enterprise or location. Part 3 explained the important aspects of document control. Part 4 explained the best way to protect the computer network used for security intelligence.
This, the 5th part, explains that privacy and anonymity are different things entirely and how to manage the use of online personas to gather intelligence.
ORPALIS PDF OCR Free is a Windows tool which converts PDF files into fully searchable documents. It scans a PDF file and recognises all its text–even within images–and then exports a new PDF file that now has all its text searchable. This is useful with scanned documents, as it allows you to use the regular Search tool, rather than reading every page of the document.
ORPALIS offers a lot of useful tools for managing your documents. For example, the professional version converts over 90 document formats whereas the free edition supports only PDF as input. It also recognizes over 60 languages and uses multithreading to process multiple documents at the same time.
It is now common practice to take pictures of computer screens, record books, and documents during our research expeditions. I am certain that you want to do the same. Here is a list of scanning applications that may help with your quest for the ideal scanning app:
- Genius Scan for ios. This app turns phone/tablet into PDF scanner w/Dropbox/GDrive integration.
- CamScanner for Android, iPhone, iPad, Windows Phone 8
- Tiny Scanner allows you to create PDF documents with multiple scans. Scans are saved to your phone as images or PDFs. For Android, iPhone and both free and pro versions exist.
- Scannable from Evernote. Requires iOS 8.0 or later and compatible with iPhone, iPad, and iPod touch. Beware, scans are only saved to your device for 30 days unless you disable this in the “Advanced” settings.
All of the above will create a PDF of the scanned content. The next post will offer a solution to indexing the PDF files to make them searchable.
Fortune tellers swindle so many people that this has become a $2 billion (US) a year industry. I appeared in an article with the above title on Saturday, Mar 19 2016, as one of the ‘experts’ interviewed by The Toronto Star.
Select Options and then Advanced in the left hand navigation panel.
Select Data Choices and uncheck “Enable Firefox Health Report” and “Enable Crash Reporter”.
There is no reason to let Firefox to phone home with data from your computer.
By default, Firefox remembers your browsing history to make it easier to return to a visited site.
Select Options and then Privacy in the left hand navigation panel. Under History, open the drop-down menu labeled “Firefox will:”and tell the browser to never remember your history or use custom settings.
Selecting “Always use private browsing mode,” is for hardcore privacy, but you need to understand the implications of private browsing mode. See the Mozilla’s support pages for more information on this.
Here are the History settings that I suggest.
Uncheck the box for remembering your browsing and download history, un-check remembering search and form history, and leave the box checked for “Accept cookies from sites.” Then under “Accept third-party cookies” set it as Never, but change “Keep until:” I close Firefox. Finally check the box that says “Clear history when Firefox closes.”
This combination of settings allows Firefox to behave normally, but erases most of your activity upon closing the browser. These settings provide some measure of privacy without sacrificing functionality.
Firefox is the best browser for protecting your data. However, Firefox does require several setting adjustments to avoid intrusive tactics like ad tracking.
Select Options and then Privacy in the left hand navigation panel.
By default, Firefox does not enable the do-not-track feature. Turn it on by selecting “Request that sites not track you.” Also select “Use Tracking Protection in Private Windows”, which enables tracking protection that blocks ads and other online trackers when you’re in private browsing mode. However, few sites honor this request.
To enforce your do-not-track intentions, you need to use an add-on such as Ghostery, Disconnect, or the Electronic Frontier Foundation’s Privacy Badger. We have found that some sites do not to allow access to content with add-ons like these enabled.
Just to be different, I started using a Mac to do some IIR. One of my quick fixes for security was Little Snitch, a firewall for OSX. It monitors outgoing network traffic and alerts you if a program you’re running is trying to contact a strange server. This could be a shell or a program that snaps photos using your webcam or one that takes screenshots and sends them to an outside server.
The fifth annual Horizon Scan Report published by the Business Continuity Institute, in association with BSI illustrates that physical security and related issues are growing concerns amongst business leaders. This renewed interest appears in studies and surveys throughout the industrialized world.
My own recent experience in Canada includes many executives asking questions about what they can do to prevent and manage active shooters, gang violence in their facilities, and terrorist attacks. Of course, they demand secrecy to surround their queries and the answers they receive. If I were to summarise the questions, they would display a surprising lack of knowledge about violence and Canadian law. I know the answers surprise the enquirer due to his reaction upon learning how helpless he is in the face of such low-probability but high-consequence threats. What follows should help to explain the most fundamental causes of, and reasons for, our inability to deal with these threats.
The outcome of this attack informs us that we cannot stop attackers at the front door due to our irrational aversion to armed security guards. That is apparent from the utterly inept response to the attack on parliament hill.
Most Canadian security operations stop short of actually managing an armed attack. Once something violent or dangerous starts, the normal response entails calling on somebody else to do the heavy lifting. In this organisational culture, when an attack starts, the security guard’s job stops. However, calling the police is not an emergency response procedure; it is an act of desperation and an admission of incompetence.
With this entrenched mindset, it does not matter how many resources have been devoted to the security operation, when an armed attack begins, security guards, employees, or guests will suffer serious injury or death.
Sign-in procedures, searches, and metal detectors have limited utility when violent intruders come calling. Intruders like this will not calmly line-up and politely follow orders.
The notion that technology and security theatre can supplant incompetence is common in the chancelleries that extoll the virtues of their most recent purchasing decision, but those worthies never face armed terrorists, gangsters, or homicidal lunatics themselves. On the other hand, unarmed guards exposed to armed intruders have a limited number of responses: run, hide, attempt moving people away from the attacker, die in place, or confront the attacker. As illustrated by the attack on parliament hill, unarmed guards are utterly ineffective in the last response option.
Most Canadians do not understand that self-defence is not so much a right as it is a defence in law used to enrich lawyers through endless prosecution and litigation. As a result, the government has embraced the union-shop mentality that sees the preservation of life and self-defence as something only government bureaucrats may do under the supposed ‘social contract’ and nobody has the money, power, and the perseverance needed to change this mindset. Demonstrating this needless and restrictive attitude is the fact that security guards may not get a pistol permit to defend life and limb; they may only get one to protect money. This promotes the perverse belief that the private sector is more interested in money than lives. Even worse, it demonstrates that our government does not believe that any class of private citizen should actually have the right to defend themselves.
Explaining to a public official or company manager that this aversion to armed security guards is irrational does not change his viewpoint but rather creates an enemy. Decades of propaganda and indoctrination against firearms ownership and the right to self-defence has produced an ignorance and unreasoning terror of weapons, which also manifests itself in the firm belief that only government bureaucrats have some magical ability to use weapons. Explaining, if that were the case, then management of the parliament hill attack would have been quite different does not make any friends either.
In the 2014 Ottawa attack, the police did not sit on their hands outside as they did at the École Polytechnique shooting in 1989. Instead, they advanced to contact rather than waiting outside for specialized response units. This is termed Immediate Action Rapid Deployment (IARD), which is a fancy acronym for common sense.
The IARD protocol is to swiftly locate and close in on the attacker(s) to neutralize the menace at the earliest opportunity, thereby preventing further mayhem. However, this protocol has one critical flaw—the time between recognising the problem and having someone come by to resolve it. This delay causes further casualties. Would it not be more effective to stop or disrupt the attackers plan at the door? Should the attackers make it past the front door, would it not be more effective if on-site security personnel immediately employed the IRAD protocol rather than wait for police to arrive?
The federal government is slowly addressing these issues on parliament hill but do not expect any provisions for the private sector to address the very same threats.
Myths, rumors, urban legends, disinformation, and propaganda get amplified by the all-pervasive Internet and its trolls. Sometimes, this deluge of twaddle causes people who should know better to waste time, energy, and resources needlessly. Sometimes, it inspires a popular TV show like the MythBusters.
Urban legends and the related types of false information can cause problems in even the most well managed security operation. All it takes is one senior executive or official to believe something nonsensical and lend his authority to it. This may lead to money wasted on useless equipment and programs.
My first-hand experience with this problem includes a fake bomb detecting device that I later encountered as a detector of hidden ivory. This ludicrous device started as a fraudulant detector of lost golf balls. This scam lasted for years and made millions from sales across several continents.
I was suspicious of its use at a security checkpoint and managed to examine a unit and then do some research. Apparently, nobody else thought to do the same, even though lives were at stake.
An enduring myth exists that legions of prostitutes from all over the world descend on major events. This pernicious myth usually focuses on sporting events and it usually tries to link any masculine pursuit with human trafficking.
A version of this surfaced in 1998 when Jim Brown, the parliamentary assistant to Ontario Solicitor-General, Bob Runciman and one of Ontario`s Crime Commissioners, was forced to resign after he said Toronto’s Santa Claus parade gave fathers a chance to slip away and visit prostitutes. Senior police officers jeered at this idiocy.
More recently, this was supposed to occur at the World Cup, Vancouver Winter Olympics and at the US Football Super Bowl in February 2016.
The current trend is to equate the commercial sex trade with human trafficking. There are differences between women trafficked into prostitution, local sex workers, and those who migrate to other countries for work. However, irrational activists argue that large groups of men at sporting events result in increased demand for commercial sex that only trafficked women can meet.
On closer examination, every study I read revealed a large discrepancy between claims made before large sporting events and the actual number of resulting trafficking cases. I found no evidence that large sporting events cause an increase in trafficking for prostitution. Reputable anti-trafficking organisations, sex workers rights organisations, and many neutral researchers and observers also refute this claim.
Yet despite the lack of evidence, this urban legend persists. It persists due to the large number of militant reformers, politicians, and journalists who profit from it. This urban legend provides inexpensive fundraising and publicity for agendas that include misandry, prostitution abolition, halting immigration, and exaggerating foreign threats.
This sensationalism breeds a waste of limited resources. For example, the airports at San Francisco, Oakland, and San Jose and underwent training to spot victims of trafficking in advance of the Super Bowl. Would you like to guess how many trafficked women they found?
Have you ever needed to get all the Tweets from a subject during a specified time like everything in 2014?
When doing this type of search, first find the user’s first Tweet. You may do this by going to the Discover your first Tweet page and enter the users name and you will get the first Tweet and its date.
To search a full year’s Tweets isn’t difficult. Just go to the Twitter search box and enter the following:
from:user name w/0 @ since:2014-01-01 until:2014-12-31
The date format must be yyyy-mm-dd. Of course, you may enter any data range. You may also use the Twitter Advanced Search.
My fourth article in a series of six: Operational Security Part 4: Computer Network OPSEC is now available at Canadian Security Magazine.