One of my readers posed a question about backing up Gmail emails, keeping them offline, and accessing them for research as needed. Thus, this post came into being and it talks about backing up Gmail and Yahoo, using their own tools, third party tools and Mail App.
You might wonder how this relates to privacy. If you are planning on backing up your email with the purpose of deleting your account permanently, you need to know that these free email providers will keep your data live for at least 60 days. Moreover, if you have been using a platform such as Outlook, Mail or Thunderbird to read your emails, then you have them archived in your hard drive as well. How to back up Gmail? I like to use Google’s Takeout which you can access here Make sure you are logged into the Gmail account you want to back up. Select all the products you would like to back and click Next. Under the Customize Archive Format, I recommend selecting .zip Under delivery method, if you have a Dropbox account, you can have it sent it there. Otherwise, select via email. I prefer the email method because I do not want to give Google access to my Dropbox. The last window you see it is Google telling you that it is preparing your archive and it will arrive via email. It could take a very long time (hours and even days to create) depending on how much data you have. Thus, you can create individual archives rather than compiling all (Gmail, contact, YouTube, Hangouts, etc.) in one. For Windows computers, you can use the Gmail Backup. Follow the instructions on the screen. For Apple computers, you can use Mail to bring all your Gmail emails. Once all of your emails are in, right click on the Mailbox and select Export Mailbox. As destination, you can use Dropbox here or an external hard drive. The point of this back is to have them separately than the computer you use to read them. Your Mac also stores the emails on the hard drive. To find the folder, go to Finder and on the top menu bar, select Go. Then, press the Option key and you will see the Library folder. Click on it and go to Mail. You will see all the archives there. If you are very computer savvy and have a Mac, you can download the Gmail Backup software here . Then, open the Terminal. Go to the directory of the program. Run the program and replace “dir” with the directory name you want to use and your email address with your own password. These two articles have detailed explanations: 1) Gmail BackUp; and 2) Makeuseof. How to back up Yahoo emails? There is a third party software called Yahoo Back. Once you install the software and launch it, you will need to complete the information for your Yahoo user account. Then, select an email format. Click on Browser button to select the location where you want to store the backup (external hard drive or Dropbox). What is in the backup? The backup does not contain Spam or Trash emails. In Google, using the Takeout tool, you can also backup your Gplus circles and hangout, and many more. Can I delete the accounts? Yes, once you have created a backup and you are confident that it is stored in a safe location, you can go ahead and get rid of the Gmail or Yahoo email accounts if you no longer desire to keep them active. How do I restore my back up? You can restore the back up by importing the file back into any application able to read email: Mail, Outlook, Thunderbird. Your computer does not need to be connected to the Internet for you to be able to read all these emails offline. Does Google keep your data live after deleting the account? As far as I was able to interpret from the small print in the Google’s Term of Use, your data is live for 60 days after deleting your email and your account. Ellery Davies, and I second his view, believes that Google is a protector of privacy and it deletes accounts as requested; however, Google might keep a hash for marketing purposes without being able to identify the user. Remember my saying that when we use free tools, we are the product. Regardless, of all free email service provides, Google is the only one I trust. That is all for now. Thank you for reading! Meta brings the courses Risk Management When Online and Open Source Intelligence (OSINT) Collection and Analysis to your organization regardless of where you are located. Watch this short clip: https://www.youtube.com/watch?v=aRXazQuPzFs Then call us to schedule training for your team or organization.
0 Comments
Today, in my humble opinion, you cannot use an Internet connection via Ethernet cable and WiFi (free or per pay) without having a virtual private network running at the same time. The era of hoping from free WiFi to free WiFi without a VPN is absolutely over. Some of my readers are very well-versed in technical details, and others have never heard of the word VPN. Thus, I decided to navigate in the middle with this post, keeping in mind my not so techie readers. If you want to get into the ultra-technical details on how a VPN works, there is plenty of publicly available information on the topic. What is a virtual private network? Imaging that you have a virtual pipe running parallel to your Internet connection. In technical terms, we call this tunneling. This pipe has a different Internet Protocol (IP) address than your regular Internet connection, and the connection through this tunneling (pipe) is encrypted. It does not matter who provides you with Internet services, you can always add a vpn service on top of that for your computer, phone and tablet. How does it work? You first connect to the Internet but your computer does not access the actual Internet until your VPN has engaged (if you use ExpressVPN.com with this option selected – highly recommended). Thus, you are using the public telecommunication infrastructure (Internet) but with an encrypted layer of protection that will not allow anybody to snoop on what you are doing while surfing the Internet. Why do I need a VPN? Every time you visit a website, the webmaster can see your visit because you are disclosing your actual IP address. Your Internet provider can see the sites you are visiting too. Even though you might not visiting websites that are considered compromising, your privacy is the precursor of security. Thus, when all the companies are creating a profile of your Internet habits, your privacy ends up being the product they sell to whomever is willing to pay most. These buyers are marketers and also crooks. The illustration below shows how you can be using your laptop (applies to phones and tablets) at a coffee shop (hotel, airport or your own home) to look at websites with a blue – non-encrypted connection and the red laptop along with the website master can see everything you do. On top of the illustration, you see how your IP address changes when you use an encrypted connection to look at the same website and the man-in-the-middle can no longer jump into your connection. At home, you are probably embracing the phenomenon of the Internet of Things (IoT). You have many devices connected to your network, including cameras. When these cameras are not running on an encrypted tunnel (VPN), they can be accessed by anybody. Do you want to have fun? Take a look at this website that shows all unsecured cameras in the world. Do you want your camera to be listed in this website too? http://www.insecam.org/en/bycountry/US/ If the answer is no, then begin by changing the default passwords on all the devices you connect to the Internet and ALWAYS use a VPN.
What are the best VPN services? A VPN company that offers the services for free is making you the product. This means, that the company is selling your private information. Encryption is very expensive, and we do not want anything lower than AES256. Thus, you need to expect to pay between $8.25 to $8.35 per month for a good VPN. ExpressVPN.com has been voted by many reputable organizations as the best service provider, and it is the one that I highly recommend. The other four are Buffered, IPVanish, NordVPN, and VPNArea. You can read a well-written comparison here. How do I configure it? Can I use it in multiple devices? Asuming that you will go with my recommendation of ExpressVPN.com, you can have one account that includes one computer, one phone and one tablet. The computer can use the same account at the same time the phone or the tablet; but the phone and the tablet cannot share the same account at the same time. To configure your VPN, go to Preferences, and ensure that you put a check mark on the two options under Network Lock. Under Protocol, select Automatic, and under Advanced, removed the check mark for the Diagnostic Data. In your smartphones and tablets, make sure you select to Auto-reconnect, and that the Share Diagnostic Data is off. That is all for now. Thank you for reading! Meta brings the courses Risk Management When Online and Open Source Intelligence (OSINT) Collection and Analysis to your organization regardless of where you are located. Watch this short clip: https://www.youtube.com/watch?v=aRXazQuPzFs Then call us to schedule training for your team or organization. The IT Department, as we know it today, can no longer address on its own the dynamic exchange of information that takes place in the cyberspace domain. This exchange of information includes benign and malicious traffic. In a paper I wrote some time ago and posted in LinkedIn, I was proposing the creation of the Cyber Security and Intelligence Department to operate side by side with the IT Department to track IP addresses that have unsuccessfully attempted to pass the IDS, traffic that appears normal but in context it shows that it has malicious nature, chatter in the cyberspace domain about the enterprise, its proprietary information and intellectual property, unauthorized disclose of information by employees, and threats against facilities and executives.
The analogy I use is that if I would have told a CEO 40 years ago that he/she would need an in-house attorney, I would have been given the same answer I am getting today when I say “you need a part-time or full-time in-house Chief of Cyber Intelligence” – Answer: Oh, I do not have those kinds of problems. No need for that. No ROI justification. Well, today, most medium to large businesses have an in-house attorney. :-) After 11 years of running Meta Intelligence, I have encountered many problems for which I have found solutions; however, this one is puzzling me because I cannot find the way to escape this swirl. I am hoping that some of my readers might have the answer, and also to bring to your attention this swirl that in my humble opinion is causing billions of dollars to the private sector industry. At one end of the ping-pong table, there is the CEO who knows that he/she has hired the best CIO/CTO/CISO available in the market. CEO has not been informed of any breaches of security in his company so he/she is certain that his/her company is 100% secure. At the other end of the ping-pong table, there is the CIO/CTO/CISO who knows that technology alone cannot provide a barrier of defense. He/she might be indeed one of the best in the marketplace but does not have the time/knowledge to design and teach a course that addresses the number one point of entry of cyber intrusions: the user of technology. As of today, 95% of all cyber intrusions have been caused because someone inside an organization clicked on a link that has malicious load, connected an infected computer into the company’s network, traveled to China with the same laptop that then will connect back to the network, clicked on a link sent via txt, and the list goes on and on. When a vendor, like Meta Intelligence, approaches the CEO with a solution, he/she often replies with one of these two options: 1) I have the best IT department and it has not brought that up as an issue; or 2) I don’t know much about cyber so you better talk to the IT department. Both answers put the vendor in limbo land because the IT department personnel rarely will admit that they have zero knowledge on how to address user behavior as the number one barrier of defense and they will not approach the CEO requesting assistance and engagement of a third party vendor. The CIO/CTO/CISO is concerned that bringing a third party to solve this problem might get him/her fired for incompetence. These are companies like HomeDepot, Target, Sony, Domino’s Pizza and many others you have seen in the newspapers and whose CEOs have been forced to resign, or even if remain in the company, they have paid a huge price on loss of revenues. As of today, a company will pay on average $201 to $206 per employee to recover from a cyber intrusion. However, if the company stops the endless cyber ping-pong of CEO vs IT Department, and brings a good education program on risk management when online, it will save about $150 per employee and fend off 95% of cyber intrusions. Education of the workforce is not sexy but it is very effective. Otherwise, why do you think that you have to sustain the ethic in the workplace training, and the harassment in the workplace training, and some other mandatory training that some industries are required to have in place. If you are hopefully going to provide cyber behavioral training, and by the way, this is what I have been doing since 2005 when I founded Meta Intelligence, you need to look for programs that do not leave solutions to the user’s imagination because imagination is limited by knowledge. If you, the user, do not know what man-in-the-middle attack is, you will be using free Internet all over the town and airports. Probably, you even attended a cyber security class where the instructor told you “be cautious when you open your email.” What does this type of warning mean to the average user of technology? Duck and cover when clicking on the email? Wear goggles or protective gloves? The average person reads emails on the phone and clicks and clacks on every link that sees floating on the email. Telling this person to be cautious without explaining the step-by-step of email handling is useless. If you are conscious about overhead spending but want to do an experiment of this nature – investment in education instead of buying the latest “Dr. Techno software that will not let intruders in,” you can take advantage of some of the sites that offer free training, such as the Cybrary - https://www.cybrary.it/ As of today, it has over 600k members and more than 2k topics. You can learn more about this concept of return on investment by developing strong cyber behavioral habits at: https://www.youtube.com/watch?v=aRXazQuPzFs So, the question to you, is how do we break this swirl of pushing the education ball from one end of the ping-pong table to the other end? Last year, cybercrime caused the US economy about 24 billion dollars. Wouldn't you rather see that money used in something more useful that enriching the coffers of cyber crooks? That is all for now. Thank you for reading! ![]() To reiterate the opening line of the previous blog, “this is the part of the Internet experience where most users give away their privacy. The Internet is free and that means you are the product.” I taught my three-day course last week, OpSec in Cyberspace Domain/Electronic Signature Reduction, and one of the students asked me “what is the point in doing all this to guard our privacy if we are not doing anything wrong?” I think it is a great question and here is my humble reply. Privacy is the precursor of security in all domains. In the physical domain, you close your curtains at night to gain privacy because it makes you feel more secure that nobody will be snooping on what you do at home, even when you are doing normal actives. In the cyberspace domain, privacy is also the precursor of security. If you keep your online activity private, it is more difficult to social engineering you and get hold of your credit cards, or other information that can be used to either rob you of your money or use your technology as a stepping stone to commit another crime. When cybercrime costs our nation an average of $7.8 billion dollars a year (according to the Computer Crime Research Center http://www.crime-research.org/news/13.08.2006/2179/), then protecting your online privacy is a responsibility that all citizens should fulfil in order to curtail the cyber economic warfare being inflicted upon our nation. Although I spend 80 percent of the time using Ixquick, DuckDuckGo and Google, I explore the following search engines when the topic requires imagination. :-) Dogpile.com It offers web, image, video, news, blog, and job search. Before doing any search, click on the Preferences button found immediately below the Go Fetch button. Under the Preferences tab, go to Recent Searches and select Off. This search engine does not understand Boolean markings. Gigablast Once you read the description on their website, you will understand that you are the product here. Nevertheless, it is handy to use when one does not want to leave any rocks unturned. “Founded in 2000, Matt Wells created Gigablast to index hundreds of billions of pages with the least amount of hardware possible. Gigablast provides large-scale, high-performance, real-time information retrieval technology and services for partner sites. The company offers a variety of features including topic generation and the ability to index multiple document formats. This search delivery mechanism gives a partner "turnkey" search capability and the capacity to instantly offer search at maximum scalability with minimum cost. Clients range from NASDAQ 100 listed corporations to boutique companies. Gigablast is one of a handful of search engines in the United States that maintains its own searchable index of over a billion pages.” https://www.gigablast.com Use the Advanced search rather than direct Boolean markers. Addict-o-matic – addictomatic.com It allows you to instantly create a custom page with the latest buzz on any topic. This is great to follow major events where one needs constant updates. Click on Available Sources after entering your topic, and this list pops down. Kartoo.com “Quick web search and get relevant results with the meta search engine with its directory and services that make the Net a portal KartOO totally free.” It offers free online chatrooms. Here again you are the product so proceed with critical thinking because EVERYTHING that you type here is parsed and indexed along with your IP address. Tag Galaxy at taggalaxy.de
Browse through Flickr photos in 3D with this flash application. It is a great search engine to find out relevance of the topic in question. Icerocket.com A great tool to look at all posts on blogs. It also allows you to search Twitter individually, and create an RSS feed to read post on your topic in a different platform as they are being posted on the web. socialmention.com This is a good one to look at hot topics. Conclusion If you are looking for obscurity and maximum privacy (about 90%), then you must also use a virtual private network service such as ExpressVPN.com You might also wonder whether I am making you my product. The answer is no. I do not sell or trade your contact information. Notice that I am sending you directly to ExpressVPN.com rather than giving you the link that will give me a month free per each one of you that subscribes to the service. The only thing I have asked in exchange for this free information is your liking my Art Meta Gallery Facebook page, and your following me in LinkedIn at the Meta Intelligence and Art Meta Gallery pages. That is all for now. Thank you for reading! Meta brings the courses Risk Management When Online and Open Source Intelligence (OSINT) Collection and Analysis to your organization regardless of where you are located. Watch this short clip: https://www.youtube.com/watch?v=aRXazQuPzFs Then call us to schedule training for your team or organization. This is the part of the Internet experience where most users give away their privacy. The Internet is free and that means you are the product. The more data companies can compile on you while you use all the free services available to make your Internet experience fun, the more you are exposed to be manipulated through data or to be fed tailored articles to you. Facebook is the champion at manipulating the data it feeds you through its extensive violations of normative privacy. In this blog, you will also learn that there is life beyond Google. Yes, I agree that Google is an amazing search engine, to the point that we have even made verbs in many languages with its brand…I will google this or that, googlea esto o lo otro, etc. How many search engines are there? Many. In this blog, I will talk about Google, DuckDuckgo and Ixquick. Bing/Yahoo are not worth talking about. I will touch on a couple of others on the follow up to this blog. The fundamental difference between the three is that only Google parses your search with your IP address. This is the reason I highly recommend your using a Virtual Private Network (VPN) service such as ExpressVPN.com (in my humble opinion is the best in the marketplace). This means that when you type “How to cook Italian pasta al dente,” Google will notate your IP address and the fact that you like to eat pasta cooked the Italian way. Next thing you notice is that you are getting ad after ad of Barrilla pasta. On the other hand, Google allows the use of Boolean and white hat hacking techniques. It also allows use of its cache to peruse information before clicking on the link. More on this below. Duckducgo (duckduckgo.com) prides itself for not collecting any user data. Founded in 2008 by Gabriel Weinberg, it is slowly but steadily becoming Google’s fierce competitor. DuckDuckGo is my favorite by far when I need to look for a person. It does an excellent job at bringing page after page of information that contains the person I am looking for. It has an App for the iPhone and Android platforms. On the other hand, DuckDuckgo does not have a cache for you to look at, and it does not accept Booleans and white hat hacking techniques. Ixquick.com owns the famous Startpage search engine that you see when you use TOR. Its CEO states that “privacy is a basic human right;” thus, you can imagine that this search engine does not parse the words you search and they are not paired with your IP address. Ixquick.com is owned by Surfboard Holding BV, a privately owned Dutch company. In the example below, note that Ixquick gives you the option of selecting a Proxy instead of clicking directly on the title of the result. This Proxy is an anonymizer that masks the IP address of your Internet connection. If you real IP address is located in Arlington, VA, when you hit Proxy, you will show to the webmaster of the site you are visiting that you are coming from The Netherlands. Also note on the photo below that the link that has a green down arrow is not for a cached page but it is an advertisement. Ixquick does not offer the option of looking at cache. This will be addressed below when I talk about the difference between footprint and rank. Ixquick allows Booleans and white hat hacking techniques with a lingo that is completely different than the lingo used by Google. Until not long ago, Ixquick would allow you to enter the Booleans on your own but because they were truly complicated, the new version of Startpage allows you to set the home page with Advanced Search features. Click on the three parallel lines on the upper right corner, and select Settings. Under General, on the third row, mark the Homepage search more to Advanced Search. Now, you are ready to customize your search. How can you quickly access all three search engines? I like to have them showing on my Bookmark Tool Bar, and Ixquick has its own toolbar which is pretty handy.Go to Google.com and you will see the empty search page. On the URL bar, towards the right, and providing you are using Google in Incognito mode as advised on my previous blog, you will see a white star. Click on that star and a pop down window will give you the option of where to put that bookmark. Select Bookmark Bar. Then, go to the three parallel lines or three vertical dots you see on the right hand side of Chrome, and select Bookmark-->Show Bookmark Bar.Now, go to Duckduckgo.com, and do the same process with the search page to add it to your bookmark bar.For Ixquick.com, you need to be temporarily out of Chrome incognito mode. You need to surf in regular mode just to add the bookmark. Go to Ixquick.com and click on the three parallel bars on the right hand side and select Toolbar and follow the instructions on the screen.Once you are on the Settings page of Chrome, mark Show in Incognito mode for the Ixquick toolbar extension. Now you can go back to Chrome incognito mode and enjoy the three search engines to the reach of your fingertips. Why do I need to be mindful of footprint and rank? Digital footprint is the mark you leave on Internet services when your actual IP address, MAC (machine access code) address, and the IP of your WiFi or wire connection to the Internet are recorded in the websites you visit, the Apps you run on your mobile devices, the vehicles you rent or own and allow Bluetooth for your mobile devices, etc. Page rank is determined by the famous algorithm written by Larry Page. Page rank will put on page one of a search engine the websites that people visit the most. The most popular pages will show first. Thus, when you are searching things on the Internet for fun or work related topics, and you are happy go lucky clicking and clacking on every link you see, you are increasing the page rank of all those websites you touch. If the website is a topic that goes against the American Way of Life, you might not want to make that page more popular than it is, therefore, I recommend that you look at that page in the cache mode of Google search.Even if you are covering your tracks by using a VPN and/or TOR, you are increasing popularity of unwanted pages. This is how you can see the Google cache. This is a photo that Google has taken of the website you are interested in so you are not creating page rank and you are not leaving a footprint on the website either.Click on the arrow to the right of the URL until you see the word Cache display. Click on Cache and you will see a photo that Google has taken of the page in question. This is all for now folks! Thank you for reading.
Meta brings the courses Risk Management When Online and Open Source Intelligence (OSINT) Collection and Analysis to your organization regardless of where you are located. Watch this short clip: https://www.youtube.com/watch?v=aRXazQuPzFs Then call us to schedule training for your team or organization. |
About the BlogThis blog is updated on a bi-weekly basis and it will address a variety of topics concerning cybertechnology, privacy and ethics in the cyberspace domain. Archives
February 2017
Categories |