The Internet: Tips, Tricks & Privacy

Another very useful FF addin is : NoScript. It's customisable but stops JS executing, prevents cross-scripting issues and much more.

Another safety MUST for all browsers (Windows users) is to make proper and effective use of your HOSTS file. See http://winhelp2002.mvps.org/hosts.htm for more.



wabbit

 

Good thread

Preferably never use your correct name, or part of your name in your email addy

Preferably never publish your private information.

Passwords are a problem, I have an encrypted file, but I was reading recently of a more sophisticated software approach that randomly generates 100 character passwords.

As a for instance, Hotmail accounts came under sustained hacking by password generators recently

 

More:

Many ISPs allow users to have additional mailboxes attached to your account. If this is the case with your particular ISP, NEVER use your primary account email address for ANYTHING. Always create a few additional mailboxes and use these instead. Keep one mailbox for your family and friends. Keep one mailbox for your business dealings. Keep one mailbox for all those messageboards and other forums which require your email address for registration.

If your primary account email gets spammed then there's not much you can do other than shutdown the account and pay to have another subscription with your ISP, but, if an additional mailbox is targeted by spammers, simple delete the mailbox and create another alias mailbox.

The only people who should be using your primary email account is your ISP.


wabbit

 

Excellent thread.
Some random thoughts. What if I actually want JS to execute. Do Not Track Plus, Targeted Advertising Cookie Opt-Out (TACO), and proper and effective use of the HOSTS file - all look interesting and I'll be following up. The extra mailboxes thing is a great tip.

 

There are some sites where you might want to execute JS, so simply authorise that site (temporarily or permanently) to allow JS. Read more about NoScript at http://noscript.net/features


wabbit

 

An added benefit not mentioned anywhere yet is by using the HOSTS file to redirect the massive amount of the advertising crap that people/companies have on their websites, the pages load much faster and reduces your bandwidth load.

For example: Using a good HOSTS file news.com.au loads almost instantaneously without all the ads and crap, or without the good HOSTS file it takes forever to download all the bumpf you're not interested in anyway!


wabbit

 

I use -

Whisper for passwords

http://www.softpedia.com/get/Security/Security-Related/Whisper32.shtml

Mailwasher Pro - see and deal with mail before it's downloded to your mailbox.

http://www.firetrust.com/en/products/mailwasher-pro

ACDSEE - to handle images, though I do run a web site and need it others may not -

http://www.acdsee.com/

Easily handle programs in startup with this -

http://www.mlin.net/StartupCPL.shtml

and this will tell you if something is trying to put something in startup and you can accept or refuse.

http://www.mlin.net/StartupMonitor.shtml

 

And another gem of "wisdom"...

Many computer users have only one account on their computer, and they have given themselves Super-Administrator privileges, which are susceptible to attack.

Any "layered" defense system mandates that each level of user only has sufficient privileges to perform their defined roles; it makes sense, therefore, even if there is only one user of the computer, to have a few accounts. One account is the lowest privilege user account which is the account which will be used on most occasions (cannot install anything, very hard to attack etc), one is an Administrator account (with limited privileges to install new apps and make some small system changes such as installing printers etc) and the final level is the God-Like-Super-Administrator account which has no limits and should only ever be used for major system functions and control i.e. ONLY ever used when installing or restoring the OS.

As most virus/worm/trojan/malware attacks require some sort of elevated privilege to install themselves onto the target machine, having a user account with none of these privileges will defeat the attack, even without the aid of firewalls and antivirus (but still use firewalls and antivirus!)


wabbit

 

If your email with iPrimus is easytoguess@iPrimus.com.au then it's not hard to do a simple dictionary based spam attack. Never reply or unsubscribe to these emails as then the culprit knows the address is a live account. Before going out and paying for a spam filter (they should be free anyway!) set up some filters in your email client (Outlook, Outlook Express, Thunderbird etc) to automatically delete the emails from particular addresses as they arrive. Depending on your personal circumstances and your alias mailboxes, the only people who should be using your primary account are your ISP, so I'd be deleting all email where the from address does not contain my ISP name.

I have a whole gammut of filters to deal with email as they arrive; white-list email always get delivered to me, the most "powerful" black-list filters include if I am a CC or BCC address then move to Trash (I have a special account for newsletters etc where they use mailing lists)

If you need some more info, just skype me.


wabbit

 

I've done this on Outlook Express and it works for some spam but not for all.
I've never shown any interest in gambling or looked at gambling websites, but am beseiged by rubbish trying to entice me to gamble with them.

 

my approach to email accounts

Having my own domain, I am able to create an unlimited number of email accounts. Maybe overkill, but for most regular users, the standard 5 of half a dozen may be sufficient.

So, here is how I deal with banks, brokers, and news services;

• My ISP has given me a ludicrous main name, which consists of letters and numbers and then some. Needless to say that I only use it for my modem to logon to their server.
• Each of the banks and brokers I deal with have their individual email name. Banks are usually quite careful with emails, so none of them has (yet) been compromised. Not that I would know (or care) if it had - because for each bank email, I add two Message Rules:
  rule 1: If the email comes from (say) ANZ and is directly addressed to the ANZ account, then it goes into the ANZ folder, and a "new" flag set in my Quickview (Windows Live Mail).
  rule 2: If an email comes from anywhere else into the ANZ account, don't bother downloading, but delete it from my mail server (own domain, remember).
• ASF "knows" me under an ASF address. Other Fora the same. I trust they won't pass "me" on to a third party, and so far I haven't been disappointed.
• News Services are a little harder to control, but I know (or keep track of) whose subscription is authorised and whose isn't. A simple message rule as for banks and brokers takes care of the latter.
• Unallocated addresses (like "info" or "accounts") go first into a "Suspect" catch-all. Once in a while, when I'm really bored, I may flick through there to see who wants to sell me something or offers a "Link Swap" with their website. Quite amusing, some of them. e.g. one suggested "Your website has been selected for cross-linking with..." which turned out to be a Horoscope Service.
  Yayyy! I've made it! Someone believes in my ability to predict the future. :1luvu:

 

I use Google Apps and Gmail and get maybe 1 or 2 bits of spam come through/year. It works very well. I probably receive about 1200 spam emails to my account (going by how much is in my spam folder from the last 30 days) so their spam protection does a pretty good job.

 

Unless you're under an attack, I was getting hundreds a day some years ago, then just hit delete it's easier and quicker.
They will eventually go away, mail washer allows you to bounce them but I havent had to do that for a long time.

 

Hi Julia,
that's an easy one:

Windows Live Mail, select Folder, Message Rules, add New.
"Where the Subject line contains 'betting' or 'poker' or 'gambl'
Delete it from Server"

(I have also added 'viagra', 'replica' and a few other keywords I'd rather not repeat on a family forum )

 

I've disabled the spam box in Outlook, it sometimes catches the wrong things, better just to delete what you dont want.

 

I also have my own domains and pull of another little "trick" (my host only allows me 9,999 mailboxes per account!)

I use a catch-all at the server, but when I register with anyone and are required to give them my email address, I use theirname@mydomain.com.au e.g. if I had an ABC account I would register ABC@mydomain.com.au, if I joined the XYZ forum I would register with XYZ@mydomain.com.au etc.

The "beauty" of this is if I receive email addressed to say my ABC address and it didn't originate from the ABC company, then I can assume either a) someone has guessed or discovered my email address, or b) ABC have sold their mailing list. It doesn't happen often that major companies sell their collected email addresses but many, many times I have caught out other companies (mainly web-entities) who have been selling their mailing lists in contradiction of their own privacy policies.

Domain name registration and hosted email servers are cheap these days, well within the reach of just about everyone. You get to take control of your own server-side spam filtering and other controls to limit the amount and annoyance of unsolicited emails.



wabbit

 

http://www.ghostery.com/