FIRST THINGS FIRST
Here is the public key to contact me at pennypinchersemail at gmail.com.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.17 (MingW32)
-----END PGP PUBLIC KEY BLOCK-----
http://www.srware.net/en/software_srware_iron_download.php - Iron Browser. A "private" knockoff of Google Chrome, with the functionality but not the spying.
UPDATE: Someone told me at the local hacker club that the code wasn't open source, i.e. not viewable for peer review. So it might be NOT private after all.
https://silentcircle.com/ worldwide encrypted communication, by some ex-Navy Seals and Phil Zimmermann, the inventor of PGP. They say it has no back doors! hehehehe! The only thing, I wish they'd push their release date forward a bit, because it might be too late for it by the time they're ready with their beta version.
UPDATE, if this has a closed source, how can it be peer reviewed?
https://crypto.cat encrypted chat, no back door, Tor built-in, and open-source that claims to get around CISPA, developed by a kid from Canada.
This search engine (they're both the same thing) is the only one that does not record your IP address. Other search engines like Google and AOL record your searches and keep them in a database along with your IP address, which means that anyone accessing their databases can profile you based on your web searches. They might be able to tell what makes you tick, what kind of physical ailments you are worried about, what kind of porn you like, basically anything you do a search on. In 2006 AOL accidentally published 3 months of its database online and it's STILL THERE.
Even if you use this search engine, it won't protect you from other websites you go to recording your IP address. And some other sites are owned by Google.
You can further protect your IP address by getting TOR. This free program links you up to a network of other people all around the world and makes your IP address appear as if it is a random one of them instead of you. You don't have to become one of the ones willing to let their IP address be used, to use this. Just don't be running Tor in a browser and try to log into your Facebook account with it on. Facebook has a security feature that will shut your account down and then require you to identify photos of your FB "friends" in order to re-activate your account. If you have a lot of "friends" you don't know, this may be difficult.
News flash (not really new news): Someone found a back door for TOR. So this is not as useful as before. Basically whoever is running the exit node can see what you are doing. There are also some attacks possible on a bridge node. Otherwise spying on you through TOR is kind of a pain, but not totally impossible.
Facebook etc.: These social networking sites are actually owned behind the scenes by the CIA. It also tracks you even AFTER YOU LOG OUT. If you are worried about this then your remedy is either:
Stay off of Facebook etc.,
keep your privacy settings really private (But Facebook keeps "upgrading" which wrecks the privacy settings)
use FB on a different browser than everything else you do, or run Ccleaner after logging off FB
just keep your posts rated G in all respects. What gets on the Internet stays on the Internet. And goes everywhere.
To avoid becoming a target for thieves, do not post your whereabouts on FB, do not broadcast that you are going on vacation, and do not link to affiliations for upper-class interests like tennis, polo, falconry etc.
To avoid your face going on a facial recognition database, keep pictures of yourself off of FB. You may however have trouble keeping your friends from posting photos with you tagged in them.
If you find info about you you don't like on the internet: Usually the only thing you can do, if you can't get the party to remove it, is to bury it past the first few pages of a Google search of your name by making a bunch of new posts, articles, pages etc. with your name on them that get better search results. You can do this yourself, you don't need some company to do it for you for a fee.
Domain registration: The Republic of Tonga sells domains with the .to domain extension. (http://www.tonic.to/ is a place to get them) This is popular with privacy enthusiasts because they do not provide registration data to the WHOIS database. You can have a domain name and remain anonymous.
Browser settings: You can set your browser to forget your browsing history when it closes. You can also get it to refuse 3rd party cookies.
Tracking Cookies: In order to clear off those nosy tracking cookies, get this nice free software CCLEANER. When you run it, it erases your browser history, temp files, your cookies, and you can even get it to clean out your registry (like after you uninstall software it leaves bits of junk in your registry, and it's a good idea to clean it out every once in a while). You can also set it to wipe the unallocated (unused) space on your hard drive. When you delete files, they're actually still there on the hard drive, until they get written over. So you need to wipe the free space if you really want them gone for real.
Fingerprinting your computer: Every computer has a unique "fingerprint" consisting of browser settings and the like. Even if your computer can't be identified by its IP address, it might be identifiable by this conglomeration of settings. And yes, Google tracks that too.
Your network card has an ID physically in it which is unique and is called the Mac Address. This is captured along with the IP address when you browse, by the computer you have browsed to. Your computer can be identified by this number, but there are programs to spoof a Mac address. (I haven't tried any, so no recommendations).
P2P DNS: This is a kind of darknet of websites suggested by Pirate Bay, the P2P torrent website. Here's an article about it. They seem to still be in the beginning stages, i.e. no implementation yet. Here is another article about darknets in general. A darknet is a private peer-to-peer network. If you don't know it exists, you can't find it.
A word about the Cloud: Cloud computing is basically sticking your data onto someone else's big server so you can get it anywhere and you don't need a hard drive to store it. However, this makes it so that the government only needs a subpoena instead of a search warrant to get at the data. Also the data is subject to the whims of the cloud provider.
Who will watch the watchers: Here is a website that keeps tabs on Google's shenanigans http://www.google-watch.org/
Electronic Frontier Foundation: Here is a website to watch for news on internet privacy.
A somewhat drastic cure: There is a way to avoid your unique settings or your Mac address being associated with an IP address: Have a laptop with wireless and no hard drive, and use that only to do your private surfing. Burn a CD-rom of SLAX and use that as an OS. You'll have to find somewhere with wireless that has no password on it, or learn how to war-drive. War-driving is probably illegal and also beyond my knowledge so I won't comment on it. I guess you might also risk someone looking in your car window and seeing what is on your screen, unless you figure out a way to prevent that too. If you want to store files, use an external hard drive or a USB thumb drive.
Good antivirus and antispyware programs: Malwarebytes, Super Anti Spyware, AntiVir.
Virtual Machine: One thing you can do is run a virtual machine. This is a piece of software. The open source free one is http://www.virtualbox.org/. You will need a lot of RAM, because you'll be running 2 OS's at once. Basically it creates a bubble for another OS to run inside it. If you get a virus in your virtual machine, you just reload it from an image. It's useful for if you want to do things online that are riskier for getting viruses, because the viruses are contained in the "bubble" created by the virtual machine. You can also use it to try out other OS's, for example if you are curious about Linux but only have a Windows machine.
Beware of USB thumb drives. These little things are convenient but some hackers make viruses just for them. Here is an article where the comments below it detail ways you can either make your thumb drive read-only (so when you go to a photo kiosk you don't catch a virus from it), or to have your computer refuse access to thumb drives. And folks, don't stick a thumb drive you find in the street or parking lot into your computer. You don't know where it's been. It's a basic flaw in computer design, unless the USB ports are disabled the computer will run what's on the thumb drive without question, and if there's a virus, you're screwed.
How to whistleblow privately: Read ZeroHedge's guide here. It could be applied to other situations.
To whistleblow on a US Federal agency, you can go to http://www.pogo.org/. They also have a private whistleblowing guide in the form of a book you can buy. Do not contact or visit pogo.org from a government computer, fax or phone. Go do it from somewhere else.
New: Microsoft just came out with a way to spy on Skype conversations. Previously Skype was considered a little safer, now it's not anymore.
Here's an interesting computer security blog. http://www.schneier.com/
This guy Bruce Schneier wrote the seminal tome "Applied Cryptography" and another book "Secrets and Lies" which is about network security.
https://www.infosecisland.com This is a neat blog on information security, very geeky but snarky too.
This is more webmaster related than privacy related, but if you want to check a website for problems with malicious code, you can use these websites to do so: Norton Safe Web, URLVoid, Sucuri, and Unmask Parasites. If your own website gets on Google's blacklist of "unsafe" websites, it might be because of some third party you've linked to rather than getting hacked, but you never know. It could also be censorship.
Cell phones: How to avoid being tracked: https://ssd.eff.org/wire/protect/cell-tracking
Basically, take out the battery, or leave the dang thing at home. They can even use it to spy on your non phone conversations when the phone is off. They can use fake towers to intercept your calls and they don't even need a warrant for that.
Office phones: http://www.activistpost.com/2013/01/hacked-phones-could-be-listening-to.html
5th year PhD candidate Ang Cui and Columbia Professor Sal Stolfo have figured out how to hack Cisco phones to spy on an entire office network. Cui made a little device called the th1ngp3wn3r that you plug into a phone to do this. Cisco hasn't figured out a cure yet.
Here is a link to a video of Cui's speech at 29C3, the CCC hacker convention (each year gets another number, so next year's would be 30C3.) http://youtu.be/VTSr51g8UMU
Guest Post: The Fed's Real Worry - A Pick Up In Deflation
42 minutes ago