BoyWiki - User contributions [en]

Computer security

2026-03-14T08:48:34Z

Eskimo: /* Linux */

The term '''computer security''' for boylovers normally refers to preventing hostile operatives from tracing your Internet activities back to you. You need to make sure that your computer, if stolen or lost, does not reveal anything linking you to any boylove activities, even if activism is legal. That still means the risk of losing your job, friends, and family, and being physically attacked.

Although one hundred per cent security is impossible, you can make it more difficult for hackers and authorities to trace you, so they'll go bother somebody else. It is like installing an alarm system in your house - it guarantees nothing, but it makes breaking in burdensome, so the would-be burglar goes to a house with no alarm. ''Security is a function of the resources your adversary is willing to commit'', said Julian Sanchez, a policy expert with the Cato Institute in Washington, D.C.<ref>"Beat the FBI: How to Send Anonymous Email Without Getting Caught", by Ben Weitzenkorn,http://www.tomsguide.com/us/-anonymous-email-how-to,news-17511.html</ref>

Because terrorists are perceived as a bigger danger than boylovers, the bulk of the computing power available in the world (always finite) is focused on them.
[[File:Computer graphic.JPG|right]]
== Internet security==

The Internet was originally built with no security, as it came out of a military environment in which all participants were known and trusted <ref>Wikipedia: History of the Internet https://en.wikipedia.org/wiki/History_of_the_Internet</ref>. Privacy and security is continuously grafted onto the platform as it grows and expands into new fields that their creators never designed it for. With complexity it increases the chances of a vulnerability being exploited for nefarious purposes, Internet Security is a game of a whack a mole, you should never lower your guard.

There are technological advances every single day, if you care about computer security, you must read about technology and security news as often as you can to update your knowledge, what is safe today might change tomorrow, by being up to date on technological advances you can plan for the future, for example, by picking a strong encryption algorithm that will be safe for the next twenty years.

===Web browsers===

A Web browser is a program that runs on your computer/smartphone/tablet and is used to access the Internet. It has the function, among others, of decoding the data received — most of it strings of characters are meaningless if not processed — and transforming them into a meaningful form to a human while displaying it optimally on your computer/smartphone/tablet. Chrome, Firefox, Microsoft Edge and Apple's Safari are some example of Internet browsers.

When your browser sends a request for a page to a web server, it goes first to your Internet Service Provider (in some countries a government agency), which records it and sends it on its way on the Internet. Together with the name/address of the page desired, the request includes information about you. Most important is your IP (Internet protocol) address, a string of numbers that identifies the requesting computer, so that the desired data can be sent to it. It also includes the browser and operating system used, and sometimes the hardware used.

===IP Address===

Every device connected to the Internet is identified by a unique number known as an IP address, IP stands for ''Internet Protocol'', an IPv4 address number is made up of 32 bits and takes the form '''n.n.n.n''', IPv4 address example: 127.1.67.235. To cope with Internet growth, due to IPv4 addresses running out, a new Internet Protocol Version called IPv6 was developed, they are made up of 128 bits and represented as eight groups of four hexadecimal digits with the groups being separated by colons, IPv6 address example: 3ffe:1900:4545:3:200:f8ff:fe21:67cf

Both protocols IPv4 and IPv6 are interoperable, the numbers may be different each time you connect but your Internet Service Provider assigns these numbers, they know the history of each IP address, they can provide law enforcement with the name and address of the subscriber that has been assigned a particular IP address.

Internet Service Providers have the capacity of logging each page a user visits and blocking access to them, in some countries this is a reality. In the United Kingdom the Investigatory Powers Bill forces Internet Service Providers to keep web records of users for 12 months. <ref>Investigatory Powers Bill UK https://www.wired.co.uk/article/ip-bill-law-details-passed</ref>

In the United States, if national security is at stake, National Security Letters, authorised by Congress can be used by federal agencies. They require Internet Service Providers to release to all data they have about any user, furthermore, the Internet Service Provider is prohibited from informing you that a request for information about you has been received. Given the recent history of misconduct by the FBI and similar agencies, it would be naive to assume that all of these warrantless, secret searches are for legitimate national security purposes. It is well documented that if evidence of any illegal activity is found in the data gathered using a National Security Letter, even if it has no relevance to national security, that data can be and is legally used to bring criminal charges.

In addition to your ISP, Web sites routinely log the IP address of every visitor, together with the browser they are using and operating system. This information may also be retained indefinitely. While a subpoena is usually necessary for law enforcement to obtain access in the United States, a subpoena may entail little more for the requesting agency than filling out an online form. In many countries law enforcement has total access to servers within its borders. <ref>Russia demands access to VPN providers’ servers https://www.networkworld.com/article/3385050/russia-demands-access-to-vpn-providers-servers.html</ref>

To secure your web browsing and stop Internet Service Providers from logging, spying and censoring your Internet activities, you can use a [[Proxy and VPN|VPN or Tor]].

=== Virtual Private Networks (VPNs) ===

A [[Proxy_and_VPN|Virtual Private Network]] creates an encrypted tunnel and connects you to a proxy server that will receive your data request for an Internet page or download and forward it using the VPN server IP address instead of yours, because of the encryption, your Internet Service Provider will not be able to see what you are doing on the Internet or intercept your communications, only the VPN provider will be able to do that, many claim they keep no logs, or keep them very briefly but such claims must be treated with caution as you have no way to verify it.

A VPN provider located in a foreign country, simply because of the hassle of dealing with an agency of another country, can provide more protection than a domestic one. The client software running on your computer/smartphone or tablet will [[encryption|encrypt]] your request for a Web page, so even if your data is being monitored, all the monitor can tell is that a certain IP address (you) sent a request to a VPN, but the URL of the page that you requested is not visible. Another use of a VPN is being able to access websites that are georestricted, for example watching CBS online outside the USA.

In most Western countries using a VPN is completely legal and there are many legitimate purposes to use one, like wanting to secure your Internet activities on a Wifi access point or a business looking for secure access to a stock market account. As of 2026, there are three VPN companies that filter websites and block what they call child porn websites, once filtering capabilities exist it is very easy for somebody to add any other site they want, the list of blocked websites is secret and nobody will ever know what is in there. These VPNs all belong to the same parent company, UK based Kape Technologies, and their names are ExpressVPN, Private Internet Access (PIA) and CyberGhostVPN, due to privacy concerns they should be avoided.<ref>ExpressVPN blocks child porn in partnership with Internet Watch Foundation https://www.tomsguide.com/computing/vpns/expressvpn-blocks-child-abuse-material-in-partnership-with-internet-watch-foundation</ref>

The Onion Router [[Tor]] is a chain of proxy servers located in multiple countries and it is far more secure than a VPN, however speed is slower.

==What information does your browser store?==

Most web browsers store a great deal of information every time you visit a web page; law enforcement accesses it by running the program Browser Postmortem. This storage is intended to make it easier for you to later find and reload already visited Web pages. What information is stored, how and where, depends on which browser you use, which version you have, on what platform or operating system you are running it, and your personal security settings. Some of the items a browser may record are:

# All web page addresses (URLs) you entered into your browser's address bar. This is found in your browser's History.
# The page itself in your cache.
# Any embedded elements, such as graphics or scripts, saved separately in your cache.
# Cookies.
# Search history (terms searched for by [[search engines]]).

===Address Bar and History===

Both the browser history and address-bar list make it easier to access recently-visited sites by storing the addresses of any site you visit. These effectively leaves a trail for others with access to your computer to find and follow your activity on the Internet. Anyone else who uses or has access to your browser can easily look at your recent internet activity.

All major browsers have a menu command to delete the history; but this is no protection and can be easily recovered with specialist software by law enforcement or computer technicians. There are programs like Bleachbit that will securely overwrite temporary files so that recovery it is not possible but wiping software is not 100% perfect, the only way to be sure that no data will ever be recovered from your computer is to encrypt the whole hard drive or use a live DVD to browse the Internet, for example Tails.

===The Browser Cache===

The browser cache is designed to make loading frequently-accessed pages quicker. Downloading a page from the internet takes time, so the cache is designed to store entire pages from sites which you visit. Some browsers create a single cache file, while others may store embedded elements such as images, style-sheets or scripts separately. When you type an address into your browser it will check with the server to see if the page has been modified since last accessed and if there are no changes it will draw the page from the cache rather than from the server.

The browser cache is a record of the sites you have visited and can easily be accessed by others. Major browsers have a menu selection to erase the cache. However it does not securely erase the data is still recoverable with specialist undelete software. A medium security solution is to deploy secure erasing software like CCleaner, or browse the Internet in incognito mode, it considerably reduces the information available in your hard drive but not all of it if your opponent has high IT skills he might still be able to recover small bits of information.

===Cookies===

Cookies are small files used to by web sites to either store settings or track what you do online. They are sent to your computer and stored by your browser when you visit a site. Cookies are necessary for innocent purposes such as automating log-in and storing preferences, and providing targeted advertising, but they too leave their footprints for others to follow. If someone can look at what cookies you have stored in your Internet browser they can find out what websites you visited and the associated usernames.

Inside your Internet browser settings you can manually erase cookies but this will not be done safely unless they are overwritten with specialist Internet privacy software that stops computer forensic tools from unerasing them.

==="Private" or "Incognito" mode===

Modern browsers often have what is called ''Private Browsing'' (Firefox) or ''Incognito Mode'' (Chrome), when activated, no browsing history, cookies or cache are kept. Once all tabs are closed, all session information is discarded. However, it does not conceal from your Internet Service Provider, workplace, library or Internet cafe which pages you visited and it will not stop other applications in your computer. like a keylogger, from monitoring what you are browsing, if you have downloaded a file in Incognito mode, this file will remain in your hard drive. <ref> Myths about private browsing: https://support.mozilla.org/en-US/kb/common-myths-about-private-browsing</ref>

== Windows 11 ==

'''Warning!'''

It is extremely difficult to have privacy in Windows and Microsoft new updates keep pushing people towards their cloud services which are a privacy nightmare. A few tips are given here to secure Windows but if you are serious about privacy you must wipe out Windows and install Linux instead, there is no other way.

* Microsoft account: The Microsoft Windows 11 operating system forces users to sign up for a Microsoft account, signing into Windows 11 with your Microsoft account will immediately sync (upload) settings and data to the company’s servers <ref> How to Set Up Windows 11 for Maximum Privacy https://aardwolfsecurity.com/how-to-set-up-windows-11-for-maximum-privacy/</ref>, the data may contain your Internet browsing history, saved passwords and settings like your desktop background, signing in with a Microsoft account enables full-disk encryption too and it stores a recovery decryption key in OneDrive, to avoid this use a local Windows 11 account instead of a Microsoft cloud account. At the moment of writing, Windows 11 is making it impossible for users to operate without creating a Microsoft cloud account, there are ways around this but as the situation keeps changing, instead of a providing a solution that will quickly be out of date, you are advised to use a search engine to search for a work around to use Windows 11 with a local account.

* OneDrive: When you upload files to OneDrive they are automatically scanned to detect child pornography, <ref>Microsoft tip leads to child porn arrest in Pennsylvania https://www.bbc.com/news/technology-28682686</ref> the main problem with this is approach is that Microsoft treats everybody like a suspected criminal and child pornographer without being one, it is like having to submit yourself to a search without any evidence of any wrongdoing and without any warrant, by agreeing to using OneDrive, you are waving your privacy rights, the same for Dropbox and other cloud services. If you care about not being treated like a suspected criminal, uninstall OneDrive from Windows.

== Linux ==

Why Use Linux instead of Windows?

* Privacy & Bloat-Free: Unlike Windows, which forces you create an account with personal identifiers and sneakily attempts to get you to inadvertently upload your personal data to Windows servers, most Linux distributions do not track user activity. This focus on privacy, combined with minimal pre-installed software, results in a cleaner, faster, and more private user experience.

* Cost & Flexibility: Most Linux distributions are free to download, use, and distribute.

* Customization & Control: Linux offers unparalleled customization. Users can choose from numerous desktop environments, window managers, and software packages to tailor the system to their exact needs.

* Performance & Stability: Linux is generally more lightweight and efficient than Windows.

Recommended Linux distributions:

* Beginners: Linux Mint or Zorin OS because everything works out of the box and they design it with ex-Windows users in mind.

* Advanced users: Fedora Linux or Debian, because they get security updates and have a big community, they may require you to download codecs or customize something during and after installation. You have to me a little familiar with computers for everything to work.

For anonymity the best Linux distribution is Tails OS but it can not be installed in your computer, this distribution only runs from a USB thumbdrive, this is done on purpose to avoid leaving any data behind after you power off the computer.

== Smartphones and tablets ==

Android and iPhones have encryption turned on by default and you can and should lock them with a passphrase, but in some countries like the United Kingdom the law forces you to hand over your decryption keys when law enforcement requests it. <ref> UK police can now force you to reveal decryption keys: https://www.theregister.co.uk/2007/10/03/ripa-decryption_keys_power/ </ref>, in other countries like the United States you can plead the Constitution Fifth Amendment right not to self-incriminate and refuse handing over the password to your phone, however if the smartphone is switched on when seized it is trivial to access the content without your consent and if it is switched off they could try a brute force attack, but this is very time consuming and expensive depending on password difficulty and might not work in the end. <ref>Forcing Someone to Unlock and Decrypt Their Phone Violates the Constitution https://www.eff.org/deeplinks/2017/03/eff-court-forcing-someone-unlock-and-decrypt-their-phone-violates-constitution </ref>.

Consider using a VPN to protect your Internet connection from illegal spying by hackers and government agencies, nearly all of the big VPN companies smartphone apps have a setting to block advertising and tracking cookies, that will save you from downloading an app to block adverts. If you are in a high security environment you might want to download an antivirus for your smartphone but this will quickly drain your battery. You should only download apps from the official store as otherwise you risk downloading a trojan into your phone. A good open source alternative to Android and Apple Marketplace is F-Droid.

=== iPhone/iPad ===

All of the data on the iPhone is backed up onto servers operated by Apple, a default behaviour that can be turned off in settings. The iCloud used to be easily accessible by law enforcement because Apple holds the decryption key for iCloud, in 2023 Apple announced that they would be encrypting iCloud with a system called Advanced Data Protection that makes it impossible for their own staff to access your data <ref>How to lock down your iCloud with Apple's Advanced Data Protection https://www.inverse.com/gear/how-to-lock-down-icloud-ios-16-apple-advanced-data-protection</ref>, however it is the user who must turn this on in the settings and you should keep your eyes open in the tech news because Apple appears to often change their stance on data privacy depending on the political climate.

In 2021 Apple announced that they would scan all iPhones to detect child porn and report it to law enforcement, unlike iCloud, where Apple only scans the files you upload to detect child porn, Apple intention was to scan anything stored in the phone regardless of whether it is being uploaded to their cloud servers or not. <ref>Apple to start scanning US iPhones for images of child sexual abuse https://www.france24.com/en/americas/20210806-apple-to-start-scanning-us-iphones-for-images-of-child-sexual-abuse</ref>. After outrage from privacy activists and users, in fear that a system like that could be used by dictatorships like China to require Apple to scan iPhones for anything they see fit, not only child porn, Apple decided to quietly shelve the plan.

=== Android ===

The security and privacy of an Android phone is not much more different from an iPhone, the main difference is that while Apple makes the software and the hardware of an iPhone, in Android, Google only develops the software and licenses it to multiple hardware vendors that build the phone, now you have two companies that could violate your privacy, Google and your smartphone vendor, try to stay away from cheap little known Chinese smartphone brands as some of them ship with spyware. Regarding the Android OS, you should not trust Google Drive, Gmail or any other Google product that comes embedded with the operating system, while Apple makes money selling hardware, Google does not, their main reason to give away Android for free is that they will push you to use their products, mine your data and make money with it.

The main way to secure an Android phone, always bearing in mind that it might not be possible 100%, familiarise yourself with the privacy and security settings of Android and turn off all the data sharing which is on by default, protect access to your phone with a passphrase, and don´t use any Google product that comes with the phone.

== See also ==

* [[Privacy Freeware]]
* [[Tor|The Onion Router Tor]]
* [[The Dangers of using VPN]]

==References==
{{reflist}}

[[Category:Essential reading for BoyLovers]]
[[Category:Technology]]

== External links ==

* [https://ssd.eff.org/ Surveillance Self-defence Guide] Electronics Frontiers Foundation guide
* [https://whatismybrowser.com/ WhatIsMyBrowser.com] See your Internet browser headers
* [https://bleachbit.org/ BleachBit Privacy Cleaner]
* [https://oo-software.com/en/shutup10 ShutUp10++:Free antispy tool for Windows 10 and 11]
* [https://distrosea.com/ DistroSea: Test Linux distros online]
* [https://f-droid.org/ F-Droid open source app store for Android]

Computer security

2026-03-14T08:47:07Z

Eskimo: /* Linux */

The term '''computer security''' for boylovers normally refers to preventing hostile operatives from tracing your Internet activities back to you. You need to make sure that your computer, if stolen or lost, does not reveal anything linking you to any boylove activities, even if activism is legal. That still means the risk of losing your job, friends, and family, and being physically attacked.

Although one hundred per cent security is impossible, you can make it more difficult for hackers and authorities to trace you, so they'll go bother somebody else. It is like installing an alarm system in your house - it guarantees nothing, but it makes breaking in burdensome, so the would-be burglar goes to a house with no alarm. ''Security is a function of the resources your adversary is willing to commit'', said Julian Sanchez, a policy expert with the Cato Institute in Washington, D.C.<ref>"Beat the FBI: How to Send Anonymous Email Without Getting Caught", by Ben Weitzenkorn,http://www.tomsguide.com/us/-anonymous-email-how-to,news-17511.html</ref>

Because terrorists are perceived as a bigger danger than boylovers, the bulk of the computing power available in the world (always finite) is focused on them.
[[File:Computer graphic.JPG|right]]
== Internet security==

The Internet was originally built with no security, as it came out of a military environment in which all participants were known and trusted <ref>Wikipedia: History of the Internet https://en.wikipedia.org/wiki/History_of_the_Internet</ref>. Privacy and security is continuously grafted onto the platform as it grows and expands into new fields that their creators never designed it for. With complexity it increases the chances of a vulnerability being exploited for nefarious purposes, Internet Security is a game of a whack a mole, you should never lower your guard.

There are technological advances every single day, if you care about computer security, you must read about technology and security news as often as you can to update your knowledge, what is safe today might change tomorrow, by being up to date on technological advances you can plan for the future, for example, by picking a strong encryption algorithm that will be safe for the next twenty years.

===Web browsers===

A Web browser is a program that runs on your computer/smartphone/tablet and is used to access the Internet. It has the function, among others, of decoding the data received — most of it strings of characters are meaningless if not processed — and transforming them into a meaningful form to a human while displaying it optimally on your computer/smartphone/tablet. Chrome, Firefox, Microsoft Edge and Apple's Safari are some example of Internet browsers.

When your browser sends a request for a page to a web server, it goes first to your Internet Service Provider (in some countries a government agency), which records it and sends it on its way on the Internet. Together with the name/address of the page desired, the request includes information about you. Most important is your IP (Internet protocol) address, a string of numbers that identifies the requesting computer, so that the desired data can be sent to it. It also includes the browser and operating system used, and sometimes the hardware used.

===IP Address===

Every device connected to the Internet is identified by a unique number known as an IP address, IP stands for ''Internet Protocol'', an IPv4 address number is made up of 32 bits and takes the form '''n.n.n.n''', IPv4 address example: 127.1.67.235. To cope with Internet growth, due to IPv4 addresses running out, a new Internet Protocol Version called IPv6 was developed, they are made up of 128 bits and represented as eight groups of four hexadecimal digits with the groups being separated by colons, IPv6 address example: 3ffe:1900:4545:3:200:f8ff:fe21:67cf

Both protocols IPv4 and IPv6 are interoperable, the numbers may be different each time you connect but your Internet Service Provider assigns these numbers, they know the history of each IP address, they can provide law enforcement with the name and address of the subscriber that has been assigned a particular IP address.

Internet Service Providers have the capacity of logging each page a user visits and blocking access to them, in some countries this is a reality. In the United Kingdom the Investigatory Powers Bill forces Internet Service Providers to keep web records of users for 12 months. <ref>Investigatory Powers Bill UK https://www.wired.co.uk/article/ip-bill-law-details-passed</ref>

In the United States, if national security is at stake, National Security Letters, authorised by Congress can be used by federal agencies. They require Internet Service Providers to release to all data they have about any user, furthermore, the Internet Service Provider is prohibited from informing you that a request for information about you has been received. Given the recent history of misconduct by the FBI and similar agencies, it would be naive to assume that all of these warrantless, secret searches are for legitimate national security purposes. It is well documented that if evidence of any illegal activity is found in the data gathered using a National Security Letter, even if it has no relevance to national security, that data can be and is legally used to bring criminal charges.

In addition to your ISP, Web sites routinely log the IP address of every visitor, together with the browser they are using and operating system. This information may also be retained indefinitely. While a subpoena is usually necessary for law enforcement to obtain access in the United States, a subpoena may entail little more for the requesting agency than filling out an online form. In many countries law enforcement has total access to servers within its borders. <ref>Russia demands access to VPN providers’ servers https://www.networkworld.com/article/3385050/russia-demands-access-to-vpn-providers-servers.html</ref>

To secure your web browsing and stop Internet Service Providers from logging, spying and censoring your Internet activities, you can use a [[Proxy and VPN|VPN or Tor]].

=== Virtual Private Networks (VPNs) ===

A [[Proxy_and_VPN|Virtual Private Network]] creates an encrypted tunnel and connects you to a proxy server that will receive your data request for an Internet page or download and forward it using the VPN server IP address instead of yours, because of the encryption, your Internet Service Provider will not be able to see what you are doing on the Internet or intercept your communications, only the VPN provider will be able to do that, many claim they keep no logs, or keep them very briefly but such claims must be treated with caution as you have no way to verify it.

A VPN provider located in a foreign country, simply because of the hassle of dealing with an agency of another country, can provide more protection than a domestic one. The client software running on your computer/smartphone or tablet will [[encryption|encrypt]] your request for a Web page, so even if your data is being monitored, all the monitor can tell is that a certain IP address (you) sent a request to a VPN, but the URL of the page that you requested is not visible. Another use of a VPN is being able to access websites that are georestricted, for example watching CBS online outside the USA.

In most Western countries using a VPN is completely legal and there are many legitimate purposes to use one, like wanting to secure your Internet activities on a Wifi access point or a business looking for secure access to a stock market account. As of 2026, there are three VPN companies that filter websites and block what they call child porn websites, once filtering capabilities exist it is very easy for somebody to add any other site they want, the list of blocked websites is secret and nobody will ever know what is in there. These VPNs all belong to the same parent company, UK based Kape Technologies, and their names are ExpressVPN, Private Internet Access (PIA) and CyberGhostVPN, due to privacy concerns they should be avoided.<ref>ExpressVPN blocks child porn in partnership with Internet Watch Foundation https://www.tomsguide.com/computing/vpns/expressvpn-blocks-child-abuse-material-in-partnership-with-internet-watch-foundation</ref>

The Onion Router [[Tor]] is a chain of proxy servers located in multiple countries and it is far more secure than a VPN, however speed is slower.

==What information does your browser store?==

Most web browsers store a great deal of information every time you visit a web page; law enforcement accesses it by running the program Browser Postmortem. This storage is intended to make it easier for you to later find and reload already visited Web pages. What information is stored, how and where, depends on which browser you use, which version you have, on what platform or operating system you are running it, and your personal security settings. Some of the items a browser may record are:

# All web page addresses (URLs) you entered into your browser's address bar. This is found in your browser's History.
# The page itself in your cache.
# Any embedded elements, such as graphics or scripts, saved separately in your cache.
# Cookies.
# Search history (terms searched for by [[search engines]]).

===Address Bar and History===

Both the browser history and address-bar list make it easier to access recently-visited sites by storing the addresses of any site you visit. These effectively leaves a trail for others with access to your computer to find and follow your activity on the Internet. Anyone else who uses or has access to your browser can easily look at your recent internet activity.

All major browsers have a menu command to delete the history; but this is no protection and can be easily recovered with specialist software by law enforcement or computer technicians. There are programs like Bleachbit that will securely overwrite temporary files so that recovery it is not possible but wiping software is not 100% perfect, the only way to be sure that no data will ever be recovered from your computer is to encrypt the whole hard drive or use a live DVD to browse the Internet, for example Tails.

===The Browser Cache===

The browser cache is designed to make loading frequently-accessed pages quicker. Downloading a page from the internet takes time, so the cache is designed to store entire pages from sites which you visit. Some browsers create a single cache file, while others may store embedded elements such as images, style-sheets or scripts separately. When you type an address into your browser it will check with the server to see if the page has been modified since last accessed and if there are no changes it will draw the page from the cache rather than from the server.

The browser cache is a record of the sites you have visited and can easily be accessed by others. Major browsers have a menu selection to erase the cache. However it does not securely erase the data is still recoverable with specialist undelete software. A medium security solution is to deploy secure erasing software like CCleaner, or browse the Internet in incognito mode, it considerably reduces the information available in your hard drive but not all of it if your opponent has high IT skills he might still be able to recover small bits of information.

===Cookies===

Cookies are small files used to by web sites to either store settings or track what you do online. They are sent to your computer and stored by your browser when you visit a site. Cookies are necessary for innocent purposes such as automating log-in and storing preferences, and providing targeted advertising, but they too leave their footprints for others to follow. If someone can look at what cookies you have stored in your Internet browser they can find out what websites you visited and the associated usernames.

Inside your Internet browser settings you can manually erase cookies but this will not be done safely unless they are overwritten with specialist Internet privacy software that stops computer forensic tools from unerasing them.

==="Private" or "Incognito" mode===

Modern browsers often have what is called ''Private Browsing'' (Firefox) or ''Incognito Mode'' (Chrome), when activated, no browsing history, cookies or cache are kept. Once all tabs are closed, all session information is discarded. However, it does not conceal from your Internet Service Provider, workplace, library or Internet cafe which pages you visited and it will not stop other applications in your computer. like a keylogger, from monitoring what you are browsing, if you have downloaded a file in Incognito mode, this file will remain in your hard drive. <ref> Myths about private browsing: https://support.mozilla.org/en-US/kb/common-myths-about-private-browsing</ref>

== Windows 11 ==

'''Warning!'''

It is extremely difficult to have privacy in Windows and Microsoft new updates keep pushing people towards their cloud services which are a privacy nightmare. A few tips are given here to secure Windows but if you are serious about privacy you must wipe out Windows and install Linux instead, there is no other way.

* Microsoft account: The Microsoft Windows 11 operating system forces users to sign up for a Microsoft account, signing into Windows 11 with your Microsoft account will immediately sync (upload) settings and data to the company’s servers <ref> How to Set Up Windows 11 for Maximum Privacy https://aardwolfsecurity.com/how-to-set-up-windows-11-for-maximum-privacy/</ref>, the data may contain your Internet browsing history, saved passwords and settings like your desktop background, signing in with a Microsoft account enables full-disk encryption too and it stores a recovery decryption key in OneDrive, to avoid this use a local Windows 11 account instead of a Microsoft cloud account. At the moment of writing, Windows 11 is making it impossible for users to operate without creating a Microsoft cloud account, there are ways around this but as the situation keeps changing, instead of a providing a solution that will quickly be out of date, you are advised to use a search engine to search for a work around to use Windows 11 with a local account.

* OneDrive: When you upload files to OneDrive they are automatically scanned to detect child pornography, <ref>Microsoft tip leads to child porn arrest in Pennsylvania https://www.bbc.com/news/technology-28682686</ref> the main problem with this is approach is that Microsoft treats everybody like a suspected criminal and child pornographer without being one, it is like having to submit yourself to a search without any evidence of any wrongdoing and without any warrant, by agreeing to using OneDrive, you are waving your privacy rights, the same for Dropbox and other cloud services. If you care about not being treated like a suspected criminal, uninstall OneDrive from Windows.

== Linux ==

Why Use Linux instead of Windows?

* Privacy & Bloat-Free: Unlike Windows, which forces you create an account with personal identifiers and sneakily attempts to get you to inadvertently upload your personal data to Windows servers, most Linux distributions do not track user activity. This focus on privacy, combined with minimal pre-installed software, results in a cleaner, faster, and more private user experience.

* Cost & Flexibility: Most Linux distributions are free to download, use, and distribute.

* Customization & Control: Linux offers unparalleled customization. Users can choose from numerous desktop environments, window managers, and software packages to tailor the system to their exact needs.

* Performance & Stability: Linux is generally more lightweight and efficient than Windows.

Recommended Linux distributions:

* Beginners: Linux Mint or Zorin OS because everything works out of the box and they design it with ex-Windows users in mind.

* Advanced users: Fedora Linux or Debian, they may require you to download codecs or customize something during and after installation. You have to me a little familiar with computers for everything to work.

For anonymity the best Linux distribution is Tails OS but it can not be installed in your computer, this distribution only runs from a USB thumbdrive, this is done on purpose to avoid leaving any data behind after you power off the computer.

== Smartphones and tablets ==

Android and iPhones have encryption turned on by default and you can and should lock them with a passphrase, but in some countries like the United Kingdom the law forces you to hand over your decryption keys when law enforcement requests it. <ref> UK police can now force you to reveal decryption keys: https://www.theregister.co.uk/2007/10/03/ripa-decryption_keys_power/ </ref>, in other countries like the United States you can plead the Constitution Fifth Amendment right not to self-incriminate and refuse handing over the password to your phone, however if the smartphone is switched on when seized it is trivial to access the content without your consent and if it is switched off they could try a brute force attack, but this is very time consuming and expensive depending on password difficulty and might not work in the end. <ref>Forcing Someone to Unlock and Decrypt Their Phone Violates the Constitution https://www.eff.org/deeplinks/2017/03/eff-court-forcing-someone-unlock-and-decrypt-their-phone-violates-constitution </ref>.

Consider using a VPN to protect your Internet connection from illegal spying by hackers and government agencies, nearly all of the big VPN companies smartphone apps have a setting to block advertising and tracking cookies, that will save you from downloading an app to block adverts. If you are in a high security environment you might want to download an antivirus for your smartphone but this will quickly drain your battery. You should only download apps from the official store as otherwise you risk downloading a trojan into your phone. A good open source alternative to Android and Apple Marketplace is F-Droid.

=== iPhone/iPad ===

All of the data on the iPhone is backed up onto servers operated by Apple, a default behaviour that can be turned off in settings. The iCloud used to be easily accessible by law enforcement because Apple holds the decryption key for iCloud, in 2023 Apple announced that they would be encrypting iCloud with a system called Advanced Data Protection that makes it impossible for their own staff to access your data <ref>How to lock down your iCloud with Apple's Advanced Data Protection https://www.inverse.com/gear/how-to-lock-down-icloud-ios-16-apple-advanced-data-protection</ref>, however it is the user who must turn this on in the settings and you should keep your eyes open in the tech news because Apple appears to often change their stance on data privacy depending on the political climate.

In 2021 Apple announced that they would scan all iPhones to detect child porn and report it to law enforcement, unlike iCloud, where Apple only scans the files you upload to detect child porn, Apple intention was to scan anything stored in the phone regardless of whether it is being uploaded to their cloud servers or not. <ref>Apple to start scanning US iPhones for images of child sexual abuse https://www.france24.com/en/americas/20210806-apple-to-start-scanning-us-iphones-for-images-of-child-sexual-abuse</ref>. After outrage from privacy activists and users, in fear that a system like that could be used by dictatorships like China to require Apple to scan iPhones for anything they see fit, not only child porn, Apple decided to quietly shelve the plan.

=== Android ===

The security and privacy of an Android phone is not much more different from an iPhone, the main difference is that while Apple makes the software and the hardware of an iPhone, in Android, Google only develops the software and licenses it to multiple hardware vendors that build the phone, now you have two companies that could violate your privacy, Google and your smartphone vendor, try to stay away from cheap little known Chinese smartphone brands as some of them ship with spyware. Regarding the Android OS, you should not trust Google Drive, Gmail or any other Google product that comes embedded with the operating system, while Apple makes money selling hardware, Google does not, their main reason to give away Android for free is that they will push you to use their products, mine your data and make money with it.

The main way to secure an Android phone, always bearing in mind that it might not be possible 100%, familiarise yourself with the privacy and security settings of Android and turn off all the data sharing which is on by default, protect access to your phone with a passphrase, and don´t use any Google product that comes with the phone.

== See also ==

* [[Privacy Freeware]]
* [[Tor|The Onion Router Tor]]
* [[The Dangers of using VPN]]

==References==
{{reflist}}

[[Category:Essential reading for BoyLovers]]
[[Category:Technology]]

== External links ==

* [https://ssd.eff.org/ Surveillance Self-defence Guide] Electronics Frontiers Foundation guide
* [https://whatismybrowser.com/ WhatIsMyBrowser.com] See your Internet browser headers
* [https://bleachbit.org/ BleachBit Privacy Cleaner]
* [https://oo-software.com/en/shutup10 ShutUp10++:Free antispy tool for Windows 10 and 11]
* [https://distrosea.com/ DistroSea: Test Linux distros online]
* [https://f-droid.org/ F-Droid open source app store for Android]

Computer security

2026-03-14T08:45:50Z

Eskimo: added bullets in main points

The term '''computer security''' for boylovers normally refers to preventing hostile operatives from tracing your Internet activities back to you. You need to make sure that your computer, if stolen or lost, does not reveal anything linking you to any boylove activities, even if activism is legal. That still means the risk of losing your job, friends, and family, and being physically attacked.

Although one hundred per cent security is impossible, you can make it more difficult for hackers and authorities to trace you, so they'll go bother somebody else. It is like installing an alarm system in your house - it guarantees nothing, but it makes breaking in burdensome, so the would-be burglar goes to a house with no alarm. ''Security is a function of the resources your adversary is willing to commit'', said Julian Sanchez, a policy expert with the Cato Institute in Washington, D.C.<ref>"Beat the FBI: How to Send Anonymous Email Without Getting Caught", by Ben Weitzenkorn,http://www.tomsguide.com/us/-anonymous-email-how-to,news-17511.html</ref>

Because terrorists are perceived as a bigger danger than boylovers, the bulk of the computing power available in the world (always finite) is focused on them.
[[File:Computer graphic.JPG|right]]
== Internet security==

The Internet was originally built with no security, as it came out of a military environment in which all participants were known and trusted <ref>Wikipedia: History of the Internet https://en.wikipedia.org/wiki/History_of_the_Internet</ref>. Privacy and security is continuously grafted onto the platform as it grows and expands into new fields that their creators never designed it for. With complexity it increases the chances of a vulnerability being exploited for nefarious purposes, Internet Security is a game of a whack a mole, you should never lower your guard.

There are technological advances every single day, if you care about computer security, you must read about technology and security news as often as you can to update your knowledge, what is safe today might change tomorrow, by being up to date on technological advances you can plan for the future, for example, by picking a strong encryption algorithm that will be safe for the next twenty years.

===Web browsers===

A Web browser is a program that runs on your computer/smartphone/tablet and is used to access the Internet. It has the function, among others, of decoding the data received — most of it strings of characters are meaningless if not processed — and transforming them into a meaningful form to a human while displaying it optimally on your computer/smartphone/tablet. Chrome, Firefox, Microsoft Edge and Apple's Safari are some example of Internet browsers.

When your browser sends a request for a page to a web server, it goes first to your Internet Service Provider (in some countries a government agency), which records it and sends it on its way on the Internet. Together with the name/address of the page desired, the request includes information about you. Most important is your IP (Internet protocol) address, a string of numbers that identifies the requesting computer, so that the desired data can be sent to it. It also includes the browser and operating system used, and sometimes the hardware used.

===IP Address===

Every device connected to the Internet is identified by a unique number known as an IP address, IP stands for ''Internet Protocol'', an IPv4 address number is made up of 32 bits and takes the form '''n.n.n.n''', IPv4 address example: 127.1.67.235. To cope with Internet growth, due to IPv4 addresses running out, a new Internet Protocol Version called IPv6 was developed, they are made up of 128 bits and represented as eight groups of four hexadecimal digits with the groups being separated by colons, IPv6 address example: 3ffe:1900:4545:3:200:f8ff:fe21:67cf

Both protocols IPv4 and IPv6 are interoperable, the numbers may be different each time you connect but your Internet Service Provider assigns these numbers, they know the history of each IP address, they can provide law enforcement with the name and address of the subscriber that has been assigned a particular IP address.

Internet Service Providers have the capacity of logging each page a user visits and blocking access to them, in some countries this is a reality. In the United Kingdom the Investigatory Powers Bill forces Internet Service Providers to keep web records of users for 12 months. <ref>Investigatory Powers Bill UK https://www.wired.co.uk/article/ip-bill-law-details-passed</ref>

In the United States, if national security is at stake, National Security Letters, authorised by Congress can be used by federal agencies. They require Internet Service Providers to release to all data they have about any user, furthermore, the Internet Service Provider is prohibited from informing you that a request for information about you has been received. Given the recent history of misconduct by the FBI and similar agencies, it would be naive to assume that all of these warrantless, secret searches are for legitimate national security purposes. It is well documented that if evidence of any illegal activity is found in the data gathered using a National Security Letter, even if it has no relevance to national security, that data can be and is legally used to bring criminal charges.

In addition to your ISP, Web sites routinely log the IP address of every visitor, together with the browser they are using and operating system. This information may also be retained indefinitely. While a subpoena is usually necessary for law enforcement to obtain access in the United States, a subpoena may entail little more for the requesting agency than filling out an online form. In many countries law enforcement has total access to servers within its borders. <ref>Russia demands access to VPN providers’ servers https://www.networkworld.com/article/3385050/russia-demands-access-to-vpn-providers-servers.html</ref>

To secure your web browsing and stop Internet Service Providers from logging, spying and censoring your Internet activities, you can use a [[Proxy and VPN|VPN or Tor]].

=== Virtual Private Networks (VPNs) ===

A [[Proxy_and_VPN|Virtual Private Network]] creates an encrypted tunnel and connects you to a proxy server that will receive your data request for an Internet page or download and forward it using the VPN server IP address instead of yours, because of the encryption, your Internet Service Provider will not be able to see what you are doing on the Internet or intercept your communications, only the VPN provider will be able to do that, many claim they keep no logs, or keep them very briefly but such claims must be treated with caution as you have no way to verify it.

A VPN provider located in a foreign country, simply because of the hassle of dealing with an agency of another country, can provide more protection than a domestic one. The client software running on your computer/smartphone or tablet will [[encryption|encrypt]] your request for a Web page, so even if your data is being monitored, all the monitor can tell is that a certain IP address (you) sent a request to a VPN, but the URL of the page that you requested is not visible. Another use of a VPN is being able to access websites that are georestricted, for example watching CBS online outside the USA.

In most Western countries using a VPN is completely legal and there are many legitimate purposes to use one, like wanting to secure your Internet activities on a Wifi access point or a business looking for secure access to a stock market account. As of 2026, there are three VPN companies that filter websites and block what they call child porn websites, once filtering capabilities exist it is very easy for somebody to add any other site they want, the list of blocked websites is secret and nobody will ever know what is in there. These VPNs all belong to the same parent company, UK based Kape Technologies, and their names are ExpressVPN, Private Internet Access (PIA) and CyberGhostVPN, due to privacy concerns they should be avoided.<ref>ExpressVPN blocks child porn in partnership with Internet Watch Foundation https://www.tomsguide.com/computing/vpns/expressvpn-blocks-child-abuse-material-in-partnership-with-internet-watch-foundation</ref>

The Onion Router [[Tor]] is a chain of proxy servers located in multiple countries and it is far more secure than a VPN, however speed is slower.

==What information does your browser store?==

Most web browsers store a great deal of information every time you visit a web page; law enforcement accesses it by running the program Browser Postmortem. This storage is intended to make it easier for you to later find and reload already visited Web pages. What information is stored, how and where, depends on which browser you use, which version you have, on what platform or operating system you are running it, and your personal security settings. Some of the items a browser may record are:

# All web page addresses (URLs) you entered into your browser's address bar. This is found in your browser's History.
# The page itself in your cache.
# Any embedded elements, such as graphics or scripts, saved separately in your cache.
# Cookies.
# Search history (terms searched for by [[search engines]]).

===Address Bar and History===

Both the browser history and address-bar list make it easier to access recently-visited sites by storing the addresses of any site you visit. These effectively leaves a trail for others with access to your computer to find and follow your activity on the Internet. Anyone else who uses or has access to your browser can easily look at your recent internet activity.

All major browsers have a menu command to delete the history; but this is no protection and can be easily recovered with specialist software by law enforcement or computer technicians. There are programs like Bleachbit that will securely overwrite temporary files so that recovery it is not possible but wiping software is not 100% perfect, the only way to be sure that no data will ever be recovered from your computer is to encrypt the whole hard drive or use a live DVD to browse the Internet, for example Tails.

===The Browser Cache===

The browser cache is designed to make loading frequently-accessed pages quicker. Downloading a page from the internet takes time, so the cache is designed to store entire pages from sites which you visit. Some browsers create a single cache file, while others may store embedded elements such as images, style-sheets or scripts separately. When you type an address into your browser it will check with the server to see if the page has been modified since last accessed and if there are no changes it will draw the page from the cache rather than from the server.

The browser cache is a record of the sites you have visited and can easily be accessed by others. Major browsers have a menu selection to erase the cache. However it does not securely erase the data is still recoverable with specialist undelete software. A medium security solution is to deploy secure erasing software like CCleaner, or browse the Internet in incognito mode, it considerably reduces the information available in your hard drive but not all of it if your opponent has high IT skills he might still be able to recover small bits of information.

===Cookies===

Cookies are small files used to by web sites to either store settings or track what you do online. They are sent to your computer and stored by your browser when you visit a site. Cookies are necessary for innocent purposes such as automating log-in and storing preferences, and providing targeted advertising, but they too leave their footprints for others to follow. If someone can look at what cookies you have stored in your Internet browser they can find out what websites you visited and the associated usernames.

Inside your Internet browser settings you can manually erase cookies but this will not be done safely unless they are overwritten with specialist Internet privacy software that stops computer forensic tools from unerasing them.

==="Private" or "Incognito" mode===

Modern browsers often have what is called ''Private Browsing'' (Firefox) or ''Incognito Mode'' (Chrome), when activated, no browsing history, cookies or cache are kept. Once all tabs are closed, all session information is discarded. However, it does not conceal from your Internet Service Provider, workplace, library or Internet cafe which pages you visited and it will not stop other applications in your computer. like a keylogger, from monitoring what you are browsing, if you have downloaded a file in Incognito mode, this file will remain in your hard drive. <ref> Myths about private browsing: https://support.mozilla.org/en-US/kb/common-myths-about-private-browsing</ref>

== Windows 11 ==

'''Warning!'''

It is extremely difficult to have privacy in Windows and Microsoft new updates keep pushing people towards their cloud services which are a privacy nightmare. A few tips are given here to secure Windows but if you are serious about privacy you must wipe out Windows and install Linux instead, there is no other way.

* Microsoft account: The Microsoft Windows 11 operating system forces users to sign up for a Microsoft account, signing into Windows 11 with your Microsoft account will immediately sync (upload) settings and data to the company’s servers <ref> How to Set Up Windows 11 for Maximum Privacy https://aardwolfsecurity.com/how-to-set-up-windows-11-for-maximum-privacy/</ref>, the data may contain your Internet browsing history, saved passwords and settings like your desktop background, signing in with a Microsoft account enables full-disk encryption too and it stores a recovery decryption key in OneDrive, to avoid this use a local Windows 11 account instead of a Microsoft cloud account. At the moment of writing, Windows 11 is making it impossible for users to operate without creating a Microsoft cloud account, there are ways around this but as the situation keeps changing, instead of a providing a solution that will quickly be out of date, you are advised to use a search engine to search for a work around to use Windows 11 with a local account.

* OneDrive: When you upload files to OneDrive they are automatically scanned to detect child pornography, <ref>Microsoft tip leads to child porn arrest in Pennsylvania https://www.bbc.com/news/technology-28682686</ref> the main problem with this is approach is that Microsoft treats everybody like a suspected criminal and child pornographer without being one, it is like having to submit yourself to a search without any evidence of any wrongdoing and without any warrant, by agreeing to using OneDrive, you are waving your privacy rights, the same for Dropbox and other cloud services. If you care about not being treated like a suspected criminal, uninstall OneDrive from Windows.

== Linux ==

Why Use Linux instead of Windows?

* Privacy & Bloat-Free: Unlike Windows, which forces you create an account with personal identifiers and sneakily attempts to get you to inadvertently upload your personal data to Windows servers, most Linux distributions do not track user activity. This focus on privacy, combined with minimal pre-installed software, results in a cleaner, faster, and more private user experience.

* Cost & Flexibility: Most Linux distributions are free to download, use, and distribute.

* Customization & Control: Linux offers unparalleled customization. Users can choose from numerous desktop environments, window managers, and software packages to tailor the system to their exact needs.

* Performance & Stability: Linux is generally more lightweight and efficient than Windows.

Recommended Linux distributions:

Beginners: Linux Mint or Zorin OS because everything works out of the box and they design it with ex-Windows users in mind.

Advanced: Fedora Linux or Debian, they require you download codecs and do a few customization during and after install. You have to me a little familiar with computers for everything to work.

For anonymity the best Linux distribution is Tails OS but it can not be installed in your computer, this distribution only runs from a USB thumbdrive, this is done on purpose to avoid leaving any data behind after you power off the computer.

== Smartphones and tablets ==

Android and iPhones have encryption turned on by default and you can and should lock them with a passphrase, but in some countries like the United Kingdom the law forces you to hand over your decryption keys when law enforcement requests it. <ref> UK police can now force you to reveal decryption keys: https://www.theregister.co.uk/2007/10/03/ripa-decryption_keys_power/ </ref>, in other countries like the United States you can plead the Constitution Fifth Amendment right not to self-incriminate and refuse handing over the password to your phone, however if the smartphone is switched on when seized it is trivial to access the content without your consent and if it is switched off they could try a brute force attack, but this is very time consuming and expensive depending on password difficulty and might not work in the end. <ref>Forcing Someone to Unlock and Decrypt Their Phone Violates the Constitution https://www.eff.org/deeplinks/2017/03/eff-court-forcing-someone-unlock-and-decrypt-their-phone-violates-constitution </ref>.

Consider using a VPN to protect your Internet connection from illegal spying by hackers and government agencies, nearly all of the big VPN companies smartphone apps have a setting to block advertising and tracking cookies, that will save you from downloading an app to block adverts. If you are in a high security environment you might want to download an antivirus for your smartphone but this will quickly drain your battery. You should only download apps from the official store as otherwise you risk downloading a trojan into your phone. A good open source alternative to Android and Apple Marketplace is F-Droid.

=== iPhone/iPad ===

All of the data on the iPhone is backed up onto servers operated by Apple, a default behaviour that can be turned off in settings. The iCloud used to be easily accessible by law enforcement because Apple holds the decryption key for iCloud, in 2023 Apple announced that they would be encrypting iCloud with a system called Advanced Data Protection that makes it impossible for their own staff to access your data <ref>How to lock down your iCloud with Apple's Advanced Data Protection https://www.inverse.com/gear/how-to-lock-down-icloud-ios-16-apple-advanced-data-protection</ref>, however it is the user who must turn this on in the settings and you should keep your eyes open in the tech news because Apple appears to often change their stance on data privacy depending on the political climate.

In 2021 Apple announced that they would scan all iPhones to detect child porn and report it to law enforcement, unlike iCloud, where Apple only scans the files you upload to detect child porn, Apple intention was to scan anything stored in the phone regardless of whether it is being uploaded to their cloud servers or not. <ref>Apple to start scanning US iPhones for images of child sexual abuse https://www.france24.com/en/americas/20210806-apple-to-start-scanning-us-iphones-for-images-of-child-sexual-abuse</ref>. After outrage from privacy activists and users, in fear that a system like that could be used by dictatorships like China to require Apple to scan iPhones for anything they see fit, not only child porn, Apple decided to quietly shelve the plan.

=== Android ===

The security and privacy of an Android phone is not much more different from an iPhone, the main difference is that while Apple makes the software and the hardware of an iPhone, in Android, Google only develops the software and licenses it to multiple hardware vendors that build the phone, now you have two companies that could violate your privacy, Google and your smartphone vendor, try to stay away from cheap little known Chinese smartphone brands as some of them ship with spyware. Regarding the Android OS, you should not trust Google Drive, Gmail or any other Google product that comes embedded with the operating system, while Apple makes money selling hardware, Google does not, their main reason to give away Android for free is that they will push you to use their products, mine your data and make money with it.

The main way to secure an Android phone, always bearing in mind that it might not be possible 100%, familiarise yourself with the privacy and security settings of Android and turn off all the data sharing which is on by default, protect access to your phone with a passphrase, and don´t use any Google product that comes with the phone.

== See also ==

* [[Privacy Freeware]]
* [[Tor|The Onion Router Tor]]
* [[The Dangers of using VPN]]

==References==
{{reflist}}

[[Category:Essential reading for BoyLovers]]
[[Category:Technology]]

== External links ==

* [https://ssd.eff.org/ Surveillance Self-defence Guide] Electronics Frontiers Foundation guide
* [https://whatismybrowser.com/ WhatIsMyBrowser.com] See your Internet browser headers
* [https://bleachbit.org/ BleachBit Privacy Cleaner]
* [https://oo-software.com/en/shutup10 ShutUp10++:Free antispy tool for Windows 10 and 11]
* [https://distrosea.com/ DistroSea: Test Linux distros online]
* [https://f-droid.org/ F-Droid open source app store for Android]

Computer security

2026-03-14T08:45:06Z

Eskimo: Added Linux section

The term '''computer security''' for boylovers normally refers to preventing hostile operatives from tracing your Internet activities back to you. You need to make sure that your computer, if stolen or lost, does not reveal anything linking you to any boylove activities, even if activism is legal. That still means the risk of losing your job, friends, and family, and being physically attacked.

Although one hundred per cent security is impossible, you can make it more difficult for hackers and authorities to trace you, so they'll go bother somebody else. It is like installing an alarm system in your house - it guarantees nothing, but it makes breaking in burdensome, so the would-be burglar goes to a house with no alarm. ''Security is a function of the resources your adversary is willing to commit'', said Julian Sanchez, a policy expert with the Cato Institute in Washington, D.C.<ref>"Beat the FBI: How to Send Anonymous Email Without Getting Caught", by Ben Weitzenkorn,http://www.tomsguide.com/us/-anonymous-email-how-to,news-17511.html</ref>

Because terrorists are perceived as a bigger danger than boylovers, the bulk of the computing power available in the world (always finite) is focused on them.
[[File:Computer graphic.JPG|right]]
== Internet security==

The Internet was originally built with no security, as it came out of a military environment in which all participants were known and trusted <ref>Wikipedia: History of the Internet https://en.wikipedia.org/wiki/History_of_the_Internet</ref>. Privacy and security is continuously grafted onto the platform as it grows and expands into new fields that their creators never designed it for. With complexity it increases the chances of a vulnerability being exploited for nefarious purposes, Internet Security is a game of a whack a mole, you should never lower your guard.

There are technological advances every single day, if you care about computer security, you must read about technology and security news as often as you can to update your knowledge, what is safe today might change tomorrow, by being up to date on technological advances you can plan for the future, for example, by picking a strong encryption algorithm that will be safe for the next twenty years.

===Web browsers===

A Web browser is a program that runs on your computer/smartphone/tablet and is used to access the Internet. It has the function, among others, of decoding the data received — most of it strings of characters are meaningless if not processed — and transforming them into a meaningful form to a human while displaying it optimally on your computer/smartphone/tablet. Chrome, Firefox, Microsoft Edge and Apple's Safari are some example of Internet browsers.

When your browser sends a request for a page to a web server, it goes first to your Internet Service Provider (in some countries a government agency), which records it and sends it on its way on the Internet. Together with the name/address of the page desired, the request includes information about you. Most important is your IP (Internet protocol) address, a string of numbers that identifies the requesting computer, so that the desired data can be sent to it. It also includes the browser and operating system used, and sometimes the hardware used.

===IP Address===

Every device connected to the Internet is identified by a unique number known as an IP address, IP stands for ''Internet Protocol'', an IPv4 address number is made up of 32 bits and takes the form '''n.n.n.n''', IPv4 address example: 127.1.67.235. To cope with Internet growth, due to IPv4 addresses running out, a new Internet Protocol Version called IPv6 was developed, they are made up of 128 bits and represented as eight groups of four hexadecimal digits with the groups being separated by colons, IPv6 address example: 3ffe:1900:4545:3:200:f8ff:fe21:67cf

Both protocols IPv4 and IPv6 are interoperable, the numbers may be different each time you connect but your Internet Service Provider assigns these numbers, they know the history of each IP address, they can provide law enforcement with the name and address of the subscriber that has been assigned a particular IP address.

Internet Service Providers have the capacity of logging each page a user visits and blocking access to them, in some countries this is a reality. In the United Kingdom the Investigatory Powers Bill forces Internet Service Providers to keep web records of users for 12 months. <ref>Investigatory Powers Bill UK https://www.wired.co.uk/article/ip-bill-law-details-passed</ref>

In the United States, if national security is at stake, National Security Letters, authorised by Congress can be used by federal agencies. They require Internet Service Providers to release to all data they have about any user, furthermore, the Internet Service Provider is prohibited from informing you that a request for information about you has been received. Given the recent history of misconduct by the FBI and similar agencies, it would be naive to assume that all of these warrantless, secret searches are for legitimate national security purposes. It is well documented that if evidence of any illegal activity is found in the data gathered using a National Security Letter, even if it has no relevance to national security, that data can be and is legally used to bring criminal charges.

In addition to your ISP, Web sites routinely log the IP address of every visitor, together with the browser they are using and operating system. This information may also be retained indefinitely. While a subpoena is usually necessary for law enforcement to obtain access in the United States, a subpoena may entail little more for the requesting agency than filling out an online form. In many countries law enforcement has total access to servers within its borders. <ref>Russia demands access to VPN providers’ servers https://www.networkworld.com/article/3385050/russia-demands-access-to-vpn-providers-servers.html</ref>

To secure your web browsing and stop Internet Service Providers from logging, spying and censoring your Internet activities, you can use a [[Proxy and VPN|VPN or Tor]].

=== Virtual Private Networks (VPNs) ===

A [[Proxy_and_VPN|Virtual Private Network]] creates an encrypted tunnel and connects you to a proxy server that will receive your data request for an Internet page or download and forward it using the VPN server IP address instead of yours, because of the encryption, your Internet Service Provider will not be able to see what you are doing on the Internet or intercept your communications, only the VPN provider will be able to do that, many claim they keep no logs, or keep them very briefly but such claims must be treated with caution as you have no way to verify it.

A VPN provider located in a foreign country, simply because of the hassle of dealing with an agency of another country, can provide more protection than a domestic one. The client software running on your computer/smartphone or tablet will [[encryption|encrypt]] your request for a Web page, so even if your data is being monitored, all the monitor can tell is that a certain IP address (you) sent a request to a VPN, but the URL of the page that you requested is not visible. Another use of a VPN is being able to access websites that are georestricted, for example watching CBS online outside the USA.

In most Western countries using a VPN is completely legal and there are many legitimate purposes to use one, like wanting to secure your Internet activities on a Wifi access point or a business looking for secure access to a stock market account. As of 2026, there are three VPN companies that filter websites and block what they call child porn websites, once filtering capabilities exist it is very easy for somebody to add any other site they want, the list of blocked websites is secret and nobody will ever know what is in there. These VPNs all belong to the same parent company, UK based Kape Technologies, and their names are ExpressVPN, Private Internet Access (PIA) and CyberGhostVPN, due to privacy concerns they should be avoided.<ref>ExpressVPN blocks child porn in partnership with Internet Watch Foundation https://www.tomsguide.com/computing/vpns/expressvpn-blocks-child-abuse-material-in-partnership-with-internet-watch-foundation</ref>

The Onion Router [[Tor]] is a chain of proxy servers located in multiple countries and it is far more secure than a VPN, however speed is slower.

==What information does your browser store?==

Most web browsers store a great deal of information every time you visit a web page; law enforcement accesses it by running the program Browser Postmortem. This storage is intended to make it easier for you to later find and reload already visited Web pages. What information is stored, how and where, depends on which browser you use, which version you have, on what platform or operating system you are running it, and your personal security settings. Some of the items a browser may record are:

# All web page addresses (URLs) you entered into your browser's address bar. This is found in your browser's History.
# The page itself in your cache.
# Any embedded elements, such as graphics or scripts, saved separately in your cache.
# Cookies.
# Search history (terms searched for by [[search engines]]).

===Address Bar and History===

Both the browser history and address-bar list make it easier to access recently-visited sites by storing the addresses of any site you visit. These effectively leaves a trail for others with access to your computer to find and follow your activity on the Internet. Anyone else who uses or has access to your browser can easily look at your recent internet activity.

All major browsers have a menu command to delete the history; but this is no protection and can be easily recovered with specialist software by law enforcement or computer technicians. There are programs like Bleachbit that will securely overwrite temporary files so that recovery it is not possible but wiping software is not 100% perfect, the only way to be sure that no data will ever be recovered from your computer is to encrypt the whole hard drive or use a live DVD to browse the Internet, for example Tails.

===The Browser Cache===

The browser cache is designed to make loading frequently-accessed pages quicker. Downloading a page from the internet takes time, so the cache is designed to store entire pages from sites which you visit. Some browsers create a single cache file, while others may store embedded elements such as images, style-sheets or scripts separately. When you type an address into your browser it will check with the server to see if the page has been modified since last accessed and if there are no changes it will draw the page from the cache rather than from the server.

The browser cache is a record of the sites you have visited and can easily be accessed by others. Major browsers have a menu selection to erase the cache. However it does not securely erase the data is still recoverable with specialist undelete software. A medium security solution is to deploy secure erasing software like CCleaner, or browse the Internet in incognito mode, it considerably reduces the information available in your hard drive but not all of it if your opponent has high IT skills he might still be able to recover small bits of information.

===Cookies===

Cookies are small files used to by web sites to either store settings or track what you do online. They are sent to your computer and stored by your browser when you visit a site. Cookies are necessary for innocent purposes such as automating log-in and storing preferences, and providing targeted advertising, but they too leave their footprints for others to follow. If someone can look at what cookies you have stored in your Internet browser they can find out what websites you visited and the associated usernames.

Inside your Internet browser settings you can manually erase cookies but this will not be done safely unless they are overwritten with specialist Internet privacy software that stops computer forensic tools from unerasing them.

==="Private" or "Incognito" mode===

Modern browsers often have what is called ''Private Browsing'' (Firefox) or ''Incognito Mode'' (Chrome), when activated, no browsing history, cookies or cache are kept. Once all tabs are closed, all session information is discarded. However, it does not conceal from your Internet Service Provider, workplace, library or Internet cafe which pages you visited and it will not stop other applications in your computer. like a keylogger, from monitoring what you are browsing, if you have downloaded a file in Incognito mode, this file will remain in your hard drive. <ref> Myths about private browsing: https://support.mozilla.org/en-US/kb/common-myths-about-private-browsing</ref>

== Windows 11 ==

'''Warning!'''

It is extremely difficult to have privacy in Windows and Microsoft new updates keep pushing people towards their cloud services which are a privacy nightmare. A few tips are given here to secure Windows but if you are serious about privacy you must wipe out Windows and install Linux instead, there is no other way.

* Microsoft account: The Microsoft Windows 11 operating system forces users to sign up for a Microsoft account, signing into Windows 11 with your Microsoft account will immediately sync (upload) settings and data to the company’s servers <ref> How to Set Up Windows 11 for Maximum Privacy https://aardwolfsecurity.com/how-to-set-up-windows-11-for-maximum-privacy/</ref>, the data may contain your Internet browsing history, saved passwords and settings like your desktop background, signing in with a Microsoft account enables full-disk encryption too and it stores a recovery decryption key in OneDrive, to avoid this use a local Windows 11 account instead of a Microsoft cloud account. At the moment of writing, Windows 11 is making it impossible for users to operate without creating a Microsoft cloud account, there are ways around this but as the situation keeps changing, instead of a providing a solution that will quickly be out of date, you are advised to use a search engine to search for a work around to use Windows 11 with a local account.

* OneDrive: When you upload files to OneDrive they are automatically scanned to detect child pornography, <ref>Microsoft tip leads to child porn arrest in Pennsylvania https://www.bbc.com/news/technology-28682686</ref> the main problem with this is approach is that Microsoft treats everybody like a suspected criminal and child pornographer without being one, it is like having to submit yourself to a search without any evidence of any wrongdoing and without any warrant, by agreeing to using OneDrive, you are waving your privacy rights, the same for Dropbox and other cloud services. If you care about not being treated like a suspected criminal, uninstall OneDrive from Windows.

== Linux ==

Why Use Linux instead of Windows?

Privacy & Bloat-Free: Unlike Windows, which forces you create an account with personal identifiers and sneakily attempts to get you to inadvertently upload your personal data to Windows servers, most Linux distributions do not track user activity. This focus on privacy, combined with minimal pre-installed software, results in a cleaner, faster, and more private user experience.

Cost & Flexibility: Most Linux distributions are free to download, use, and distribute.

Customization & Control: Linux offers unparalleled customization. Users can choose from numerous desktop environments, window managers, and software packages to tailor the system to their exact needs.

Performance & Stability: Linux is generally more lightweight and efficient than Windows.

Recommended Linux distributions:

Beginners: Linux Mint or Zorin OS because everything works out of the box and they design it with ex-Windows users in mind.

Advanced: Fedora Linux or Debian, they require you download codecs and do a few customization during and after install. You have to me a little familiar with computers for everything to work.

For anonymity the best Linux distribution is Tails OS but it can not be installed in your computer, this distribution only runs from a USB thumbdrive, this is done on purpose to avoid leaving any data behind after you power off the computer.

== Smartphones and tablets ==

Android and iPhones have encryption turned on by default and you can and should lock them with a passphrase, but in some countries like the United Kingdom the law forces you to hand over your decryption keys when law enforcement requests it. <ref> UK police can now force you to reveal decryption keys: https://www.theregister.co.uk/2007/10/03/ripa-decryption_keys_power/ </ref>, in other countries like the United States you can plead the Constitution Fifth Amendment right not to self-incriminate and refuse handing over the password to your phone, however if the smartphone is switched on when seized it is trivial to access the content without your consent and if it is switched off they could try a brute force attack, but this is very time consuming and expensive depending on password difficulty and might not work in the end. <ref>Forcing Someone to Unlock and Decrypt Their Phone Violates the Constitution https://www.eff.org/deeplinks/2017/03/eff-court-forcing-someone-unlock-and-decrypt-their-phone-violates-constitution </ref>.

Consider using a VPN to protect your Internet connection from illegal spying by hackers and government agencies, nearly all of the big VPN companies smartphone apps have a setting to block advertising and tracking cookies, that will save you from downloading an app to block adverts. If you are in a high security environment you might want to download an antivirus for your smartphone but this will quickly drain your battery. You should only download apps from the official store as otherwise you risk downloading a trojan into your phone. A good open source alternative to Android and Apple Marketplace is F-Droid.

=== iPhone/iPad ===

All of the data on the iPhone is backed up onto servers operated by Apple, a default behaviour that can be turned off in settings. The iCloud used to be easily accessible by law enforcement because Apple holds the decryption key for iCloud, in 2023 Apple announced that they would be encrypting iCloud with a system called Advanced Data Protection that makes it impossible for their own staff to access your data <ref>How to lock down your iCloud with Apple's Advanced Data Protection https://www.inverse.com/gear/how-to-lock-down-icloud-ios-16-apple-advanced-data-protection</ref>, however it is the user who must turn this on in the settings and you should keep your eyes open in the tech news because Apple appears to often change their stance on data privacy depending on the political climate.

In 2021 Apple announced that they would scan all iPhones to detect child porn and report it to law enforcement, unlike iCloud, where Apple only scans the files you upload to detect child porn, Apple intention was to scan anything stored in the phone regardless of whether it is being uploaded to their cloud servers or not. <ref>Apple to start scanning US iPhones for images of child sexual abuse https://www.france24.com/en/americas/20210806-apple-to-start-scanning-us-iphones-for-images-of-child-sexual-abuse</ref>. After outrage from privacy activists and users, in fear that a system like that could be used by dictatorships like China to require Apple to scan iPhones for anything they see fit, not only child porn, Apple decided to quietly shelve the plan.

=== Android ===

The security and privacy of an Android phone is not much more different from an iPhone, the main difference is that while Apple makes the software and the hardware of an iPhone, in Android, Google only develops the software and licenses it to multiple hardware vendors that build the phone, now you have two companies that could violate your privacy, Google and your smartphone vendor, try to stay away from cheap little known Chinese smartphone brands as some of them ship with spyware. Regarding the Android OS, you should not trust Google Drive, Gmail or any other Google product that comes embedded with the operating system, while Apple makes money selling hardware, Google does not, their main reason to give away Android for free is that they will push you to use their products, mine your data and make money with it.

The main way to secure an Android phone, always bearing in mind that it might not be possible 100%, familiarise yourself with the privacy and security settings of Android and turn off all the data sharing which is on by default, protect access to your phone with a passphrase, and don´t use any Google product that comes with the phone.

== See also ==

* [[Privacy Freeware]]
* [[Tor|The Onion Router Tor]]
* [[The Dangers of using VPN]]

==References==
{{reflist}}

[[Category:Essential reading for BoyLovers]]
[[Category:Technology]]

== External links ==

* [https://ssd.eff.org/ Surveillance Self-defence Guide] Electronics Frontiers Foundation guide
* [https://whatismybrowser.com/ WhatIsMyBrowser.com] See your Internet browser headers
* [https://bleachbit.org/ BleachBit Privacy Cleaner]
* [https://oo-software.com/en/shutup10 ShutUp10++:Free antispy tool for Windows 10 and 11]
* [https://distrosea.com/ DistroSea: Test Linux distros online]
* [https://f-droid.org/ F-Droid open source app store for Android]

Computer security

2026-03-14T08:32:21Z

Eskimo: fixed URL

The term '''computer security''' for boylovers normally refers to preventing hostile operatives from tracing your Internet activities back to you. You need to make sure that your computer, if stolen or lost, does not reveal anything linking you to any boylove activities, even if activism is legal. That still means the risk of losing your job, friends, and family, and being physically attacked.

Although one hundred per cent security is impossible, you can make it more difficult for hackers and authorities to trace you, so they'll go bother somebody else. It is like installing an alarm system in your house - it guarantees nothing, but it makes breaking in burdensome, so the would-be burglar goes to a house with no alarm. ''Security is a function of the resources your adversary is willing to commit'', said Julian Sanchez, a policy expert with the Cato Institute in Washington, D.C.<ref>"Beat the FBI: How to Send Anonymous Email Without Getting Caught", by Ben Weitzenkorn,http://www.tomsguide.com/us/-anonymous-email-how-to,news-17511.html</ref>

Because terrorists are perceived as a bigger danger than boylovers, the bulk of the computing power available in the world (always finite) is focused on them.
[[File:Computer graphic.JPG|right]]
== Internet security==

The Internet was originally built with no security, as it came out of a military environment in which all participants were known and trusted <ref>Wikipedia: History of the Internet https://en.wikipedia.org/wiki/History_of_the_Internet</ref>. Privacy and security is continuously grafted onto the platform as it grows and expands into new fields that their creators never designed it for. With complexity it increases the chances of a vulnerability being exploited for nefarious purposes, Internet Security is a game of a whack a mole, you should never lower your guard.

There are technological advances every single day, if you care about computer security, you must read about technology and security news as often as you can to update your knowledge, what is safe today might change tomorrow, by being up to date on technological advances you can plan for the future, for example, by picking a strong encryption algorithm that will be safe for the next twenty years.

===Web browsers===

A Web browser is a program that runs on your computer/smartphone/tablet and is used to access the Internet. It has the function, among others, of decoding the data received — most of it strings of characters are meaningless if not processed — and transforming them into a meaningful form to a human while displaying it optimally on your computer/smartphone/tablet. Chrome, Firefox, Microsoft Edge and Apple's Safari are some example of Internet browsers.

When your browser sends a request for a page to a web server, it goes first to your Internet Service Provider (in some countries a government agency), which records it and sends it on its way on the Internet. Together with the name/address of the page desired, the request includes information about you. Most important is your IP (Internet protocol) address, a string of numbers that identifies the requesting computer, so that the desired data can be sent to it. It also includes the browser and operating system used, and sometimes the hardware used.

===IP Address===

Every device connected to the Internet is identified by a unique number known as an IP address, IP stands for ''Internet Protocol'', an IPv4 address number is made up of 32 bits and takes the form '''n.n.n.n''', IPv4 address example: 127.1.67.235. To cope with Internet growth, due to IPv4 addresses running out, a new Internet Protocol Version called IPv6 was developed, they are made up of 128 bits and represented as eight groups of four hexadecimal digits with the groups being separated by colons, IPv6 address example: 3ffe:1900:4545:3:200:f8ff:fe21:67cf

Both protocols IPv4 and IPv6 are interoperable, the numbers may be different each time you connect but your Internet Service Provider assigns these numbers, they know the history of each IP address, they can provide law enforcement with the name and address of the subscriber that has been assigned a particular IP address.

Internet Service Providers have the capacity of logging each page a user visits and blocking access to them, in some countries this is a reality. In the United Kingdom the Investigatory Powers Bill forces Internet Service Providers to keep web records of users for 12 months. <ref>Investigatory Powers Bill UK https://www.wired.co.uk/article/ip-bill-law-details-passed</ref>

In the United States, if national security is at stake, National Security Letters, authorised by Congress can be used by federal agencies. They require Internet Service Providers to release to all data they have about any user, furthermore, the Internet Service Provider is prohibited from informing you that a request for information about you has been received. Given the recent history of misconduct by the FBI and similar agencies, it would be naive to assume that all of these warrantless, secret searches are for legitimate national security purposes. It is well documented that if evidence of any illegal activity is found in the data gathered using a National Security Letter, even if it has no relevance to national security, that data can be and is legally used to bring criminal charges.

In addition to your ISP, Web sites routinely log the IP address of every visitor, together with the browser they are using and operating system. This information may also be retained indefinitely. While a subpoena is usually necessary for law enforcement to obtain access in the United States, a subpoena may entail little more for the requesting agency than filling out an online form. In many countries law enforcement has total access to servers within its borders. <ref>Russia demands access to VPN providers’ servers https://www.networkworld.com/article/3385050/russia-demands-access-to-vpn-providers-servers.html</ref>

To secure your web browsing and stop Internet Service Providers from logging, spying and censoring your Internet activities, you can use a [[Proxy and VPN|VPN or Tor]].

=== Virtual Private Networks (VPNs) ===

A [[Proxy_and_VPN|Virtual Private Network]] creates an encrypted tunnel and connects you to a proxy server that will receive your data request for an Internet page or download and forward it using the VPN server IP address instead of yours, because of the encryption, your Internet Service Provider will not be able to see what you are doing on the Internet or intercept your communications, only the VPN provider will be able to do that, many claim they keep no logs, or keep them very briefly but such claims must be treated with caution as you have no way to verify it.

A VPN provider located in a foreign country, simply because of the hassle of dealing with an agency of another country, can provide more protection than a domestic one. The client software running on your computer/smartphone or tablet will [[encryption|encrypt]] your request for a Web page, so even if your data is being monitored, all the monitor can tell is that a certain IP address (you) sent a request to a VPN, but the URL of the page that you requested is not visible. Another use of a VPN is being able to access websites that are georestricted, for example watching CBS online outside the USA.

In most Western countries using a VPN is completely legal and there are many legitimate purposes to use one, like wanting to secure your Internet activities on a Wifi access point or a business looking for secure access to a stock market account. As of 2026, there are three VPN companies that filter websites and block what they call child porn websites, once filtering capabilities exist it is very easy for somebody to add any other site they want, the list of blocked websites is secret and nobody will ever know what is in there. These VPNs all belong to the same parent company, UK based Kape Technologies, and their names are ExpressVPN, Private Internet Access (PIA) and CyberGhostVPN, due to privacy concerns they should be avoided.<ref>ExpressVPN blocks child porn in partnership with Internet Watch Foundation https://www.tomsguide.com/computing/vpns/expressvpn-blocks-child-abuse-material-in-partnership-with-internet-watch-foundation</ref>

The Onion Router [[Tor]] is a chain of proxy servers located in multiple countries and it is far more secure than a VPN, however speed is slower.

==What information does your browser store?==

Most web browsers store a great deal of information every time you visit a web page; law enforcement accesses it by running the program Browser Postmortem. This storage is intended to make it easier for you to later find and reload already visited Web pages. What information is stored, how and where, depends on which browser you use, which version you have, on what platform or operating system you are running it, and your personal security settings. Some of the items a browser may record are:

# All web page addresses (URLs) you entered into your browser's address bar. This is found in your browser's History.
# The page itself in your cache.
# Any embedded elements, such as graphics or scripts, saved separately in your cache.
# Cookies.
# Search history (terms searched for by [[search engines]]).

===Address Bar and History===

Both the browser history and address-bar list make it easier to access recently-visited sites by storing the addresses of any site you visit. These effectively leaves a trail for others with access to your computer to find and follow your activity on the Internet. Anyone else who uses or has access to your browser can easily look at your recent internet activity.

All major browsers have a menu command to delete the history; but this is no protection and can be easily recovered with specialist software by law enforcement or computer technicians. There are programs like Bleachbit that will securely overwrite temporary files so that recovery it is not possible but wiping software is not 100% perfect, the only way to be sure that no data will ever be recovered from your computer is to encrypt the whole hard drive or use a live DVD to browse the Internet, for example Tails.

===The Browser Cache===

The browser cache is designed to make loading frequently-accessed pages quicker. Downloading a page from the internet takes time, so the cache is designed to store entire pages from sites which you visit. Some browsers create a single cache file, while others may store embedded elements such as images, style-sheets or scripts separately. When you type an address into your browser it will check with the server to see if the page has been modified since last accessed and if there are no changes it will draw the page from the cache rather than from the server.

The browser cache is a record of the sites you have visited and can easily be accessed by others. Major browsers have a menu selection to erase the cache. However it does not securely erase the data is still recoverable with specialist undelete software. A medium security solution is to deploy secure erasing software like CCleaner, or browse the Internet in incognito mode, it considerably reduces the information available in your hard drive but not all of it if your opponent has high IT skills he might still be able to recover small bits of information.

===Cookies===

Cookies are small files used to by web sites to either store settings or track what you do online. They are sent to your computer and stored by your browser when you visit a site. Cookies are necessary for innocent purposes such as automating log-in and storing preferences, and providing targeted advertising, but they too leave their footprints for others to follow. If someone can look at what cookies you have stored in your Internet browser they can find out what websites you visited and the associated usernames.

Inside your Internet browser settings you can manually erase cookies but this will not be done safely unless they are overwritten with specialist Internet privacy software that stops computer forensic tools from unerasing them.

==="Private" or "Incognito" mode===

Modern browsers often have what is called ''Private Browsing'' (Firefox) or ''Incognito Mode'' (Chrome), when activated, no browsing history, cookies or cache are kept. Once all tabs are closed, all session information is discarded. However, it does not conceal from your Internet Service Provider, workplace, library or Internet cafe which pages you visited and it will not stop other applications in your computer. like a keylogger, from monitoring what you are browsing, if you have downloaded a file in Incognito mode, this file will remain in your hard drive. <ref> Myths about private browsing: https://support.mozilla.org/en-US/kb/common-myths-about-private-browsing</ref>

== Windows 11 ==

'''Warning!'''

It is extremely difficult to have privacy in Windows and Microsoft new updates keep pushing people towards their cloud services which are a privacy nightmare. A few tips are given here to secure Windows but if you are serious about privacy you must wipe out Windows and install Linux instead, there is no other way.

* Microsoft account: The Microsoft Windows 11 operating system forces users to sign up for a Microsoft account, signing into Windows 11 with your Microsoft account will immediately sync (upload) settings and data to the company’s servers <ref> How to Set Up Windows 11 for Maximum Privacy https://aardwolfsecurity.com/how-to-set-up-windows-11-for-maximum-privacy/</ref>, the data may contain your Internet browsing history, saved passwords and settings like your desktop background, signing in with a Microsoft account enables full-disk encryption too and it stores a recovery decryption key in OneDrive, to avoid this use a local Windows 11 account instead of a Microsoft cloud account. At the moment of writing, Windows 11 is making it impossible for users to operate without creating a Microsoft cloud account, there are ways around this but as the situation keeps changing, instead of a providing a solution that will quickly be out of date, you are advised to use a search engine to search for a work around to use Windows 11 with a local account.

* OneDrive: When you upload files to OneDrive they are automatically scanned to detect child pornography, <ref>Microsoft tip leads to child porn arrest in Pennsylvania https://www.bbc.com/news/technology-28682686</ref> the main problem with this is approach is that Microsoft treats everybody like a suspected criminal and child pornographer without being one, it is like having to submit yourself to a search without any evidence of any wrongdoing and without any warrant, by agreeing to using OneDrive, you are waving your privacy rights, the same for Dropbox and other cloud services. If you care about not being treated like a suspected criminal, uninstall OneDrive from Windows.

== Smartphones and tablets ==

Android and iPhones have encryption turned on by default and you can and should lock them with a passphrase, but in some countries like the United Kingdom the law forces you to hand over your decryption keys when law enforcement requests it. <ref> UK police can now force you to reveal decryption keys: https://www.theregister.co.uk/2007/10/03/ripa-decryption_keys_power/ </ref>, in other countries like the United States you can plead the Constitution Fifth Amendment right not to self-incriminate and refuse handing over the password to your phone, however if the smartphone is switched on when seized it is trivial to access the content without your consent and if it is switched off they could try a brute force attack, but this is very time consuming and expensive depending on password difficulty and might not work in the end. <ref>Forcing Someone to Unlock and Decrypt Their Phone Violates the Constitution https://www.eff.org/deeplinks/2017/03/eff-court-forcing-someone-unlock-and-decrypt-their-phone-violates-constitution </ref>.

Consider using a VPN to protect your Internet connection from illegal spying by hackers and government agencies, nearly all of the big VPN companies smartphone apps have a setting to block advertising and tracking cookies, that will save you from downloading an app to block adverts. If you are in a high security environment you might want to download an antivirus for your smartphone but this will quickly drain your battery. You should only download apps from the official store as otherwise you risk downloading a trojan into your phone. A good open source alternative to Android and Apple Marketplace is F-Droid.

=== iPhone/iPad ===

All of the data on the iPhone is backed up onto servers operated by Apple, a default behaviour that can be turned off in settings. The iCloud used to be easily accessible by law enforcement because Apple holds the decryption key for iCloud, in 2023 Apple announced that they would be encrypting iCloud with a system called Advanced Data Protection that makes it impossible for their own staff to access your data <ref>How to lock down your iCloud with Apple's Advanced Data Protection https://www.inverse.com/gear/how-to-lock-down-icloud-ios-16-apple-advanced-data-protection</ref>, however it is the user who must turn this on in the settings and you should keep your eyes open in the tech news because Apple appears to often change their stance on data privacy depending on the political climate.

In 2021 Apple announced that they would scan all iPhones to detect child porn and report it to law enforcement, unlike iCloud, where Apple only scans the files you upload to detect child porn, Apple intention was to scan anything stored in the phone regardless of whether it is being uploaded to their cloud servers or not. <ref>Apple to start scanning US iPhones for images of child sexual abuse https://www.france24.com/en/americas/20210806-apple-to-start-scanning-us-iphones-for-images-of-child-sexual-abuse</ref>. After outrage from privacy activists and users, in fear that a system like that could be used by dictatorships like China to require Apple to scan iPhones for anything they see fit, not only child porn, Apple decided to quietly shelve the plan.

=== Android ===

The security and privacy of an Android phone is not much more different from an iPhone, the main difference is that while Apple makes the software and the hardware of an iPhone, in Android, Google only develops the software and licenses it to multiple hardware vendors that build the phone, now you have two companies that could violate your privacy, Google and your smartphone vendor, try to stay away from cheap little known Chinese smartphone brands as some of them ship with spyware. Regarding the Android OS, you should not trust Google Drive, Gmail or any other Google product that comes embedded with the operating system, while Apple makes money selling hardware, Google does not, their main reason to give away Android for free is that they will push you to use their products, mine your data and make money with it.

The main way to secure an Android phone, always bearing in mind that it might not be possible 100%, familiarise yourself with the privacy and security settings of Android and turn off all the data sharing which is on by default, protect access to your phone with a passphrase, and don´t use any Google product that comes with the phone.

== See also ==

* [[Privacy Freeware]]
* [[Tor|The Onion Router Tor]]
* [[The Dangers of using VPN]]

==References==
{{reflist}}

[[Category:Essential reading for BoyLovers]]
[[Category:Technology]]

== External links ==

* [https://ssd.eff.org/ Surveillance Self-defence Guide] Electronics Frontiers Foundation guide
* [https://whatismybrowser.com/ WhatIsMyBrowser.com] See your Internet browser headers
* [https://bleachbit.org/ BleachBit Privacy Cleaner]
* [https://oo-software.com/en/shutup10 ShutUp10++:Free antispy tool for Windows 10 and 11]
* [https://distrosea.com/ DistroSea: Test Linux distros online]
* [https://f-droid.org/ F-Droid open source app store for Android]

Computer security

2026-03-14T08:30:53Z

Eskimo: Added information about ExpressVPN filtering websites

The term '''computer security''' for boylovers normally refers to preventing hostile operatives from tracing your Internet activities back to you. You need to make sure that your computer, if stolen or lost, does not reveal anything linking you to any boylove activities, even if activism is legal. That still means the risk of losing your job, friends, and family, and being physically attacked.

Although one hundred per cent security is impossible, you can make it more difficult for hackers and authorities to trace you, so they'll go bother somebody else. It is like installing an alarm system in your house - it guarantees nothing, but it makes breaking in burdensome, so the would-be burglar goes to a house with no alarm. ''Security is a function of the resources your adversary is willing to commit'', said Julian Sanchez, a policy expert with the Cato Institute in Washington, D.C.<ref>"Beat the FBI: How to Send Anonymous Email Without Getting Caught", by Ben Weitzenkorn,http://www.tomsguide.com/us/-anonymous-email-how-to,news-17511.html</ref>

Because terrorists are perceived as a bigger danger than boylovers, the bulk of the computing power available in the world (always finite) is focused on them.
[[File:Computer graphic.JPG|right]]
== Internet security==

The Internet was originally built with no security, as it came out of a military environment in which all participants were known and trusted <ref>Wikipedia: History of the Internet https://en.wikipedia.org/wiki/History_of_the_Internet</ref>. Privacy and security is continuously grafted onto the platform as it grows and expands into new fields that their creators never designed it for. With complexity it increases the chances of a vulnerability being exploited for nefarious purposes, Internet Security is a game of a whack a mole, you should never lower your guard.

There are technological advances every single day, if you care about computer security, you must read about technology and security news as often as you can to update your knowledge, what is safe today might change tomorrow, by being up to date on technological advances you can plan for the future, for example, by picking a strong encryption algorithm that will be safe for the next twenty years.

===Web browsers===

A Web browser is a program that runs on your computer/smartphone/tablet and is used to access the Internet. It has the function, among others, of decoding the data received — most of it strings of characters are meaningless if not processed — and transforming them into a meaningful form to a human while displaying it optimally on your computer/smartphone/tablet. Chrome, Firefox, Microsoft Edge and Apple's Safari are some example of Internet browsers.

When your browser sends a request for a page to a web server, it goes first to your Internet Service Provider (in some countries a government agency), which records it and sends it on its way on the Internet. Together with the name/address of the page desired, the request includes information about you. Most important is your IP (Internet protocol) address, a string of numbers that identifies the requesting computer, so that the desired data can be sent to it. It also includes the browser and operating system used, and sometimes the hardware used.

===IP Address===

Every device connected to the Internet is identified by a unique number known as an IP address, IP stands for ''Internet Protocol'', an IPv4 address number is made up of 32 bits and takes the form '''n.n.n.n''', IPv4 address example: 127.1.67.235. To cope with Internet growth, due to IPv4 addresses running out, a new Internet Protocol Version called IPv6 was developed, they are made up of 128 bits and represented as eight groups of four hexadecimal digits with the groups being separated by colons, IPv6 address example: 3ffe:1900:4545:3:200:f8ff:fe21:67cf

Both protocols IPv4 and IPv6 are interoperable, the numbers may be different each time you connect but your Internet Service Provider assigns these numbers, they know the history of each IP address, they can provide law enforcement with the name and address of the subscriber that has been assigned a particular IP address.

Internet Service Providers have the capacity of logging each page a user visits and blocking access to them, in some countries this is a reality. In the United Kingdom the Investigatory Powers Bill forces Internet Service Providers to keep web records of users for 12 months. <ref>Investigatory Powers Bill UK https://www.wired.co.uk/article/ip-bill-law-details-passed</ref>

In the United States, if national security is at stake, National Security Letters, authorised by Congress can be used by federal agencies. They require Internet Service Providers to release to all data they have about any user, furthermore, the Internet Service Provider is prohibited from informing you that a request for information about you has been received. Given the recent history of misconduct by the FBI and similar agencies, it would be naive to assume that all of these warrantless, secret searches are for legitimate national security purposes. It is well documented that if evidence of any illegal activity is found in the data gathered using a National Security Letter, even if it has no relevance to national security, that data can be and is legally used to bring criminal charges.

In addition to your ISP, Web sites routinely log the IP address of every visitor, together with the browser they are using and operating system. This information may also be retained indefinitely. While a subpoena is usually necessary for law enforcement to obtain access in the United States, a subpoena may entail little more for the requesting agency than filling out an online form. In many countries law enforcement has total access to servers within its borders. <ref>Russia demands access to VPN providers’ servers https://www.networkworld.com/article/3385050/russia-demands-access-to-vpn-providers-servers.html</ref>

To secure your web browsing and stop Internet Service Providers from logging, spying and censoring your Internet activities, you can use a [[Proxy and VPN|VPN or Tor]].

=== Virtual Private Networks (VPNs) ===

A [[Proxy_and_VPN|Virtual Private Network]] creates an encrypted tunnel and connects you to a proxy server that will receive your data request for an Internet page or download and forward it using the VPN server IP address instead of yours, because of the encryption, your Internet Service Provider will not be able to see what you are doing on the Internet or intercept your communications, only the VPN provider will be able to do that, many claim they keep no logs, or keep them very briefly but such claims must be treated with caution as you have no way to verify it.

A VPN provider located in a foreign country, simply because of the hassle of dealing with an agency of another country, can provide more protection than a domestic one. The client software running on your computer/smartphone or tablet will [[encryption|encrypt]] your request for a Web page, so even if your data is being monitored, all the monitor can tell is that a certain IP address (you) sent a request to a VPN, but the URL of the page that you requested is not visible. Another use of a VPN is being able to access websites that are georestricted, for example watching CBS online outside the USA.

In most Western countries using a VPN is completely legal and there are many legitimate purposes to use one, like wanting to secure your Internet activities on a Wifi access point or a business looking for secure access to a stock market account. As of 2026, there are three VPN companies that filter websites and block what they call child porn websites, once filtering capabilities exist it is very easy for somebody to add any other site they want, the list of blocked websites is secret and nobody will ever know what is in there. These VPNs all belong to the same parent company, UK based Kape Technologies, and their names are ExpressVPN, Private Internet Access (PIA) and CyberGhostVPN, due to privacy concerns they should be avoided.<ref>ExpressVPN blocks child porn in partnership with Internet Watch Foundation https://www.wired.co.uk/article/ip-bill-law-details-passed</ref>

The Onion Router [[Tor]] is a chain of proxy servers located in multiple countries and it is far more secure than a VPN, however speed is slower.

==What information does your browser store?==

Most web browsers store a great deal of information every time you visit a web page; law enforcement accesses it by running the program Browser Postmortem. This storage is intended to make it easier for you to later find and reload already visited Web pages. What information is stored, how and where, depends on which browser you use, which version you have, on what platform or operating system you are running it, and your personal security settings. Some of the items a browser may record are:

# All web page addresses (URLs) you entered into your browser's address bar. This is found in your browser's History.
# The page itself in your cache.
# Any embedded elements, such as graphics or scripts, saved separately in your cache.
# Cookies.
# Search history (terms searched for by [[search engines]]).

===Address Bar and History===

Both the browser history and address-bar list make it easier to access recently-visited sites by storing the addresses of any site you visit. These effectively leaves a trail for others with access to your computer to find and follow your activity on the Internet. Anyone else who uses or has access to your browser can easily look at your recent internet activity.

All major browsers have a menu command to delete the history; but this is no protection and can be easily recovered with specialist software by law enforcement or computer technicians. There are programs like Bleachbit that will securely overwrite temporary files so that recovery it is not possible but wiping software is not 100% perfect, the only way to be sure that no data will ever be recovered from your computer is to encrypt the whole hard drive or use a live DVD to browse the Internet, for example Tails.

===The Browser Cache===

The browser cache is designed to make loading frequently-accessed pages quicker. Downloading a page from the internet takes time, so the cache is designed to store entire pages from sites which you visit. Some browsers create a single cache file, while others may store embedded elements such as images, style-sheets or scripts separately. When you type an address into your browser it will check with the server to see if the page has been modified since last accessed and if there are no changes it will draw the page from the cache rather than from the server.

The browser cache is a record of the sites you have visited and can easily be accessed by others. Major browsers have a menu selection to erase the cache. However it does not securely erase the data is still recoverable with specialist undelete software. A medium security solution is to deploy secure erasing software like CCleaner, or browse the Internet in incognito mode, it considerably reduces the information available in your hard drive but not all of it if your opponent has high IT skills he might still be able to recover small bits of information.

===Cookies===

Cookies are small files used to by web sites to either store settings or track what you do online. They are sent to your computer and stored by your browser when you visit a site. Cookies are necessary for innocent purposes such as automating log-in and storing preferences, and providing targeted advertising, but they too leave their footprints for others to follow. If someone can look at what cookies you have stored in your Internet browser they can find out what websites you visited and the associated usernames.

Inside your Internet browser settings you can manually erase cookies but this will not be done safely unless they are overwritten with specialist Internet privacy software that stops computer forensic tools from unerasing them.

==="Private" or "Incognito" mode===

Modern browsers often have what is called ''Private Browsing'' (Firefox) or ''Incognito Mode'' (Chrome), when activated, no browsing history, cookies or cache are kept. Once all tabs are closed, all session information is discarded. However, it does not conceal from your Internet Service Provider, workplace, library or Internet cafe which pages you visited and it will not stop other applications in your computer. like a keylogger, from monitoring what you are browsing, if you have downloaded a file in Incognito mode, this file will remain in your hard drive. <ref> Myths about private browsing: https://support.mozilla.org/en-US/kb/common-myths-about-private-browsing</ref>

== Windows 11 ==

'''Warning!'''

It is extremely difficult to have privacy in Windows and Microsoft new updates keep pushing people towards their cloud services which are a privacy nightmare. A few tips are given here to secure Windows but if you are serious about privacy you must wipe out Windows and install Linux instead, there is no other way.

* Microsoft account: The Microsoft Windows 11 operating system forces users to sign up for a Microsoft account, signing into Windows 11 with your Microsoft account will immediately sync (upload) settings and data to the company’s servers <ref> How to Set Up Windows 11 for Maximum Privacy https://aardwolfsecurity.com/how-to-set-up-windows-11-for-maximum-privacy/</ref>, the data may contain your Internet browsing history, saved passwords and settings like your desktop background, signing in with a Microsoft account enables full-disk encryption too and it stores a recovery decryption key in OneDrive, to avoid this use a local Windows 11 account instead of a Microsoft cloud account. At the moment of writing, Windows 11 is making it impossible for users to operate without creating a Microsoft cloud account, there are ways around this but as the situation keeps changing, instead of a providing a solution that will quickly be out of date, you are advised to use a search engine to search for a work around to use Windows 11 with a local account.

* OneDrive: When you upload files to OneDrive they are automatically scanned to detect child pornography, <ref>Microsoft tip leads to child porn arrest in Pennsylvania https://www.bbc.com/news/technology-28682686</ref> the main problem with this is approach is that Microsoft treats everybody like a suspected criminal and child pornographer without being one, it is like having to submit yourself to a search without any evidence of any wrongdoing and without any warrant, by agreeing to using OneDrive, you are waving your privacy rights, the same for Dropbox and other cloud services. If you care about not being treated like a suspected criminal, uninstall OneDrive from Windows.

== Smartphones and tablets ==

Android and iPhones have encryption turned on by default and you can and should lock them with a passphrase, but in some countries like the United Kingdom the law forces you to hand over your decryption keys when law enforcement requests it. <ref> UK police can now force you to reveal decryption keys: https://www.theregister.co.uk/2007/10/03/ripa-decryption_keys_power/ </ref>, in other countries like the United States you can plead the Constitution Fifth Amendment right not to self-incriminate and refuse handing over the password to your phone, however if the smartphone is switched on when seized it is trivial to access the content without your consent and if it is switched off they could try a brute force attack, but this is very time consuming and expensive depending on password difficulty and might not work in the end. <ref>Forcing Someone to Unlock and Decrypt Their Phone Violates the Constitution https://www.eff.org/deeplinks/2017/03/eff-court-forcing-someone-unlock-and-decrypt-their-phone-violates-constitution </ref>.

Consider using a VPN to protect your Internet connection from illegal spying by hackers and government agencies, nearly all of the big VPN companies smartphone apps have a setting to block advertising and tracking cookies, that will save you from downloading an app to block adverts. If you are in a high security environment you might want to download an antivirus for your smartphone but this will quickly drain your battery. You should only download apps from the official store as otherwise you risk downloading a trojan into your phone. A good open source alternative to Android and Apple Marketplace is F-Droid.

=== iPhone/iPad ===

All of the data on the iPhone is backed up onto servers operated by Apple, a default behaviour that can be turned off in settings. The iCloud used to be easily accessible by law enforcement because Apple holds the decryption key for iCloud, in 2023 Apple announced that they would be encrypting iCloud with a system called Advanced Data Protection that makes it impossible for their own staff to access your data <ref>How to lock down your iCloud with Apple's Advanced Data Protection https://www.inverse.com/gear/how-to-lock-down-icloud-ios-16-apple-advanced-data-protection</ref>, however it is the user who must turn this on in the settings and you should keep your eyes open in the tech news because Apple appears to often change their stance on data privacy depending on the political climate.

In 2021 Apple announced that they would scan all iPhones to detect child porn and report it to law enforcement, unlike iCloud, where Apple only scans the files you upload to detect child porn, Apple intention was to scan anything stored in the phone regardless of whether it is being uploaded to their cloud servers or not. <ref>Apple to start scanning US iPhones for images of child sexual abuse https://www.france24.com/en/americas/20210806-apple-to-start-scanning-us-iphones-for-images-of-child-sexual-abuse</ref>. After outrage from privacy activists and users, in fear that a system like that could be used by dictatorships like China to require Apple to scan iPhones for anything they see fit, not only child porn, Apple decided to quietly shelve the plan.

=== Android ===

The security and privacy of an Android phone is not much more different from an iPhone, the main difference is that while Apple makes the software and the hardware of an iPhone, in Android, Google only develops the software and licenses it to multiple hardware vendors that build the phone, now you have two companies that could violate your privacy, Google and your smartphone vendor, try to stay away from cheap little known Chinese smartphone brands as some of them ship with spyware. Regarding the Android OS, you should not trust Google Drive, Gmail or any other Google product that comes embedded with the operating system, while Apple makes money selling hardware, Google does not, their main reason to give away Android for free is that they will push you to use their products, mine your data and make money with it.

The main way to secure an Android phone, always bearing in mind that it might not be possible 100%, familiarise yourself with the privacy and security settings of Android and turn off all the data sharing which is on by default, protect access to your phone with a passphrase, and don´t use any Google product that comes with the phone.

== See also ==

* [[Privacy Freeware]]
* [[Tor|The Onion Router Tor]]
* [[The Dangers of using VPN]]

==References==
{{reflist}}

[[Category:Essential reading for BoyLovers]]
[[Category:Technology]]

== External links ==

* [https://ssd.eff.org/ Surveillance Self-defence Guide] Electronics Frontiers Foundation guide
* [https://whatismybrowser.com/ WhatIsMyBrowser.com] See your Internet browser headers
* [https://bleachbit.org/ BleachBit Privacy Cleaner]
* [https://oo-software.com/en/shutup10 ShutUp10++:Free antispy tool for Windows 10 and 11]
* [https://distrosea.com/ DistroSea: Test Linux distros online]
* [https://f-droid.org/ F-Droid open source app store for Android]

Privacy Freeware

2026-03-14T08:06:41Z

Eskimo: Replaced NordVPN because this is a freeware section and they have no free option

This page contains external links to free programs that will help you protect your privacy, some of the listed tools might show you advertisements or a nagging screen inviting the user to upgrade to a paid for version, they might also make it difficult for you to find the free version on their website.

=== Secure Email ===

Most privacy email services charge for their services, the free privacy email services that exist, are provided with the hope that some of their free customers will upgrade to paid accounts and with that money they finance the free service for other users. Usually free accounts are given with limited resources to encourage them to upgrade to a paid account, but it might still be enough for light email users.

One way to obtain an anonymous email account is to hide your computer IP using [[Tor]] to register with any free email provider but many free webmail providers ban Tor proxy IPs and they ask for a backup email account, the method will fail many times.

'''Warning:''' If you use the Tor Browser any website requiring you to enable Javascript presents a serious security risk. Javascript code has been used by law enforcement agencies (or LEO="Law Enforcement Officers") to defeat the security of Tor -- LEO may even have the capability to ''inject'' Javascript into websites without the knowledge of the website administrator if they control the server.

* [https://tuta.com Tuta] - Free German based encrypted email service that reportedly keeps no logs.
* [https://proton.me/mail ProtonMail] - Encrypted email service in Switzerland that does not keep logs.

'''Note:''' ProtonMail recovery email account has been used in the past by law enforcement to track down users and it could be used by malicious actors too. You should not enter any traceable recovery email address in extreme privacy situations.<ref>{{cite web|title=Proton Mail recovery email leads to arrest of Catalan activist|url=https://www.techradar.com/computing/cyber-security/proton-mail-hands-data-to-police-again-is-it-still-safe-for-activists}}</ref>

=== VPN Providers ===

Free VPN services finance their activities displaying advertisements while you surf, or with a freemium model where they convert a part of their free users into paying ones to finance the free VPN. A few other VPN services get government or private funding to help people living in oppressive regimes to bypass censorship, the funding allows them to provide a free service focused towards bypassing firewalls but keeping logs tracking the originating IP.

When choosing a VPN pick a company that will not keep any logs and is located in a jurisdiction where they have no obligation to keep them. Remember that you have no way to verify if the VPN company claims are true or not, when extreme security measures are necessary, browse the Internet with Tor instead of a VPN.

* [https://protonvpn.com/ ProtonVPN] - Company in Switzerland, no bandwidth limit, company claims they do not keep logs, not even for free users.
* [https://windscribe.com/ WindScribe] - Company is based in Canada, free version has a bandwidth limit. They claim they do not keep logs.
* [https://hide.me Hide.me] - Company based in Malaysia, the free version of the VPN is limited in speed and locations but no bandwidth limit.

=== Encryption Software ===

To quickly send encrypted email files or messages you can use Winrar or 7-Zip, the protection they offer is strong enough to stop even corrupt law enforcement agents, but to be sure that if your computer is ever lost or stolen no data will be recovered, you will need to use full disk encryption, file [[encryption]] alone can not protect you from temporary files and Internet browsing history leaking into your hard drive, the only way to protect is by fully encrypting your operating system.

* [https://www.veracrypt.io/ Veracrypt] - Free open source encryption software to fully encrypt your hard drive. Available for Windows, Linux and Mac computers, but the full disk encryption option only works in Windows. In Linux and Mac Veracrypt can only be used to create encrypted virtual disks.

=== Data Wiping ===

Documents, images and videos you delete can be easily recovered with specialist software. The only sure way to get rid of a file for ever is to overwrite it with other data on top, the following programs will do that for you.

* [https://www.bleachbit.org/ BleachBit] - Internet browsing and temporary files data wiping software
* [http://sourceforge.net/projects/eraser/ Eraser] - File and hard drive empty sectors wiper
* [http://privazer.com/ Privazer] - It securely wipes temporary files and hard drive free space
* [https://www.ccleaner.com/ CCleaner] - Program to securely erase history browsing, cookies, temporary files and other personal data stored in your hard drive.

=== Password Manager ===

You should never reuse usernames and passwords if you care about online security and privacy. If you reuse in a real life self-help or entertainment discussion board the same username or email address being used for boylover activism, somebody could make the connection. A search engine query can locate all places on the Internet where that username is being employed. Another factor is that if you reuse the same password in multiple online accounts and one of those accounts is hacked, the attacker will have access to all accounts you own on the Internet. Bots can automatically attempt multiple usernames and passwords taken from a hacked database, by choosing a unique username and password for each online account you have, you will limit the damage in case of a hacking incident.

Passwords managers are needed to be able to remember dozens or hundreds of unique usernames and passwords for online accounts. There are two types of password managers:

An offline password manager database is not accessible from the Internet and you don´t have to trust third parties with your data, hence security is higher. The disadvantage is that it will be harder to access the password manager from other devices without physically moving the file and you might have compatibility issues on mobile devices.

* [https://keepassxc.org/ KeePassXC Password Manager] - Offline light weight free open source password manager that works in Windows, Mac and Linux.

Cloud based password managers are less secure than offline password managers, if the service is on the cloud you have to trust that the company holding those passwords is really as secure as they say they are and they normally charge a fee for their services. The advantage is that being on the cloud has the convenience of not having to store anything on your hard drive and it is accessible across multiple devices like smartphones and tablets.

* [https://bitwarden.com/ BitWarden] - Online password manager that can be sync across multiple devices.

=== Windows Privacy Software ===

Windows is an extremely privacy invasive operating system, if you are serious about privacy move to Linux, if for whatever reason you can´t here are some privacy tips for Windows to make Microsoft spying on you harder but be aware that Windows can not be made totally private, with each new release and update Microsoft keeps moving the base to spy more and log users.

The most important thing you should do in Windows 11 is to never use a Microsoft account to log into your operating system because this will send and link your private data to Microsoft cloud servers, there are a few work arounds to be able to use Windows 11 without an account but unfortunately Microsoft keeps changing the rules with each new update, because a work around might be out of date by the time you read this, it is best that you use a search engine with fresh information to locate the latest tricks to install Windows 11 without an account. Even when you are logged in Windows without any Microsoft account there are features like OneDrive, Microsoft cloud storage services, that are enabled by default, you could easily upload a personal picture or document to Onedrive by accident without being warned that Microsoft scans all files you upload to OneDrive to detect illegal content, something that invades personal privacy, you should disable OneDrive straight away, privacy conscious people should avoid Microsoft and Google products as much as possible.

* [https://www.oo-software.com/en/shutup10 O&O ShutUp10] - Free antispy tool for Windows 10 and 11 to quickly disable advertising IDs, OneDrive and automatic sending of crash reports to Microsoft, using a slider you can choose what services you are ok with and which ones must be disabled.

=== Free Antivirus ===

Windows 11 comes with Microsoft Defender Antivirus, a fully featured security solution that scans your computer for malware and viruses, it is enabled by default but if you install new antivirus software, Windows will disable Windows antivirus and use your favored software instead. Microsoft Defender Antivirus is good at detecting threats the only reason why you may want to use a different product it is lack of trust in Microsoft products, or if you are looking for advanced control over the antivirus software. If you decide to use Microsoft Defender Antivirus make sure to disable automatic sample submission to strengthen your privacy.

* [https://www.avast.com/en-eu/free-antivirus-download Avast Free Antivirus] - During installation you might be asked if you want additional software, look out and uncheck boxes.
* [https://www.avira.com/en/free-antivirus-windows Avira Antivirus] - Free version will display nagging to try to get you to upgrade to their paid version.

=== Operating System ===

Macintosh operating systems and specially Windows, have all kind of tracking mechanisms that can be misused and besides being closed source, they are not focused in privacy. If you are really serious about security you will be better off with a Linux or BSD open source operating system that has been build with security and privacy in mind.

* [https://tails.net/ The Amnesic Incognito Live System - Tails] - Debian based operating system that can be installed in your computer, a thumb drive or run from a live DVD, this is the best choice for beginners. Tails routes your Internet data through the Tor network, with the firewall configured to make it impossible to leak your real IP. It will circumvent Internet censorship and it will leave no trace behind unless you ask it explicitly. Tails comes with a messenger, text editor, video player and many other utilities.

* [https://www.qubes-os.org/ Qubes Operating System] - Linux operating system using virtualisation to isolate every single application you have, making it is impossible for malware to spread from your Internet browser or text editor to the operating system. Quebes does not come with Tor out of the box but you can easily install Whonix, a virtual operating system similar to Tails, using a template provided by Qubes and enjoy anonymous Internet access with one of the most secure set ups possible.

=== Other ===

* [https://www.torproject.org/ Tor Project] - Browser to access the Internet anonymously.
* [https://www.whonix.org/ Whonix] - Very similar to Tails but it runs inside a virtual box. You should be advanced in computer skills to use it.
* [https://geti2p.net/ GetI2P] - Anonymous network similar to Tor that can be used for email and Internet browsing.

== See also ==

* [[Internet security tutorial‎]]
* [[Encryption]]
* [[Email_security|Email Security]]

== References ==

{{Reflist}}

[[Category:Technology]]

Privacy Freeware

2026-03-14T08:01:29Z

Eskimo: ExpressVPN erased from the list because they have started to filter websites and NordVPN info updated

This page contains external links to free programs that will help you protect your privacy, some of the listed tools might show you advertisements or a nagging screen inviting the user to upgrade to a paid for version, they might also make it difficult for you to find the free version on their website.

=== Secure Email ===

Most privacy email services charge for their services, the free privacy email services that exist, are provided with the hope that some of their free customers will upgrade to paid accounts and with that money they finance the free service for other users. Usually free accounts are given with limited resources to encourage them to upgrade to a paid account, but it might still be enough for light email users.

One way to obtain an anonymous email account is to hide your computer IP using [[Tor]] to register with any free email provider but many free webmail providers ban Tor proxy IPs and they ask for a backup email account, the method will fail many times.

'''Warning:''' If you use the Tor Browser any website requiring you to enable Javascript presents a serious security risk. Javascript code has been used by law enforcement agencies (or LEO="Law Enforcement Officers") to defeat the security of Tor -- LEO may even have the capability to ''inject'' Javascript into websites without the knowledge of the website administrator if they control the server.

* [https://tuta.com Tuta] - Free German based encrypted email service that reportedly keeps no logs.
* [https://proton.me/mail ProtonMail] - Encrypted email service in Switzerland that does not keep logs.

'''Note:''' ProtonMail recovery email account has been used in the past by law enforcement to track down users and it could be used by malicious actors too. You should not enter any traceable recovery email address in extreme privacy situations.<ref>{{cite web|title=Proton Mail recovery email leads to arrest of Catalan activist|url=https://www.techradar.com/computing/cyber-security/proton-mail-hands-data-to-police-again-is-it-still-safe-for-activists}}</ref>

=== VPN Providers ===

Free VPN services finance their activities displaying advertisements while you surf, or with a freemium model where they convert a part of their free users into paying ones to finance the free VPN. A few other VPN services get government or private funding to help people living in oppressive regimes to bypass censorship, the funding allows them to provide a free service focused towards bypassing firewalls but keeping logs tracking the originating IP.

When choosing a VPN pick a company that will not keep any logs and is located in a jurisdiction where they have no obligation to keep them. Remember that you have no way to verify if the VPN company claims are true or not, when extreme security measures are necessary, browse the Internet with Tor instead of a VPN.

* [https://protonvpn.com/ ProtonVPN] - Company in Switzerland, no bandwidth limit, company claims they do not keep logs, not even for free users.
* [https://windscribe.com/ WindScribe] - Company is based in Canada, free version has a bandwidth limit. They claim they do not keep logs.
* [https://nordvpn.com/about-us/ NordVPN] - Company based in Panama with parent company headquarters based in the Netherlands.

=== Encryption Software ===

To quickly send encrypted email files or messages you can use Winrar or 7-Zip, the protection they offer is strong enough to stop even corrupt law enforcement agents, but to be sure that if your computer is ever lost or stolen no data will be recovered, you will need to use full disk encryption, file [[encryption]] alone can not protect you from temporary files and Internet browsing history leaking into your hard drive, the only way to protect is by fully encrypting your operating system.

* [https://www.veracrypt.io/ Veracrypt] - Free open source encryption software to fully encrypt your hard drive. Available for Windows, Linux and Mac computers, but the full disk encryption option only works in Windows. In Linux and Mac Veracrypt can only be used to create encrypted virtual disks.

=== Data Wiping ===

Documents, images and videos you delete can be easily recovered with specialist software. The only sure way to get rid of a file for ever is to overwrite it with other data on top, the following programs will do that for you.

* [https://www.bleachbit.org/ BleachBit] - Internet browsing and temporary files data wiping software
* [http://sourceforge.net/projects/eraser/ Eraser] - File and hard drive empty sectors wiper
* [http://privazer.com/ Privazer] - It securely wipes temporary files and hard drive free space
* [https://www.ccleaner.com/ CCleaner] - Program to securely erase history browsing, cookies, temporary files and other personal data stored in your hard drive.

=== Password Manager ===

You should never reuse usernames and passwords if you care about online security and privacy. If you reuse in a real life self-help or entertainment discussion board the same username or email address being used for boylover activism, somebody could make the connection. A search engine query can locate all places on the Internet where that username is being employed. Another factor is that if you reuse the same password in multiple online accounts and one of those accounts is hacked, the attacker will have access to all accounts you own on the Internet. Bots can automatically attempt multiple usernames and passwords taken from a hacked database, by choosing a unique username and password for each online account you have, you will limit the damage in case of a hacking incident.

Passwords managers are needed to be able to remember dozens or hundreds of unique usernames and passwords for online accounts. There are two types of password managers:

An offline password manager database is not accessible from the Internet and you don´t have to trust third parties with your data, hence security is higher. The disadvantage is that it will be harder to access the password manager from other devices without physically moving the file and you might have compatibility issues on mobile devices.

* [https://keepassxc.org/ KeePassXC Password Manager] - Offline light weight free open source password manager that works in Windows, Mac and Linux.

Cloud based password managers are less secure than offline password managers, if the service is on the cloud you have to trust that the company holding those passwords is really as secure as they say they are and they normally charge a fee for their services. The advantage is that being on the cloud has the convenience of not having to store anything on your hard drive and it is accessible across multiple devices like smartphones and tablets.

* [https://bitwarden.com/ BitWarden] - Online password manager that can be sync across multiple devices.

=== Windows Privacy Software ===

Windows is an extremely privacy invasive operating system, if you are serious about privacy move to Linux, if for whatever reason you can´t here are some privacy tips for Windows to make Microsoft spying on you harder but be aware that Windows can not be made totally private, with each new release and update Microsoft keeps moving the base to spy more and log users.

The most important thing you should do in Windows 11 is to never use a Microsoft account to log into your operating system because this will send and link your private data to Microsoft cloud servers, there are a few work arounds to be able to use Windows 11 without an account but unfortunately Microsoft keeps changing the rules with each new update, because a work around might be out of date by the time you read this, it is best that you use a search engine with fresh information to locate the latest tricks to install Windows 11 without an account. Even when you are logged in Windows without any Microsoft account there are features like OneDrive, Microsoft cloud storage services, that are enabled by default, you could easily upload a personal picture or document to Onedrive by accident without being warned that Microsoft scans all files you upload to OneDrive to detect illegal content, something that invades personal privacy, you should disable OneDrive straight away, privacy conscious people should avoid Microsoft and Google products as much as possible.

* [https://www.oo-software.com/en/shutup10 O&O ShutUp10] - Free antispy tool for Windows 10 and 11 to quickly disable advertising IDs, OneDrive and automatic sending of crash reports to Microsoft, using a slider you can choose what services you are ok with and which ones must be disabled.

=== Free Antivirus ===

Windows 11 comes with Microsoft Defender Antivirus, a fully featured security solution that scans your computer for malware and viruses, it is enabled by default but if you install new antivirus software, Windows will disable Windows antivirus and use your favored software instead. Microsoft Defender Antivirus is good at detecting threats the only reason why you may want to use a different product it is lack of trust in Microsoft products, or if you are looking for advanced control over the antivirus software. If you decide to use Microsoft Defender Antivirus make sure to disable automatic sample submission to strengthen your privacy.

* [https://www.avast.com/en-eu/free-antivirus-download Avast Free Antivirus] - During installation you might be asked if you want additional software, look out and uncheck boxes.
* [https://www.avira.com/en/free-antivirus-windows Avira Antivirus] - Free version will display nagging to try to get you to upgrade to their paid version.

=== Operating System ===

Macintosh operating systems and specially Windows, have all kind of tracking mechanisms that can be misused and besides being closed source, they are not focused in privacy. If you are really serious about security you will be better off with a Linux or BSD open source operating system that has been build with security and privacy in mind.

* [https://tails.net/ The Amnesic Incognito Live System - Tails] - Debian based operating system that can be installed in your computer, a thumb drive or run from a live DVD, this is the best choice for beginners. Tails routes your Internet data through the Tor network, with the firewall configured to make it impossible to leak your real IP. It will circumvent Internet censorship and it will leave no trace behind unless you ask it explicitly. Tails comes with a messenger, text editor, video player and many other utilities.

* [https://www.qubes-os.org/ Qubes Operating System] - Linux operating system using virtualisation to isolate every single application you have, making it is impossible for malware to spread from your Internet browser or text editor to the operating system. Quebes does not come with Tor out of the box but you can easily install Whonix, a virtual operating system similar to Tails, using a template provided by Qubes and enjoy anonymous Internet access with one of the most secure set ups possible.

=== Other ===

* [https://www.torproject.org/ Tor Project] - Browser to access the Internet anonymously.
* [https://www.whonix.org/ Whonix] - Very similar to Tails but it runs inside a virtual box. You should be advanced in computer skills to use it.
* [https://geti2p.net/ GetI2P] - Anonymous network similar to Tor that can be used for email and Internet browsing.

== See also ==

* [[Internet security tutorial‎]]
* [[Encryption]]
* [[Email_security|Email Security]]

== References ==

{{Reflist}}

[[Category:Technology]]

Computer security

2025-11-04T12:38:51Z

Eskimo: /* External links */

The term '''computer security''' for boylovers normally refers to preventing hostile operatives from tracing your Internet activities back to you. You need to make sure that your computer, if stolen or lost, does not reveal anything linking you to any boylove activities, even if activism is legal. That still means the risk of losing your job, friends, and family, and being physically attacked.

Although one hundred per cent security is impossible, you can make it more difficult for hackers and authorities to trace you, so they'll go bother somebody else. It is like installing an alarm system in your house - it guarantees nothing, but it makes breaking in burdensome, so the would-be burglar goes to a house with no alarm. ''Security is a function of the resources your adversary is willing to commit'', said Julian Sanchez, a policy expert with the Cato Institute in Washington, D.C.<ref>"Beat the FBI: How to Send Anonymous Email Without Getting Caught", by Ben Weitzenkorn,http://www.tomsguide.com/us/-anonymous-email-how-to,news-17511.html</ref>

Because terrorists are perceived as a bigger danger than boylovers, the bulk of the computing power available in the world (always finite) is focused on them.
[[File:Computer graphic.JPG|right]]
== Internet security==

The Internet was originally built with no security, as it came out of a military environment in which all participants were known and trusted <ref>Wikipedia: History of the Internet https://en.wikipedia.org/wiki/History_of_the_Internet</ref>. Privacy and security is continuously grafted onto the platform as it grows and expands into new fields that their creators never designed it for. With complexity it increases the chances of a vulnerability being exploited for nefarious purposes, Internet Security is a game of a whack a mole, you should never lower your guard.

There are technological advances every single day, if you care about computer security, you must read about technology and security news as often as you can to update your knowledge, what is safe today might change tomorrow, by being up to date on technological advances you can plan for the future, for example, by picking a strong encryption algorithm that will be safe for the next twenty years.

===Web browsers===

A Web browser is a program that runs on your computer/smartphone/tablet and is used to access the Internet. It has the function, among others, of decoding the data received — most of it strings of characters are meaningless if not processed — and transforming them into a meaningful form to a human while displaying it optimally on your computer/smartphone/tablet. Chrome, Firefox, Microsoft Edge and Apple's Safari are some example of Internet browsers.

When your browser sends a request for a page to a web server, it goes first to your Internet Service Provider (in some countries a government agency), which records it and sends it on its way on the Internet. Together with the name/address of the page desired, the request includes information about you. Most important is your IP (Internet protocol) address, a string of numbers that identifies the requesting computer, so that the desired data can be sent to it. It also includes the browser and operating system used, and sometimes the hardware used.

===IP Address===

Every device connected to the Internet is identified by a unique number known as an IP address, IP stands for ''Internet Protocol'', an IPv4 address number is made up of 32 bits and takes the form '''n.n.n.n''', IPv4 address example: 127.1.67.235. To cope with Internet growth, due to IPv4 addresses running out, a new Internet Protocol Version called IPv6 was developed, they are made up of 128 bits and represented as eight groups of four hexadecimal digits with the groups being separated by colons, IPv6 address example: 3ffe:1900:4545:3:200:f8ff:fe21:67cf

Both protocols IPv4 and IPv6 are interoperable, the numbers may be different each time you connect but your Internet Service Provider assigns these numbers, they know the history of each IP address, they can provide law enforcement with the name and address of the subscriber that has been assigned a particular IP address.

Internet Service Providers have the capacity of logging each page a user visits and blocking access to them, in some countries this is a reality. In the United Kingdom the Investigatory Powers Bill forces Internet Service Providers to keep web records of users for 12 months. <ref>Investigatory Powers Bill UK https://www.wired.co.uk/article/ip-bill-law-details-passed</ref>

In the United States, if national security is at stake, National Security Letters, authorised by Congress can be used by federal agencies. They require Internet Service Providers to release to all data they have about any user, furthermore, the Internet Service Provider is prohibited from informing you that a request for information about you has been received. Given the recent history of misconduct by the FBI and similar agencies, it would be naive to assume that all of these warrantless, secret searches are for legitimate national security purposes. It is well documented that if evidence of any illegal activity is found in the data gathered using a National Security Letter, even if it has no relevance to national security, that data can be and is legally used to bring criminal charges.

In addition to your ISP, Web sites routinely log the IP address of every visitor, together with the browser they are using and operating system. This information may also be retained indefinitely. While a subpoena is usually necessary for law enforcement to obtain access in the United States, a subpoena may entail little more for the requesting agency than filling out an online form. In many countries law enforcement has total access to servers within its borders. <ref>Russia demands access to VPN providers’ servers https://www.networkworld.com/article/3385050/russia-demands-access-to-vpn-providers-servers.html</ref>

To secure your web browsing and stop Internet Service Providers from logging, spying and censoring your Internet activities, you can use a [[Proxy and VPN|VPN or Tor]].

=== Virtual Private Networks (VPNs) ===

A [[Proxy_and_VPN|Virtual Private Network]] creates an encrypted tunnel and connects you to a proxy server that will receive your data request for an Internet page or download and forward it using the VPN server IP address instead of yours, because of the encryption, your Internet Service Provider will not be able to see what you are doing on the Internet or intercept your communications, only the VPN provider will be able to do that, many claim they keep no logs, or keep them very briefly but such claims must be treated with caution as you have no way to verify it.

A VPN provider located in a foreign country, simply because of the hassle of dealing with an agency of another country, can provide more protection than a domestic one. The client software running on your computer/smartphone or tablet will [[encryption|encrypt]] your request for a Web page, so even if your data is being monitored, all the monitor can tell is that a certain IP address (you) sent a request to a VPN, but the URL of the page that you requested is not visible. Another use of a VPN is being able to access websites that are georestricted, for example watching CBS online outside the USA.

In most Western countries using a VPN is completely legal and there are many legitimate purposes to use one, like wanting to secure your Internet activities on a Wifi access point or a business looking for secure access to a stock market account.

The Onion Router [[Tor]] is a chain of proxy servers located in multiple countries and it is far more secure than a VPN, however speed is slower.

==What information does your browser store?==

Most web browsers store a great deal of information every time you visit a web page; law enforcement accesses it by running the program Browser Postmortem. This storage is intended to make it easier for you to later find and reload already visited Web pages. What information is stored, how and where, depends on which browser you use, which version you have, on what platform or operating system you are running it, and your personal security settings. Some of the items a browser may record are:

# All web page addresses (URLs) you entered into your browser's address bar. This is found in your browser's History.
# The page itself in your cache.
# Any embedded elements, such as graphics or scripts, saved separately in your cache.
# Cookies.
# Search history (terms searched for by [[search engines]]).

===Address Bar and History===

Both the browser history and address-bar list make it easier to access recently-visited sites by storing the addresses of any site you visit. These effectively leaves a trail for others with access to your computer to find and follow your activity on the Internet. Anyone else who uses or has access to your browser can easily look at your recent internet activity.

All major browsers have a menu command to delete the history; but this is no protection and can be easily recovered with specialist software by law enforcement or computer technicians. There are programs like Bleachbit that will securely overwrite temporary files so that recovery it is not possible but wiping software is not 100% perfect, the only way to be sure that no data will ever be recovered from your computer is to encrypt the whole hard drive or use a live DVD to browse the Internet, for example Tails.

===The Browser Cache===

The browser cache is designed to make loading frequently-accessed pages quicker. Downloading a page from the internet takes time, so the cache is designed to store entire pages from sites which you visit. Some browsers create a single cache file, while others may store embedded elements such as images, style-sheets or scripts separately. When you type an address into your browser it will check with the server to see if the page has been modified since last accessed and if there are no changes it will draw the page from the cache rather than from the server.

The browser cache is a record of the sites you have visited and can easily be accessed by others. Major browsers have a menu selection to erase the cache. However it does not securely erase the data is still recoverable with specialist undelete software. A medium security solution is to deploy secure erasing software like CCleaner, or browse the Internet in incognito mode, it considerably reduces the information available in your hard drive but not all of it if your opponent has high IT skills he might still be able to recover small bits of information.

===Cookies===

Cookies are small files used to by web sites to either store settings or track what you do online. They are sent to your computer and stored by your browser when you visit a site. Cookies are necessary for innocent purposes such as automating log-in and storing preferences, and providing targeted advertising, but they too leave their footprints for others to follow. If someone can look at what cookies you have stored in your Internet browser they can find out what websites you visited and the associated usernames.

Inside your Internet browser settings you can manually erase cookies but this will not be done safely unless they are overwritten with specialist Internet privacy software that stops computer forensic tools from unerasing them.

==="Private" or "Incognito" mode===

Modern browsers often have what is called ''Private Browsing'' (Firefox) or ''Incognito Mode'' (Chrome), when activated, no browsing history, cookies or cache are kept. Once all tabs are closed, all session information is discarded. However, it does not conceal from your Internet Service Provider, workplace, library or Internet cafe which pages you visited and it will not stop other applications in your computer. like a keylogger, from monitoring what you are browsing, if you have downloaded a file in Incognito mode, this file will remain in your hard drive. <ref> Myths about private browsing: https://support.mozilla.org/en-US/kb/common-myths-about-private-browsing</ref>

== Windows 11 ==

'''Warning!'''

It is extremely difficult to have privacy in Windows and Microsoft new updates keep pushing people towards their cloud services which are a privacy nightmare. A few tips are given here to secure Windows but if you are serious about privacy you must wipe out Windows and install Linux instead, there is no other way.

* Microsoft account: The Microsoft Windows 11 operating system forces users to sign up for a Microsoft account, signing into Windows 11 with your Microsoft account will immediately sync (upload) settings and data to the company’s servers <ref> How to Set Up Windows 11 for Maximum Privacy https://aardwolfsecurity.com/how-to-set-up-windows-11-for-maximum-privacy/</ref>, the data may contain your Internet browsing history, saved passwords and settings like your desktop background, signing in with a Microsoft account enables full-disk encryption too and it stores a recovery decryption key in OneDrive, to avoid this use a local Windows 11 account instead of a Microsoft cloud account. At the moment of writing, Windows 11 is making it impossible for users to operate without creating a Microsoft cloud account, there are ways around this but as the situation keeps changing, instead of a providing a solution that will quickly be out of date, you are advised to use a search engine to search for a work around to use Windows 11 with a local account.

* OneDrive: When you upload files to OneDrive they are automatically scanned to detect child pornography, <ref>Microsoft tip leads to child porn arrest in Pennsylvania https://www.bbc.com/news/technology-28682686</ref> the main problem with this is approach is that Microsoft treats everybody like a suspected criminal and child pornographer without being one, it is like having to submit yourself to a search without any evidence of any wrongdoing and without any warrant, by agreeing to using OneDrive, you are waving your privacy rights, the same for Dropbox and other cloud services. If you care about not being treated like a suspected criminal, uninstall OneDrive from Windows.

== Smartphones and tablets ==

Android and iPhones have encryption turned on by default and you can and should lock them with a passphrase, but in some countries like the United Kingdom the law forces you to hand over your decryption keys when law enforcement requests it. <ref> UK police can now force you to reveal decryption keys: https://www.theregister.co.uk/2007/10/03/ripa-decryption_keys_power/ </ref>, in other countries like the United States you can plead the Constitution Fifth Amendment right not to self-incriminate and refuse handing over the password to your phone, however if the smartphone is switched on when seized it is trivial to access the content without your consent and if it is switched off they could try a brute force attack, but this is very time consuming and expensive depending on password difficulty and might not work in the end. <ref>Forcing Someone to Unlock and Decrypt Their Phone Violates the Constitution https://www.eff.org/deeplinks/2017/03/eff-court-forcing-someone-unlock-and-decrypt-their-phone-violates-constitution </ref>.

Consider using a VPN to protect your Internet connection from illegal spying by hackers and government agencies, nearly all of the big VPN companies smartphone apps have a setting to block advertising and tracking cookies, that will save you from downloading an app to block adverts. If you are in a high security environment you might want to download an antivirus for your smartphone but this will quickly drain your battery. You should only download apps from the official store as otherwise you risk downloading a trojan into your phone. A good open source alternative to Android and Apple Marketplace is F-Droid.

=== iPhone/iPad ===

All of the data on the iPhone is backed up onto servers operated by Apple, a default behaviour that can be turned off in settings. The iCloud used to be easily accessible by law enforcement because Apple holds the decryption key for iCloud, in 2023 Apple announced that they would be encrypting iCloud with a system called Advanced Data Protection that makes it impossible for their own staff to access your data <ref>How to lock down your iCloud with Apple's Advanced Data Protection https://www.inverse.com/gear/how-to-lock-down-icloud-ios-16-apple-advanced-data-protection</ref>, however it is the user who must turn this on in the settings and you should keep your eyes open in the tech news because Apple appears to often change their stance on data privacy depending on the political climate.

In 2021 Apple announced that they would scan all iPhones to detect child porn and report it to law enforcement, unlike iCloud, where Apple only scans the files you upload to detect child porn, Apple intention was to scan anything stored in the phone regardless of whether it is being uploaded to their cloud servers or not. <ref>Apple to start scanning US iPhones for images of child sexual abuse https://www.france24.com/en/americas/20210806-apple-to-start-scanning-us-iphones-for-images-of-child-sexual-abuse</ref>. After outrage from privacy activists and users, in fear that a system like that could be used by dictatorships like China to require Apple to scan iPhones for anything they see fit, not only child porn, Apple decided to quietly shelve the plan.

=== Android ===

The security and privacy of an Android phone is not much more different from an iPhone, the main difference is that while Apple makes the software and the hardware of an iPhone, in Android, Google only develops the software and licenses it to multiple hardware vendors that build the phone, now you have two companies that could violate your privacy, Google and your smartphone vendor, try to stay away from cheap little known Chinese smartphone brands as some of them ship with spyware. Regarding the Android OS, you should not trust Google Drive, Gmail or any other Google product that comes embedded with the operating system, while Apple makes money selling hardware, Google does not, their main reason to give away Android for free is that they will push you to use their products, mine your data and make money with it.

The main way to secure an Android phone, always bearing in mind that it might not be possible 100%, familiarise yourself with the privacy and security settings of Android and turn off all the data sharing which is on by default, protect access to your phone with a passphrase, and don´t use any Google product that comes with the phone.

== See also ==

* [[Privacy Freeware]]
* [[Tor|The Onion Router Tor]]
* [[The Dangers of using VPN]]

==References==
{{reflist}}

[[Category:Essential reading for BoyLovers]]
[[Category:Technology]]

== External links ==

* [https://ssd.eff.org/ Surveillance Self-defence Guide] Electronics Frontiers Foundation guide
* [https://whatismybrowser.com/ WhatIsMyBrowser.com] See your Internet browser headers
* [https://bleachbit.org/ BleachBit Privacy Cleaner]
* [https://oo-software.com/en/shutup10 ShutUp10++:Free antispy tool for Windows 10 and 11]
* [https://distrosea.com/ DistroSea: Test Linux distros online]
* [https://f-droid.org/ F-Droid open source app store for Android]

Computer security

2025-11-04T12:38:38Z

Eskimo: /* External links */

The term '''computer security''' for boylovers normally refers to preventing hostile operatives from tracing your Internet activities back to you. You need to make sure that your computer, if stolen or lost, does not reveal anything linking you to any boylove activities, even if activism is legal. That still means the risk of losing your job, friends, and family, and being physically attacked.

Although one hundred per cent security is impossible, you can make it more difficult for hackers and authorities to trace you, so they'll go bother somebody else. It is like installing an alarm system in your house - it guarantees nothing, but it makes breaking in burdensome, so the would-be burglar goes to a house with no alarm. ''Security is a function of the resources your adversary is willing to commit'', said Julian Sanchez, a policy expert with the Cato Institute in Washington, D.C.<ref>"Beat the FBI: How to Send Anonymous Email Without Getting Caught", by Ben Weitzenkorn,http://www.tomsguide.com/us/-anonymous-email-how-to,news-17511.html</ref>

Because terrorists are perceived as a bigger danger than boylovers, the bulk of the computing power available in the world (always finite) is focused on them.
[[File:Computer graphic.JPG|right]]
== Internet security==

The Internet was originally built with no security, as it came out of a military environment in which all participants were known and trusted <ref>Wikipedia: History of the Internet https://en.wikipedia.org/wiki/History_of_the_Internet</ref>. Privacy and security is continuously grafted onto the platform as it grows and expands into new fields that their creators never designed it for. With complexity it increases the chances of a vulnerability being exploited for nefarious purposes, Internet Security is a game of a whack a mole, you should never lower your guard.

There are technological advances every single day, if you care about computer security, you must read about technology and security news as often as you can to update your knowledge, what is safe today might change tomorrow, by being up to date on technological advances you can plan for the future, for example, by picking a strong encryption algorithm that will be safe for the next twenty years.

===Web browsers===

A Web browser is a program that runs on your computer/smartphone/tablet and is used to access the Internet. It has the function, among others, of decoding the data received — most of it strings of characters are meaningless if not processed — and transforming them into a meaningful form to a human while displaying it optimally on your computer/smartphone/tablet. Chrome, Firefox, Microsoft Edge and Apple's Safari are some example of Internet browsers.

When your browser sends a request for a page to a web server, it goes first to your Internet Service Provider (in some countries a government agency), which records it and sends it on its way on the Internet. Together with the name/address of the page desired, the request includes information about you. Most important is your IP (Internet protocol) address, a string of numbers that identifies the requesting computer, so that the desired data can be sent to it. It also includes the browser and operating system used, and sometimes the hardware used.

===IP Address===

Every device connected to the Internet is identified by a unique number known as an IP address, IP stands for ''Internet Protocol'', an IPv4 address number is made up of 32 bits and takes the form '''n.n.n.n''', IPv4 address example: 127.1.67.235. To cope with Internet growth, due to IPv4 addresses running out, a new Internet Protocol Version called IPv6 was developed, they are made up of 128 bits and represented as eight groups of four hexadecimal digits with the groups being separated by colons, IPv6 address example: 3ffe:1900:4545:3:200:f8ff:fe21:67cf

Both protocols IPv4 and IPv6 are interoperable, the numbers may be different each time you connect but your Internet Service Provider assigns these numbers, they know the history of each IP address, they can provide law enforcement with the name and address of the subscriber that has been assigned a particular IP address.

Internet Service Providers have the capacity of logging each page a user visits and blocking access to them, in some countries this is a reality. In the United Kingdom the Investigatory Powers Bill forces Internet Service Providers to keep web records of users for 12 months. <ref>Investigatory Powers Bill UK https://www.wired.co.uk/article/ip-bill-law-details-passed</ref>

In the United States, if national security is at stake, National Security Letters, authorised by Congress can be used by federal agencies. They require Internet Service Providers to release to all data they have about any user, furthermore, the Internet Service Provider is prohibited from informing you that a request for information about you has been received. Given the recent history of misconduct by the FBI and similar agencies, it would be naive to assume that all of these warrantless, secret searches are for legitimate national security purposes. It is well documented that if evidence of any illegal activity is found in the data gathered using a National Security Letter, even if it has no relevance to national security, that data can be and is legally used to bring criminal charges.

In addition to your ISP, Web sites routinely log the IP address of every visitor, together with the browser they are using and operating system. This information may also be retained indefinitely. While a subpoena is usually necessary for law enforcement to obtain access in the United States, a subpoena may entail little more for the requesting agency than filling out an online form. In many countries law enforcement has total access to servers within its borders. <ref>Russia demands access to VPN providers’ servers https://www.networkworld.com/article/3385050/russia-demands-access-to-vpn-providers-servers.html</ref>

To secure your web browsing and stop Internet Service Providers from logging, spying and censoring your Internet activities, you can use a [[Proxy and VPN|VPN or Tor]].

=== Virtual Private Networks (VPNs) ===

A [[Proxy_and_VPN|Virtual Private Network]] creates an encrypted tunnel and connects you to a proxy server that will receive your data request for an Internet page or download and forward it using the VPN server IP address instead of yours, because of the encryption, your Internet Service Provider will not be able to see what you are doing on the Internet or intercept your communications, only the VPN provider will be able to do that, many claim they keep no logs, or keep them very briefly but such claims must be treated with caution as you have no way to verify it.

A VPN provider located in a foreign country, simply because of the hassle of dealing with an agency of another country, can provide more protection than a domestic one. The client software running on your computer/smartphone or tablet will [[encryption|encrypt]] your request for a Web page, so even if your data is being monitored, all the monitor can tell is that a certain IP address (you) sent a request to a VPN, but the URL of the page that you requested is not visible. Another use of a VPN is being able to access websites that are georestricted, for example watching CBS online outside the USA.

In most Western countries using a VPN is completely legal and there are many legitimate purposes to use one, like wanting to secure your Internet activities on a Wifi access point or a business looking for secure access to a stock market account.

The Onion Router [[Tor]] is a chain of proxy servers located in multiple countries and it is far more secure than a VPN, however speed is slower.

==What information does your browser store?==

Most web browsers store a great deal of information every time you visit a web page; law enforcement accesses it by running the program Browser Postmortem. This storage is intended to make it easier for you to later find and reload already visited Web pages. What information is stored, how and where, depends on which browser you use, which version you have, on what platform or operating system you are running it, and your personal security settings. Some of the items a browser may record are:

# All web page addresses (URLs) you entered into your browser's address bar. This is found in your browser's History.
# The page itself in your cache.
# Any embedded elements, such as graphics or scripts, saved separately in your cache.
# Cookies.
# Search history (terms searched for by [[search engines]]).

===Address Bar and History===

Both the browser history and address-bar list make it easier to access recently-visited sites by storing the addresses of any site you visit. These effectively leaves a trail for others with access to your computer to find and follow your activity on the Internet. Anyone else who uses or has access to your browser can easily look at your recent internet activity.

All major browsers have a menu command to delete the history; but this is no protection and can be easily recovered with specialist software by law enforcement or computer technicians. There are programs like Bleachbit that will securely overwrite temporary files so that recovery it is not possible but wiping software is not 100% perfect, the only way to be sure that no data will ever be recovered from your computer is to encrypt the whole hard drive or use a live DVD to browse the Internet, for example Tails.

===The Browser Cache===

The browser cache is designed to make loading frequently-accessed pages quicker. Downloading a page from the internet takes time, so the cache is designed to store entire pages from sites which you visit. Some browsers create a single cache file, while others may store embedded elements such as images, style-sheets or scripts separately. When you type an address into your browser it will check with the server to see if the page has been modified since last accessed and if there are no changes it will draw the page from the cache rather than from the server.

The browser cache is a record of the sites you have visited and can easily be accessed by others. Major browsers have a menu selection to erase the cache. However it does not securely erase the data is still recoverable with specialist undelete software. A medium security solution is to deploy secure erasing software like CCleaner, or browse the Internet in incognito mode, it considerably reduces the information available in your hard drive but not all of it if your opponent has high IT skills he might still be able to recover small bits of information.

===Cookies===

Cookies are small files used to by web sites to either store settings or track what you do online. They are sent to your computer and stored by your browser when you visit a site. Cookies are necessary for innocent purposes such as automating log-in and storing preferences, and providing targeted advertising, but they too leave their footprints for others to follow. If someone can look at what cookies you have stored in your Internet browser they can find out what websites you visited and the associated usernames.

Inside your Internet browser settings you can manually erase cookies but this will not be done safely unless they are overwritten with specialist Internet privacy software that stops computer forensic tools from unerasing them.

==="Private" or "Incognito" mode===

Modern browsers often have what is called ''Private Browsing'' (Firefox) or ''Incognito Mode'' (Chrome), when activated, no browsing history, cookies or cache are kept. Once all tabs are closed, all session information is discarded. However, it does not conceal from your Internet Service Provider, workplace, library or Internet cafe which pages you visited and it will not stop other applications in your computer. like a keylogger, from monitoring what you are browsing, if you have downloaded a file in Incognito mode, this file will remain in your hard drive. <ref> Myths about private browsing: https://support.mozilla.org/en-US/kb/common-myths-about-private-browsing</ref>

== Windows 11 ==

'''Warning!'''

It is extremely difficult to have privacy in Windows and Microsoft new updates keep pushing people towards their cloud services which are a privacy nightmare. A few tips are given here to secure Windows but if you are serious about privacy you must wipe out Windows and install Linux instead, there is no other way.

* Microsoft account: The Microsoft Windows 11 operating system forces users to sign up for a Microsoft account, signing into Windows 11 with your Microsoft account will immediately sync (upload) settings and data to the company’s servers <ref> How to Set Up Windows 11 for Maximum Privacy https://aardwolfsecurity.com/how-to-set-up-windows-11-for-maximum-privacy/</ref>, the data may contain your Internet browsing history, saved passwords and settings like your desktop background, signing in with a Microsoft account enables full-disk encryption too and it stores a recovery decryption key in OneDrive, to avoid this use a local Windows 11 account instead of a Microsoft cloud account. At the moment of writing, Windows 11 is making it impossible for users to operate without creating a Microsoft cloud account, there are ways around this but as the situation keeps changing, instead of a providing a solution that will quickly be out of date, you are advised to use a search engine to search for a work around to use Windows 11 with a local account.

* OneDrive: When you upload files to OneDrive they are automatically scanned to detect child pornography, <ref>Microsoft tip leads to child porn arrest in Pennsylvania https://www.bbc.com/news/technology-28682686</ref> the main problem with this is approach is that Microsoft treats everybody like a suspected criminal and child pornographer without being one, it is like having to submit yourself to a search without any evidence of any wrongdoing and without any warrant, by agreeing to using OneDrive, you are waving your privacy rights, the same for Dropbox and other cloud services. If you care about not being treated like a suspected criminal, uninstall OneDrive from Windows.

== Smartphones and tablets ==

Android and iPhones have encryption turned on by default and you can and should lock them with a passphrase, but in some countries like the United Kingdom the law forces you to hand over your decryption keys when law enforcement requests it. <ref> UK police can now force you to reveal decryption keys: https://www.theregister.co.uk/2007/10/03/ripa-decryption_keys_power/ </ref>, in other countries like the United States you can plead the Constitution Fifth Amendment right not to self-incriminate and refuse handing over the password to your phone, however if the smartphone is switched on when seized it is trivial to access the content without your consent and if it is switched off they could try a brute force attack, but this is very time consuming and expensive depending on password difficulty and might not work in the end. <ref>Forcing Someone to Unlock and Decrypt Their Phone Violates the Constitution https://www.eff.org/deeplinks/2017/03/eff-court-forcing-someone-unlock-and-decrypt-their-phone-violates-constitution </ref>.

Consider using a VPN to protect your Internet connection from illegal spying by hackers and government agencies, nearly all of the big VPN companies smartphone apps have a setting to block advertising and tracking cookies, that will save you from downloading an app to block adverts. If you are in a high security environment you might want to download an antivirus for your smartphone but this will quickly drain your battery. You should only download apps from the official store as otherwise you risk downloading a trojan into your phone. A good open source alternative to Android and Apple Marketplace is F-Droid.

=== iPhone/iPad ===

All of the data on the iPhone is backed up onto servers operated by Apple, a default behaviour that can be turned off in settings. The iCloud used to be easily accessible by law enforcement because Apple holds the decryption key for iCloud, in 2023 Apple announced that they would be encrypting iCloud with a system called Advanced Data Protection that makes it impossible for their own staff to access your data <ref>How to lock down your iCloud with Apple's Advanced Data Protection https://www.inverse.com/gear/how-to-lock-down-icloud-ios-16-apple-advanced-data-protection</ref>, however it is the user who must turn this on in the settings and you should keep your eyes open in the tech news because Apple appears to often change their stance on data privacy depending on the political climate.

In 2021 Apple announced that they would scan all iPhones to detect child porn and report it to law enforcement, unlike iCloud, where Apple only scans the files you upload to detect child porn, Apple intention was to scan anything stored in the phone regardless of whether it is being uploaded to their cloud servers or not. <ref>Apple to start scanning US iPhones for images of child sexual abuse https://www.france24.com/en/americas/20210806-apple-to-start-scanning-us-iphones-for-images-of-child-sexual-abuse</ref>. After outrage from privacy activists and users, in fear that a system like that could be used by dictatorships like China to require Apple to scan iPhones for anything they see fit, not only child porn, Apple decided to quietly shelve the plan.

=== Android ===

The security and privacy of an Android phone is not much more different from an iPhone, the main difference is that while Apple makes the software and the hardware of an iPhone, in Android, Google only develops the software and licenses it to multiple hardware vendors that build the phone, now you have two companies that could violate your privacy, Google and your smartphone vendor, try to stay away from cheap little known Chinese smartphone brands as some of them ship with spyware. Regarding the Android OS, you should not trust Google Drive, Gmail or any other Google product that comes embedded with the operating system, while Apple makes money selling hardware, Google does not, their main reason to give away Android for free is that they will push you to use their products, mine your data and make money with it.

The main way to secure an Android phone, always bearing in mind that it might not be possible 100%, familiarise yourself with the privacy and security settings of Android and turn off all the data sharing which is on by default, protect access to your phone with a passphrase, and don´t use any Google product that comes with the phone.

== See also ==

* [[Privacy Freeware]]
* [[Tor|The Onion Router Tor]]
* [[The Dangers of using VPN]]

==References==
{{reflist}}

[[Category:Essential reading for BoyLovers]]
[[Category:Technology]]

== External links ==

* [https://ssd.eff.org/ Surveillance Self-defence Guide] Electronics Frontiers Foundation guide
* [https://whatismybrowser.com/ WhatIsMyBrowser.com] See your Internet browser headers
* [https://bleachbit.org/ BleachBit Privacy Cleaner]
* [https://oo-software.com/en/shutup10 ShutUp10++:Free antispy tool for Windows 10 and 11]
* [https://distrosea.com/ DistroSea: Test Linux distros online!]
* [https://f-droid.org/ F-Droid open source app store for Android]

Computer security

2025-11-04T12:38:16Z

Eskimo: Added distrosea link

The term '''computer security''' for boylovers normally refers to preventing hostile operatives from tracing your Internet activities back to you. You need to make sure that your computer, if stolen or lost, does not reveal anything linking you to any boylove activities, even if activism is legal. That still means the risk of losing your job, friends, and family, and being physically attacked.

Although one hundred per cent security is impossible, you can make it more difficult for hackers and authorities to trace you, so they'll go bother somebody else. It is like installing an alarm system in your house - it guarantees nothing, but it makes breaking in burdensome, so the would-be burglar goes to a house with no alarm. ''Security is a function of the resources your adversary is willing to commit'', said Julian Sanchez, a policy expert with the Cato Institute in Washington, D.C.<ref>"Beat the FBI: How to Send Anonymous Email Without Getting Caught", by Ben Weitzenkorn,http://www.tomsguide.com/us/-anonymous-email-how-to,news-17511.html</ref>

Because terrorists are perceived as a bigger danger than boylovers, the bulk of the computing power available in the world (always finite) is focused on them.
[[File:Computer graphic.JPG|right]]
== Internet security==

The Internet was originally built with no security, as it came out of a military environment in which all participants were known and trusted <ref>Wikipedia: History of the Internet https://en.wikipedia.org/wiki/History_of_the_Internet</ref>. Privacy and security is continuously grafted onto the platform as it grows and expands into new fields that their creators never designed it for. With complexity it increases the chances of a vulnerability being exploited for nefarious purposes, Internet Security is a game of a whack a mole, you should never lower your guard.

There are technological advances every single day, if you care about computer security, you must read about technology and security news as often as you can to update your knowledge, what is safe today might change tomorrow, by being up to date on technological advances you can plan for the future, for example, by picking a strong encryption algorithm that will be safe for the next twenty years.

===Web browsers===

A Web browser is a program that runs on your computer/smartphone/tablet and is used to access the Internet. It has the function, among others, of decoding the data received — most of it strings of characters are meaningless if not processed — and transforming them into a meaningful form to a human while displaying it optimally on your computer/smartphone/tablet. Chrome, Firefox, Microsoft Edge and Apple's Safari are some example of Internet browsers.

When your browser sends a request for a page to a web server, it goes first to your Internet Service Provider (in some countries a government agency), which records it and sends it on its way on the Internet. Together with the name/address of the page desired, the request includes information about you. Most important is your IP (Internet protocol) address, a string of numbers that identifies the requesting computer, so that the desired data can be sent to it. It also includes the browser and operating system used, and sometimes the hardware used.

===IP Address===

Every device connected to the Internet is identified by a unique number known as an IP address, IP stands for ''Internet Protocol'', an IPv4 address number is made up of 32 bits and takes the form '''n.n.n.n''', IPv4 address example: 127.1.67.235. To cope with Internet growth, due to IPv4 addresses running out, a new Internet Protocol Version called IPv6 was developed, they are made up of 128 bits and represented as eight groups of four hexadecimal digits with the groups being separated by colons, IPv6 address example: 3ffe:1900:4545:3:200:f8ff:fe21:67cf

Both protocols IPv4 and IPv6 are interoperable, the numbers may be different each time you connect but your Internet Service Provider assigns these numbers, they know the history of each IP address, they can provide law enforcement with the name and address of the subscriber that has been assigned a particular IP address.

Internet Service Providers have the capacity of logging each page a user visits and blocking access to them, in some countries this is a reality. In the United Kingdom the Investigatory Powers Bill forces Internet Service Providers to keep web records of users for 12 months. <ref>Investigatory Powers Bill UK https://www.wired.co.uk/article/ip-bill-law-details-passed</ref>

In the United States, if national security is at stake, National Security Letters, authorised by Congress can be used by federal agencies. They require Internet Service Providers to release to all data they have about any user, furthermore, the Internet Service Provider is prohibited from informing you that a request for information about you has been received. Given the recent history of misconduct by the FBI and similar agencies, it would be naive to assume that all of these warrantless, secret searches are for legitimate national security purposes. It is well documented that if evidence of any illegal activity is found in the data gathered using a National Security Letter, even if it has no relevance to national security, that data can be and is legally used to bring criminal charges.

In addition to your ISP, Web sites routinely log the IP address of every visitor, together with the browser they are using and operating system. This information may also be retained indefinitely. While a subpoena is usually necessary for law enforcement to obtain access in the United States, a subpoena may entail little more for the requesting agency than filling out an online form. In many countries law enforcement has total access to servers within its borders. <ref>Russia demands access to VPN providers’ servers https://www.networkworld.com/article/3385050/russia-demands-access-to-vpn-providers-servers.html</ref>

To secure your web browsing and stop Internet Service Providers from logging, spying and censoring your Internet activities, you can use a [[Proxy and VPN|VPN or Tor]].

=== Virtual Private Networks (VPNs) ===

A [[Proxy_and_VPN|Virtual Private Network]] creates an encrypted tunnel and connects you to a proxy server that will receive your data request for an Internet page or download and forward it using the VPN server IP address instead of yours, because of the encryption, your Internet Service Provider will not be able to see what you are doing on the Internet or intercept your communications, only the VPN provider will be able to do that, many claim they keep no logs, or keep them very briefly but such claims must be treated with caution as you have no way to verify it.

A VPN provider located in a foreign country, simply because of the hassle of dealing with an agency of another country, can provide more protection than a domestic one. The client software running on your computer/smartphone or tablet will [[encryption|encrypt]] your request for a Web page, so even if your data is being monitored, all the monitor can tell is that a certain IP address (you) sent a request to a VPN, but the URL of the page that you requested is not visible. Another use of a VPN is being able to access websites that are georestricted, for example watching CBS online outside the USA.

In most Western countries using a VPN is completely legal and there are many legitimate purposes to use one, like wanting to secure your Internet activities on a Wifi access point or a business looking for secure access to a stock market account.

The Onion Router [[Tor]] is a chain of proxy servers located in multiple countries and it is far more secure than a VPN, however speed is slower.

==What information does your browser store?==

Most web browsers store a great deal of information every time you visit a web page; law enforcement accesses it by running the program Browser Postmortem. This storage is intended to make it easier for you to later find and reload already visited Web pages. What information is stored, how and where, depends on which browser you use, which version you have, on what platform or operating system you are running it, and your personal security settings. Some of the items a browser may record are:

# All web page addresses (URLs) you entered into your browser's address bar. This is found in your browser's History.
# The page itself in your cache.
# Any embedded elements, such as graphics or scripts, saved separately in your cache.
# Cookies.
# Search history (terms searched for by [[search engines]]).

===Address Bar and History===

Both the browser history and address-bar list make it easier to access recently-visited sites by storing the addresses of any site you visit. These effectively leaves a trail for others with access to your computer to find and follow your activity on the Internet. Anyone else who uses or has access to your browser can easily look at your recent internet activity.

All major browsers have a menu command to delete the history; but this is no protection and can be easily recovered with specialist software by law enforcement or computer technicians. There are programs like Bleachbit that will securely overwrite temporary files so that recovery it is not possible but wiping software is not 100% perfect, the only way to be sure that no data will ever be recovered from your computer is to encrypt the whole hard drive or use a live DVD to browse the Internet, for example Tails.

===The Browser Cache===

The browser cache is designed to make loading frequently-accessed pages quicker. Downloading a page from the internet takes time, so the cache is designed to store entire pages from sites which you visit. Some browsers create a single cache file, while others may store embedded elements such as images, style-sheets or scripts separately. When you type an address into your browser it will check with the server to see if the page has been modified since last accessed and if there are no changes it will draw the page from the cache rather than from the server.

The browser cache is a record of the sites you have visited and can easily be accessed by others. Major browsers have a menu selection to erase the cache. However it does not securely erase the data is still recoverable with specialist undelete software. A medium security solution is to deploy secure erasing software like CCleaner, or browse the Internet in incognito mode, it considerably reduces the information available in your hard drive but not all of it if your opponent has high IT skills he might still be able to recover small bits of information.

===Cookies===

Cookies are small files used to by web sites to either store settings or track what you do online. They are sent to your computer and stored by your browser when you visit a site. Cookies are necessary for innocent purposes such as automating log-in and storing preferences, and providing targeted advertising, but they too leave their footprints for others to follow. If someone can look at what cookies you have stored in your Internet browser they can find out what websites you visited and the associated usernames.

Inside your Internet browser settings you can manually erase cookies but this will not be done safely unless they are overwritten with specialist Internet privacy software that stops computer forensic tools from unerasing them.

==="Private" or "Incognito" mode===

Modern browsers often have what is called ''Private Browsing'' (Firefox) or ''Incognito Mode'' (Chrome), when activated, no browsing history, cookies or cache are kept. Once all tabs are closed, all session information is discarded. However, it does not conceal from your Internet Service Provider, workplace, library or Internet cafe which pages you visited and it will not stop other applications in your computer. like a keylogger, from monitoring what you are browsing, if you have downloaded a file in Incognito mode, this file will remain in your hard drive. <ref> Myths about private browsing: https://support.mozilla.org/en-US/kb/common-myths-about-private-browsing</ref>

== Windows 11 ==

'''Warning!'''

It is extremely difficult to have privacy in Windows and Microsoft new updates keep pushing people towards their cloud services which are a privacy nightmare. A few tips are given here to secure Windows but if you are serious about privacy you must wipe out Windows and install Linux instead, there is no other way.

* Microsoft account: The Microsoft Windows 11 operating system forces users to sign up for a Microsoft account, signing into Windows 11 with your Microsoft account will immediately sync (upload) settings and data to the company’s servers <ref> How to Set Up Windows 11 for Maximum Privacy https://aardwolfsecurity.com/how-to-set-up-windows-11-for-maximum-privacy/</ref>, the data may contain your Internet browsing history, saved passwords and settings like your desktop background, signing in with a Microsoft account enables full-disk encryption too and it stores a recovery decryption key in OneDrive, to avoid this use a local Windows 11 account instead of a Microsoft cloud account. At the moment of writing, Windows 11 is making it impossible for users to operate without creating a Microsoft cloud account, there are ways around this but as the situation keeps changing, instead of a providing a solution that will quickly be out of date, you are advised to use a search engine to search for a work around to use Windows 11 with a local account.

* OneDrive: When you upload files to OneDrive they are automatically scanned to detect child pornography, <ref>Microsoft tip leads to child porn arrest in Pennsylvania https://www.bbc.com/news/technology-28682686</ref> the main problem with this is approach is that Microsoft treats everybody like a suspected criminal and child pornographer without being one, it is like having to submit yourself to a search without any evidence of any wrongdoing and without any warrant, by agreeing to using OneDrive, you are waving your privacy rights, the same for Dropbox and other cloud services. If you care about not being treated like a suspected criminal, uninstall OneDrive from Windows.

== Smartphones and tablets ==

Android and iPhones have encryption turned on by default and you can and should lock them with a passphrase, but in some countries like the United Kingdom the law forces you to hand over your decryption keys when law enforcement requests it. <ref> UK police can now force you to reveal decryption keys: https://www.theregister.co.uk/2007/10/03/ripa-decryption_keys_power/ </ref>, in other countries like the United States you can plead the Constitution Fifth Amendment right not to self-incriminate and refuse handing over the password to your phone, however if the smartphone is switched on when seized it is trivial to access the content without your consent and if it is switched off they could try a brute force attack, but this is very time consuming and expensive depending on password difficulty and might not work in the end. <ref>Forcing Someone to Unlock and Decrypt Their Phone Violates the Constitution https://www.eff.org/deeplinks/2017/03/eff-court-forcing-someone-unlock-and-decrypt-their-phone-violates-constitution </ref>.

Consider using a VPN to protect your Internet connection from illegal spying by hackers and government agencies, nearly all of the big VPN companies smartphone apps have a setting to block advertising and tracking cookies, that will save you from downloading an app to block adverts. If you are in a high security environment you might want to download an antivirus for your smartphone but this will quickly drain your battery. You should only download apps from the official store as otherwise you risk downloading a trojan into your phone. A good open source alternative to Android and Apple Marketplace is F-Droid.

=== iPhone/iPad ===

All of the data on the iPhone is backed up onto servers operated by Apple, a default behaviour that can be turned off in settings. The iCloud used to be easily accessible by law enforcement because Apple holds the decryption key for iCloud, in 2023 Apple announced that they would be encrypting iCloud with a system called Advanced Data Protection that makes it impossible for their own staff to access your data <ref>How to lock down your iCloud with Apple's Advanced Data Protection https://www.inverse.com/gear/how-to-lock-down-icloud-ios-16-apple-advanced-data-protection</ref>, however it is the user who must turn this on in the settings and you should keep your eyes open in the tech news because Apple appears to often change their stance on data privacy depending on the political climate.

In 2021 Apple announced that they would scan all iPhones to detect child porn and report it to law enforcement, unlike iCloud, where Apple only scans the files you upload to detect child porn, Apple intention was to scan anything stored in the phone regardless of whether it is being uploaded to their cloud servers or not. <ref>Apple to start scanning US iPhones for images of child sexual abuse https://www.france24.com/en/americas/20210806-apple-to-start-scanning-us-iphones-for-images-of-child-sexual-abuse</ref>. After outrage from privacy activists and users, in fear that a system like that could be used by dictatorships like China to require Apple to scan iPhones for anything they see fit, not only child porn, Apple decided to quietly shelve the plan.

=== Android ===

The security and privacy of an Android phone is not much more different from an iPhone, the main difference is that while Apple makes the software and the hardware of an iPhone, in Android, Google only develops the software and licenses it to multiple hardware vendors that build the phone, now you have two companies that could violate your privacy, Google and your smartphone vendor, try to stay away from cheap little known Chinese smartphone brands as some of them ship with spyware. Regarding the Android OS, you should not trust Google Drive, Gmail or any other Google product that comes embedded with the operating system, while Apple makes money selling hardware, Google does not, their main reason to give away Android for free is that they will push you to use their products, mine your data and make money with it.

The main way to secure an Android phone, always bearing in mind that it might not be possible 100%, familiarise yourself with the privacy and security settings of Android and turn off all the data sharing which is on by default, protect access to your phone with a passphrase, and don´t use any Google product that comes with the phone.

== See also ==

* [[Privacy Freeware]]
* [[Tor|The Onion Router Tor]]
* [[The Dangers of using VPN]]

==References==
{{reflist}}

[[Category:Essential reading for BoyLovers]]
[[Category:Technology]]

== External links ==

* [https://ssd.eff.org/ Surveillance Self-defence Guide] Electronics Frontiers Foundation guide
* [https://whatismybrowser.com/ WhatIsMyBrowser.com] See your Internet browser headers
* [https://bleachbit.org/ BleachBit Privacy Cleaner]
* [https://oo-software.com/en/shutup10 ShutUp10++:Free antispy tool for Windows 10 and 11]
* [https://distrosea.com/ Test drive Linux distros online!]
* [https://f-droid.org/ F-Droid open source app store for Android]

Computer security

2025-11-04T12:36:23Z

Eskimo: /* Windows 11 */

The term '''computer security''' for boylovers normally refers to preventing hostile operatives from tracing your Internet activities back to you. You need to make sure that your computer, if stolen or lost, does not reveal anything linking you to any boylove activities, even if activism is legal. That still means the risk of losing your job, friends, and family, and being physically attacked.

Although one hundred per cent security is impossible, you can make it more difficult for hackers and authorities to trace you, so they'll go bother somebody else. It is like installing an alarm system in your house - it guarantees nothing, but it makes breaking in burdensome, so the would-be burglar goes to a house with no alarm. ''Security is a function of the resources your adversary is willing to commit'', said Julian Sanchez, a policy expert with the Cato Institute in Washington, D.C.<ref>"Beat the FBI: How to Send Anonymous Email Without Getting Caught", by Ben Weitzenkorn,http://www.tomsguide.com/us/-anonymous-email-how-to,news-17511.html</ref>

Because terrorists are perceived as a bigger danger than boylovers, the bulk of the computing power available in the world (always finite) is focused on them.
[[File:Computer graphic.JPG|right]]
== Internet security==

The Internet was originally built with no security, as it came out of a military environment in which all participants were known and trusted <ref>Wikipedia: History of the Internet https://en.wikipedia.org/wiki/History_of_the_Internet</ref>. Privacy and security is continuously grafted onto the platform as it grows and expands into new fields that their creators never designed it for. With complexity it increases the chances of a vulnerability being exploited for nefarious purposes, Internet Security is a game of a whack a mole, you should never lower your guard.

There are technological advances every single day, if you care about computer security, you must read about technology and security news as often as you can to update your knowledge, what is safe today might change tomorrow, by being up to date on technological advances you can plan for the future, for example, by picking a strong encryption algorithm that will be safe for the next twenty years.

===Web browsers===

A Web browser is a program that runs on your computer/smartphone/tablet and is used to access the Internet. It has the function, among others, of decoding the data received — most of it strings of characters are meaningless if not processed — and transforming them into a meaningful form to a human while displaying it optimally on your computer/smartphone/tablet. Chrome, Firefox, Microsoft Edge and Apple's Safari are some example of Internet browsers.

When your browser sends a request for a page to a web server, it goes first to your Internet Service Provider (in some countries a government agency), which records it and sends it on its way on the Internet. Together with the name/address of the page desired, the request includes information about you. Most important is your IP (Internet protocol) address, a string of numbers that identifies the requesting computer, so that the desired data can be sent to it. It also includes the browser and operating system used, and sometimes the hardware used.

===IP Address===

Every device connected to the Internet is identified by a unique number known as an IP address, IP stands for ''Internet Protocol'', an IPv4 address number is made up of 32 bits and takes the form '''n.n.n.n''', IPv4 address example: 127.1.67.235. To cope with Internet growth, due to IPv4 addresses running out, a new Internet Protocol Version called IPv6 was developed, they are made up of 128 bits and represented as eight groups of four hexadecimal digits with the groups being separated by colons, IPv6 address example: 3ffe:1900:4545:3:200:f8ff:fe21:67cf

Both protocols IPv4 and IPv6 are interoperable, the numbers may be different each time you connect but your Internet Service Provider assigns these numbers, they know the history of each IP address, they can provide law enforcement with the name and address of the subscriber that has been assigned a particular IP address.

Internet Service Providers have the capacity of logging each page a user visits and blocking access to them, in some countries this is a reality. In the United Kingdom the Investigatory Powers Bill forces Internet Service Providers to keep web records of users for 12 months. <ref>Investigatory Powers Bill UK https://www.wired.co.uk/article/ip-bill-law-details-passed</ref>

In the United States, if national security is at stake, National Security Letters, authorised by Congress can be used by federal agencies. They require Internet Service Providers to release to all data they have about any user, furthermore, the Internet Service Provider is prohibited from informing you that a request for information about you has been received. Given the recent history of misconduct by the FBI and similar agencies, it would be naive to assume that all of these warrantless, secret searches are for legitimate national security purposes. It is well documented that if evidence of any illegal activity is found in the data gathered using a National Security Letter, even if it has no relevance to national security, that data can be and is legally used to bring criminal charges.

In addition to your ISP, Web sites routinely log the IP address of every visitor, together with the browser they are using and operating system. This information may also be retained indefinitely. While a subpoena is usually necessary for law enforcement to obtain access in the United States, a subpoena may entail little more for the requesting agency than filling out an online form. In many countries law enforcement has total access to servers within its borders. <ref>Russia demands access to VPN providers’ servers https://www.networkworld.com/article/3385050/russia-demands-access-to-vpn-providers-servers.html</ref>

To secure your web browsing and stop Internet Service Providers from logging, spying and censoring your Internet activities, you can use a [[Proxy and VPN|VPN or Tor]].

=== Virtual Private Networks (VPNs) ===

A [[Proxy_and_VPN|Virtual Private Network]] creates an encrypted tunnel and connects you to a proxy server that will receive your data request for an Internet page or download and forward it using the VPN server IP address instead of yours, because of the encryption, your Internet Service Provider will not be able to see what you are doing on the Internet or intercept your communications, only the VPN provider will be able to do that, many claim they keep no logs, or keep them very briefly but such claims must be treated with caution as you have no way to verify it.

A VPN provider located in a foreign country, simply because of the hassle of dealing with an agency of another country, can provide more protection than a domestic one. The client software running on your computer/smartphone or tablet will [[encryption|encrypt]] your request for a Web page, so even if your data is being monitored, all the monitor can tell is that a certain IP address (you) sent a request to a VPN, but the URL of the page that you requested is not visible. Another use of a VPN is being able to access websites that are georestricted, for example watching CBS online outside the USA.

In most Western countries using a VPN is completely legal and there are many legitimate purposes to use one, like wanting to secure your Internet activities on a Wifi access point or a business looking for secure access to a stock market account.

The Onion Router [[Tor]] is a chain of proxy servers located in multiple countries and it is far more secure than a VPN, however speed is slower.

==What information does your browser store?==

Most web browsers store a great deal of information every time you visit a web page; law enforcement accesses it by running the program Browser Postmortem. This storage is intended to make it easier for you to later find and reload already visited Web pages. What information is stored, how and where, depends on which browser you use, which version you have, on what platform or operating system you are running it, and your personal security settings. Some of the items a browser may record are:

# All web page addresses (URLs) you entered into your browser's address bar. This is found in your browser's History.
# The page itself in your cache.
# Any embedded elements, such as graphics or scripts, saved separately in your cache.
# Cookies.
# Search history (terms searched for by [[search engines]]).

===Address Bar and History===

Both the browser history and address-bar list make it easier to access recently-visited sites by storing the addresses of any site you visit. These effectively leaves a trail for others with access to your computer to find and follow your activity on the Internet. Anyone else who uses or has access to your browser can easily look at your recent internet activity.

All major browsers have a menu command to delete the history; but this is no protection and can be easily recovered with specialist software by law enforcement or computer technicians. There are programs like Bleachbit that will securely overwrite temporary files so that recovery it is not possible but wiping software is not 100% perfect, the only way to be sure that no data will ever be recovered from your computer is to encrypt the whole hard drive or use a live DVD to browse the Internet, for example Tails.

===The Browser Cache===

The browser cache is designed to make loading frequently-accessed pages quicker. Downloading a page from the internet takes time, so the cache is designed to store entire pages from sites which you visit. Some browsers create a single cache file, while others may store embedded elements such as images, style-sheets or scripts separately. When you type an address into your browser it will check with the server to see if the page has been modified since last accessed and if there are no changes it will draw the page from the cache rather than from the server.

The browser cache is a record of the sites you have visited and can easily be accessed by others. Major browsers have a menu selection to erase the cache. However it does not securely erase the data is still recoverable with specialist undelete software. A medium security solution is to deploy secure erasing software like CCleaner, or browse the Internet in incognito mode, it considerably reduces the information available in your hard drive but not all of it if your opponent has high IT skills he might still be able to recover small bits of information.

===Cookies===

Cookies are small files used to by web sites to either store settings or track what you do online. They are sent to your computer and stored by your browser when you visit a site. Cookies are necessary for innocent purposes such as automating log-in and storing preferences, and providing targeted advertising, but they too leave their footprints for others to follow. If someone can look at what cookies you have stored in your Internet browser they can find out what websites you visited and the associated usernames.

Inside your Internet browser settings you can manually erase cookies but this will not be done safely unless they are overwritten with specialist Internet privacy software that stops computer forensic tools from unerasing them.

==="Private" or "Incognito" mode===

Modern browsers often have what is called ''Private Browsing'' (Firefox) or ''Incognito Mode'' (Chrome), when activated, no browsing history, cookies or cache are kept. Once all tabs are closed, all session information is discarded. However, it does not conceal from your Internet Service Provider, workplace, library or Internet cafe which pages you visited and it will not stop other applications in your computer. like a keylogger, from monitoring what you are browsing, if you have downloaded a file in Incognito mode, this file will remain in your hard drive. <ref> Myths about private browsing: https://support.mozilla.org/en-US/kb/common-myths-about-private-browsing</ref>

== Windows 11 ==

'''Warning!'''

It is extremely difficult to have privacy in Windows and Microsoft new updates keep pushing people towards their cloud services which are a privacy nightmare. A few tips are given here to secure Windows but if you are serious about privacy you must wipe out Windows and install Linux instead, there is no other way.

* Microsoft account: The Microsoft Windows 11 operating system forces users to sign up for a Microsoft account, signing into Windows 11 with your Microsoft account will immediately sync (upload) settings and data to the company’s servers <ref> How to Set Up Windows 11 for Maximum Privacy https://aardwolfsecurity.com/how-to-set-up-windows-11-for-maximum-privacy/</ref>, the data may contain your Internet browsing history, saved passwords and settings like your desktop background, signing in with a Microsoft account enables full-disk encryption too and it stores a recovery decryption key in OneDrive, to avoid this use a local Windows 11 account instead of a Microsoft cloud account. At the moment of writing, Windows 11 is making it impossible for users to operate without creating a Microsoft cloud account, there are ways around this but as the situation keeps changing, instead of a providing a solution that will quickly be out of date, you are advised to use a search engine to search for a work around to use Windows 11 with a local account.

* OneDrive: When you upload files to OneDrive they are automatically scanned to detect child pornography, <ref>Microsoft tip leads to child porn arrest in Pennsylvania https://www.bbc.com/news/technology-28682686</ref> the main problem with this is approach is that Microsoft treats everybody like a suspected criminal and child pornographer without being one, it is like having to submit yourself to a search without any evidence of any wrongdoing and without any warrant, by agreeing to using OneDrive, you are waving your privacy rights, the same for Dropbox and other cloud services. If you care about not being treated like a suspected criminal, uninstall OneDrive from Windows.

== Smartphones and tablets ==

Android and iPhones have encryption turned on by default and you can and should lock them with a passphrase, but in some countries like the United Kingdom the law forces you to hand over your decryption keys when law enforcement requests it. <ref> UK police can now force you to reveal decryption keys: https://www.theregister.co.uk/2007/10/03/ripa-decryption_keys_power/ </ref>, in other countries like the United States you can plead the Constitution Fifth Amendment right not to self-incriminate and refuse handing over the password to your phone, however if the smartphone is switched on when seized it is trivial to access the content without your consent and if it is switched off they could try a brute force attack, but this is very time consuming and expensive depending on password difficulty and might not work in the end. <ref>Forcing Someone to Unlock and Decrypt Their Phone Violates the Constitution https://www.eff.org/deeplinks/2017/03/eff-court-forcing-someone-unlock-and-decrypt-their-phone-violates-constitution </ref>.

Consider using a VPN to protect your Internet connection from illegal spying by hackers and government agencies, nearly all of the big VPN companies smartphone apps have a setting to block advertising and tracking cookies, that will save you from downloading an app to block adverts. If you are in a high security environment you might want to download an antivirus for your smartphone but this will quickly drain your battery. You should only download apps from the official store as otherwise you risk downloading a trojan into your phone. A good open source alternative to Android and Apple Marketplace is F-Droid.

=== iPhone/iPad ===

All of the data on the iPhone is backed up onto servers operated by Apple, a default behaviour that can be turned off in settings. The iCloud used to be easily accessible by law enforcement because Apple holds the decryption key for iCloud, in 2023 Apple announced that they would be encrypting iCloud with a system called Advanced Data Protection that makes it impossible for their own staff to access your data <ref>How to lock down your iCloud with Apple's Advanced Data Protection https://www.inverse.com/gear/how-to-lock-down-icloud-ios-16-apple-advanced-data-protection</ref>, however it is the user who must turn this on in the settings and you should keep your eyes open in the tech news because Apple appears to often change their stance on data privacy depending on the political climate.

In 2021 Apple announced that they would scan all iPhones to detect child porn and report it to law enforcement, unlike iCloud, where Apple only scans the files you upload to detect child porn, Apple intention was to scan anything stored in the phone regardless of whether it is being uploaded to their cloud servers or not. <ref>Apple to start scanning US iPhones for images of child sexual abuse https://www.france24.com/en/americas/20210806-apple-to-start-scanning-us-iphones-for-images-of-child-sexual-abuse</ref>. After outrage from privacy activists and users, in fear that a system like that could be used by dictatorships like China to require Apple to scan iPhones for anything they see fit, not only child porn, Apple decided to quietly shelve the plan.

=== Android ===

The security and privacy of an Android phone is not much more different from an iPhone, the main difference is that while Apple makes the software and the hardware of an iPhone, in Android, Google only develops the software and licenses it to multiple hardware vendors that build the phone, now you have two companies that could violate your privacy, Google and your smartphone vendor, try to stay away from cheap little known Chinese smartphone brands as some of them ship with spyware. Regarding the Android OS, you should not trust Google Drive, Gmail or any other Google product that comes embedded with the operating system, while Apple makes money selling hardware, Google does not, their main reason to give away Android for free is that they will push you to use their products, mine your data and make money with it.

The main way to secure an Android phone, always bearing in mind that it might not be possible 100%, familiarise yourself with the privacy and security settings of Android and turn off all the data sharing which is on by default, protect access to your phone with a passphrase, and don´t use any Google product that comes with the phone.

== See also ==

* [[Privacy Freeware]]
* [[Tor|The Onion Router Tor]]
* [[The Dangers of using VPN]]

==References==
{{reflist}}

[[Category:Essential reading for BoyLovers]]
[[Category:Technology]]

== External links ==

* [https://ssd.eff.org/ Surveillance Self-defence Guide] Electronics Frontiers Foundation guide
* [https://whatismybrowser.com/ WhatIsMyBrowser.com] See your Internet browser headers
* [https://bleachbit.org/ BleachBit Privacy Cleaner]
* [https://oo-software.com/en/shutup10 ShutUp10++:Free antispy tool for Windows 10 and 11]
* [https://f-droid.org/ F-Droid open source app store for Android]

Computer security

2025-11-04T12:35:21Z

Eskimo: Updated with advice about moving to Linux

The term '''computer security''' for boylovers normally refers to preventing hostile operatives from tracing your Internet activities back to you. You need to make sure that your computer, if stolen or lost, does not reveal anything linking you to any boylove activities, even if activism is legal. That still means the risk of losing your job, friends, and family, and being physically attacked.

Although one hundred per cent security is impossible, you can make it more difficult for hackers and authorities to trace you, so they'll go bother somebody else. It is like installing an alarm system in your house - it guarantees nothing, but it makes breaking in burdensome, so the would-be burglar goes to a house with no alarm. ''Security is a function of the resources your adversary is willing to commit'', said Julian Sanchez, a policy expert with the Cato Institute in Washington, D.C.<ref>"Beat the FBI: How to Send Anonymous Email Without Getting Caught", by Ben Weitzenkorn,http://www.tomsguide.com/us/-anonymous-email-how-to,news-17511.html</ref>

Because terrorists are perceived as a bigger danger than boylovers, the bulk of the computing power available in the world (always finite) is focused on them.
[[File:Computer graphic.JPG|right]]
== Internet security==

The Internet was originally built with no security, as it came out of a military environment in which all participants were known and trusted <ref>Wikipedia: History of the Internet https://en.wikipedia.org/wiki/History_of_the_Internet</ref>. Privacy and security is continuously grafted onto the platform as it grows and expands into new fields that their creators never designed it for. With complexity it increases the chances of a vulnerability being exploited for nefarious purposes, Internet Security is a game of a whack a mole, you should never lower your guard.

There are technological advances every single day, if you care about computer security, you must read about technology and security news as often as you can to update your knowledge, what is safe today might change tomorrow, by being up to date on technological advances you can plan for the future, for example, by picking a strong encryption algorithm that will be safe for the next twenty years.

===Web browsers===

A Web browser is a program that runs on your computer/smartphone/tablet and is used to access the Internet. It has the function, among others, of decoding the data received — most of it strings of characters are meaningless if not processed — and transforming them into a meaningful form to a human while displaying it optimally on your computer/smartphone/tablet. Chrome, Firefox, Microsoft Edge and Apple's Safari are some example of Internet browsers.

When your browser sends a request for a page to a web server, it goes first to your Internet Service Provider (in some countries a government agency), which records it and sends it on its way on the Internet. Together with the name/address of the page desired, the request includes information about you. Most important is your IP (Internet protocol) address, a string of numbers that identifies the requesting computer, so that the desired data can be sent to it. It also includes the browser and operating system used, and sometimes the hardware used.

===IP Address===

Every device connected to the Internet is identified by a unique number known as an IP address, IP stands for ''Internet Protocol'', an IPv4 address number is made up of 32 bits and takes the form '''n.n.n.n''', IPv4 address example: 127.1.67.235. To cope with Internet growth, due to IPv4 addresses running out, a new Internet Protocol Version called IPv6 was developed, they are made up of 128 bits and represented as eight groups of four hexadecimal digits with the groups being separated by colons, IPv6 address example: 3ffe:1900:4545:3:200:f8ff:fe21:67cf

Both protocols IPv4 and IPv6 are interoperable, the numbers may be different each time you connect but your Internet Service Provider assigns these numbers, they know the history of each IP address, they can provide law enforcement with the name and address of the subscriber that has been assigned a particular IP address.

Internet Service Providers have the capacity of logging each page a user visits and blocking access to them, in some countries this is a reality. In the United Kingdom the Investigatory Powers Bill forces Internet Service Providers to keep web records of users for 12 months. <ref>Investigatory Powers Bill UK https://www.wired.co.uk/article/ip-bill-law-details-passed</ref>

In the United States, if national security is at stake, National Security Letters, authorised by Congress can be used by federal agencies. They require Internet Service Providers to release to all data they have about any user, furthermore, the Internet Service Provider is prohibited from informing you that a request for information about you has been received. Given the recent history of misconduct by the FBI and similar agencies, it would be naive to assume that all of these warrantless, secret searches are for legitimate national security purposes. It is well documented that if evidence of any illegal activity is found in the data gathered using a National Security Letter, even if it has no relevance to national security, that data can be and is legally used to bring criminal charges.

In addition to your ISP, Web sites routinely log the IP address of every visitor, together with the browser they are using and operating system. This information may also be retained indefinitely. While a subpoena is usually necessary for law enforcement to obtain access in the United States, a subpoena may entail little more for the requesting agency than filling out an online form. In many countries law enforcement has total access to servers within its borders. <ref>Russia demands access to VPN providers’ servers https://www.networkworld.com/article/3385050/russia-demands-access-to-vpn-providers-servers.html</ref>

To secure your web browsing and stop Internet Service Providers from logging, spying and censoring your Internet activities, you can use a [[Proxy and VPN|VPN or Tor]].

=== Virtual Private Networks (VPNs) ===

A [[Proxy_and_VPN|Virtual Private Network]] creates an encrypted tunnel and connects you to a proxy server that will receive your data request for an Internet page or download and forward it using the VPN server IP address instead of yours, because of the encryption, your Internet Service Provider will not be able to see what you are doing on the Internet or intercept your communications, only the VPN provider will be able to do that, many claim they keep no logs, or keep them very briefly but such claims must be treated with caution as you have no way to verify it.

A VPN provider located in a foreign country, simply because of the hassle of dealing with an agency of another country, can provide more protection than a domestic one. The client software running on your computer/smartphone or tablet will [[encryption|encrypt]] your request for a Web page, so even if your data is being monitored, all the monitor can tell is that a certain IP address (you) sent a request to a VPN, but the URL of the page that you requested is not visible. Another use of a VPN is being able to access websites that are georestricted, for example watching CBS online outside the USA.

In most Western countries using a VPN is completely legal and there are many legitimate purposes to use one, like wanting to secure your Internet activities on a Wifi access point or a business looking for secure access to a stock market account.

The Onion Router [[Tor]] is a chain of proxy servers located in multiple countries and it is far more secure than a VPN, however speed is slower.

==What information does your browser store?==

Most web browsers store a great deal of information every time you visit a web page; law enforcement accesses it by running the program Browser Postmortem. This storage is intended to make it easier for you to later find and reload already visited Web pages. What information is stored, how and where, depends on which browser you use, which version you have, on what platform or operating system you are running it, and your personal security settings. Some of the items a browser may record are:

# All web page addresses (URLs) you entered into your browser's address bar. This is found in your browser's History.
# The page itself in your cache.
# Any embedded elements, such as graphics or scripts, saved separately in your cache.
# Cookies.
# Search history (terms searched for by [[search engines]]).

===Address Bar and History===

Both the browser history and address-bar list make it easier to access recently-visited sites by storing the addresses of any site you visit. These effectively leaves a trail for others with access to your computer to find and follow your activity on the Internet. Anyone else who uses or has access to your browser can easily look at your recent internet activity.

All major browsers have a menu command to delete the history; but this is no protection and can be easily recovered with specialist software by law enforcement or computer technicians. There are programs like Bleachbit that will securely overwrite temporary files so that recovery it is not possible but wiping software is not 100% perfect, the only way to be sure that no data will ever be recovered from your computer is to encrypt the whole hard drive or use a live DVD to browse the Internet, for example Tails.

===The Browser Cache===

The browser cache is designed to make loading frequently-accessed pages quicker. Downloading a page from the internet takes time, so the cache is designed to store entire pages from sites which you visit. Some browsers create a single cache file, while others may store embedded elements such as images, style-sheets or scripts separately. When you type an address into your browser it will check with the server to see if the page has been modified since last accessed and if there are no changes it will draw the page from the cache rather than from the server.

The browser cache is a record of the sites you have visited and can easily be accessed by others. Major browsers have a menu selection to erase the cache. However it does not securely erase the data is still recoverable with specialist undelete software. A medium security solution is to deploy secure erasing software like CCleaner, or browse the Internet in incognito mode, it considerably reduces the information available in your hard drive but not all of it if your opponent has high IT skills he might still be able to recover small bits of information.

===Cookies===

Cookies are small files used to by web sites to either store settings or track what you do online. They are sent to your computer and stored by your browser when you visit a site. Cookies are necessary for innocent purposes such as automating log-in and storing preferences, and providing targeted advertising, but they too leave their footprints for others to follow. If someone can look at what cookies you have stored in your Internet browser they can find out what websites you visited and the associated usernames.

Inside your Internet browser settings you can manually erase cookies but this will not be done safely unless they are overwritten with specialist Internet privacy software that stops computer forensic tools from unerasing them.

==="Private" or "Incognito" mode===

Modern browsers often have what is called ''Private Browsing'' (Firefox) or ''Incognito Mode'' (Chrome), when activated, no browsing history, cookies or cache are kept. Once all tabs are closed, all session information is discarded. However, it does not conceal from your Internet Service Provider, workplace, library or Internet cafe which pages you visited and it will not stop other applications in your computer. like a keylogger, from monitoring what you are browsing, if you have downloaded a file in Incognito mode, this file will remain in your hard drive. <ref> Myths about private browsing: https://support.mozilla.org/en-US/kb/common-myths-about-private-browsing</ref>

== Windows 11 ==

'''Warning!'''

It is extremely difficult to have privacy in Windows and Microsoft new updates keep pushing users towards their cloud services which are a privacy nightmare. A few tips are given here to secure Windows but if you are serious about privacy you should wipe out Windows and install Linux instead, there is no other way.

* Microsoft account: The Microsoft Windows 11 operating system forces users to sign up for a Microsoft account, signing into Windows 11 with your Microsoft account will immediately sync (upload) settings and data to the company’s servers <ref> How to Set Up Windows 11 for Maximum Privacy https://aardwolfsecurity.com/how-to-set-up-windows-11-for-maximum-privacy/</ref>, the data may contain your Internet browsing history, saved passwords and settings like your desktop background, signing in with a Microsoft account enables full-disk encryption too and it stores a recovery decryption key in OneDrive, to avoid this use a local Windows 11 account instead of a Microsoft cloud account. At the moment of writing, Windows 11 is making it impossible for users to operate without creating a Microsoft cloud account, there are ways around this but as the situation keeps changing, instead of a providing a solution that will quickly be out of date, you are advised to use a search engine to search for a work around to use Windows 11 with a local account.

* OneDrive: When you upload files to OneDrive they are automatically scanned to detect child pornography, <ref>Microsoft tip leads to child porn arrest in Pennsylvania https://www.bbc.com/news/technology-28682686</ref> the main problem with this is approach is that Microsoft treats everybody like a suspected criminal and child pornographer without being one, it is like having to submit yourself to a search without any evidence of any wrongdoing and without any warrant, by agreeing to using OneDrive, you are waving your privacy rights, the same for Dropbox and other cloud services. If you care about not being treated like a suspected criminal, uninstall OneDrive from Windows.

== Smartphones and tablets ==

Android and iPhones have encryption turned on by default and you can and should lock them with a passphrase, but in some countries like the United Kingdom the law forces you to hand over your decryption keys when law enforcement requests it. <ref> UK police can now force you to reveal decryption keys: https://www.theregister.co.uk/2007/10/03/ripa-decryption_keys_power/ </ref>, in other countries like the United States you can plead the Constitution Fifth Amendment right not to self-incriminate and refuse handing over the password to your phone, however if the smartphone is switched on when seized it is trivial to access the content without your consent and if it is switched off they could try a brute force attack, but this is very time consuming and expensive depending on password difficulty and might not work in the end. <ref>Forcing Someone to Unlock and Decrypt Their Phone Violates the Constitution https://www.eff.org/deeplinks/2017/03/eff-court-forcing-someone-unlock-and-decrypt-their-phone-violates-constitution </ref>.

Consider using a VPN to protect your Internet connection from illegal spying by hackers and government agencies, nearly all of the big VPN companies smartphone apps have a setting to block advertising and tracking cookies, that will save you from downloading an app to block adverts. If you are in a high security environment you might want to download an antivirus for your smartphone but this will quickly drain your battery. You should only download apps from the official store as otherwise you risk downloading a trojan into your phone. A good open source alternative to Android and Apple Marketplace is F-Droid.

=== iPhone/iPad ===

All of the data on the iPhone is backed up onto servers operated by Apple, a default behaviour that can be turned off in settings. The iCloud used to be easily accessible by law enforcement because Apple holds the decryption key for iCloud, in 2023 Apple announced that they would be encrypting iCloud with a system called Advanced Data Protection that makes it impossible for their own staff to access your data <ref>How to lock down your iCloud with Apple's Advanced Data Protection https://www.inverse.com/gear/how-to-lock-down-icloud-ios-16-apple-advanced-data-protection</ref>, however it is the user who must turn this on in the settings and you should keep your eyes open in the tech news because Apple appears to often change their stance on data privacy depending on the political climate.

In 2021 Apple announced that they would scan all iPhones to detect child porn and report it to law enforcement, unlike iCloud, where Apple only scans the files you upload to detect child porn, Apple intention was to scan anything stored in the phone regardless of whether it is being uploaded to their cloud servers or not. <ref>Apple to start scanning US iPhones for images of child sexual abuse https://www.france24.com/en/americas/20210806-apple-to-start-scanning-us-iphones-for-images-of-child-sexual-abuse</ref>. After outrage from privacy activists and users, in fear that a system like that could be used by dictatorships like China to require Apple to scan iPhones for anything they see fit, not only child porn, Apple decided to quietly shelve the plan.

=== Android ===

The security and privacy of an Android phone is not much more different from an iPhone, the main difference is that while Apple makes the software and the hardware of an iPhone, in Android, Google only develops the software and licenses it to multiple hardware vendors that build the phone, now you have two companies that could violate your privacy, Google and your smartphone vendor, try to stay away from cheap little known Chinese smartphone brands as some of them ship with spyware. Regarding the Android OS, you should not trust Google Drive, Gmail or any other Google product that comes embedded with the operating system, while Apple makes money selling hardware, Google does not, their main reason to give away Android for free is that they will push you to use their products, mine your data and make money with it.

The main way to secure an Android phone, always bearing in mind that it might not be possible 100%, familiarise yourself with the privacy and security settings of Android and turn off all the data sharing which is on by default, protect access to your phone with a passphrase, and don´t use any Google product that comes with the phone.

== See also ==

* [[Privacy Freeware]]
* [[Tor|The Onion Router Tor]]
* [[The Dangers of using VPN]]

==References==
{{reflist}}

[[Category:Essential reading for BoyLovers]]
[[Category:Technology]]

== External links ==

* [https://ssd.eff.org/ Surveillance Self-defence Guide] Electronics Frontiers Foundation guide
* [https://whatismybrowser.com/ WhatIsMyBrowser.com] See your Internet browser headers
* [https://bleachbit.org/ BleachBit Privacy Cleaner]
* [https://oo-software.com/en/shutup10 ShutUp10++:Free antispy tool for Windows 10 and 11]
* [https://f-droid.org/ F-Droid open source app store for Android]

Encryption

2025-11-04T12:18:13Z

Eskimo: small correction

'''Encryption''' is the process of encoding data in such a way that only authorized parties can read it, encryption does not prevent interception but it stops others from reading what the data contains without the correct key. Encryption algorithms are used to generate unreadable data that can be left at rest in your hard drive or sent over the Internet. Many applications like WhatsApp automatically encrypt and decrypt your messages without any user interaction, the downside is that you must trust the company doing the encryption for you not to violate your privacy, Google is known to scan files<ref>https://www.extremetech.com/internet/330076-googles-child-abuse-detection-tools-can-also-identify-illegal-drawings-of-children</ref> you upload to Google Drive for child porn and cartoons, Microsoft, Apple and many other companies do that too.

When encryption has been well designed and it contains no backdoor, there is no way to break it, the most commonly used scheme to break encryption is trying to guess the passphrase used, there are programs that can try thousands of password combinations a minute but well designed encryption programs slow these bots down by not allowing more than four or five tries every minute making it unfeasible to guess the password in a reasonable amount of time that does not involve hundreds of years.

== How encryption works ==
:''For more information, see [http://en.wikipedia.org/wiki/Key_size Key size] and [https://en.wikipedia.org/wiki/Cryptographic_hash_function Cryptographic hash function]
All modern cryptographic systems are based on the factoring of numbers. It is easy to multiply two numbers and come up with a product. To take a number and determine what the numbers were that were multiplied to "create" it (called "factors") is very difficult. Despite serious looking by very bright people, no method or algorithm to solve "finding the factors" —for example, that the factors of 21 are 7 and 3, and those of 551 are 19 and 29 — has been found. Other than the simplest of methods, what could be called "no method at all", trying every conceivable solution (called the "brute force" method). The number of solutions to be tried is incredibly huge, astronomical. To even attempt it the most powerful computers are needed, so as to get results within a usable time frame. If it takes three years to get the missing key (password), probably it's not going to do you much good. The makers of encryption software try to create a number so huge that the number of solutions is just impossible to test. The makers of decryption software try to come up with shortcuts thst reduce the number of numbers that must be tested, or at least prioritize some numbers to test before others.

The more the speed of the hardware increases, the more it is possible to defeat encryption by a brute force attack (which is the only method because it's the only method that covers every possible answer). These are custom-built, single-purpose computers;.a single-purpose computer is always faster than a general-purpose computer. The original use of computers, during World War II, was to calculate coordinates for misiles (what angle up or elevation should they be at, among other things). Now it is to penetrate encryption, or try to. That's where the action is, in computing hardware.

This is a great simplification of a complicated area. However, it is the root of the whole system.

== Degrees of security in encryption ==
Any encryption must have a key, or in more basic terms a password. This is a string of characters which, in practice, describes the type of encryption used and provides the recipient's software the means to decrypt the message if authorized. The keys are easy to create but hard to undo.

The longer the password the more possible passwords have to be tested by the person that wants to break the encryption and view the message without permission. An eight-character password permits only about a billion possible passwords, and free software will break this in seconds on an ordinary desktop computer (2016). There are various standards, but 256 characters is commonly seen (2016). The longer the better.

A significant problem is providing the desired recipient the key (password) so the message can be decrypted. It should not be given over any type of electronic communication. Better give it in person, or on a flash drive sent through the mail.

== PGP ==

PGP, or Pretty Good Privacy also known as public key encryption, is an involved encryption scheme with two keys, one private and one public. The basics of the scheme are that you distribute your public encryption key to anybody you want and that key can be used to encrypt data but not to decrypt it, only you will be able to read the encrypted data with your secret private encryption key that nobody else has and a secret password, this allows for safe communications without the need to share passwords.

Because PGP, also known as OpenPGP, requires some technical knowledge, privacy e-mail providers like ProtonMail and Tuta do the encryption process in the background for you but you have to trust they are doing it right. Being open source increases the trust level because qualified people can check that the software has no backdoors and no bugs. If you do not wish to trust anybody you can use a plugin like MailVelope to create your own PGP encryption keys and do all the encryption process yourself.

It is important to remember that PGP is typically used to exchange encrypted messages and files and not to encrypt data in your hard drive at rest. To encrypt and decrypt files that are often accessed PGP is too time consuming and there are better programs that can do this like VeraCrypt.

== Boylovers and encryption ==

Many boylovers encrypt files related to boylove to keep themselves safe along with using programs like [[Tor]]. It is often recommended that boylovers use full disk encryption with a program like [https://veracrypt.io Veracrypt], a free open source program that has been audited<ref>https://threatpost.com/veracrypt-patches-critical-vulnerabilities-uncovered-in-audit/121342/</ref>, a few vulnerabilities where found during the audit and fixed, although it might sound alarming that vulnerabilities where found, Veracrypt is one of the very few encryption programs that has been publicly audited, with other software you must trust what the vendor says whereas in Veracrypt there is a third independent party that you can trust. An extensive comparison of all available encryption programs can be found on the Wikipedia page [https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software Comparison of disk encryption software] Whichever platform you use, a strong password is the most important thing to remember. See: [https://www.boywiki.org/en/Internet_security_tutorial#Using_secure_passwords Using secure passwords]

One need not only use encryption if they have illegal files; even totally legal files related to boylove can destroy a person's life if brought to light. Sometimes it is difficult to know what even is legal with regard to boylove.[https://en.wikipedia.org/wiki/State_v._Dalton The State v. Dalton]is a legal case in the United States state of Ohio involving the prosecution of a man for recording fictional tales of alleged [[child pornography]] in a diary. He had no images, either drawn or photographed, just writings in a journal and it was deemed to be [[child pornography]]. Altogether the man spent over 10 years in prison for simple writings.<ref>http://www.nytimes.com/2001/07/14/us/child-pornography-writer-gets-10-year-prison-term.html/</ref> This case highlights how important it is to encrypt everything related to boylove.

==Key (password) disclosure laws==
Key disclosure laws, also known as mandatory key disclosure, are laws that require individuals to surrender cryptographic keys (passwords, though actual words are rarely used today) to law enforcement. The purpose is to allow access to material for confiscation or digital forensics purposes and use it either as evidence in a court of law or to enforce national security interests. Similarly, '''mandatory decryption''' laws force owners of encrypted data to supply decrypted data to law enforcement.

Nations vary widely in the specifics of how they implement key disclosure laws. Some, such as Australia, give law enforcement wide-ranging power to compel assistance in decrypting data from any party. Some, such as Belgium, concerned with self-incrimination, only allow law enforcement to compel assistance from non-suspects. Some require only specific third parties such as telecommunications carriers, certification providers, or maintainers of encryption services to provide assistance with decryption. In all cases, a warrant is generally required.

In the United Kingdom and Australia, it is a criminal offense not to reveal an encryption key when requested by law enforcement. In the United States there is no such law, nor is their any legal obligation to cooperate with law enforcement unless a warrant has been issued by a judge. The Fifth Amendment to the United States Constitution, on which there is a Wikipedia article, prohibits the government from requiring anyone to testify against himself (self-incrimination). Whether supplying a password constitutes self-incrimination has not been ruled on definitively by the courts. However, a judge, usually at the request of law enforcement, can give a key holder immunity for anything discovered using the key; the material revealed by use of the key can not be used as evidence against the key holder or to get an indictment of the key holder. That the encrypted material might give law enforcement leads on where to find new evidence that'' could'' be used to indict the keyholder, or might lead to indictment of someone other than the key holder — typically an ally of some sort — is not relevant to a judge. Judges can and do hold persons in Contempt of Court for failing to follow a judicial mandate. (Search warrants and arrest warrants are judicial mandates.) A judge can order someone the judge finds guilty of Contempt of Court to be incarcerated indefinitely, until the judge's order is complied with.

"A Philadelphia man suspected of possessing child pornography has been in jail for seven months and counting after being found in contempt of a court order demanding that he decrypt two password-protected hard drives. The suspect, a former Philadelphia Police Department sergeant, has not been charged with any child porn crimes. Instead, he remains indefinitely imprisoned in Philadelphia's Federal Detention Center for refusing to unlock two drives encrypted with Apple's FileVault software in a case that once again highlights the extent to which the authorities are going to crack encrypted devices. The man is to remain jailed "until such time that he fully complies" with the decryption order." <ref>http://arstechnica.com/tech-policy/2016/04/child-porn-suspect-jailed-for-7-months-for-refusing-to-decrypt-hard-drives/</ref>

== Legislation by nation ==

For an updated list of key disclosure laws by nations visit [https://en.wikipedia.org/wiki/Key_disclosure_law WikiPedia Key disclosure law page]

==See Also==

* [[Steganography]]
* [[Tor]]
* [[Internet security tutorial]]
* [[Email security]]
* [[Hard drive]]

==References==
{{reflist}}

==External links==
*[https://en.wikipedia.org/wiki/Encryption https://en.wikipedia.org/wiki/Encryption]
*[https://en.wikipedia.org/wiki/Key_disclosure_law https://en.wikipedia.org/wiki/Key_disclosure_law]
*[http://www.nytimes.com/2001/07/14/us/child-pornography-writer-gets-10-year-prison-term.html http://www.nytimes.com/2001/07/14/us/child-pornography-writer-gets-10-year-prison-term.html]
*[https://en.wikipedia.org/wiki/State_v._Dalton https://en.wikipedia.org/wiki/State_v._Dalton]

[[Category:Technology]]
[[Category:Essential reading for BoyLovers]]
[[Category:Civil rights and liberties]]

Encryption

2025-11-04T12:17:20Z

Eskimo: /* PGP */

'''Encryption''' is the process of encoding data in such a way that only authorized parties can read it, encryption does not prevent interception but it stops others from reading what the data contains without the correct key. Encryption algorithms are used to generate unreadable data that can be left at rest in your hard drive or sent over the Internet. Many applications like WhatsApp automatically encrypt and decrypt your messages without any user interaction, the downside is that you must trust the company doing the encryption for you not to violate your privacy, Google is known to scan files<ref>https://www.extremetech.com/internet/330076-googles-child-abuse-detection-tools-can-also-identify-illegal-drawings-of-children</ref> you upload to Google Drive for child porn and cartoons, Microsoft, Apple and many other companies do that too.

When encryption has been well designed and it contains no backdoor, there is no way to break it, the most commonly used scheme to break encryption is trying to guess the passphrase used, there are programs that can try thousands of password combinations a minute but well designed encryption programs slow these bots down by not allowing more than four or five tries every minute making it unfeasible to guess the password in a reasonable amount of time that does not involve hundreds of years.

== How encryption works ==
:''For more information, see [http://en.wikipedia.org/wiki/Key_size Key size] and [https://en.wikipedia.org/wiki/Cryptographic_hash_function Cryptographic hash function]
All modern cryptographic systems are based on the factoring of numbers. It is easy to multiply two numbers and come up with a product. To take a number and determine what the numbers were that were multiplied to "create" it (called "factors") is very difficult. Despite serious looking by very bright people, no method or algorithm to solve "finding the factors" —for example, that the factors of 21 are 7 and 3, and those of 551 are 19 and 29 — has been found. Other than the simplest of methods, what could be called "no method at all", trying every conceivable solution (called the "brute force" method). The number of solutions to be tried is incredibly huge, astronomical. To even attempt it the most powerful computers are needed, so as to get results within a usable time frame. If it takes three years to get the missing key (password), probably it's not going to do you much good. The makers of encryption software try to create a number so huge that the number of solutions is just impossible to test. The makers of decryption software try to come up with shortcuts thst reduce the number of numbers that must be tested, or at least prioritize some numbers to test before others.

The more the speed of the hardware increases, the more it is possible to defeat encryption by a brute force attack (which is the only method because it's the only method that covers every possible answer). These are custom-built, single-purpose computers;.a single-purpose computer is always faster than a general-purpose computer. The original use of computers, during World War II, was to calculate coordinates for misiles (what angle up or elevation should they be at, among other things). Now it is to penetrate encryption, or try to. That's where the action is, in computing hardware.

This is a great simplification of a complicated area. However, it is the root of the whole system.

== Degrees of security in encryption ==
Any encryption must have a key, or in more basic terms a password. This is a string of characters which, in practice, describes the type of encryption used and provides the recipient's software the means to decrypt the message if authorized. The keys are easy to create but hard to undo.

The longer the password the more possible passwords have to be tested by the person that wants to break the encryption and view the message without permission. An eight-character password permits only about a billion possible passwords, and free software will break this in seconds on an ordinary desktop computer (2016). There are various standards, but 256 characters is commonly seen (2016). The longer the better.

A significant problem is providing the desired recipient the key (password) so the message can be decrypted. It should not be given over any type of electronic communication. Better give it in person, or on a flash drive sent through the mail.

== PGP ==

PGP, or Pretty Good Privacy also known as public key encryption, is an involved encryption scheme with two keys, one private and one public. The basics of the scheme are that you distribute your public encryption key to anybody you want and that key can be used to encrypt data but not to decrypt it, only you will be able to read the encrypted data with your secret private encryption key that nobody else has and a secret password, this allows for safe communications without the need to share passwords.

Because PGP, also known as OpenPGP, requires some technical knowledge, privacy e-mail providers like ProtonMail and Tuta do the encryption process in the background for you but you have to trust they are doing it right. Being open source increases the trust level because qualified people can check that the software has no backdoors and no bugs. If you do not wish to trust anybody you can use a plugin like MailVelope to create your own PGP encryption keys and do all the encryption process yourself.

It is important to remember that PGP is typically used to exchange encrypted messages and files and not to encrypt data in your hard drive at rest. To encrypt and decrypt files that are often accessed PGP is cumbersome and there are better programs that can do this like VeraCrypt.

== Boylovers and encryption ==

Many boylovers encrypt files related to boylove to keep themselves safe along with using programs like [[Tor]]. It is often recommended that boylovers use full disk encryption with a program like [https://veracrypt.io Veracrypt], a free open source program that has been audited<ref>https://threatpost.com/veracrypt-patches-critical-vulnerabilities-uncovered-in-audit/121342/</ref>, a few vulnerabilities where found during the audit and fixed, although it might sound alarming that vulnerabilities where found, Veracrypt is one of the very few encryption programs that has been publicly audited, with other software you must trust what the vendor says whereas in Veracrypt there is a third independent party that you can trust. An extensive comparison of all available encryption programs can be found on the Wikipedia page [https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software Comparison of disk encryption software] Whichever platform you use, a strong password is the most important thing to remember. See: [https://www.boywiki.org/en/Internet_security_tutorial#Using_secure_passwords Using secure passwords]

One need not only use encryption if they have illegal files; even totally legal files related to boylove can destroy a person's life if brought to light. Sometimes it is difficult to know what even is legal with regard to boylove.[https://en.wikipedia.org/wiki/State_v._Dalton The State v. Dalton]is a legal case in the United States state of Ohio involving the prosecution of a man for recording fictional tales of alleged [[child pornography]] in a diary. He had no images, either drawn or photographed, just writings in a journal and it was deemed to be [[child pornography]]. Altogether the man spent over 10 years in prison for simple writings.<ref>http://www.nytimes.com/2001/07/14/us/child-pornography-writer-gets-10-year-prison-term.html/</ref> This case highlights how important it is to encrypt everything related to boylove.

==Key (password) disclosure laws==
Key disclosure laws, also known as mandatory key disclosure, are laws that require individuals to surrender cryptographic keys (passwords, though actual words are rarely used today) to law enforcement. The purpose is to allow access to material for confiscation or digital forensics purposes and use it either as evidence in a court of law or to enforce national security interests. Similarly, '''mandatory decryption''' laws force owners of encrypted data to supply decrypted data to law enforcement.

Nations vary widely in the specifics of how they implement key disclosure laws. Some, such as Australia, give law enforcement wide-ranging power to compel assistance in decrypting data from any party. Some, such as Belgium, concerned with self-incrimination, only allow law enforcement to compel assistance from non-suspects. Some require only specific third parties such as telecommunications carriers, certification providers, or maintainers of encryption services to provide assistance with decryption. In all cases, a warrant is generally required.

In the United Kingdom and Australia, it is a criminal offense not to reveal an encryption key when requested by law enforcement. In the United States there is no such law, nor is their any legal obligation to cooperate with law enforcement unless a warrant has been issued by a judge. The Fifth Amendment to the United States Constitution, on which there is a Wikipedia article, prohibits the government from requiring anyone to testify against himself (self-incrimination). Whether supplying a password constitutes self-incrimination has not been ruled on definitively by the courts. However, a judge, usually at the request of law enforcement, can give a key holder immunity for anything discovered using the key; the material revealed by use of the key can not be used as evidence against the key holder or to get an indictment of the key holder. That the encrypted material might give law enforcement leads on where to find new evidence that'' could'' be used to indict the keyholder, or might lead to indictment of someone other than the key holder — typically an ally of some sort — is not relevant to a judge. Judges can and do hold persons in Contempt of Court for failing to follow a judicial mandate. (Search warrants and arrest warrants are judicial mandates.) A judge can order someone the judge finds guilty of Contempt of Court to be incarcerated indefinitely, until the judge's order is complied with.

"A Philadelphia man suspected of possessing child pornography has been in jail for seven months and counting after being found in contempt of a court order demanding that he decrypt two password-protected hard drives. The suspect, a former Philadelphia Police Department sergeant, has not been charged with any child porn crimes. Instead, he remains indefinitely imprisoned in Philadelphia's Federal Detention Center for refusing to unlock two drives encrypted with Apple's FileVault software in a case that once again highlights the extent to which the authorities are going to crack encrypted devices. The man is to remain jailed "until such time that he fully complies" with the decryption order." <ref>http://arstechnica.com/tech-policy/2016/04/child-porn-suspect-jailed-for-7-months-for-refusing-to-decrypt-hard-drives/</ref>

== Legislation by nation ==

For an updated list of key disclosure laws by nations visit [https://en.wikipedia.org/wiki/Key_disclosure_law WikiPedia Key disclosure law page]

==See Also==

* [[Steganography]]
* [[Tor]]
* [[Internet security tutorial]]
* [[Email security]]
* [[Hard drive]]

==References==
{{reflist}}

==External links==
*[https://en.wikipedia.org/wiki/Encryption https://en.wikipedia.org/wiki/Encryption]
*[https://en.wikipedia.org/wiki/Key_disclosure_law https://en.wikipedia.org/wiki/Key_disclosure_law]
*[http://www.nytimes.com/2001/07/14/us/child-pornography-writer-gets-10-year-prison-term.html http://www.nytimes.com/2001/07/14/us/child-pornography-writer-gets-10-year-prison-term.html]
*[https://en.wikipedia.org/wiki/State_v._Dalton https://en.wikipedia.org/wiki/State_v._Dalton]

[[Category:Technology]]
[[Category:Essential reading for BoyLovers]]
[[Category:Civil rights and liberties]]

Encryption

2025-11-04T12:15:58Z

Eskimo: PGP section written

'''Encryption''' is the process of encoding data in such a way that only authorized parties can read it, encryption does not prevent interception but it stops others from reading what the data contains without the correct key. Encryption algorithms are used to generate unreadable data that can be left at rest in your hard drive or sent over the Internet. Many applications like WhatsApp automatically encrypt and decrypt your messages without any user interaction, the downside is that you must trust the company doing the encryption for you not to violate your privacy, Google is known to scan files<ref>https://www.extremetech.com/internet/330076-googles-child-abuse-detection-tools-can-also-identify-illegal-drawings-of-children</ref> you upload to Google Drive for child porn and cartoons, Microsoft, Apple and many other companies do that too.

When encryption has been well designed and it contains no backdoor, there is no way to break it, the most commonly used scheme to break encryption is trying to guess the passphrase used, there are programs that can try thousands of password combinations a minute but well designed encryption programs slow these bots down by not allowing more than four or five tries every minute making it unfeasible to guess the password in a reasonable amount of time that does not involve hundreds of years.

== How encryption works ==
:''For more information, see [http://en.wikipedia.org/wiki/Key_size Key size] and [https://en.wikipedia.org/wiki/Cryptographic_hash_function Cryptographic hash function]
All modern cryptographic systems are based on the factoring of numbers. It is easy to multiply two numbers and come up with a product. To take a number and determine what the numbers were that were multiplied to "create" it (called "factors") is very difficult. Despite serious looking by very bright people, no method or algorithm to solve "finding the factors" —for example, that the factors of 21 are 7 and 3, and those of 551 are 19 and 29 — has been found. Other than the simplest of methods, what could be called "no method at all", trying every conceivable solution (called the "brute force" method). The number of solutions to be tried is incredibly huge, astronomical. To even attempt it the most powerful computers are needed, so as to get results within a usable time frame. If it takes three years to get the missing key (password), probably it's not going to do you much good. The makers of encryption software try to create a number so huge that the number of solutions is just impossible to test. The makers of decryption software try to come up with shortcuts thst reduce the number of numbers that must be tested, or at least prioritize some numbers to test before others.

The more the speed of the hardware increases, the more it is possible to defeat encryption by a brute force attack (which is the only method because it's the only method that covers every possible answer). These are custom-built, single-purpose computers;.a single-purpose computer is always faster than a general-purpose computer. The original use of computers, during World War II, was to calculate coordinates for misiles (what angle up or elevation should they be at, among other things). Now it is to penetrate encryption, or try to. That's where the action is, in computing hardware.

This is a great simplification of a complicated area. However, it is the root of the whole system.

== Degrees of security in encryption ==
Any encryption must have a key, or in more basic terms a password. This is a string of characters which, in practice, describes the type of encryption used and provides the recipient's software the means to decrypt the message if authorized. The keys are easy to create but hard to undo.

The longer the password the more possible passwords have to be tested by the person that wants to break the encryption and view the message without permission. An eight-character password permits only about a billion possible passwords, and free software will break this in seconds on an ordinary desktop computer (2016). There are various standards, but 256 characters is commonly seen (2016). The longer the better.

A significant problem is providing the desired recipient the key (password) so the message can be decrypted. It should not be given over any type of electronic communication. Better give it in person, or on a flash drive sent through the mail.

== PGP ==

PGP, or Pretty Good Privacy also known as public key encryption, is an involved encryption scheme with two keys, one private and one public. The basics of the scheme are that you distribute your public encryption key to anybody you want and that key can be used to encrypt data but not to decrypt it, only you will be able to read the encrypted data with your secret private encryption key that nobody else has and a secret password, this allows for safe communications without the need to share passwords.

Because PGP, also known as OpenPGP, requires some technical knowledge, privacy e-mail providers like ProtonMail and Tuta do the encryption process in the background for you but you have to trust they are doing it right. Being open source increases the trust level because qualified people can check that the software has no backdoors and no bugs. If you do not wish to trust anybody you can use a plugin like MailVelope to create your own PGP encryption keys and do all the encryption process yourself.

It is important to remember that PGP is typically used to exchange encrypted messages and files and not to encrypt data in your hard drive at rest. To encrypt and decrypt files that are often accessed with PGP is cumbersome and there are better programs that can do this like VeraCrypt.

== Boylovers and encryption ==

Many boylovers encrypt files related to boylove to keep themselves safe along with using programs like [[Tor]]. It is often recommended that boylovers use full disk encryption with a program like [https://veracrypt.io Veracrypt], a free open source program that has been audited<ref>https://threatpost.com/veracrypt-patches-critical-vulnerabilities-uncovered-in-audit/121342/</ref>, a few vulnerabilities where found during the audit and fixed, although it might sound alarming that vulnerabilities where found, Veracrypt is one of the very few encryption programs that has been publicly audited, with other software you must trust what the vendor says whereas in Veracrypt there is a third independent party that you can trust. An extensive comparison of all available encryption programs can be found on the Wikipedia page [https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software Comparison of disk encryption software] Whichever platform you use, a strong password is the most important thing to remember. See: [https://www.boywiki.org/en/Internet_security_tutorial#Using_secure_passwords Using secure passwords]

One need not only use encryption if they have illegal files; even totally legal files related to boylove can destroy a person's life if brought to light. Sometimes it is difficult to know what even is legal with regard to boylove.[https://en.wikipedia.org/wiki/State_v._Dalton The State v. Dalton]is a legal case in the United States state of Ohio involving the prosecution of a man for recording fictional tales of alleged [[child pornography]] in a diary. He had no images, either drawn or photographed, just writings in a journal and it was deemed to be [[child pornography]]. Altogether the man spent over 10 years in prison for simple writings.<ref>http://www.nytimes.com/2001/07/14/us/child-pornography-writer-gets-10-year-prison-term.html/</ref> This case highlights how important it is to encrypt everything related to boylove.

==Key (password) disclosure laws==
Key disclosure laws, also known as mandatory key disclosure, are laws that require individuals to surrender cryptographic keys (passwords, though actual words are rarely used today) to law enforcement. The purpose is to allow access to material for confiscation or digital forensics purposes and use it either as evidence in a court of law or to enforce national security interests. Similarly, '''mandatory decryption''' laws force owners of encrypted data to supply decrypted data to law enforcement.

Nations vary widely in the specifics of how they implement key disclosure laws. Some, such as Australia, give law enforcement wide-ranging power to compel assistance in decrypting data from any party. Some, such as Belgium, concerned with self-incrimination, only allow law enforcement to compel assistance from non-suspects. Some require only specific third parties such as telecommunications carriers, certification providers, or maintainers of encryption services to provide assistance with decryption. In all cases, a warrant is generally required.

In the United Kingdom and Australia, it is a criminal offense not to reveal an encryption key when requested by law enforcement. In the United States there is no such law, nor is their any legal obligation to cooperate with law enforcement unless a warrant has been issued by a judge. The Fifth Amendment to the United States Constitution, on which there is a Wikipedia article, prohibits the government from requiring anyone to testify against himself (self-incrimination). Whether supplying a password constitutes self-incrimination has not been ruled on definitively by the courts. However, a judge, usually at the request of law enforcement, can give a key holder immunity for anything discovered using the key; the material revealed by use of the key can not be used as evidence against the key holder or to get an indictment of the key holder. That the encrypted material might give law enforcement leads on where to find new evidence that'' could'' be used to indict the keyholder, or might lead to indictment of someone other than the key holder — typically an ally of some sort — is not relevant to a judge. Judges can and do hold persons in Contempt of Court for failing to follow a judicial mandate. (Search warrants and arrest warrants are judicial mandates.) A judge can order someone the judge finds guilty of Contempt of Court to be incarcerated indefinitely, until the judge's order is complied with.

"A Philadelphia man suspected of possessing child pornography has been in jail for seven months and counting after being found in contempt of a court order demanding that he decrypt two password-protected hard drives. The suspect, a former Philadelphia Police Department sergeant, has not been charged with any child porn crimes. Instead, he remains indefinitely imprisoned in Philadelphia's Federal Detention Center for refusing to unlock two drives encrypted with Apple's FileVault software in a case that once again highlights the extent to which the authorities are going to crack encrypted devices. The man is to remain jailed "until such time that he fully complies" with the decryption order." <ref>http://arstechnica.com/tech-policy/2016/04/child-porn-suspect-jailed-for-7-months-for-refusing-to-decrypt-hard-drives/</ref>

== Legislation by nation ==

For an updated list of key disclosure laws by nations visit [https://en.wikipedia.org/wiki/Key_disclosure_law WikiPedia Key disclosure law page]

==See Also==

* [[Steganography]]
* [[Tor]]
* [[Internet security tutorial]]
* [[Email security]]
* [[Hard drive]]

==References==
{{reflist}}

==External links==
*[https://en.wikipedia.org/wiki/Encryption https://en.wikipedia.org/wiki/Encryption]
*[https://en.wikipedia.org/wiki/Key_disclosure_law https://en.wikipedia.org/wiki/Key_disclosure_law]
*[http://www.nytimes.com/2001/07/14/us/child-pornography-writer-gets-10-year-prison-term.html http://www.nytimes.com/2001/07/14/us/child-pornography-writer-gets-10-year-prison-term.html]
*[https://en.wikipedia.org/wiki/State_v._Dalton https://en.wikipedia.org/wiki/State_v._Dalton]

[[Category:Technology]]
[[Category:Essential reading for BoyLovers]]
[[Category:Civil rights and liberties]]

Encryption

2025-11-04T12:00:48Z

Eskimo: Veracrypt link updated to new site

'''Encryption''' is the process of encoding data in such a way that only authorized parties can read it, encryption does not prevent interception but it stops others from reading what the data contains without the correct key. Encryption algorithms are used to generate unreadable data that can be left at rest in your hard drive or sent over the Internet. Many applications like WhatsApp automatically encrypt and decrypt your messages without any user interaction, the downside is that you must trust the company doing the encryption for you not to violate your privacy, Google is known to scan files<ref>https://www.extremetech.com/internet/330076-googles-child-abuse-detection-tools-can-also-identify-illegal-drawings-of-children</ref> you upload to Google Drive for child porn and cartoons, Microsoft, Apple and many other companies do that too.

When encryption has been well designed and it contains no backdoor, there is no way to break it, the most commonly used scheme to break encryption is trying to guess the passphrase used, there are programs that can try thousands of password combinations a minute but well designed encryption programs slow these bots down by not allowing more than four or five tries every minute making it unfeasible to guess the password in a reasonable amount of time that does not involve hundreds of years.

== How encryption works ==
:''For more information, see [http://en.wikipedia.org/wiki/Key_size Key size] and [https://en.wikipedia.org/wiki/Cryptographic_hash_function Cryptographic hash function]
All modern cryptographic systems are based on the factoring of numbers. It is easy to multiply two numbers and come up with a product. To take a number and determine what the numbers were that were multiplied to "create" it (called "factors") is very difficult. Despite serious looking by very bright people, no method or algorithm to solve "finding the factors" —for example, that the factors of 21 are 7 and 3, and those of 551 are 19 and 29 — has been found. Other than the simplest of methods, what could be called "no method at all", trying every conceivable solution (called the "brute force" method). The number of solutions to be tried is incredibly huge, astronomical. To even attempt it the most powerful computers are needed, so as to get results within a usable time frame. If it takes three years to get the missing key (password), probably it's not going to do you much good. The makers of encryption software try to create a number so huge that the number of solutions is just impossible to test. The makers of decryption software try to come up with shortcuts thst reduce the number of numbers that must be tested, or at least prioritize some numbers to test before others.

The more the speed of the hardware increases, the more it is possible to defeat encryption by a brute force attack (which is the only method because it's the only method that covers every possible answer). These are custom-built, single-purpose computers;.a single-purpose computer is always faster than a general-purpose computer. The original use of computers, during World War II, was to calculate coordinates for misiles (what angle up or elevation should they be at, among other things). Now it is to penetrate encryption, or try to. That's where the action is, in computing hardware.

This is a great simplification of a complicated area. However, it is the root of the whole system.

== Degrees of security in encryption ==
Any encryption must have a key, or in more basic terms a password. This is a string of characters which, in practice, describes the type of encryption used and provides the recipient's software the means to decrypt the message if authorized. The keys are easy to create but hard to undo.

The longer the password the more possible passwords have to be tested by the person that wants to break the encryption and view the message without permission. An eight-character password permits only about a billion possible passwords, and free software will break this in seconds on an ordinary desktop computer (2016). There are various standards, but 256 characters is commonly seen (2016). The longer the better.

A significant problem is providing the desired recipient the key (password) so the message can be decrypted. It should not be given over any type of electronic communication. Better give it in person, or on a flash drive sent through the mail.

== PGP ==

== Boylovers and encryption ==

Many boylovers encrypt files related to boylove to keep themselves safe along with using programs like [[Tor]]. It is often recommended that boylovers use full disk encryption with a program like [https://veracrypt.io Veracrypt], a free open source program that has been audited<ref>https://threatpost.com/veracrypt-patches-critical-vulnerabilities-uncovered-in-audit/121342/</ref>, a few vulnerabilities where found during the audit and fixed, although it might sound alarming that vulnerabilities where found, Veracrypt is one of the very few encryption programs that has been publicly audited, with other software you must trust what the vendor says whereas in Veracrypt there is a third independent party that you can trust. An extensive comparison of all available encryption programs can be found on the Wikipedia page [https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software Comparison of disk encryption software] Whichever platform you use, a strong password is the most important thing to remember. See: [https://www.boywiki.org/en/Internet_security_tutorial#Using_secure_passwords Using secure passwords]

One need not only use encryption if they have illegal files; even totally legal files related to boylove can destroy a person's life if brought to light. Sometimes it is difficult to know what even is legal with regard to boylove.[https://en.wikipedia.org/wiki/State_v._Dalton The State v. Dalton]is a legal case in the United States state of Ohio involving the prosecution of a man for recording fictional tales of alleged [[child pornography]] in a diary. He had no images, either drawn or photographed, just writings in a journal and it was deemed to be [[child pornography]]. Altogether the man spent over 10 years in prison for simple writings.<ref>http://www.nytimes.com/2001/07/14/us/child-pornography-writer-gets-10-year-prison-term.html/</ref> This case highlights how important it is to encrypt everything related to boylove.

==Key (password) disclosure laws==
Key disclosure laws, also known as mandatory key disclosure, are laws that require individuals to surrender cryptographic keys (passwords, though actual words are rarely used today) to law enforcement. The purpose is to allow access to material for confiscation or digital forensics purposes and use it either as evidence in a court of law or to enforce national security interests. Similarly, '''mandatory decryption''' laws force owners of encrypted data to supply decrypted data to law enforcement.

Nations vary widely in the specifics of how they implement key disclosure laws. Some, such as Australia, give law enforcement wide-ranging power to compel assistance in decrypting data from any party. Some, such as Belgium, concerned with self-incrimination, only allow law enforcement to compel assistance from non-suspects. Some require only specific third parties such as telecommunications carriers, certification providers, or maintainers of encryption services to provide assistance with decryption. In all cases, a warrant is generally required.

In the United Kingdom and Australia, it is a criminal offense not to reveal an encryption key when requested by law enforcement. In the United States there is no such law, nor is their any legal obligation to cooperate with law enforcement unless a warrant has been issued by a judge. The Fifth Amendment to the United States Constitution, on which there is a Wikipedia article, prohibits the government from requiring anyone to testify against himself (self-incrimination). Whether supplying a password constitutes self-incrimination has not been ruled on definitively by the courts. However, a judge, usually at the request of law enforcement, can give a key holder immunity for anything discovered using the key; the material revealed by use of the key can not be used as evidence against the key holder or to get an indictment of the key holder. That the encrypted material might give law enforcement leads on where to find new evidence that'' could'' be used to indict the keyholder, or might lead to indictment of someone other than the key holder — typically an ally of some sort — is not relevant to a judge. Judges can and do hold persons in Contempt of Court for failing to follow a judicial mandate. (Search warrants and arrest warrants are judicial mandates.) A judge can order someone the judge finds guilty of Contempt of Court to be incarcerated indefinitely, until the judge's order is complied with.

"A Philadelphia man suspected of possessing child pornography has been in jail for seven months and counting after being found in contempt of a court order demanding that he decrypt two password-protected hard drives. The suspect, a former Philadelphia Police Department sergeant, has not been charged with any child porn crimes. Instead, he remains indefinitely imprisoned in Philadelphia's Federal Detention Center for refusing to unlock two drives encrypted with Apple's FileVault software in a case that once again highlights the extent to which the authorities are going to crack encrypted devices. The man is to remain jailed "until such time that he fully complies" with the decryption order." <ref>http://arstechnica.com/tech-policy/2016/04/child-porn-suspect-jailed-for-7-months-for-refusing-to-decrypt-hard-drives/</ref>

== Legislation by nation ==

For an updated list of key disclosure laws by nations visit [https://en.wikipedia.org/wiki/Key_disclosure_law WikiPedia Key disclosure law page]

==See Also==

* [[Steganography]]
* [[Tor]]
* [[Internet security tutorial]]
* [[Email security]]
* [[Hard drive]]

==References==
{{reflist}}

==External links==
*[https://en.wikipedia.org/wiki/Encryption https://en.wikipedia.org/wiki/Encryption]
*[https://en.wikipedia.org/wiki/Key_disclosure_law https://en.wikipedia.org/wiki/Key_disclosure_law]
*[http://www.nytimes.com/2001/07/14/us/child-pornography-writer-gets-10-year-prison-term.html http://www.nytimes.com/2001/07/14/us/child-pornography-writer-gets-10-year-prison-term.html]
*[https://en.wikipedia.org/wiki/State_v._Dalton https://en.wikipedia.org/wiki/State_v._Dalton]

[[Category:Technology]]
[[Category:Essential reading for BoyLovers]]
[[Category:Civil rights and liberties]]

Computer security

2025-08-26T20:30:43Z

Eskimo: /* Windows 11 */

The term '''computer security''' for boylovers normally refers to preventing hostile operatives from tracing your Internet activities back to you. You need to make sure that your computer, if stolen or lost, does not reveal anything linking you to any boylove activities, even if activism is legal. That still means the risk of losing your job, friends, and family, and being physically attacked.

Although one hundred per cent security is impossible, you can make it more difficult for hackers and authorities to trace you, so they'll go bother somebody else. It is like installing an alarm system in your house - it guarantees nothing, but it makes breaking in burdensome, so the would-be burglar goes to a house with no alarm. ''Security is a function of the resources your adversary is willing to commit'', said Julian Sanchez, a policy expert with the Cato Institute in Washington, D.C.<ref>"Beat the FBI: How to Send Anonymous Email Without Getting Caught", by Ben Weitzenkorn,http://www.tomsguide.com/us/-anonymous-email-how-to,news-17511.html</ref>

Because terrorists are perceived as a bigger danger than boylovers, the bulk of the computing power available in the world (always finite) is focused on them.
[[File:Computer graphic.JPG|right]]
== Internet security==

The Internet was originally built with no security, as it came out of a military environment in which all participants were known and trusted <ref>Wikipedia: History of the Internet https://en.wikipedia.org/wiki/History_of_the_Internet</ref>. Privacy and security is continuously grafted onto the platform as it grows and expands into new fields that their creators never designed it for. With complexity it increases the chances of a vulnerability being exploited for nefarious purposes, Internet Security is a game of a whack a mole, you should never lower your guard.

There are technological advances every single day, if you care about computer security, you must read about technology and security news as often as you can to update your knowledge, what is safe today might change tomorrow, by being up to date on technological advances you can plan for the future, for example, by picking a strong encryption algorithm that will be safe for the next twenty years.

===Web browsers===

A Web browser is a program that runs on your computer/smartphone/tablet and is used to access the Internet. It has the function, among others, of decoding the data received — most of it strings of characters are meaningless if not processed — and transforming them into a meaningful form to a human while displaying it optimally on your computer/smartphone/tablet. Chrome, Firefox, Microsoft Edge and Apple's Safari are some example of Internet browsers.

When your browser sends a request for a page to a web server, it goes first to your Internet Service Provider (in some countries a government agency), which records it and sends it on its way on the Internet. Together with the name/address of the page desired, the request includes information about you. Most important is your IP (Internet protocol) address, a string of numbers that identifies the requesting computer, so that the desired data can be sent to it. It also includes the browser and operating system used, and sometimes the hardware used.

===IP Address===

Every device connected to the Internet is identified by a unique number known as an IP address, IP stands for ''Internet Protocol'', an IPv4 address number is made up of 32 bits and takes the form '''n.n.n.n''', IPv4 address example: 127.1.67.235. To cope with Internet growth, due to IPv4 addresses running out, a new Internet Protocol Version called IPv6 was developed, they are made up of 128 bits and represented as eight groups of four hexadecimal digits with the groups being separated by colons, IPv6 address example: 3ffe:1900:4545:3:200:f8ff:fe21:67cf

Both protocols IPv4 and IPv6 are interoperable, the numbers may be different each time you connect but your Internet Service Provider assigns these numbers, they know the history of each IP address, they can provide law enforcement with the name and address of the subscriber that has been assigned a particular IP address.

Internet Service Providers have the capacity of logging each page a user visits and blocking access to them, in some countries this is a reality. In the United Kingdom the Investigatory Powers Bill forces Internet Service Providers to keep web records of users for 12 months. <ref>Investigatory Powers Bill UK https://www.wired.co.uk/article/ip-bill-law-details-passed</ref>

In the United States, if national security is at stake, National Security Letters, authorised by Congress can be used by federal agencies. They require Internet Service Providers to release to all data they have about any user, furthermore, the Internet Service Provider is prohibited from informing you that a request for information about you has been received. Given the recent history of misconduct by the FBI and similar agencies, it would be naive to assume that all of these warrantless, secret searches are for legitimate national security purposes. It is well documented that if evidence of any illegal activity is found in the data gathered using a National Security Letter, even if it has no relevance to national security, that data can be and is legally used to bring criminal charges.

In addition to your ISP, Web sites routinely log the IP address of every visitor, together with the browser they are using and operating system. This information may also be retained indefinitely. While a subpoena is usually necessary for law enforcement to obtain access in the United States, a subpoena may entail little more for the requesting agency than filling out an online form. In many countries law enforcement has total access to servers within its borders. <ref>Russia demands access to VPN providers’ servers https://www.networkworld.com/article/3385050/russia-demands-access-to-vpn-providers-servers.html</ref>

To secure your web browsing and stop Internet Service Providers from logging, spying and censoring your Internet activities, you can use a [[Proxy and VPN|VPN or Tor]].

=== Virtual Private Networks (VPNs) ===

A [[Proxy_and_VPN|Virtual Private Network]] creates an encrypted tunnel and connects you to a proxy server that will receive your data request for an Internet page or download and forward it using the VPN server IP address instead of yours, because of the encryption, your Internet Service Provider will not be able to see what you are doing on the Internet or intercept your communications, only the VPN provider will be able to do that, many claim they keep no logs, or keep them very briefly but such claims must be treated with caution as you have no way to verify it.

A VPN provider located in a foreign country, simply because of the hassle of dealing with an agency of another country, can provide more protection than a domestic one. The client software running on your computer/smartphone or tablet will [[encryption|encrypt]] your request for a Web page, so even if your data is being monitored, all the monitor can tell is that a certain IP address (you) sent a request to a VPN, but the URL of the page that you requested is not visible. Another use of a VPN is being able to access websites that are georestricted, for example watching CBS online outside the USA.

In most Western countries using a VPN is completely legal and there are many legitimate purposes to use one, like wanting to secure your Internet activities on a Wifi access point or a business looking for secure access to a stock market account.

The Onion Router [[Tor]] is a chain of proxy servers located in multiple countries and it is far more secure than a VPN, however speed is slower.

==What information does your browser store?==

Most web browsers store a great deal of information every time you visit a web page; law enforcement accesses it by running the program Browser Postmortem. This storage is intended to make it easier for you to later find and reload already visited Web pages. What information is stored, how and where, depends on which browser you use, which version you have, on what platform or operating system you are running it, and your personal security settings. Some of the items a browser may record are:

# All web page addresses (URLs) you entered into your browser's address bar. This is found in your browser's History.
# The page itself in your cache.
# Any embedded elements, such as graphics or scripts, saved separately in your cache.
# Cookies.
# Search history (terms searched for by [[search engines]]).

===Address Bar and History===

Both the browser history and address-bar list make it easier to access recently-visited sites by storing the addresses of any site you visit. These effectively leaves a trail for others with access to your computer to find and follow your activity on the Internet. Anyone else who uses or has access to your browser can easily look at your recent internet activity.

All major browsers have a menu command to delete the history; but this is no protection and can be easily recovered with specialist software by law enforcement or computer technicians. There are programs like Bleachbit that will securely overwrite temporary files so that recovery it is not possible but wiping software is not 100% perfect, the only way to be sure that no data will ever be recovered from your computer is to encrypt the whole hard drive or use a live DVD to browse the Internet, for example Tails.

===The Browser Cache===

The browser cache is designed to make loading frequently-accessed pages quicker. Downloading a page from the internet takes time, so the cache is designed to store entire pages from sites which you visit. Some browsers create a single cache file, while others may store embedded elements such as images, style-sheets or scripts separately. When you type an address into your browser it will check with the server to see if the page has been modified since last accessed and if there are no changes it will draw the page from the cache rather than from the server.

The browser cache is a record of the sites you have visited and can easily be accessed by others. Major browsers have a menu selection to erase the cache. However it does not securely erase the data is still recoverable with specialist undelete software. A medium security solution is to deploy secure erasing software like CCleaner, or browse the Internet in incognito mode, it considerably reduces the information available in your hard drive but not all of it if your opponent has high IT skills he might still be able to recover small bits of information.

===Cookies===

Cookies are small files used to by web sites to either store settings or track what you do online. They are sent to your computer and stored by your browser when you visit a site. Cookies are necessary for innocent purposes such as automating log-in and storing preferences, and providing targeted advertising, but they too leave their footprints for others to follow. If someone can look at what cookies you have stored in your Internet browser they can find out what websites you visited and the associated usernames.

Inside your Internet browser settings you can manually erase cookies but this will not be done safely unless they are overwritten with specialist Internet privacy software that stops computer forensic tools from unerasing them.

==="Private" or "Incognito" mode===

Modern browsers often have what is called ''Private Browsing'' (Firefox) or ''Incognito Mode'' (Chrome), when activated, no browsing history, cookies or cache are kept. Once all tabs are closed, all session information is discarded. However, it does not conceal from your Internet Service Provider, workplace, library or Internet cafe which pages you visited and it will not stop other applications in your computer. like a keylogger, from monitoring what you are browsing, if you have downloaded a file in Incognito mode, this file will remain in your hard drive. <ref> Myths about private browsing: https://support.mozilla.org/en-US/kb/common-myths-about-private-browsing</ref>

== Windows 11 ==

* Microsoft account: The Microsoft Windows 11 operating system forces users to sign up for a Microsoft account, signing into Windows 11 with your Microsoft account will immediately sync (upload) settings and data to the company’s servers <ref> How to Set Up Windows 11 for Maximum Privacy https://aardwolfsecurity.com/how-to-set-up-windows-11-for-maximum-privacy/</ref>, the data may contain your Internet browsing history, saved passwords and settings like your desktop background, signing in with a Microsoft account enables full-disk encryption too and it stores a recovery decryption key in OneDrive, to avoid this use a local Windows 11 account instead of a Microsoft cloud account. At the moment of writing, Windows 11 is making it impossible for users to operate without creating a Microsoft cloud account, there are ways around this but as the situation keeps changing, instead of a providing a solution that will quickly be out of date, you are advised to use a search engine to search for a work around to use Windows 11 with a local account.

* OneDrive: When you upload files to OneDrive they are automatically scanned to detect child pornography, <ref>Microsoft tip leads to child porn arrest in Pennsylvania https://www.bbc.com/news/technology-28682686</ref> the main problem with this is approach is that Microsoft treats everybody like a suspected criminal and child pornographer without being one, it is like having to submit yourself to a search without any evidence of any wrongdoing and without any warrant, by agreeing to using OneDrive, you are waving your privacy rights, the same for Dropbox and other cloud services. If you care about not being treated like a suspected criminal, uninstall OneDrive from Windows.

== Smartphones and tablets ==

Android and iPhones have encryption turned on by default and you can and should lock them with a passphrase, but in some countries like the United Kingdom the law forces you to hand over your decryption keys when law enforcement requests it. <ref> UK police can now force you to reveal decryption keys: https://www.theregister.co.uk/2007/10/03/ripa-decryption_keys_power/ </ref>, in other countries like the United States you can plead the Constitution Fifth Amendment right not to self-incriminate and refuse handing over the password to your phone, however if the smartphone is switched on when seized it is trivial to access the content without your consent and if it is switched off they could try a brute force attack, but this is very time consuming and expensive depending on password difficulty and might not work in the end. <ref>Forcing Someone to Unlock and Decrypt Their Phone Violates the Constitution https://www.eff.org/deeplinks/2017/03/eff-court-forcing-someone-unlock-and-decrypt-their-phone-violates-constitution </ref>.

Consider using a VPN to protect your Internet connection from illegal spying by hackers and government agencies, nearly all of the big VPN companies smartphone apps have a setting to block advertising and tracking cookies, that will save you from downloading an app to block adverts. If you are in a high security environment you might want to download an antivirus for your smartphone but this will quickly drain your battery. You should only download apps from the official store as otherwise you risk downloading a trojan into your phone. A good open source alternative to Android and Apple Marketplace is F-Droid.

=== iPhone/iPad ===

All of the data on the iPhone is backed up onto servers operated by Apple, a default behaviour that can be turned off in settings. The iCloud used to be easily accessible by law enforcement because Apple holds the decryption key for iCloud, in 2023 Apple announced that they would be encrypting iCloud with a system called Advanced Data Protection that makes it impossible for their own staff to access your data <ref>How to lock down your iCloud with Apple's Advanced Data Protection https://www.inverse.com/gear/how-to-lock-down-icloud-ios-16-apple-advanced-data-protection</ref>, however it is the user who must turn this on in the settings and you should keep your eyes open in the tech news because Apple appears to often change their stance on data privacy depending on the political climate.

In 2021 Apple announced that they would scan all iPhones to detect child porn and report it to law enforcement, unlike iCloud, where Apple only scans the files you upload to detect child porn, Apple intention was to scan anything stored in the phone regardless of whether it is being uploaded to their cloud servers or not. <ref>Apple to start scanning US iPhones for images of child sexual abuse https://www.france24.com/en/americas/20210806-apple-to-start-scanning-us-iphones-for-images-of-child-sexual-abuse</ref>. After outrage from privacy activists and users, in fear that a system like that could be used by dictatorships like China to require Apple to scan iPhones for anything they see fit, not only child porn, Apple decided to quietly shelve the plan.

=== Android ===

The security and privacy of an Android phone is not much more different from an iPhone, the main difference is that while Apple makes the software and the hardware of an iPhone, in Android, Google only develops the software and licenses it to multiple hardware vendors that build the phone, now you have two companies that could violate your privacy, Google and your smartphone vendor, try to stay away from cheap little known Chinese smartphone brands as some of them ship with spyware. Regarding the Android OS, you should not trust Google Drive, Gmail or any other Google product that comes embedded with the operating system, while Apple makes money selling hardware, Google does not, their main reason to give away Android for free is that they will push you to use their products, mine your data and make money with it.

The main way to secure an Android phone, always bearing in mind that it might not be possible 100%, familiarise yourself with the privacy and security settings of Android and turn off all the data sharing which is on by default, protect access to your phone with a passphrase, and don´t use any Google product that comes with the phone.

== See also ==

* [[Privacy Freeware]]
* [[Tor|The Onion Router Tor]]
* [[The Dangers of using VPN]]

==References==
{{reflist}}

[[Category:Essential reading for BoyLovers]]
[[Category:Technology]]

== External links ==

* [https://ssd.eff.org/ Surveillance Self-defence Guide] Electronics Frontiers Foundation guide
* [https://whatismybrowser.com/ WhatIsMyBrowser.com] See your Internet browser headers
* [https://bleachbit.org/ BleachBit Privacy Cleaner]
* [https://oo-software.com/en/shutup10 ShutUp10++:Free antispy tool for Windows 10 and 11]
* [https://f-droid.org/ F-Droid open source app store for Android]

Computer security

2025-08-26T20:21:16Z

Eskimo: Erasing information about Windows 10 as it reaches end of life and updating it with new Windows 11 information.

The term '''computer security''' for boylovers normally refers to preventing hostile operatives from tracing your Internet activities back to you. You need to make sure that your computer, if stolen or lost, does not reveal anything linking you to any boylove activities, even if activism is legal. That still means the risk of losing your job, friends, and family, and being physically attacked.

Although one hundred per cent security is impossible, you can make it more difficult for hackers and authorities to trace you, so they'll go bother somebody else. It is like installing an alarm system in your house - it guarantees nothing, but it makes breaking in burdensome, so the would-be burglar goes to a house with no alarm. ''Security is a function of the resources your adversary is willing to commit'', said Julian Sanchez, a policy expert with the Cato Institute in Washington, D.C.<ref>"Beat the FBI: How to Send Anonymous Email Without Getting Caught", by Ben Weitzenkorn,http://www.tomsguide.com/us/-anonymous-email-how-to,news-17511.html</ref>

Because terrorists are perceived as a bigger danger than boylovers, the bulk of the computing power available in the world (always finite) is focused on them.
[[File:Computer graphic.JPG|right]]
== Internet security==

The Internet was originally built with no security, as it came out of a military environment in which all participants were known and trusted <ref>Wikipedia: History of the Internet https://en.wikipedia.org/wiki/History_of_the_Internet</ref>. Privacy and security is continuously grafted onto the platform as it grows and expands into new fields that their creators never designed it for. With complexity it increases the chances of a vulnerability being exploited for nefarious purposes, Internet Security is a game of a whack a mole, you should never lower your guard.

There are technological advances every single day, if you care about computer security, you must read about technology and security news as often as you can to update your knowledge, what is safe today might change tomorrow, by being up to date on technological advances you can plan for the future, for example, by picking a strong encryption algorithm that will be safe for the next twenty years.

===Web browsers===

A Web browser is a program that runs on your computer/smartphone/tablet and is used to access the Internet. It has the function, among others, of decoding the data received — most of it strings of characters are meaningless if not processed — and transforming them into a meaningful form to a human while displaying it optimally on your computer/smartphone/tablet. Chrome, Firefox, Microsoft Edge and Apple's Safari are some example of Internet browsers.

When your browser sends a request for a page to a web server, it goes first to your Internet Service Provider (in some countries a government agency), which records it and sends it on its way on the Internet. Together with the name/address of the page desired, the request includes information about you. Most important is your IP (Internet protocol) address, a string of numbers that identifies the requesting computer, so that the desired data can be sent to it. It also includes the browser and operating system used, and sometimes the hardware used.

===IP Address===

Every device connected to the Internet is identified by a unique number known as an IP address, IP stands for ''Internet Protocol'', an IPv4 address number is made up of 32 bits and takes the form '''n.n.n.n''', IPv4 address example: 127.1.67.235. To cope with Internet growth, due to IPv4 addresses running out, a new Internet Protocol Version called IPv6 was developed, they are made up of 128 bits and represented as eight groups of four hexadecimal digits with the groups being separated by colons, IPv6 address example: 3ffe:1900:4545:3:200:f8ff:fe21:67cf

Both protocols IPv4 and IPv6 are interoperable, the numbers may be different each time you connect but your Internet Service Provider assigns these numbers, they know the history of each IP address, they can provide law enforcement with the name and address of the subscriber that has been assigned a particular IP address.

Internet Service Providers have the capacity of logging each page a user visits and blocking access to them, in some countries this is a reality. In the United Kingdom the Investigatory Powers Bill forces Internet Service Providers to keep web records of users for 12 months. <ref>Investigatory Powers Bill UK https://www.wired.co.uk/article/ip-bill-law-details-passed</ref>

In the United States, if national security is at stake, National Security Letters, authorised by Congress can be used by federal agencies. They require Internet Service Providers to release to all data they have about any user, furthermore, the Internet Service Provider is prohibited from informing you that a request for information about you has been received. Given the recent history of misconduct by the FBI and similar agencies, it would be naive to assume that all of these warrantless, secret searches are for legitimate national security purposes. It is well documented that if evidence of any illegal activity is found in the data gathered using a National Security Letter, even if it has no relevance to national security, that data can be and is legally used to bring criminal charges.

In addition to your ISP, Web sites routinely log the IP address of every visitor, together with the browser they are using and operating system. This information may also be retained indefinitely. While a subpoena is usually necessary for law enforcement to obtain access in the United States, a subpoena may entail little more for the requesting agency than filling out an online form. In many countries law enforcement has total access to servers within its borders. <ref>Russia demands access to VPN providers’ servers https://www.networkworld.com/article/3385050/russia-demands-access-to-vpn-providers-servers.html</ref>

To secure your web browsing and stop Internet Service Providers from logging, spying and censoring your Internet activities, you can use a [[Proxy and VPN|VPN or Tor]].

=== Virtual Private Networks (VPNs) ===

A [[Proxy_and_VPN|Virtual Private Network]] creates an encrypted tunnel and connects you to a proxy server that will receive your data request for an Internet page or download and forward it using the VPN server IP address instead of yours, because of the encryption, your Internet Service Provider will not be able to see what you are doing on the Internet or intercept your communications, only the VPN provider will be able to do that, many claim they keep no logs, or keep them very briefly but such claims must be treated with caution as you have no way to verify it.

A VPN provider located in a foreign country, simply because of the hassle of dealing with an agency of another country, can provide more protection than a domestic one. The client software running on your computer/smartphone or tablet will [[encryption|encrypt]] your request for a Web page, so even if your data is being monitored, all the monitor can tell is that a certain IP address (you) sent a request to a VPN, but the URL of the page that you requested is not visible. Another use of a VPN is being able to access websites that are georestricted, for example watching CBS online outside the USA.

In most Western countries using a VPN is completely legal and there are many legitimate purposes to use one, like wanting to secure your Internet activities on a Wifi access point or a business looking for secure access to a stock market account.

The Onion Router [[Tor]] is a chain of proxy servers located in multiple countries and it is far more secure than a VPN, however speed is slower.

==What information does your browser store?==

Most web browsers store a great deal of information every time you visit a web page; law enforcement accesses it by running the program Browser Postmortem. This storage is intended to make it easier for you to later find and reload already visited Web pages. What information is stored, how and where, depends on which browser you use, which version you have, on what platform or operating system you are running it, and your personal security settings. Some of the items a browser may record are:

# All web page addresses (URLs) you entered into your browser's address bar. This is found in your browser's History.
# The page itself in your cache.
# Any embedded elements, such as graphics or scripts, saved separately in your cache.
# Cookies.
# Search history (terms searched for by [[search engines]]).

===Address Bar and History===

Both the browser history and address-bar list make it easier to access recently-visited sites by storing the addresses of any site you visit. These effectively leaves a trail for others with access to your computer to find and follow your activity on the Internet. Anyone else who uses or has access to your browser can easily look at your recent internet activity.

All major browsers have a menu command to delete the history; but this is no protection and can be easily recovered with specialist software by law enforcement or computer technicians. There are programs like Bleachbit that will securely overwrite temporary files so that recovery it is not possible but wiping software is not 100% perfect, the only way to be sure that no data will ever be recovered from your computer is to encrypt the whole hard drive or use a live DVD to browse the Internet, for example Tails.

===The Browser Cache===

The browser cache is designed to make loading frequently-accessed pages quicker. Downloading a page from the internet takes time, so the cache is designed to store entire pages from sites which you visit. Some browsers create a single cache file, while others may store embedded elements such as images, style-sheets or scripts separately. When you type an address into your browser it will check with the server to see if the page has been modified since last accessed and if there are no changes it will draw the page from the cache rather than from the server.

The browser cache is a record of the sites you have visited and can easily be accessed by others. Major browsers have a menu selection to erase the cache. However it does not securely erase the data is still recoverable with specialist undelete software. A medium security solution is to deploy secure erasing software like CCleaner, or browse the Internet in incognito mode, it considerably reduces the information available in your hard drive but not all of it if your opponent has high IT skills he might still be able to recover small bits of information.

===Cookies===

Cookies are small files used to by web sites to either store settings or track what you do online. They are sent to your computer and stored by your browser when you visit a site. Cookies are necessary for innocent purposes such as automating log-in and storing preferences, and providing targeted advertising, but they too leave their footprints for others to follow. If someone can look at what cookies you have stored in your Internet browser they can find out what websites you visited and the associated usernames.

Inside your Internet browser settings you can manually erase cookies but this will not be done safely unless they are overwritten with specialist Internet privacy software that stops computer forensic tools from unerasing them.

==="Private" or "Incognito" mode===

Modern browsers often have what is called ''Private Browsing'' (Firefox) or ''Incognito Mode'' (Chrome), when activated, no browsing history, cookies or cache are kept. Once all tabs are closed, all session information is discarded. However, it does not conceal from your Internet Service Provider, workplace, library or Internet cafe which pages you visited and it will not stop other applications in your computer. like a keylogger, from monitoring what you are browsing, if you have downloaded a file in Incognito mode, this file will remain in your hard drive. <ref> Myths about private browsing: https://support.mozilla.org/en-US/kb/common-myths-about-private-browsing</ref>

== Windows 11 ==

* Microsoft account: The Microsoft Windows 11 operating system forces users to sign up for a Microsoft account, signing into Windows 11 with your Microsoft account will immediately sync (upload) settings and data to the company’s servers, the data may contain your Internet browsing history, saved passwords and settings like your desktop background, signing in with a Microsoft account enables full-disk encryption too and it stores a recovery decryption key in OneDrive. <ref> How to Set Up Windows 11 for Maximum Privacy https://aardwolfsecurity.com/how-to-set-up-windows-11-for-maximum-privacy/</ref> to avoid this use a local Windows 10 account instead of a Microsoft cloud account. At the moment of writing, Windows 11 is making it impossible for users to operate without creating a Microsoft cloud account, there are ways around this but as the situation keeps changing, instead of a providing a solution that will quickly be out of date, you are advised to use a search engine to search for a work around to use Windows 11 with a local account.

* OneDrive: When you upload files to OneDrive they are automatically scanned to detect child pornography, <ref>Microsoft tip leads to child porn arrest in Pennsylvania https://www.bbc.com/news/technology-28682686</ref> the main problem with this is approach is that Microsoft treats everybody like a suspected criminal and child pornographer without being one, it is like having to submit yourself to a search without any evidence of any wrongdoing and without any warrant, by agreeing to using OneDrive, you are waving your privacy rights, the same for Dropbox and other cloud services. If you care about not being treated like a suspected criminal, uninstall OneDrive from Windows.

== Smartphones and tablets ==

Android and iPhones have encryption turned on by default and you can and should lock them with a passphrase, but in some countries like the United Kingdom the law forces you to hand over your decryption keys when law enforcement requests it. <ref> UK police can now force you to reveal decryption keys: https://www.theregister.co.uk/2007/10/03/ripa-decryption_keys_power/ </ref>, in other countries like the United States you can plead the Constitution Fifth Amendment right not to self-incriminate and refuse handing over the password to your phone, however if the smartphone is switched on when seized it is trivial to access the content without your consent and if it is switched off they could try a brute force attack, but this is very time consuming and expensive depending on password difficulty and might not work in the end. <ref>Forcing Someone to Unlock and Decrypt Their Phone Violates the Constitution https://www.eff.org/deeplinks/2017/03/eff-court-forcing-someone-unlock-and-decrypt-their-phone-violates-constitution </ref>.

Consider using a VPN to protect your Internet connection from illegal spying by hackers and government agencies, nearly all of the big VPN companies smartphone apps have a setting to block advertising and tracking cookies, that will save you from downloading an app to block adverts. If you are in a high security environment you might want to download an antivirus for your smartphone but this will quickly drain your battery. You should only download apps from the official store as otherwise you risk downloading a trojan into your phone. A good open source alternative to Android and Apple Marketplace is F-Droid.

=== iPhone/iPad ===

All of the data on the iPhone is backed up onto servers operated by Apple, a default behaviour that can be turned off in settings. The iCloud used to be easily accessible by law enforcement because Apple holds the decryption key for iCloud, in 2023 Apple announced that they would be encrypting iCloud with a system called Advanced Data Protection that makes it impossible for their own staff to access your data <ref>How to lock down your iCloud with Apple's Advanced Data Protection https://www.inverse.com/gear/how-to-lock-down-icloud-ios-16-apple-advanced-data-protection</ref>, however it is the user who must turn this on in the settings and you should keep your eyes open in the tech news because Apple appears to often change their stance on data privacy depending on the political climate.

In 2021 Apple announced that they would scan all iPhones to detect child porn and report it to law enforcement, unlike iCloud, where Apple only scans the files you upload to detect child porn, Apple intention was to scan anything stored in the phone regardless of whether it is being uploaded to their cloud servers or not. <ref>Apple to start scanning US iPhones for images of child sexual abuse https://www.france24.com/en/americas/20210806-apple-to-start-scanning-us-iphones-for-images-of-child-sexual-abuse</ref>. After outrage from privacy activists and users, in fear that a system like that could be used by dictatorships like China to require Apple to scan iPhones for anything they see fit, not only child porn, Apple decided to quietly shelve the plan.

=== Android ===

The security and privacy of an Android phone is not much more different from an iPhone, the main difference is that while Apple makes the software and the hardware of an iPhone, in Android, Google only develops the software and licenses it to multiple hardware vendors that build the phone, now you have two companies that could violate your privacy, Google and your smartphone vendor, try to stay away from cheap little known Chinese smartphone brands as some of them ship with spyware. Regarding the Android OS, you should not trust Google Drive, Gmail or any other Google product that comes embedded with the operating system, while Apple makes money selling hardware, Google does not, their main reason to give away Android for free is that they will push you to use their products, mine your data and make money with it.

The main way to secure an Android phone, always bearing in mind that it might not be possible 100%, familiarise yourself with the privacy and security settings of Android and turn off all the data sharing which is on by default, protect access to your phone with a passphrase, and don´t use any Google product that comes with the phone.

== See also ==

* [[Privacy Freeware]]
* [[Tor|The Onion Router Tor]]
* [[The Dangers of using VPN]]

==References==
{{reflist}}

[[Category:Essential reading for BoyLovers]]
[[Category:Technology]]

== External links ==

* [https://ssd.eff.org/ Surveillance Self-defence Guide] Electronics Frontiers Foundation guide
* [https://whatismybrowser.com/ WhatIsMyBrowser.com] See your Internet browser headers
* [https://bleachbit.org/ BleachBit Privacy Cleaner]
* [https://oo-software.com/en/shutup10 ShutUp10++:Free antispy tool for Windows 10 and 11]
* [https://f-droid.org/ F-Droid open source app store for Android]

Privacy Freeware

2025-08-26T20:03:01Z

Eskimo: Updated Windows Defender information to the new to Microsoft Defender Antivirus

This page contains external links to free programs that will help you protect your privacy, some of the listed tools might show you advertisements or a nagging screen inviting the user to upgrade to a paid for version, they might also make it difficult for you to find the free version on their website.

=== Secure Email ===

Most privacy email services charge for their services, the free privacy email services that exist, are provided with the hope that some of their free customers will upgrade to paid accounts and with that money they finance the free service for other users. Usually free accounts are given with limited resources to encourage them to upgrade to a paid account, but it might still be enough for light email users.

One way to obtain an anonymous email account is to hide your computer IP using [[Tor]] to register with any free email provider but many free webmail providers ban Tor proxy IPs and they ask for a backup email account, the method will fail many times.

'''Warning:''' If you use the Tor Browser any website requiring you to enable Javascript presents a serious security risk. Javascript code has been used by law enforcement agencies (or LEO="Law Enforcement Officers") to defeat the security of Tor -- LEO may even have the capability to ''inject'' Javascript into websites without the knowledge of the website administrator if they control the server.

* [https://tuta.com Tuta] - Free German based encrypted email service that reportedly keeps no logs.
* [https://proton.me/mail ProtonMail] - Encrypted email service in Switzerland that does not keep logs.

'''Note:''' ProtonMail recovery email account has been used in the past by law enforcement to track down users and it could be used by malicious actors too. You should not enter any traceable recovery email address in extreme privacy situations.<ref>{{cite web|title=Proton Mail recovery email leads to arrest of Catalan activist|url=https://www.techradar.com/computing/cyber-security/proton-mail-hands-data-to-police-again-is-it-still-safe-for-activists}}</ref>

=== VPN Providers ===

Free VPN services finance their activities displaying advertisements while you surf, or with a freemium model where they convert a part of their free users into paying ones to finance the free VPN. A few other VPN services get government or private funding to help people living in oppressive regimes to bypass censorship, the funding allows them to provide a free service focused towards bypassing firewalls but keeping logs tracking the originating IP.

When choosing a VPN pick a company that will not keep any logs and is located in a jurisdiction where they have no obligation to keep them. Remember that you have no way to verify if the VPN company claims are true or not, when extreme security measures are necessary, browse the Internet with Tor instead of a VPN.

* [https://protonvpn.com/ ProtonVPN] - Company in Switzerland, no bandwidth limit, company claims they do not keep logs, not even for free users.

* [https://windscribe.com/ WindScribe] - Company is based in Canada, free version has a bandwidth limit. They claim they do not keep logs.
* [https://www.expressvpn.com ExpressVPN] - Company that is based in British Virgin Islands. They claim not to keep logs.
* [https://nordvpn.com/about-us/ NordVPN] - Company that has bases in UK, Netherlands, Poland, Germany, Lithuania, Switzerland, and Panama. The parent company is based in Netherlands. Use this VPN with caution due to the 14 eyes security alliance and other friendly countries towards this alliance.

=== Encryption Software ===

To quickly send encrypted email files or messages you can use Winrar or 7-Zip, the protection they offer is strong enough to stop even corrupt law enforcement agents, but to be sure that if your computer is ever lost or stolen no data will be recovered, you will need to use full disk encryption, file [[encryption]] alone can not protect you from temporary files and Internet browsing history leaking into your hard drive, the only way to protect is by fully encrypting your operating system.

* [https://www.veracrypt.io/ Veracrypt] - Free open source encryption software to fully encrypt your hard drive. Available for Windows, Linux and Mac computers, but the full disk encryption option only works in Windows. In Linux and Mac Veracrypt can only be used to create encrypted virtual disks.

=== Data Wiping ===

Documents, images and videos you delete can be easily recovered with specialist software. The only sure way to get rid of a file for ever is to overwrite it with other data on top, the following programs will do that for you.

* [https://www.bleachbit.org/ BleachBit] - Internet browsing and temporary files data wiping software
* [http://sourceforge.net/projects/eraser/ Eraser] - File and hard drive empty sectors wiper
* [http://privazer.com/ Privazer] - It securely wipes temporary files and hard drive free space
* [https://www.ccleaner.com/ CCleaner] - Program to securely erase history browsing, cookies, temporary files and other personal data stored in your hard drive.

=== Password Manager ===

You should never reuse usernames and passwords if you care about online security and privacy. If you reuse in a real life self-help or entertainment discussion board the same username or email address being used for boylover activism, somebody could make the connection. A search engine query can locate all places on the Internet where that username is being employed. Another factor is that if you reuse the same password in multiple online accounts and one of those accounts is hacked, the attacker will have access to all accounts you own on the Internet. Bots can automatically attempt multiple usernames and passwords taken from a hacked database, by choosing a unique username and password for each online account you have, you will limit the damage in case of a hacking incident.

Passwords managers are needed to be able to remember dozens or hundreds of unique usernames and passwords for online accounts. There are two types of password managers:

An offline password manager database is not accessible from the Internet and you don´t have to trust third parties with your data, hence security is higher. The disadvantage is that it will be harder to access the password manager from other devices without physically moving the file and you might have compatibility issues on mobile devices.

* [https://keepassxc.org/ KeePassXC Password Manager] - Offline light weight free open source password manager that works in Windows, Mac and Linux.

Cloud based password managers are less secure than offline password managers, if the service is on the cloud you have to trust that the company holding those passwords is really as secure as they say they are and they normally charge a fee for their services. The advantage is that being on the cloud has the convenience of not having to store anything on your hard drive and it is accessible across multiple devices like smartphones and tablets.

* [https://bitwarden.com/ BitWarden] - Online password manager that can be sync across multiple devices.

=== Windows Privacy Software ===

Windows is an extremely privacy invasive operating system, if you are serious about privacy move to Linux, if for whatever reason you can´t here are some privacy tips for Windows to make Microsoft spying on you harder but be aware that Windows can not be made totally private, with each new release and update Microsoft keeps moving the base to spy more and log users.

The most important thing you should do in Windows 11 is to never use a Microsoft account to log into your operating system because this will send and link your private data to Microsoft cloud servers, there are a few work arounds to be able to use Windows 11 without an account but unfortunately Microsoft keeps changing the rules with each new update, because a work around might be out of date by the time you read this, it is best that you use a search engine with fresh information to locate the latest tricks to install Windows 11 without an account. Even when you are logged in Windows without any Microsoft account there are features like OneDrive, Microsoft cloud storage services, that are enabled by default, you could easily upload a personal picture or document to Onedrive by accident without being warned that Microsoft scans all files you upload to OneDrive to detect illegal content, something that invades personal privacy, you should disable OneDrive straight away, privacy conscious people should avoid Microsoft and Google products as much as possible.

* [https://www.oo-software.com/en/shutup10 O&O ShutUp10] - Free antispy tool for Windows 10 and 11 to quickly disable advertising IDs, OneDrive and automatic sending of crash reports to Microsoft, using a slider you can choose what services you are ok with and which ones must be disabled.

=== Free Antivirus ===

Windows 11 comes with Microsoft Defender Antivirus, a fully featured security solution that scans your computer for malware and viruses, it is enabled by default but if you install new antivirus software, Windows will disable Windows antivirus and use your favored software instead. Microsoft Defender Antivirus is good at detecting threats the only reason why you may want to use a different product it is lack of trust in Microsoft products, or if you are looking for advanced control over the antivirus software. If you decide to use Microsoft Defender Antivirus make sure to disable automatic sample submission to strengthen your privacy.

* [https://www.avast.com/en-eu/free-antivirus-download Avast Free Antivirus] - During installation you might be asked if you want additional software, look out and uncheck boxes.
* [https://www.avira.com/en/free-antivirus-windows Avira Antivirus] - Free version will display nagging to try to get you to upgrade to their paid version.

=== Operating System ===

Macintosh operating systems and specially Windows, have all kind of tracking mechanisms that can be misused and besides being closed source, they are not focused in privacy. If you are really serious about security you will be better off with a Linux or BSD open source operating system that has been build with security and privacy in mind.

* [https://tails.net/ The Amnesic Incognito Live System - Tails] - Debian based operating system that can be installed in your computer, a thumb drive or run from a live DVD, this is the best choice for beginners. Tails routes your Internet data through the Tor network, with the firewall configured to make it impossible to leak your real IP. It will circumvent Internet censorship and it will leave no trace behind unless you ask it explicitly. Tails comes with a messenger, text editor, video player and many other utilities.

* [https://www.qubes-os.org/ Qubes Operating System] - Linux operating system using virtualisation to isolate every single application you have, making it is impossible for malware to spread from your Internet browser or text editor to the operating system. Quebes does not come with Tor out of the box but you can easily install Whonix, a virtual operating system similar to Tails, using a template provided by Qubes and enjoy anonymous Internet access with one of the most secure set ups possible.

=== Other ===

* [https://www.torproject.org/ Tor Project] - Browser to access the Internet anonymously.
* [https://www.whonix.org/ Whonix] - Very similar to Tails but it runs inside a virtual box. You should be advanced in computer skills to use it.
* [https://geti2p.net/ GetI2P] - Anonymous network similar to Tor that can be used for email and Internet browsing.

== See also ==

* [[Internet security tutorial‎]]
* [[Encryption]]
* [[Email_security|Email Security]]

== References ==

{{Reflist}}

[[Category:Technology]]

Privacy Freeware

2025-08-26T19:56:56Z

Eskimo: Updated Veracrypt domain name to new domain

This page contains external links to free programs that will help you protect your privacy, some of the listed tools might show you advertisements or a nagging screen inviting the user to upgrade to a paid for version, they might also make it difficult for you to find the free version on their website.

=== Secure Email ===

Most privacy email services charge for their services, the free privacy email services that exist, are provided with the hope that some of their free customers will upgrade to paid accounts and with that money they finance the free service for other users. Usually free accounts are given with limited resources to encourage them to upgrade to a paid account, but it might still be enough for light email users.

One way to obtain an anonymous email account is to hide your computer IP using [[Tor]] to register with any free email provider but many free webmail providers ban Tor proxy IPs and they ask for a backup email account, the method will fail many times.

'''Warning:''' If you use the Tor Browser any website requiring you to enable Javascript presents a serious security risk. Javascript code has been used by law enforcement agencies (or LEO="Law Enforcement Officers") to defeat the security of Tor -- LEO may even have the capability to ''inject'' Javascript into websites without the knowledge of the website administrator if they control the server.

* [https://tuta.com Tuta] - Free German based encrypted email service that reportedly keeps no logs.
* [https://proton.me/mail ProtonMail] - Encrypted email service in Switzerland that does not keep logs.

'''Note:''' ProtonMail recovery email account has been used in the past by law enforcement to track down users and it could be used by malicious actors too. You should not enter any traceable recovery email address in extreme privacy situations.<ref>{{cite web|title=Proton Mail recovery email leads to arrest of Catalan activist|url=https://www.techradar.com/computing/cyber-security/proton-mail-hands-data-to-police-again-is-it-still-safe-for-activists}}</ref>

=== VPN Providers ===

Free VPN services finance their activities displaying advertisements while you surf, or with a freemium model where they convert a part of their free users into paying ones to finance the free VPN. A few other VPN services get government or private funding to help people living in oppressive regimes to bypass censorship, the funding allows them to provide a free service focused towards bypassing firewalls but keeping logs tracking the originating IP.

When choosing a VPN pick a company that will not keep any logs and is located in a jurisdiction where they have no obligation to keep them. Remember that you have no way to verify if the VPN company claims are true or not, when extreme security measures are necessary, browse the Internet with Tor instead of a VPN.

* [https://protonvpn.com/ ProtonVPN] - Company in Switzerland, no bandwidth limit, company claims they do not keep logs, not even for free users.

* [https://windscribe.com/ WindScribe] - Company is based in Canada, free version has a bandwidth limit. They claim they do not keep logs.
* [https://www.expressvpn.com ExpressVPN] - Company that is based in British Virgin Islands. They claim not to keep logs.
* [https://nordvpn.com/about-us/ NordVPN] - Company that has bases in UK, Netherlands, Poland, Germany, Lithuania, Switzerland, and Panama. The parent company is based in Netherlands. Use this VPN with caution due to the 14 eyes security alliance and other friendly countries towards this alliance.

=== Encryption Software ===

To quickly send encrypted email files or messages you can use Winrar or 7-Zip, the protection they offer is strong enough to stop even corrupt law enforcement agents, but to be sure that if your computer is ever lost or stolen no data will be recovered, you will need to use full disk encryption, file [[encryption]] alone can not protect you from temporary files and Internet browsing history leaking into your hard drive, the only way to protect is by fully encrypting your operating system.

* [https://www.veracrypt.io/ Veracrypt] - Free open source encryption software to fully encrypt your hard drive. Available for Windows, Linux and Mac computers, but the full disk encryption option only works in Windows. In Linux and Mac Veracrypt can only be used to create encrypted virtual disks.

=== Data Wiping ===

Documents, images and videos you delete can be easily recovered with specialist software. The only sure way to get rid of a file for ever is to overwrite it with other data on top, the following programs will do that for you.

* [https://www.bleachbit.org/ BleachBit] - Internet browsing and temporary files data wiping software
* [http://sourceforge.net/projects/eraser/ Eraser] - File and hard drive empty sectors wiper
* [http://privazer.com/ Privazer] - It securely wipes temporary files and hard drive free space
* [https://www.ccleaner.com/ CCleaner] - Program to securely erase history browsing, cookies, temporary files and other personal data stored in your hard drive.

=== Password Manager ===

You should never reuse usernames and passwords if you care about online security and privacy. If you reuse in a real life self-help or entertainment discussion board the same username or email address being used for boylover activism, somebody could make the connection. A search engine query can locate all places on the Internet where that username is being employed. Another factor is that if you reuse the same password in multiple online accounts and one of those accounts is hacked, the attacker will have access to all accounts you own on the Internet. Bots can automatically attempt multiple usernames and passwords taken from a hacked database, by choosing a unique username and password for each online account you have, you will limit the damage in case of a hacking incident.

Passwords managers are needed to be able to remember dozens or hundreds of unique usernames and passwords for online accounts. There are two types of password managers:

An offline password manager database is not accessible from the Internet and you don´t have to trust third parties with your data, hence security is higher. The disadvantage is that it will be harder to access the password manager from other devices without physically moving the file and you might have compatibility issues on mobile devices.

* [https://keepassxc.org/ KeePassXC Password Manager] - Offline light weight free open source password manager that works in Windows, Mac and Linux.

Cloud based password managers are less secure than offline password managers, if the service is on the cloud you have to trust that the company holding those passwords is really as secure as they say they are and they normally charge a fee for their services. The advantage is that being on the cloud has the convenience of not having to store anything on your hard drive and it is accessible across multiple devices like smartphones and tablets.

* [https://bitwarden.com/ BitWarden] - Online password manager that can be sync across multiple devices.

=== Windows Privacy Software ===

Windows is an extremely privacy invasive operating system, if you are serious about privacy move to Linux, if for whatever reason you can´t here are some privacy tips for Windows to make Microsoft spying on you harder but be aware that Windows can not be made totally private, with each new release and update Microsoft keeps moving the base to spy more and log users.

The most important thing you should do in Windows 11 is to never use a Microsoft account to log into your operating system because this will send and link your private data to Microsoft cloud servers, there are a few work arounds to be able to use Windows 11 without an account but unfortunately Microsoft keeps changing the rules with each new update, because a work around might be out of date by the time you read this, it is best that you use a search engine with fresh information to locate the latest tricks to install Windows 11 without an account. Even when you are logged in Windows without any Microsoft account there are features like OneDrive, Microsoft cloud storage services, that are enabled by default, you could easily upload a personal picture or document to Onedrive by accident without being warned that Microsoft scans all files you upload to OneDrive to detect illegal content, something that invades personal privacy, you should disable OneDrive straight away, privacy conscious people should avoid Microsoft and Google products as much as possible.

* [https://www.oo-software.com/en/shutup10 O&O ShutUp10] - Free antispy tool for Windows 10 and 11 to quickly disable advertising IDs, OneDrive and automatic sending of crash reports to Microsoft, using a slider you can choose what services you are ok with and which ones must be disabled.

=== Free Antivirus ===

Windows 11 comes with Windows Defender, a fully featured security solution that scans your computer for malware and viruses, it is enabled by default but if you install new antivirus software, Windows will disable Windows Defender and use your preferred antivirus solution instead. Most online reviews point out at the high quality of Windows Defender, the main reason why somebody might want to use a different product it is lack of trust in Microsoft products, or somebody looking for advanced control over their antivirus software. Windows Defender has few customisation options.

* [https://www.avast.com/en-eu/free-antivirus-download Avast Free Antivirus] - During installation you might be asked if you want additional software, look out and uncheck boxes.
* [https://www.avira.com/en/free-antivirus-windows Avira Antivirus] - Free version will display nagging to try to get you to upgrade to their paid version.

=== Operating System ===

Macintosh operating systems and specially Windows, have all kind of tracking mechanisms that can be misused and besides being closed source, they are not focused in privacy. If you are really serious about security you will be better off with a Linux or BSD open source operating system that has been build with security and privacy in mind.

* [https://tails.net/ The Amnesic Incognito Live System - Tails] - Debian based operating system that can be installed in your computer, a thumb drive or run from a live DVD, this is the best choice for beginners. Tails routes your Internet data through the Tor network, with the firewall configured to make it impossible to leak your real IP. It will circumvent Internet censorship and it will leave no trace behind unless you ask it explicitly. Tails comes with a messenger, text editor, video player and many other utilities.

* [https://www.qubes-os.org/ Qubes Operating System] - Linux operating system using virtualisation to isolate every single application you have, making it is impossible for malware to spread from your Internet browser or text editor to the operating system. Quebes does not come with Tor out of the box but you can easily install Whonix, a virtual operating system similar to Tails, using a template provided by Qubes and enjoy anonymous Internet access with one of the most secure set ups possible.

=== Other ===

* [https://www.torproject.org/ Tor Project] - Browser to access the Internet anonymously.
* [https://www.whonix.org/ Whonix] - Very similar to Tails but it runs inside a virtual box. You should be advanced in computer skills to use it.
* [https://geti2p.net/ GetI2P] - Anonymous network similar to Tor that can be used for email and Internet browsing.

== See also ==

* [[Internet security tutorial‎]]
* [[Encryption]]
* [[Email_security|Email Security]]

== References ==

{{Reflist}}

[[Category:Technology]]

Tor (The Onion Router)

2025-06-09T22:21:22Z

Eskimo: replaced DVD mention with USB

'''Tor''' is a free open-source project providing people with a [[proxy]] to make their computer IP address more anonymous (harder to find) when surfing the Internet. It contains its own browser.

Us boylovers community are at a higher chance of being targeted and TOR is an extra layer of anonymity.

Every computer (or phone or tablet) that is accessing the Internet has an IP (Internet Protocol) address. Typically these are assigned by the Internet Service Provider (the company you connect to which then connects you to the Internet using their own permanent connection), and can and often are different each time you use the Internet. They are in digits and typically take the form 000.00.000.0. There are more computers than there are IP addresses, so in most cases a number is assigned when you connect and the number is released when your Internet session ends. (There are partially implemented plans to increase the number of IP addresses, by making them longer.) Internet Service Providers typically keep records of which IP address is assigned to which customer at which time. Thus, a warrant from a judge can (in the U.S.) compel the Internet Service Provider to identify who used an IP address at a certain time.

A proxy is a computer server that acts as an intermediary. It receives your request for a Web page, with your IP address exposed. It then forwards the request, using its own IP address as the requestor. When the requested page arrives, the proxy computer sends it to you.

In addition to using a VPN over Tor, also use a bridge. An ISP can see that you are using Tor without this. By using a bridge, this is another level of concealment and could make an ISP's job harder to see what websites is being viewed. Tor functions without any issues on BoyWiki.

A bridge is specifically important if you are located in a heavy censorship country. This is also applicable for a country that is considered an [[Axis of evil (dictionary)]]

Ensure that the latest updates are applied when they are available. This also ensures that protection could be provided against attackers.

Tor typically uses as series of servers (10 is a number frequently seen), each located in a different country. Thus the origin of the name: there is an similarity to layers of an onion.

To track the request for a Web page back to you, law enforcement must track it through multiple servers in multiple countries. These servers change (a new route is selected) frequently, adding to the difficulty in tracking through them. Many of the proxy servers deliberately do not keep records of the requests received and processed. Tor also encrypts the data leaving or arriving at your computer. Your IP address cannot be encrypted.

However, what cannot be concealed from your Internet Service Provider is the time you connected to Tor. At the other end, the same thing applies. In other words, if law enforcement wants to device the resources, the times you logged on to Tor can be matched with those of a recipient. This is not a hypothetical danger; law enforcement has done this. The solution is to use a [[VPN]], in any country other than the one in which you reside.

Because of the multiple steps involved, using Tor will result in slower Web page loading than when it is not used. This is, to a degree, common to all types of [[encryption]].

Be very careful when signing into websites with Tor as this is identifying information. Once done with a website that has been signed into, ensure that a new session is created. This is so that you have a new IP address right away and limits the digital footprints that the session has.

==The Darknet ==
There are a variety of services, both legal and illegal, that can be accessed using Tor and only Tor. This is called the Darknet (http://en.wikipedia.org/wiki/Darknet). There is no single directory of them; they change frequently. Tor conceals which country the server of the requested material is in.

Browsing on the Darknet can easily reveal disturbing material - animal torture, for example - which is not available on the regular Internet. One can order an assassination ("no prominent politicians"). There is much copyrighted material posted illegally.

However, there is plenty of material on the Darknet which is legal under the laws of all Western democracies, but is illegal under the laws where some user finds him - or herself. For example, anti-Islamic writings or discussions of textual or other errors in the Koran, can lead to formal execution or assassination in many Islamic countries. Conversely, in the [[United States]] there is an active anti-birth control movement, where, not long ago, birth control information could not be mailed, and Planned Parenthood founder Margaret Sanger fled the country, under indictment for distributing it.

No one is in favor of the free distribution of all the information and communication, including child pornography and torture of children, found on the Darknet. (OK, a few left-wing First Amendment nuts are.) But there is no way to shut it down without shutting down the whole Internet, in which case the cure would be worse than the disease. The Darknet is, on purpose, completely decentralized; one would have to shut down individually all the hundreds of thousands if not millions who use it.

== Limitations on Tor security ==

Originally, it was thought that the anonymity provided by Tor was total. However, law enforcement, which has more resources than all the boylovers in the world put together, has developed a number of ways to penetrate Tor security. Ross Ulbricht, on whom there is a Wikipedia article (http://en.wikipedia.org/wiki/Ross_Ulbricht) is serving a life sentence as a result of law enforcement penetrating his Tor security. It only took them a few months.
* The fact that you sent a request for an Internet page, through your Internet Service Provider, to a Tor proxy is not and cannot be concealed using current technology. Even though the name of the page is encrypted, law enforcement can easily find out that you requested some Web page through Tor (but not which one) at a particular time. Most Internet Service Providers keep logs of which pages each user requests and when they request them. At the other end of the chain of servers, law enforcement can find out which IP addresses requested the page the users of which they are investigating. Even if all they can find out is the IP address of the final Tor proxy in the chain, the time the page requested cannot be concealed. If the time the page is served matches with the time you requested a page, this does not prove that you requested that page, but it could serve as grounds to seize and search your computer (phone, tablet).

* Nothing prevents law enforcement from acting as a Tor proxy -- anyone running the browser can -- and thus spying on the data requests sent and received somewhere in the chain.

:NOTE: This article gives an overview of how Tor works. If you'd like to skip the technical information, then just see link to the Tor Project home page at the end of this article, visit the Tor home page, download the browser bundle, and install it. '''''You should make sure that the "global scripts option" (the "S" with a circle and line through it, found on the the upper-left corner of your screen) is set to ''not'' allow scripts.''''' (You can disable this option, and enable scripts, for visiting "safe" sites which do not contain sensitive information.) Using Tor, you can surf the Internet more securely. (Note: ''Never'' try to download bit torrents that contain sensitive information through Tor--you are NOT protected from others monitoring your downloads, and your real IP address will be exposed! Also, you should NEVER combine the visiting of sites which have ''the details of your real-life identity'' at the same time that you visit "sensitive" sites. Only do one thing at a time--browsing that involves your "real-life identity," should ''not be done'' at the same time that you are using Tor to visit "sensitive" sites (like BoyChat, for example) Remember: close your Tor browser, and then start it again to protect your real-life identity and to keep yourself safe.

To access the Tor network the end user runs a program called a Tor client (a special Internet browser) on his computer, this comes with an extra filtering program (like [[Privoxy]]) between the Tor client and the Internet browser on the local computer due to the risk of applications like Java revealing user information. Any Tor user with sufficient bandwidth can also choose to run a proxy allowing other Tor users to route traffic through his computer, but one has to be very careful when running an Tor "exit" node, which is the last computer in the chain, and the one that connects directly to the site you are visiting.

An '''onion router''' works by opening a circuit of [[proxy]] servers, through which the data sent from the source to the destination can be routed. By creating a series of connections, via several proxies, neither the first nor the last server knows the whole route that the data took, nor even which source is sending to which destination.

Used correctly, Tor protects one's anonymity. But there can be problems: In 2013 Ross William Ulbricht was arrested for running a Web site--Silk Road--using Tor. It was primarily a marketplace where illegal drug sellers and buyers could connect. He was sentenced to life in prison without parole. (See Wikipedia for information on how his site was compromised by the legal authorities.)

The Tor technology is attractive to [[boylover]]s because of the [[anonymity]] offered by the proxy network. Some sites, such as Wikipedia, restrict access or posting using Tor software, to reduce spam and malicious hackers. [[BoyChat]] for example, will only allow people to post using Tor if they have a registered nick. The Tor network also hosts hidden sites that can not be taken offline because it is not possible to work out which server is hosting them, however these sites, with the extension ''.onion'', are only accessible if you run Tor software in your computer.

=== Tor and live USB ===

Even when you use Tor it could still be possible for someone to see information on your computer hard drive, and to look at your drive's contents --websites that you have visited using Tor can be found in the Internet browser cache (if it is enabled). But if you use the "Tor browser bundle," with the special version of Firefox that comes with it, then you do not have to worry about your browser cache being stored on your computer.

Using a live USB to browse the Internet avoids leaving any traces of your browsing history on your hard drive, because after you have finished browsing using a live USB all of the data held in volatile RAM memory will disappear, and recovery will not be possible. A live USB (i.e. Tails) with Tor is one of the most powerful anonymity tools that exist.

== Javascript Exploit ==
Javascript provides many "whistles and bells" in your browser while you browse the Internet. Without javascript enabled in your browser, you may find the functionality of many websites diminished. Some sites will not function at all without javascript enabled in your browser. If using Protonmail, Javascript must be enabled to use it.

<small>(NOTE: One "workaround"--which ''sometimes'' works--to the problem of javascript limiting site functionality is to access the site desired using the Wayback machine found at https://www.web.archive.org)</small>

But you should be aware that at least one "exploit" (a "trick" used in computer programming to compromise a computer) exists which law-enforcement personnel can use to expose your identity '''even though you may be surfing behind the protection provided by Tor'''.

<big>Javascript should ''never'' be enabled in a browser used to visit "sensitive" sites, such as sites posting information which is "pro-pedophile" (or even "anti-pedophile") or which contains other information (or images) which may be of interest to a [[pedophile]].</big>

A large number of [[boylove|BoyLovers]] (and GirlLovers) are now serving very long terms in prison because they enabled javascript in their browsers. Don't be one of them!

=== Links to articles describing the risks of browsing with javascript enabled===

*Inside the Tor exploit | ZDNet
:https://www.zdnet.com/article/inside-the-tor-exploit/
*Firefox Zero-Day Exploit used by FBI to shutdown Child porn on Tor ...
:http://thehackernews.com/2013/08/Firefox-Exploit-Tor-Network-child-pornography-Freedom-Hosting.html
*FBI Admits It Controlled Tor Servers Behind Mass Malware Attack ...
:http://www.wired.com/2013/09/freedom-hosting-fbi/
*The FBI TOR Exploit - InfoSec Institute
:http://resources.infosecinstitute.com/fbi-tor-exploit/
*Actual risks of javascript and Flash? : TOR - Reddit
:http://www.reddit.com/r/TOR/comments/1y8r3m/actual_risks_of_javascript_and_flash/
*Identity-exposing malware on Tor "could be work of FBI"
:http://www.welivesecurity.com/2013/08/05/identity-exposing-malware-on-tor-could-be-work-of-fbi/

==See also==
*[[Encryption]]

== External links ==
* [http://www.torproject.org/ Tor Project homepage]
* [https://tails.boum.org Tails live CD]
* [https://www.whonix.org/ Whonix Anonymous OS]

[[Category:Technology]]
[[Category:Essential reading for BoyLovers]]
[[Category:Security for boylovers]]

Proxy and VPN

2025-06-09T22:18:24Z

Eskimo: replaced ipleak with windscribe

A proxy is a server that routes connections in order to provide some additional service such as security, anonymity, or information processing. A common use is to connect to a proxy in order to mask one's IP address from a web server. There are thousands of proxy servers available, but many of them may not be trustworthy. One of the most secure system of proxies is [[Tor]], a protocol for onion routing, the tor proxy is made up of three different proxy servers located in different countries, in order for an attacker to find out who is behind a website request he would have to get access to all servers and get hold of the logs, which are not meant to be kept by tor operators.

=== VPN (Virtual private network) ===

A VPN is a single hop proxy that is considerably faster than tor and that is its main advantage. A VPN is not as secure as Tor and there have been instances in which people using a VPN to commit a crime have been arrested. When choosing a VPN, to minimize the risk of your privacy being compromised one should look for a company that does not keep connection logs for too many days and it is located offshore (i.e. not in your country of residence). Nearly all VPNs claim not to keep logs about the websites you visit but they do not specify anything about connection logs, it is not necessary to know what websites you visit to track you down, only connection logs, time and date of connection and what IP was assigned, are needed.

=== VPN vulnerabilities ===

One of the early days VPN vulnerabilities was that the VPN sometimes disconnected and your real IP was logged by the website you were visiting, fortunately now all decent VPNs include a kill switch that stops this from happening, the killswitch is usually turned on by default for your own security and you can´t turn it off. A second VPN vulnerability is a DNS leak, before you can access a website its URL needs to be resolved, DNS is used for this, by default you will be using your ISP DNS servers to resolve addresses but the VPN will replace them with their own, if your DNS leaks it would be possible to find your Internet provider by looking at that DNS name, although your computer IP would still be hidden. These two vulnerabilities are rare in established VPN companies, they are only mentioned for reference.

The most common vulnerability on a VPN is downloading free or hacked VPN software from a malicious hacker that will spy on you and steal your data, be extremely careful with "free" VPNs, most of them are not to be trusted. The second vulnerability is your VPN lying and keeping logs, pick a VPN company with a clear no logs policy that has been around for some time.

=== Understanding VPN logs ===

All VPN providers will advertise that they do not track users and do not log what sites they visit, but it is not necessary to keep a record of visited websites to track someone down, all that is needed is to keep connection logs detailing at what time and on what date a user had the specified IP, these are the kind of logs that proxy and VPN providers keep, connection logs. Websites servers log accurate visitors time and dates, if for example, a VPN provider receives a complaint from Yahoo that someone posted a political comment on a specific date and time using a particular IP belonging to that VPN company, all that is needed for the VPN company is to look at the connection logs and see who had that IP that day on that time matching it with a real person.

If a VPN company receives a request to match one of their assigned IPs with a user and the VPN only keeps logs for a few days they can easily reply that nothing is available, a VPN provider is not an ISP and they are not required by law in the US or Europe to keep connection logs. Many Internet Service Providers, depending on jurisdiction, have a legal duty to keep connection logs, many other ISPs voluntarily keep them, when you use a VPN the Internet Service Provider will not be able to record what activities you are doing over the Internet other than seeing that you are connected to a VPN and nothing else will leak.

=== Free VPN providers ===

Free VPN services can be used to get around Internet filters and light privacy, free VPN services are financed either selling your data to advertisers or giving you a limited bandwidth amount with the hope that the user will get tired of limitations and upgrade to their paid for version.

Companies providing free VPN access tend to have vague privacy policies for these services, paid for VPN providers are more keen to emphasize in their FAQ how long for they keep logs, their business does not rely on selling advertising but in selling privacy, it is essential for privacy activists when using a VPN to select a provider that keeps logs for as few days as possible, free VPN providers can be suitable for privacy if they clearly state on their FAQ what kind of logs they keep and how long for, one should play the paranoid card too and not automatically assume that everything a company claims without proof is true, it is best to go for well established companies, long standing companies are more likely to get caught lying if they have been operating for years than a new out of the blue VPN provider. Remember the saying "if you are not paying for the product, you are the product."

==See also==

* [[The Dangers of using VPN]]

== External links ==

* [https://protonvpn.com/ Proton VPN (Free option)]
* [https://windscribe.com/ WindScribe (Free option)]

[[Category:Technology]]

Proxy and VPN

2025-06-09T21:42:18Z

Eskimo: Updated out of date technical information

A proxy is a server that routes connections in order to provide some additional service such as security, anonymity, or information processing. A common use is to connect to a proxy in order to mask one's IP address from a web server. There are thousands of proxy servers available, but many of them may not be trustworthy. One of the most secure system of proxies is [[Tor]], a protocol for onion routing, the tor proxy is made up of three different proxy servers located in different countries, in order for an attacker to find out who is behind a website request he would have to get access to all servers and get hold of the logs, which are not meant to be kept by tor operators.

=== VPN (Virtual private network) ===

A VPN is a single hop proxy that is considerably faster than tor and that is its main advantage. A VPN is not as secure as Tor and there have been instances in which people using a VPN to commit a crime have been arrested. When choosing a VPN, to minimize the risk of your privacy being compromised one should look for a company that does not keep connection logs for too many days and it is located offshore (i.e. not in your country of residence). Nearly all VPNs claim not to keep logs about the websites you visit but they do not specify anything about connection logs, it is not necessary to know what websites you visit to track you down, only connection logs, time and date of connection and what IP was assigned, are needed.

=== VPN vulnerabilities ===

One of the early days VPN vulnerabilities was that the VPN sometimes disconnected and your real IP was logged by the website you were visiting, fortunately now all decent VPNs include a kill switch that stops this from happening, the killswitch is usually turned on by default for your own security and you can´t turn it off. A second VPN vulnerability is a DNS leak, before you can access a website its URL needs to be resolved, DNS is used for this, by default you will be using your ISP DNS servers to resolve addresses but the VPN will replace them with their own, if your DNS leaks it would be possible to find your Internet provider by looking at that DNS name, although your computer IP would still be hidden. These two vulnerabilities are rare in established VPN companies, they are only mentioned for reference.

The most common vulnerability on a VPN is downloading free or hacked VPN software from a malicious hacker that will spy on you and steal your data, be extremely careful with "free" VPNs, most of them are not to be trusted. The second vulnerability is your VPN lying and keeping logs, pick a VPN company with a clear no logs policy that has been around for some time.

=== Understanding VPN logs ===

All VPN providers will advertise that they do not track users and do not log what sites they visit, but it is not necessary to keep a record of visited websites to track someone down, all that is needed is to keep connection logs detailing at what time and on what date a user had the specified IP, these are the kind of logs that proxy and VPN providers keep, connection logs. Websites servers log accurate visitors time and dates, if for example, a VPN provider receives a complaint from Yahoo that someone posted a political comment on a specific date and time using a particular IP belonging to that VPN company, all that is needed for the VPN company is to look at the connection logs and see who had that IP that day on that time matching it with a real person.

If a VPN company receives a request to match one of their assigned IPs with a user and the VPN only keeps logs for a few days they can easily reply that nothing is available, a VPN provider is not an ISP and they are not required by law in the US or Europe to keep connection logs. Many Internet Service Providers, depending on jurisdiction, have a legal duty to keep connection logs, many other ISPs voluntarily keep them, when you use a VPN the Internet Service Provider will not be able to record what activities you are doing over the Internet other than seeing that you are connected to a VPN and nothing else will leak.

=== Free VPN providers ===

Free VPN services can be used to get around Internet filters and light privacy, free VPN services are financed either selling your data to advertisers or giving you a limited bandwidth amount with the hope that the user will get tired of limitations and upgrade to their paid for version.

Companies providing free VPN access tend to have vague privacy policies for these services, paid for VPN providers are more keen to emphasize in their FAQ how long for they keep logs, their business does not rely on selling advertising but in selling privacy, it is essential for privacy activists when using a VPN to select a provider that keeps logs for as few days as possible, free VPN providers can be suitable for privacy if they clearly state on their FAQ what kind of logs they keep and how long for, one should play the paranoid card too and not automatically assume that everything a company claims without proof is true, it is best to go for well established companies, long standing companies are more likely to get caught lying if they have been operating for years than a new out of the blue VPN provider. Remember the saying "if you are not paying for the product, you are the product."

==See also==

* [[The Dangers of using VPN]]

== External links ==

* [https://ipleak.net/ IPLeak test]
* [https://protonvpn.com/ Proton VPN (Free option)]

[[Category:Technology]]

Proxy and VPN

2025-06-09T21:33:01Z

Eskimo:

A proxy is a server that routes connections in order to provide some additional service such as security, anonymity, or information processing. A common use is to connect to a proxy in order to mask one's IP address from a web server. There are thousands of proxy servers available, but many of them may not be trustworthy. One of the most secure system of proxies is [[Tor]], a protocol for onion routing, the tor proxy is made up of three different proxy servers located in different countries, in order for an attacker to find out who is behind a website request he would have to get access to all servers and get hold of the logs, which are not meant to be kept by tor operators.

=== VPN (Virtual private network) ===

A VPN is a single hop proxy that is considerably faster than tor and that is its main advantage. A VPN is not as secure as Tor and there have been instances in which people using a VPN to commit a crime have been arrested. When choosing a VPN, to minimize the risk of your privacy being compromised one should look for a company that does not keep connection logs for too many days and it is located offshore (i.e. not in your country of residence). Nearly all VPNs claim not to keep logs about the websites you visit but they do not specify anything about connection logs, it is not necessary to know what websites you visit to track you down, only connection logs, time and date of connection and what IP was assigned, are needed.

=== VPN vulnerabilities ===

A very common VPN vulnerability is that the server sometimes will disconnect and show your real IP, this will be unexpected and there is little protection against it. One rough trick you can use to notice a VPN disconnection is to stream online music while you surf the Internet, for example listening to Pandora radio, when the VPN disconnects the music will stop playing, another way to stop accidentally exposing your IP is choosing a company that has VPN software with IP binding, Security Kiss has such feature, when IP binding has been activated it will stop your IP leaking out. There are websites such as ipleak.net which can be used to ensure that your VPN of choice is working before visiting other websites.

A second VPN vulnerability is a DNS leak, before you can access a website its URL needs to be resolved, DNS is used for this, by default you will be using your ISP DNS servers to resolve addresses, if your DNS leaks it would be possible to find your Internet provider by looking at that DNS name, although your computer IP would still be hidden. DNS leaks are sometimes patched by your own VPN provider but not always, if you use a VPN you can check if the DNS leaks visiting the DNSleaktest in external links. You can manually prevent DNS leaking changing your DNS resolver to a free one like Comodo Secure DNS, OpenDNS is another free DNS provider.

To completely avoid VPN disconnections revealing your computer IP the best one can do is to use an SSH tunnel instead of a VPN, unlike VPNs, SSH tunnels do not route all of your Internet traffic, they work on per application bases, when an SSH tunnel goes down your browser will not work and your real IP will remain secret until the tunnel is activated again. Privacy trends point towards VPNs, there are very few commercial SSH tunnel providers, some of them are VPNSecure.me, Cotse.net and Tunnelr.com

=== Understanding VPN logs ===

All VPN providers will advertise that they do not track users and do not log what sites they visit, but it is not necessary to keep a record of visited websites to track someone down, all that is needed is to keep connection logs detailing at what time and on what date a user had the specified IP, these are the kind of logs that proxy and VPN providers keep, connection logs. Websites servers log accurate visitors time and dates, if for example, a VPN provider receives a complaint from Yahoo that someone posted a political comment on a specific date and time using a particular IP belonging to that VPN company, all that is needed for the VPN company is to look at the connection logs and see who had that IP that day on that time matching it with a real person.

If a VPN company receives a request to match one of their assigned IPs with a user and the VPN only keeps logs for a few days they can easily reply that nothing is available, a VPN provider is not an ISP and they are not required by law in the US or Europe to keep connection logs. Many Internet Service Providers, depending on jurisdiction, have a legal duty to keep connection logs, many other ISPs voluntarily keep them, when you use a VPN the Internet Service Provider will not be able to record what activities you are doing over the Internet other than seeing that you are connected to a VPN and nothing else will leak.

=== Free VPN providers ===

Free VPN services can be used to get around Internet filters and light privacy, free VPN services are financed either selling your data to advertisers or giving you a limited bandwidth amount with the hope that the user will get tired of limitations and upgrade to their paid for version.

Companies providing free VPN access tend to have vague privacy policies for these services, paid for VPN providers are more keen to emphasize in their FAQ how long for they keep logs, their business does not rely on selling advertising but in selling privacy, it is essential for privacy activists when using a VPN to select a provider that keeps logs for as few days as possible, free VPN providers can be suitable for privacy if they clearly state on their FAQ what kind of logs they keep and how long for, one should play the paranoid card too and not automatically assume that everything a company claims without proof is true, it is best to go for well established companies, long standing companies are more likely to get caught lying if they have been operating for years than a new out of the blue VPN provider. Remember the saying "if you are not paying for the product, you are the product."

==See also==

* [[The Dangers of using VPN]]

== External links ==

* [https://ipleak.net/ IPLeak test]
* [https://protonvpn.com/ Proton VPN (Free option)]

[[Category:Technology]]

Proxy and VPN

2025-06-09T21:32:41Z

Eskimo: internal link to dead page removed

A proxy is a server that routes connections in order to provide some additional service such as security, anonymity, or information processing. A common use is to connect to a proxy in order to mask one's [[IP address]] from a web server. There are thousands of proxy servers available, but many of them may not be trustworthy. One of the most secure system of proxies is [[Tor]], a protocol for onion routing, the tor proxy is made up of three different proxy servers located in different countries, in order for an attacker to find out who is behind a website request he would have to get access to all servers and get hold of the logs, which are not meant to be kept by tor operators.

=== VPN (Virtual private network) ===

A VPN is a single hop proxy that is considerably faster than tor and that is its main advantage. A VPN is not as secure as Tor and there have been instances in which people using a VPN to commit a crime have been arrested. When choosing a VPN, to minimize the risk of your privacy being compromised one should look for a company that does not keep connection logs for too many days and it is located offshore (i.e. not in your country of residence). Nearly all VPNs claim not to keep logs about the websites you visit but they do not specify anything about connection logs, it is not necessary to know what websites you visit to track you down, only connection logs, time and date of connection and what IP was assigned, are needed.

=== VPN vulnerabilities ===

A very common VPN vulnerability is that the server sometimes will disconnect and show your real IP, this will be unexpected and there is little protection against it. One rough trick you can use to notice a VPN disconnection is to stream online music while you surf the Internet, for example listening to Pandora radio, when the VPN disconnects the music will stop playing, another way to stop accidentally exposing your IP is choosing a company that has VPN software with IP binding, Security Kiss has such feature, when IP binding has been activated it will stop your IP leaking out. There are websites such as ipleak.net which can be used to ensure that your VPN of choice is working before visiting other websites.

A second VPN vulnerability is a DNS leak, before you can access a website its URL needs to be resolved, DNS is used for this, by default you will be using your ISP DNS servers to resolve addresses, if your DNS leaks it would be possible to find your Internet provider by looking at that DNS name, although your computer IP would still be hidden. DNS leaks are sometimes patched by your own VPN provider but not always, if you use a VPN you can check if the DNS leaks visiting the DNSleaktest in external links. You can manually prevent DNS leaking changing your DNS resolver to a free one like Comodo Secure DNS, OpenDNS is another free DNS provider.

To completely avoid VPN disconnections revealing your computer IP the best one can do is to use an SSH tunnel instead of a VPN, unlike VPNs, SSH tunnels do not route all of your Internet traffic, they work on per application bases, when an SSH tunnel goes down your browser will not work and your real IP will remain secret until the tunnel is activated again. Privacy trends point towards VPNs, there are very few commercial SSH tunnel providers, some of them are VPNSecure.me, Cotse.net and Tunnelr.com

=== Understanding VPN logs ===

All VPN providers will advertise that they do not track users and do not log what sites they visit, but it is not necessary to keep a record of visited websites to track someone down, all that is needed is to keep connection logs detailing at what time and on what date a user had the specified IP, these are the kind of logs that proxy and VPN providers keep, connection logs. Websites servers log accurate visitors time and dates, if for example, a VPN provider receives a complaint from Yahoo that someone posted a political comment on a specific date and time using a particular IP belonging to that VPN company, all that is needed for the VPN company is to look at the connection logs and see who had that IP that day on that time matching it with a real person.

If a VPN company receives a request to match one of their assigned IPs with a user and the VPN only keeps logs for a few days they can easily reply that nothing is available, a VPN provider is not an ISP and they are not required by law in the US or Europe to keep connection logs. Many Internet Service Providers, depending on jurisdiction, have a legal duty to keep connection logs, many other ISPs voluntarily keep them, when you use a VPN the Internet Service Provider will not be able to record what activities you are doing over the Internet other than seeing that you are connected to a VPN and nothing else will leak.

=== Free VPN providers ===

Free VPN services can be used to get around Internet filters and light privacy, free VPN services are financed either selling your data to advertisers or giving you a limited bandwidth amount with the hope that the user will get tired of limitations and upgrade to their paid for version.

Companies providing free VPN access tend to have vague privacy policies for these services, paid for VPN providers are more keen to emphasize in their FAQ how long for they keep logs, their business does not rely on selling advertising but in selling privacy, it is essential for privacy activists when using a VPN to select a provider that keeps logs for as few days as possible, free VPN providers can be suitable for privacy if they clearly state on their FAQ what kind of logs they keep and how long for, one should play the paranoid card too and not automatically assume that everything a company claims without proof is true, it is best to go for well established companies, long standing companies are more likely to get caught lying if they have been operating for years than a new out of the blue VPN provider. Remember the saying "if you are not paying for the product, you are the product."

==See also==

* [[The Dangers of using VPN]]

== External links ==

* [https://ipleak.net/ IPLeak test]
* [https://protonvpn.com/ Proton VPN (Free option)]

[[Category:Technology]]

Anonymity

2025-06-09T15:50:58Z

Eskimo: erased internal dead link

'''Anonymity''' is the state of not being identifiable. The possibility of being anonymous is often considered a cornerstone of democracy, since without it there is the possibility that nobody will dare to give opposing views, or to vote differently from the majority.

For [[boylover]]s, anonymity is often considered extra important, as [[vigilante]]s and hostile and violent ''[[child advocate]]s'' watch the online discussion boards routinely, attempting to discern enough information about each participant to be able to attain identifiable information. Such information may then be used to [[Outing|out]] the boylover to his local community, to plant false rumours about him, or even physically attack or harass him.

== Social aspects of anonymity ==

For boylovers, protecting anonymity is mainly about being careful of what personal information to disclose when communicating with fellow boylovers.
*On public [[Online_message_board|discussion board]]s or [[IRC|chat]] rooms, you should never give out your '''real name''' or initials, but instead use a [[nickname|pseudonym]] which you do not use in other contexts.
*Do not disclose personal '''telephone numbers''' or your street '''address'''.
*Depending on the size of the '''country''' or '''city''' you live in, you should also be careful in disclosing them.
*Do not disclose your '''age'''; exact birth dates should never be given, which also means that you should not post about today being your birthday. One privacy advice is that instead of saying you are 21 years old, you say you are in your early twenties.
*It may in some cases be necessary to ask for help in such a way that the question would give away information you would not otherwise have given. In such cases, many boards allow you to use a temporary '''"throw-away" pseudonym''' such that nobody knows who is asking.

When communicating with other boylovers privately, e.g. over [[Email_security| E-mail]], good judgement is needed to decide how much more information to disclose. One should only disclose information on a need-to-know basis. Remember that you cannot know or trust the true motivation of the person on the other end, and some vigilantes trying to find out your real identity or incite you admit or commit an illegal action are very patient. Both parties should respect each other's anonymity and not expect any disclosure beyond need. Bear in mind at all times that not only you don´t know who you are talking to, but also that the other person might one day have his computer stolen and the chat logs might be found by whoever gains access to that computer.

== Technological measures ==

Technology can help you to retain anonymity, but it is important to understand what you are doing, read and learn about technology and observe the social aspects discussed above.

=== E-mail ===

You should never use your [[real life]] e-mail address in boylove contexts, like forums, as this will make you very easy to identify, the most common trick used to locate people consists in entering an email address or nick in a search engine, find that person's post in other forums or sites and follow the dots.

There are numerous free mail offerings available, but the major providers scan your emails, they will give away your IP address to any repressive government and even have a NSA backdoor. If you care about privacy when signing up for a new email address use a [[VPN]], when you send an email your real computer IP is attached to the email header, if you use a VPN when sending email it will be VPN IP server displayed instead of your real IP, or you can sign up with an email service focused on privacy like ProtonMail or Tuta.

The best privacy is the one that depends on you and not others, if you are comfortable with computers and software, look into setting up OpenPGP to [[encrypt]] your e-mail in transit and protect against forgery. You can also look into anonymous e-mail providers hosted on Tor. These tools offer very good anonymity, effectively making it impossible to trace the e-mails you send back to you, but they have a steep learning curve, another problem is that messages sent through an anonymous IP often end up in the spam folder.

=== Tor ===

Tor, [[Tor_(The_Onion_Router)|The Onion Router]] is a program sponsored by the [[Electronic Frontier Foundation]] that will hide your real IP. You can connect to this proxy with many kinds of networking applications to make your communications extremely hard to trace back to you. Tor it is most often used to browse the Internet anonymously but it can also be used to route instant messaging traffic.

Tor can be configured in combination with [[IRC]] chat clients such as X-Chat or with Jabber instant messenger clients such as Pidgin. Instant Messaging has traditionally been problematic with regards to anonymity because it relies on a central server that logs your real IP, sometimes visible to other users and others times only visible to the server administrator, it will depend on the network.

When connecting through Tor, you are assigned one of several hundred Tor IP addresses at random, hiding your actual address, unfortunately due to abuse and spam Tor proxies are banned in all major IRC networks and some XMPP servers. To use a chat client or instant messenger with Tor it will have to be manually configured unless you run Tails, which is already set up to use Pidgin through Tor.

Another useful application of Tor is web browsing, Tor allows you to browse web content without those who run the server being able to find your real IP address. Some web sites may have blocked requests from Tor, especially for posting, because of abuse, but others like BoyChat allow it, often specifically to allow anonymous use. Bandwidth intensive applications like video streaming or complex websites with lots of graphics can load slow with Tor because in order to make your IP untraceable the network must route traffic through various hoops in different countries and this increases ping rates and slows down the speed at which data is transmitted, it is not recommended that you use Tor to stream long movies but it might work fine for short video clips, speed also depends on the number of Tor servers available and the number of users at the time.

Smartphones and tablets can be configured to browse the Internet with Tor, if you search the marketplace for Tor you will find various browsers to do this but they are not officially supported by the Tor project, the only smartphone app developed by the Tor project is called Orbot. Always remember that if you lose your smartphone or anybody gets access to it they can find out what websites you have been looking at, encrypt your phone and make sure that nobody gets unauthorised access while switched on.

Another necessary security precaution is to always update the software and only run the latest version of Tor, old versions can contain security holes. The safest option is to run Tails, an operating system that routes all data through Tor and blocks any outgoing network connection with your real IP.

== See also ==

* [[How not to accidentally out yourself]]
* [[The Dangers of using VPN]]

== External links ==

* [https://www.torproject.org/ Tor Project] - Tor project and browser
* [https://tails.net/ Tails] - Security Linux distribution routing traffic through Tor. It can be booted as a live USB.
* [https://proton.me/ Proton] - Privacy email and VPN provider in Switzerland, free option available.

[[Category:Community]]
[[Category:Technology]]

Instant messaging

2025-06-09T15:49:41Z

Eskimo: Erased outdated information about ICQ and AIM, added new info

'''Instant messaging''', or '''IM''', is a popular and now ubiquitous medium for sending messages to other persons on the [[Internet]].

==General overview==

Instant messaging is a technology through which a person can send short text messages to others on the same computer or over a computer network. The recipients receive the message instantly and can send a reply right away or at a more convenient time. IM is therefore a powerful middle ground between [[Email_security|e-mail]] and real-time chat systems. With most IM networks, users connect to a centralized IM server with an instant-messaging client. They sign in with a login id and a password, and the network sends the online status of everyone on the user's contact list and alerts others of the user's online status. Once connected, the user may send messages to others on the same IM network via the centralized server. Many IM clients and networks include advanced functions, like graphical emoticons integrated in the text, offline messages that are held by the server until the recipient signs in, file transfers, and video and voice chat.

Most IM networks are incompatible with others. Proprietary networks have a vested interest in keeping their networks closed and users are encouraged to give out personal details for companies to data mine them and sell their data, people who care about privacy should skip the major messenger networks and download privacy focused IM messengers designed to collect as little data as possible from users, you should aim for software that has end to end encrypted communication, does not require you to enter a phone number or email for registration, and does not keep connection logs. You should mitigate risks by using untraceable email addresses when asked for one and hiding your IP behind a VPN or Tor when opening an account.

==Instant messaging in the boylove community==

Especially after the decline of [[Internet Relay Chat|IRC]] in the community, instant messaging has been a popular way for boylovers to keep in touch with one another. IM chats take on the character of casual, private conversations. IMs can be a comfortable way to share personal details and form friendships outside of public forums like Internet message boards. Many networks allow group chats where more than two people can talk together at the same time.

==Security==

Instant messengers enable real-time communication with other Internet users, the main privacy danger to users comes from the owners of the IM server/network owner, instant messaging companies like Kik, SnapChat and Skype they all scan the files you send to detect child porn and they could be forced to scan for anything else they want, another privacy danger is that the IM networks know who is talking to whom, they log IPs and ask for a phone number or email address for registration, all of this is kept on file and they have been known to be used to track down users.

The instant messengers listed below do a best effort to keep your online activities anonymous and private but you should combine them with common sense and other privacy technologies such as VPNs, Tor and encryption so that if one safety measure fails you have a second back up safety measure that will stop an attacker and remember that there are things that an IM can not protect you from, yourself, you never know who is behind the keyboard at the other end, they could send you a virus or their computer could fall in the wrong hands one day and your private chat be visible to a third party if that were to happen you will be happy during that conversation your IP was hidden or the message was set to self-destruct.

One such example of user privacy compromised despite using a very secure instant messenger was when the FBI managed to deanonymize a child abuser using the encrypted Teleguard IM by forcing this Swiss company to hand over the push alert code sent to his account, push alerts are the pop-up notifications announcing new instant messages updates, after that the FBI asked Google to hand over a list of email addresses linked to that code. <ref> The FBI’s new tactic: Catching suspects with push alerts: https://web.archive.org/web/20240301075856/http://www.washingtonpost.com/technology/2024/02/29/push-notification-surveillance-fbi/ </ref> Another user, a suspected Catalan independence activist was traced using secure instant messenger Wire after Spanish police using a mutual legal assistance treaty requested this Swiss messaging company the registration email address the activist had used to open the IM account followed by a subpoena to the e-mail company Wire facilitated demanding the login IP address. <ref>Encrypted services Apple, Proton and Wire helped Spanish police identify activist: https://techcrunch.com/2024/05/08/encrypted-services-apple-proton-and-wire-helped-spanish-police-identify-activist/ </ref>

== References ==

{{reflist}}

==External links==

* [https://simplex.chat/ Simplex IM] - Secure messenger that does not require phone number or ID
* [https://teleguard.com/ Teleguard] - Swiss based messenger that does nor require a phone number
* [https://briarproject.org/ Briar IM] - Censorship-resistant peer-to-peer messaging that bypasses centralized servers

[[Category:Technology]]

Instant messaging

2025-06-09T15:06:18Z

Eskimo: /* Security */

'''Instant messaging''', or '''IM''', is a popular and now ubiquitous medium for sending messages to other persons on the [[Internet]].

==General overview==

Instant messaging is a technology through which a person can send short text messages to others on the same computer or over a computer network. The recipients receive the message instantly and can send a reply right away or at a more convenient time. IM is therefore a powerful middle ground between [[Email_security|e-mail]] and real-time chat systems.

With most IM networks, users connect to a centralized IM server with an instant-messaging client. They sign in with a login id and a password, and the network sends the online status of everyone on the user's contact list and alerts others of the user's online status. Once connected, the user may send messages to others on the same IM network via the centralized server.

There are several major IM networks in use today: AOL Instant Messenger (AIM), Google HangOuts, ICQ, Jabber, Skype, Yahoo! Messenger

Most IM networks are incompatible with others. Although AIM and ICQ users can see each others' status and send messages to each other, interoperability is otherwise non-existent. Proprietary networks have a vested interest in keeping their networks closed. This led to the rise of multi-network clients, such as Pidgin and Trillian. These clients allow users to connect to more than one IM network at once instead of running each official client separately. A user must still register with and sign in to each individual IM network, but can message his friends on various networks using a common interface, which may or may not have more features (such as spell checking) than the official clients.

Many IM clients and networks also presently include more advanced functions, like graphical emoticons integrated in the text, offline messages that are held by the server until the recipient signs in, file transfers, and video and voice chat.

==Instant messaging in the boylove community==

Especially after the decline of [[Internet Relay Chat|IRC]] in the community, instant messaging has been a popular way for boylovers to keep in touch with one another. IM chats take on the character of casual, private conversations. IMs can be a comfortable way to share personal details and form friendships outside of public forums like Internet message boards. Many networks allow group chats where more than two people can talk together at the same time.

==Security==

Instant messengers enable real-time communication with other Internet users, the main privacy danger to users comes from the owners of the IM server/network owner, instant messaging companies like Kik, SnapChat and Skype they all scan the files you send to detect child porn and they could be forced to scan for anything else they want, another privacy danger is that the IM networks know who is talking to whom, they log IPs and ask for a phone number or email address for registration, all of this is kept on file and they have been known to be used to track down users.

The instant messengers listed below do a best effort to keep your online activities anonymous and private but you should combine them with common sense and other privacy technologies such as VPNs, Tor and encryption so that if one safety measure fails you have a second back up safety measure that will stop an attacker and remember that there are things that an IM can not protect you from, yourself, you never know who is behind the keyboard at the other end, they could send you a virus or their computer could fall in the wrong hands one day and your private chat be visible to a third party if that were to happen you will be happy during that conversation your IP was hidden or the message was set to self-destruct.

One such example of user privacy compromised despite using a very secure instant messenger was when the FBI managed to deanonymize a child abuser using the encrypted Teleguard IM by forcing this Swiss company to hand over the push alert code sent to his account, push alerts are the pop-up notifications announcing new instant messages updates, after that the FBI asked Google to hand over a list of email addresses linked to that code. <ref> The FBI’s new tactic: Catching suspects with push alerts: https://web.archive.org/web/20240301075856/http://www.washingtonpost.com/technology/2024/02/29/push-notification-surveillance-fbi/ </ref> Another user, a suspected Catalan independence activist was traced using secure instant messenger Wire after Spanish police using a mutual legal assistance treaty requested this Swiss messaging company the registration email address the activist had used to open the IM account followed by a subpoena to the e-mail company Wire facilitated demanding the login IP address. <ref>Encrypted services Apple, Proton and Wire helped Spanish police identify activist: https://techcrunch.com/2024/05/08/encrypted-services-apple-proton-and-wire-helped-spanish-police-identify-activist/ </ref>

== References ==

{{reflist}}

==External links==

* [https://simplex.chat/ Simplex IM] - Secure messenger that does not require phone number or ID
* [https://teleguard.com/ Teleguard] - Swiss based messenger that does nor require a phone number
* [https://briarproject.org/ Briar IM] - Censorship-resistant peer-to-peer messaging that bypasses centralized servers

[[Category:Technology]]

Instant messaging

2025-06-09T15:05:21Z

Eskimo: security section small improvement

'''Instant messaging''', or '''IM''', is a popular and now ubiquitous medium for sending messages to other persons on the [[Internet]].

==General overview==

Instant messaging is a technology through which a person can send short text messages to others on the same computer or over a computer network. The recipients receive the message instantly and can send a reply right away or at a more convenient time. IM is therefore a powerful middle ground between [[Email_security|e-mail]] and real-time chat systems.

With most IM networks, users connect to a centralized IM server with an instant-messaging client. They sign in with a login id and a password, and the network sends the online status of everyone on the user's contact list and alerts others of the user's online status. Once connected, the user may send messages to others on the same IM network via the centralized server.

There are several major IM networks in use today: AOL Instant Messenger (AIM), Google HangOuts, ICQ, Jabber, Skype, Yahoo! Messenger

Most IM networks are incompatible with others. Although AIM and ICQ users can see each others' status and send messages to each other, interoperability is otherwise non-existent. Proprietary networks have a vested interest in keeping their networks closed. This led to the rise of multi-network clients, such as Pidgin and Trillian. These clients allow users to connect to more than one IM network at once instead of running each official client separately. A user must still register with and sign in to each individual IM network, but can message his friends on various networks using a common interface, which may or may not have more features (such as spell checking) than the official clients.

Many IM clients and networks also presently include more advanced functions, like graphical emoticons integrated in the text, offline messages that are held by the server until the recipient signs in, file transfers, and video and voice chat.

==Instant messaging in the boylove community==

Especially after the decline of [[Internet Relay Chat|IRC]] in the community, instant messaging has been a popular way for boylovers to keep in touch with one another. IM chats take on the character of casual, private conversations. IMs can be a comfortable way to share personal details and form friendships outside of public forums like Internet message boards. Many networks allow group chats where more than two people can talk together at the same time.

==Security==

Instant messengers enable real-time communication with other Internet users, the main privacy danger to users comes from the owners of the IM server/network owner, instant messaging companies like Kik, SnapChat and Skype they all scan the files you send to detect child porn and they could be forced to scan for anything else they want, another privacy danger is that the IM networks know who is talking to whom, they log IPs and ask for a phone number or email address for registration, all of this is kept on file and they have been known to be used to track down users.

The instant messengers listed below do a best effort to keep your online activities anonymous and private but you should combine them with common sense and other privacy technologies such as VPNs, Tor and encryption so that if one safety measure fails you have a second back up safety measure that will stop an attacker and remember that there are things that an IM can not protect you from, yourself, you never know who is behind the keyboard at the other end, they could send you a virus or their computer could fall in the wrong hands one day and your private chat be visible to a third party if that were to happen you will be happy during that conversation your IP was hidden or the message was set to self-destruct.

One such example of user privacy compromised despite using a very secure instant messenger was when the FBI managed to deanonymize a child abuser using the encrypted Teleguard IM by forcing this Swiss company to hand over the push alert code sent to his account, push alerts are the pop-up notifications announcing new instant messages updates, after that the FBI asked Google to hand over a list of email addresses linked to that code. <ref> The FBI’s new tactic: Catching suspects with push alerts: https://web.archive.org/web/20240301075856/http://www.washingtonpost.com/technology/2024/02/29/push-notification-surveillance-fbi/ </ref> Another user, a suspected Catalan independence activist was traced using secure instant messenger Wire after Spanish police using a mutual legal assistance treaty requested this Swiss messaging company the registration email address the activist had used to open the IM account followed by a subpoena to the e-mail company on file demanding the login IP address. <ref>Encrypted services Apple, Proton and Wire helped Spanish police identify activist: https://techcrunch.com/2024/05/08/encrypted-services-apple-proton-and-wire-helped-spanish-police-identify-activist/ </ref>

== References ==

{{reflist}}

==External links==

* [https://simplex.chat/ Simplex IM] - Secure messenger that does not require phone number or ID
* [https://teleguard.com/ Teleguard] - Swiss based messenger that does nor require a phone number
* [https://briarproject.org/ Briar IM] - Censorship-resistant peer-to-peer messaging that bypasses centralized servers

[[Category:Technology]]

Instant messaging

2025-06-09T15:02:36Z

Eskimo: /* Security */

'''Instant messaging''', or '''IM''', is a popular and now ubiquitous medium for sending messages to other persons on the [[Internet]].

==General overview==

Instant messaging is a technology through which a person can send short text messages to others on the same computer or over a computer network. The recipients receive the message instantly and can send a reply right away or at a more convenient time. IM is therefore a powerful middle ground between [[Email_security|e-mail]] and real-time chat systems.

With most IM networks, users connect to a centralized IM server with an instant-messaging client. They sign in with a login id and a password, and the network sends the online status of everyone on the user's contact list and alerts others of the user's online status. Once connected, the user may send messages to others on the same IM network via the centralized server.

There are several major IM networks in use today: AOL Instant Messenger (AIM), Google HangOuts, ICQ, Jabber, Skype, Yahoo! Messenger

Most IM networks are incompatible with others. Although AIM and ICQ users can see each others' status and send messages to each other, interoperability is otherwise non-existent. Proprietary networks have a vested interest in keeping their networks closed. This led to the rise of multi-network clients, such as Pidgin and Trillian. These clients allow users to connect to more than one IM network at once instead of running each official client separately. A user must still register with and sign in to each individual IM network, but can message his friends on various networks using a common interface, which may or may not have more features (such as spell checking) than the official clients.

Many IM clients and networks also presently include more advanced functions, like graphical emoticons integrated in the text, offline messages that are held by the server until the recipient signs in, file transfers, and video and voice chat.

==Instant messaging in the boylove community==

Especially after the decline of [[Internet Relay Chat|IRC]] in the community, instant messaging has been a popular way for boylovers to keep in touch with one another. IM chats take on the character of casual, private conversations. IMs can be a comfortable way to share personal details and form friendships outside of public forums like Internet message boards. Many networks allow group chats where more than two people can talk together at the same time.

==Security==

Instant messengers enable real-time communication with other Internet users, the main privacy danger to users comes from the owners of the IM server/network owner, instant messaging companies like Kik, SnapChat and Skype they all scan the files you send to detect child porn and they could be forced to scan for anything else they want, another privacy danger is that the IM networks know who is talking to whom, they log IPs and ask for a phone number or email address for registration, all of this is kept on file and they have been known to be used to track down users.

The instant messengers listed below do a best effort to keep your online activities anonymous and private but you should combine them with common sense and other privacy technologies such as VPNs, Tor and encryption so that if one safety measure fails you have a second back up safety measure that will stop an attacker and remember that there are things that an IM can not protect you from, yourself, you never know who is behind the keyboard at the other end, they could send you a virus or their computer could fall in the wrong hands one day and your private chat be visible to a third party if that were to happen you will be happy during that conversation your IP was hidden or the message was set to self-destruct.

One such example of user privacy compromised despite using a very secure instant messenger was when the FBI managed to deanonymize a child abuser using the encrypted Teleguard IM by forcing this Swiss company to hand over the push alert code sent to his account, push alerts are the pop-up notifications announcing new instant messages updates, after that the FBI asked Google to hand over a list of email addresses linked to that code. <ref> The FBI’s new tactic: Catching suspects with push alerts: https://web.archive.org/web/20240301075856/http://www.washingtonpost.com/technology/2024/02/29/push-notification-surveillance-fbi/ </ref> Another user, a suspected Catalan independence activist was traced using secure instant messenger Wire by traced by Spanish police requesting the messaging company the registration email address he had used to open the account and subpoenaing that e-mail company for his login IP address. <ref>Encrypted services Apple, Proton and Wire helped Spanish police identify activist: https://techcrunch.com/2024/05/08/encrypted-services-apple-proton-and-wire-helped-spanish-police-identify-activist/ </ref>

== References ==

{{reflist}}

==External links==

* [https://simplex.chat/ Simplex IM] - Secure messenger that does not require phone number or ID
* [https://teleguard.com/ Teleguard] - Swiss based messenger that does nor require a phone number
* [https://briarproject.org/ Briar IM] - Censorship-resistant peer-to-peer messaging that bypasses centralized servers

[[Category:Technology]]

Instant messaging

2025-06-09T15:00:38Z

Eskimo: added info about Wire messenger

'''Instant messaging''', or '''IM''', is a popular and now ubiquitous medium for sending messages to other persons on the [[Internet]].

==General overview==

Instant messaging is a technology through which a person can send short text messages to others on the same computer or over a computer network. The recipients receive the message instantly and can send a reply right away or at a more convenient time. IM is therefore a powerful middle ground between [[Email_security|e-mail]] and real-time chat systems.

With most IM networks, users connect to a centralized IM server with an instant-messaging client. They sign in with a login id and a password, and the network sends the online status of everyone on the user's contact list and alerts others of the user's online status. Once connected, the user may send messages to others on the same IM network via the centralized server.

There are several major IM networks in use today: AOL Instant Messenger (AIM), Google HangOuts, ICQ, Jabber, Skype, Yahoo! Messenger

Most IM networks are incompatible with others. Although AIM and ICQ users can see each others' status and send messages to each other, interoperability is otherwise non-existent. Proprietary networks have a vested interest in keeping their networks closed. This led to the rise of multi-network clients, such as Pidgin and Trillian. These clients allow users to connect to more than one IM network at once instead of running each official client separately. A user must still register with and sign in to each individual IM network, but can message his friends on various networks using a common interface, which may or may not have more features (such as spell checking) than the official clients.

Many IM clients and networks also presently include more advanced functions, like graphical emoticons integrated in the text, offline messages that are held by the server until the recipient signs in, file transfers, and video and voice chat.

==Instant messaging in the boylove community==

Especially after the decline of [[Internet Relay Chat|IRC]] in the community, instant messaging has been a popular way for boylovers to keep in touch with one another. IM chats take on the character of casual, private conversations. IMs can be a comfortable way to share personal details and form friendships outside of public forums like Internet message boards. Many networks allow group chats where more than two people can talk together at the same time.

==Security==

Instant messengers enable real-time communication with other Internet users, the main privacy danger to users comes from the owners of the IM server/network owner, instant messaging companies like Kik, SnapChat and Skype they all scan the files you send to detect child porn and they could be forced to scan for anything else they want, another privacy danger is that the IM networks know who is talking to whom, they log IPs and ask for a phone number or email address for registration, all of this is kept on file and they have been known to be used to track down users.

The instant messengers listed below do a best effort to keep your online activities anonymous and private but you should combine them with common sense and other privacy technologies such as VPNs, Tor and encryption so that if one safety measure fails you have a second back up safety measure that will stop an attacker and remember that there are things that an IM can not protect you from, yourself, you never know who is behind the keyboard at the other end, they could send you a virus or their computer could fall in the wrong hands one day and your private chat be visible to a third party if that were to happen you will be happy during that conversation your IP was hidden or the message was set to self-destruct.

One such example of user privacy compromised despite using a very secure instant messenger was when the FBI managed to deanonymize a child abuser using the encrypted Teleguard IM by forcing this Swiss company to hand over the push alert code sent to this user, push alerts are the pop-up notifications announcing new instant messages updates, and after that they asked Google to hand over a list of email addresses linked to that code. <ref> The FBI’s new tactic: Catching suspects with push alerts: https://web.archive.org/web/20240301075856/http://www.washingtonpost.com/technology/2024/02/29/push-notification-surveillance-fbi/ </ref> Another user, a suspected Catalan independence activist was traced using secure instant messenger Wire by traced by Spanish police requesting the messaging company the registration email address he had used to open the account and subpoenaing that e-mail company for his login IP address. <ref>Encrypted services Apple, Proton and Wire helped Spanish police identify activist: https://techcrunch.com/2024/05/08/encrypted-services-apple-proton-and-wire-helped-spanish-police-identify-activist/ </ref>

== References ==

{{reflist}}

==External links==

* [https://simplex.chat/ Simplex IM] - Secure messenger that does not require phone number or ID
* [https://teleguard.com/ Teleguard] - Swiss based messenger that does nor require a phone number
* [https://briarproject.org/ Briar IM] - Censorship-resistant peer-to-peer messaging that bypasses centralized servers

[[Category:Technology]]

Instant messaging

2025-06-09T14:56:29Z

Eskimo: re-arranged links by relevancy

'''Instant messaging''', or '''IM''', is a popular and now ubiquitous medium for sending messages to other persons on the [[Internet]].

==General overview==

Instant messaging is a technology through which a person can send short text messages to others on the same computer or over a computer network. The recipients receive the message instantly and can send a reply right away or at a more convenient time. IM is therefore a powerful middle ground between [[Email_security|e-mail]] and real-time chat systems.

With most IM networks, users connect to a centralized IM server with an instant-messaging client. They sign in with a login id and a password, and the network sends the online status of everyone on the user's contact list and alerts others of the user's online status. Once connected, the user may send messages to others on the same IM network via the centralized server.

There are several major IM networks in use today: AOL Instant Messenger (AIM), Google HangOuts, ICQ, Jabber, Skype, Yahoo! Messenger

Most IM networks are incompatible with others. Although AIM and ICQ users can see each others' status and send messages to each other, interoperability is otherwise non-existent. Proprietary networks have a vested interest in keeping their networks closed. This led to the rise of multi-network clients, such as Pidgin and Trillian. These clients allow users to connect to more than one IM network at once instead of running each official client separately. A user must still register with and sign in to each individual IM network, but can message his friends on various networks using a common interface, which may or may not have more features (such as spell checking) than the official clients.

Many IM clients and networks also presently include more advanced functions, like graphical emoticons integrated in the text, offline messages that are held by the server until the recipient signs in, file transfers, and video and voice chat.

==Instant messaging in the boylove community==

Especially after the decline of [[Internet Relay Chat|IRC]] in the community, instant messaging has been a popular way for boylovers to keep in touch with one another. IM chats take on the character of casual, private conversations. IMs can be a comfortable way to share personal details and form friendships outside of public forums like Internet message boards. Many networks allow group chats where more than two people can talk together at the same time.

==Security==

Instant messengers enable real-time communication with other Internet users, the main privacy danger to users comes from the owners of the IM server/network owner, instant messaging companies like Kik, SnapChat and Skype they all scan the files you send to detect child porn and they could be forced to scan for anything else they want, another privacy danger is that the IM networks know who is talking to whom, they log IPs and ask for a phone number or email address for registration, all of this is kept on file and they have been known to be used to track down users.

The instant messengers listed below do a best effort to keep your online activities anonymous and private but you should combine them with common sense and other privacy technologies such as VPNs, Tor and encryption so that if one safety measure fails you have a second back up safety measure that will stop an attacker and remember that there are things that an IM can not protect you from, yourself, you never know who is behind the keyboard at the other end, they could send you a virus or their computer could fall in the wrong hands one day and your private chat be visible to a third party if that were to happen you will be happy during that conversation your IP was hidden or the message was set to self-destruct.

One such example of user privacy compromised despite using a very secure instant messenger was when the FBI managed to deanonymize a child abuser using the encrypted Teleguard IM by forcing this Swiss company to hand over the push alert code sent to this user, push alerts are the pop-up notifications announcing new instant messages updates, and after that they asked Google to hand over a list of email addresses linked to that code. <ref> The FBI’s new tactic: Catching suspects with push alerts: https://web.archive.org/web/20240301075856/http://www.washingtonpost.com/technology/2024/02/29/push-notification-surveillance-fbi/ </ref>

== References ==

{{reflist}}

==External links==

* [https://simplex.chat/ Simplex IM] - Secure messenger that does not require phone number or ID
* [https://teleguard.com/ Teleguard] - Swiss based messenger that does nor require a phone number
* [https://briarproject.org/ Briar IM] - Censorship-resistant peer-to-peer messaging that bypasses centralized servers

[[Category:Technology]]

Instant messaging

2025-06-09T14:55:34Z

Eskimo: Rewrite of the security section of Instant messaging because it was out of date

'''Instant messaging''', or '''IM''', is a popular and now ubiquitous medium for sending messages to other persons on the [[Internet]].

==General overview==

Instant messaging is a technology through which a person can send short text messages to others on the same computer or over a computer network. The recipients receive the message instantly and can send a reply right away or at a more convenient time. IM is therefore a powerful middle ground between [[Email_security|e-mail]] and real-time chat systems.

With most IM networks, users connect to a centralized IM server with an instant-messaging client. They sign in with a login id and a password, and the network sends the online status of everyone on the user's contact list and alerts others of the user's online status. Once connected, the user may send messages to others on the same IM network via the centralized server.

There are several major IM networks in use today: AOL Instant Messenger (AIM), Google HangOuts, ICQ, Jabber, Skype, Yahoo! Messenger

Most IM networks are incompatible with others. Although AIM and ICQ users can see each others' status and send messages to each other, interoperability is otherwise non-existent. Proprietary networks have a vested interest in keeping their networks closed. This led to the rise of multi-network clients, such as Pidgin and Trillian. These clients allow users to connect to more than one IM network at once instead of running each official client separately. A user must still register with and sign in to each individual IM network, but can message his friends on various networks using a common interface, which may or may not have more features (such as spell checking) than the official clients.

Many IM clients and networks also presently include more advanced functions, like graphical emoticons integrated in the text, offline messages that are held by the server until the recipient signs in, file transfers, and video and voice chat.

==Instant messaging in the boylove community==

Especially after the decline of [[Internet Relay Chat|IRC]] in the community, instant messaging has been a popular way for boylovers to keep in touch with one another. IM chats take on the character of casual, private conversations. IMs can be a comfortable way to share personal details and form friendships outside of public forums like Internet message boards. Many networks allow group chats where more than two people can talk together at the same time.

==Security==

Instant messengers enable real-time communication with other Internet users, the main privacy danger to users comes from the owners of the IM server/network owner, instant messaging companies like Kik, SnapChat and Skype they all scan the files you send to detect child porn and they could be forced to scan for anything else they want, another privacy danger is that the IM networks know who is talking to whom, they log IPs and ask for a phone number or email address for registration, all of this is kept on file and they have been known to be used to track down users.

The instant messengers listed below do a best effort to keep your online activities anonymous and private but you should combine them with common sense and other privacy technologies such as VPNs, Tor and encryption so that if one safety measure fails you have a second back up safety measure that will stop an attacker and remember that there are things that an IM can not protect you from, yourself, you never know who is behind the keyboard at the other end, they could send you a virus or their computer could fall in the wrong hands one day and your private chat be visible to a third party if that were to happen you will be happy during that conversation your IP was hidden or the message was set to self-destruct.

One such example of user privacy compromised despite using a very secure instant messenger was when the FBI managed to deanonymize a child abuser using the encrypted Teleguard IM by forcing this Swiss company to hand over the push alert code sent to this user, push alerts are the pop-up notifications announcing new instant messages updates, and after that they asked Google to hand over a list of email addresses linked to that code. <ref> The FBI’s new tactic: Catching suspects with push alerts: https://web.archive.org/web/20240301075856/http://www.washingtonpost.com/technology/2024/02/29/push-notification-surveillance-fbi/ </ref>

== References ==

{{reflist}}

==External links==

* [https://simplex.chat/ Simplex IM] - Secure messenger that does not require phone number or ID
* [https://briarproject.org/ Briar IM] - Censorship-resistant peer-to-peer messaging that bypasses centralized servers
* [https://teleguard.com/ Teleguard] - Swiss based messenger that does nor require a phone number

[[Category:Technology]]

Email security

2025-06-09T14:14:48Z

Eskimo: minor text change

When communicating with other people by email, if you care about privacy you should be concerned about email content being intercepted and anonymity. The main email providers like Yahoo, Gmail and Outlook are the worst choices of email services for a boylover, these services have a backdoor for the NSA to read your email in real time, as proven by Snowden papers <ref>N.S.A. email mass surveillance: https://www.nytimes.com/2013/08/08/us/broader-sifting-of-data-abroad-is-seen-by-nsa.html</ref>, and they scan your files.

Everytime you upload an image to Gmail, Yahoo or Outlook the attachment will be automatically scanned to detect if it is child pornography <ref>Gmail scans messages to detect child porn: http://bits.blogs.nytimes.com/2014/08/04/google-gives-child-pornography-email-evidence-to-police/</ref>. The scanning of your messages, is a privacy violation treating everybody as criminals without being one and they do not guarantee that any of your images will not be flagged by mistake as child pornography, if this were to happen, a report is automatically submitted to the CyberTipline working with the FBI or Interpol, by the time the misunderstanding has been solved your social life would have already been ruined.

Boylovers should have into account that email services offering email [[encryption]] only work if the receiver has an account with the same email provider as you or if they are using a compatible OpenPGP service.

=== Free secure email ===

*[https://tuta.com/ Tuta.com]: Company in Germany with free end to end encryption [[encryption]] and keeping minimal logs, smartphone apps available, they use quantum-resistant cryptography.

*[https://proton.me/mail Proton.me/mail]: Company in Switzerland offering free email with encrypted inbox and no logs, Proton will ask you for a recovery email address during account registration, do not enter anything that can be linked to you.

*[https://mailfence.com/ MailFence]: Belgian company offering OpenPGP encrypted email but they say nothing about logs, proceed with caution if you want your IP hidden use a VPN when opening an account.

The providers above claims are that your data is encrypted and they can´t read it and they do not keep logs but there has been instances where Proton Mail users have been traced by other means, one such case was when French law enforcement requested Swiss authorities to log the connection IP of an email address known to be used by an activist, leading to his arrest. <ref>ProtonMail logged IP address of French activist after order by Swiss authorities: https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/ </ref>. Another Proton Mail user arrested was the case of a Catalan independence activist that had entered a traceable recovery email address when registering for a Proton Mail account, when Spanish law enforcement requested Swiss authorities for this account data Proton Mail complied and handed over all they had in the account, which includes the recovery email address you enter during account registration. <ref>Encrypted services Apple, Proton and Wire helped Spanish police identify activist: https://techcrunch.com/2024/05/08/encrypted-services-apple-proton-and-wire-helped-spanish-police-identify-activist/</ref>

The bottom line here is that email providers are companies that must comply with Court orders, the companies listed above are some of the most private email providers in the World but you should trust nobody, the two activists arrested mentioned above could have avoided arrest if the first one had used a VPN to log into Proton Mail and the second one if he had entered a disposable e-mail address in the registration account but they decided to put all of the trust in the email provider and that was their downfall.

=== Paid email services ===

*[https://posteo.de/en Posteo]: Company in Germany, servers encrypted, they keep no logs and payments are not connected to email accounts.

*[https://www.startmail.com/ StartMail]: Dutch company offering email services encrypted with PGP and multiple email aliases, from the makers of privacy search engine StartSearch.

===Disposable Email Address===

The following email addresses come in handy for when you want to register in a forum and all you need is to receive the welcome email where a link has to be clicked on. These email addresses do not need registration and if combined with a [[Proxy and VPN]] can provide a good level privacy but if forum accounts are approved manually it can take days for you to receive a welcome email, by then, the disposable address you have created will no longer exist and the domain name of the address it often gives away that it is a disposable email address. A disposable email address is best used for forums set to automatic registration, they can be read by everybody, make sure to pick a random username to avoid somebody else picking up the same username as you.

*[https://www.guerrillamail.com/ GuerrillaMail]: Disposable address without registration needed, it can also be used reply to messages.

*[https://trashmail.com/ TrashMail]: Forwarding address, you create an email address that can be used to forward messages to a different email.

==Email encryption==

If you are advanced in computers and understand how OpenPGP works you will want to encrypt emails yourself instead of relaying on a company to do that for you. Privacy email services are convenient because you don´t need to do anything to secure the email and they will save you lots of time, but the risk exists that their security could be sloppy or worse, if security is really important for you, learn how OpenPGP works and use your own private key to encrypt emails this way nobody will be able to read anything without the key that only you have in your power.

The person receiving your encrypted OpenPGP message will have to know how OpenPGP works too and have the software installed to be able to decrypt it.

* [https://www.mailvelope.com/ MailVelope] - Available as a Chrome extension and Firefox addon, this extension can be used to encrypt and decrypt any webmail, it allows you to create or import your own OpenPGP keys and manage them to encrypt and decrypt messages.

== References ==

{{Reflist}}

[[Category:Technology]]

Email security

2025-06-09T14:14:08Z

Eskimo: /* Email encryption */

When communicating with other people by email, if you care about privacy you should be concerned about email content being intercepted and anonymity. The main email providers like Yahoo, Gmail and Outlook are the worst choices of email services for a boylover, these services have a backdoor for the NSA to read your email in real time, as proven by Snowden papers <ref>N.S.A. email mass surveillance: https://www.nytimes.com/2013/08/08/us/broader-sifting-of-data-abroad-is-seen-by-nsa.html</ref>, and they also scan your files.

Everytime you upload an image to Gmail, Yahoo or Outlook the attachment will be automatically scanned to detect if it is child pornography <ref>Gmail scans messages to detect child porn: http://bits.blogs.nytimes.com/2014/08/04/google-gives-child-pornography-email-evidence-to-police/</ref>. The scanning of your messages, is a privacy violation treating everybody as criminals without being one and they do not guarantee that any of your images will not be flagged by mistake as child pornography, if this were to happen, a report is automatically submitted to the CyberTipline working with the FBI or Interpol, by the time the misunderstanding has been solved your social life would have already been ruined.

Boylovers should have into account that email services offering email [[encryption]] only work if the receiver has an account with the same email provider as you or if they are using a compatible OpenPGP service.

=== Free secure email ===

*[https://tuta.com/ Tuta.com]: Company in Germany with free end to end encryption [[encryption]] and keeping minimal logs, smartphone apps available, they use quantum-resistant cryptography.

*[https://proton.me/mail Proton.me/mail]: Company in Switzerland offering free email with encrypted inbox and no logs, Proton will ask you for a recovery email address during account registration, do not enter anything that can be linked to you.

*[https://mailfence.com/ MailFence]: Belgian company offering OpenPGP encrypted email but they say nothing about logs, proceed with caution if you want your IP hidden use a VPN when opening an account.

The providers above claims are that your data is encrypted and they can´t read it and they do not keep logs but there has been instances where Proton Mail users have been traced by other means, one such case was when French law enforcement requested Swiss authorities to log the connection IP of an email address known to be used by an activist, leading to his arrest. <ref>ProtonMail logged IP address of French activist after order by Swiss authorities: https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/ </ref>. Another Proton Mail user arrested was the case of a Catalan independence activist that had entered a traceable recovery email address when registering for a Proton Mail account, when Spanish law enforcement requested Swiss authorities for this account data Proton Mail complied and handed over all they had in the account, which includes the recovery email address you enter during account registration. <ref>Encrypted services Apple, Proton and Wire helped Spanish police identify activist: https://techcrunch.com/2024/05/08/encrypted-services-apple-proton-and-wire-helped-spanish-police-identify-activist/</ref>

The bottom line here is that email providers are companies that must comply with Court orders, the companies listed above are some of the most private email providers in the World but you should trust nobody, the two activists arrested mentioned above could have avoided arrest if the first one had used a VPN to log into Proton Mail and the second one if he had entered a disposable e-mail address in the registration account but they decided to put all of the trust in the email provider and that was their downfall.

=== Paid email services ===

*[https://posteo.de/en Posteo]: Company in Germany, servers encrypted, they keep no logs and payments are not connected to email accounts.

*[https://www.startmail.com/ StartMail]: Dutch company offering email services encrypted with PGP and multiple email aliases, from the makers of privacy search engine StartSearch.

===Disposable Email Address===

The following email addresses come in handy for when you want to register in a forum and all you need is to receive the welcome email where a link has to be clicked on. These email addresses do not need registration and if combined with a [[Proxy and VPN]] can provide a good level privacy but if forum accounts are approved manually it can take days for you to receive a welcome email, by then, the disposable address you have created will no longer exist and the domain name of the address it often gives away that it is a disposable email address. A disposable email address is best used for forums set to automatic registration, they can be read by everybody, make sure to pick a random username to avoid somebody else picking up the same username as you.

*[https://www.guerrillamail.com/ GuerrillaMail]: Disposable address without registration needed, it can also be used reply to messages.

*[https://trashmail.com/ TrashMail]: Forwarding address, you create an email address that can be used to forward messages to a different email.

==Email encryption==

If you are advanced in computers and understand how OpenPGP works you will want to encrypt emails yourself instead of relaying on a company to do that for you. Privacy email services are convenient because you don´t need to do anything to secure the email and they will save you lots of time, but the risk exists that their security could be sloppy or worse, if security is really important for you, learn how OpenPGP works and use your own private key to encrypt emails this way nobody will be able to read anything without the key that only you have in your power.

The person receiving your encrypted OpenPGP message will have to know how OpenPGP works too and have the software installed to be able to decrypt it.

* [https://www.mailvelope.com/ MailVelope] - Available as a Chrome extension and Firefox addon, this extension can be used to encrypt and decrypt any webmail, it allows you to create or import your own OpenPGP keys and manage them to encrypt and decrypt messages.

== References ==

{{Reflist}}

[[Category:Technology]]

Email security

2025-06-09T14:11:06Z

Eskimo: Moved paid email section below the free email section and replaced Torguard email address with Mailfence

When communicating with other people by email, if you care about privacy you should be concerned about email content being intercepted and anonymity. The main email providers like Yahoo, Gmail and Outlook are the worst choices of email services for a boylover, these services have a backdoor for the NSA to read your email in real time, as proven by Snowden papers <ref>N.S.A. email mass surveillance: https://www.nytimes.com/2013/08/08/us/broader-sifting-of-data-abroad-is-seen-by-nsa.html</ref>, and they also scan your files.

Everytime you upload an image to Gmail, Yahoo or Outlook the attachment will be automatically scanned to detect if it is child pornography <ref>Gmail scans messages to detect child porn: http://bits.blogs.nytimes.com/2014/08/04/google-gives-child-pornography-email-evidence-to-police/</ref>. The scanning of your messages, is a privacy violation treating everybody as criminals without being one and they do not guarantee that any of your images will not be flagged by mistake as child pornography, if this were to happen, a report is automatically submitted to the CyberTipline working with the FBI or Interpol, by the time the misunderstanding has been solved your social life would have already been ruined.

Boylovers should have into account that email services offering email [[encryption]] only work if the receiver has an account with the same email provider as you or if they are using a compatible OpenPGP service.

=== Free secure email ===

*[https://tuta.com/ Tuta.com]: Company in Germany with free end to end encryption [[encryption]] and keeping minimal logs, smartphone apps available, they use quantum-resistant cryptography.

*[https://proton.me/mail Proton.me/mail]: Company in Switzerland offering free email with encrypted inbox and no logs, Proton will ask you for a recovery email address during account registration, do not enter anything that can be linked to you.

*[https://mailfence.com/ MailFence]: Belgian company offering OpenPGP encrypted email but they say nothing about logs, proceed with caution if you want your IP hidden use a VPN when opening an account.

The providers above claims are that your data is encrypted and they can´t read it and they do not keep logs but there has been instances where Proton Mail users have been traced by other means, one such case was when French law enforcement requested Swiss authorities to log the connection IP of an email address known to be used by an activist, leading to his arrest. <ref>ProtonMail logged IP address of French activist after order by Swiss authorities: https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/ </ref>. Another Proton Mail user arrested was the case of a Catalan independence activist that had entered a traceable recovery email address when registering for a Proton Mail account, when Spanish law enforcement requested Swiss authorities for this account data Proton Mail complied and handed over all they had in the account, which includes the recovery email address you enter during account registration. <ref>Encrypted services Apple, Proton and Wire helped Spanish police identify activist: https://techcrunch.com/2024/05/08/encrypted-services-apple-proton-and-wire-helped-spanish-police-identify-activist/</ref>

The bottom line here is that email providers are companies that must comply with Court orders, the companies listed above are some of the most private email providers in the World but you should trust nobody, the two activists arrested mentioned above could have avoided arrest if the first one had used a VPN to log into Proton Mail and the second one if he had entered a disposable e-mail address in the registration account but they decided to put all of the trust in the email provider and that was their downfall.

=== Paid email services ===

*[https://posteo.de/en Posteo]: Company in Germany, servers encrypted, they keep no logs and payments are not connected to email accounts.

*[https://www.startmail.com/ StartMail]: Dutch company offering email services encrypted with PGP and multiple email aliases, from the makers of privacy search engine StartSearch.

===Disposable Email Address===

The following email addresses come in handy for when you want to register in a forum and all you need is to receive the welcome email where a link has to be clicked on. These email addresses do not need registration and if combined with a [[Proxy and VPN]] can provide a good level privacy but if forum accounts are approved manually it can take days for you to receive a welcome email, by then, the disposable address you have created will no longer exist and the domain name of the address it often gives away that it is a disposable email address. A disposable email address is best used for forums set to automatic registration, they can be read by everybody, make sure to pick a random username to avoid somebody else picking up the same username as you.

*[https://www.guerrillamail.com/ GuerrillaMail]: Disposable address without registration needed, it can also be used reply to messages.

*[https://trashmail.com/ TrashMail]: Forwarding address, you create an email address that can be used to forward messages to a different email.

==Email encryption==

If you are advanced in computers and understand how OpenPGP works you will want to encrypt emails yourself instead of relaying on a company to do that for you. Privacy email services are convenient because you don´t need to do anything to secure the email and they will save you lots of time, but the risk exists that their security could be sloppy or worse, if security is really important for you, learn how OpenPGP works and use your own private key to encrypt emails this way nobody will be able to read anything without the key that only you have in your power.

Remember that the person receiving your encrypted OpenPGP message will have to know how OpenPGP works too and have the software installed to be able to decrypt it.

* [https://www.mailvelope.com/ MailVelope] - Available as a Chrome extension and Firefox addon, this extension can be used to encrypt and decrypt any webmail, it allows you to create or import your own OpenPGP keys and manage them to encrypt and decrypt messages.

== References ==

{{Reflist}}

[[Category:Technology]]

Email security

2025-06-09T13:43:45Z

Eskimo: Improved disposable email address section

When communicating with other people by email, if you care about privacy you should be concerned about email content being intercepted and anonymity. The main email providers like Yahoo, Gmail and Outlook are the worst choices of email services for a boylover, these services have a backdoor for the NSA to read your email in real time, as proven by Snowden papers <ref>N.S.A. email mass surveillance: https://www.nytimes.com/2013/08/08/us/broader-sifting-of-data-abroad-is-seen-by-nsa.html</ref>, and they also scan your files.

Everytime you upload an image to Gmail, Yahoo or Outlook the attachment will be automatically scanned to detect if it is child pornography <ref>Gmail scans messages to detect child porn: http://bits.blogs.nytimes.com/2014/08/04/google-gives-child-pornography-email-evidence-to-police/</ref>. The scanning of your messages, is a privacy violation treating everybody as criminals without being one and they do not guarantee that any of your images will not be flagged by mistake as child pornography, if this were to happen, a report is automatically submitted to the CyberTipline working with the FBI or Interpol, by the time the misunderstanding has been solved your social life would have already been ruined.

Boylovers should have into account that email services offering email [[encryption]] only work if the receiver has an account with the same email provider as you or if they are using a compatible OpenPGP service.

=== Free secure email ===

*[https://tuta.com/ Tuta.com]: Company in Germany offering free email with [[encryption]] and minimal logs. This email provider is based in a 14 eyes country. Proceed with caution.

*[https://proton.me/mail Proton.me/mail]: Company in Switzerland offering free email with encrypted inbox and minimal logs.

The providers above claims are that your data is encrypted and they can´t read it and they do not keep logs but there has been instances where Proton Mail users have been traced by other means, one such case was when French law enforcement requested Swiss authorities to log the connection IP of an email address known to be used by an activist, leading to his arrest. <ref>ProtonMail logged IP address of French activist after order by Swiss authorities: https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/ </ref>. Another Proton Mail user arrested was the case of a Catalan independence activist that had entered a traceable recovery email address when registering for a Proton Mail account, when Spanish law enforcement requested Swiss authorities for this account data Proton Mail complied and handed over all they had in the account, which includes the recovery email address you enter during account registration. <ref>Encrypted services Apple, Proton and Wire helped Spanish police identify activist: https://techcrunch.com/2024/05/08/encrypted-services-apple-proton-and-wire-helped-spanish-police-identify-activist/</ref>

The bottom line here is that email providers are companies that must comply with Court orders, the companies listed above are some of the most private email providers in the World but you should trust nobody, the two activists arrested mentioned above could have avoided arrest if the first one had used a VPN to log into Proton Mail and the second one if he had entered a disposable e-mail address in the registration account but they decided to put all of the trust in the email provider and that was their downfall.

===Disposable Email Address===

The following email addresses come in handy for when you want to register in a forum and all you need is to receive the welcome email where a link has to be clicked on. These email addresses do not need registration and if combined with a [[Proxy and VPN]] can provide a good level privacy but if forum accounts are approved manually it can take days for you to receive a welcome email, by then, the disposable address you have created will no longer exist and the domain name of the address it often gives away that it is a disposable email address. A disposable email address is best used for forums set to automatic registration, they can be read by everybody, make sure to pick a random username to avoid somebody else picking up the same username as you.

*[https://www.guerrillamail.com/ GuerrillaMail]: Disposable address without registration needed, it can also be used reply to messages.

*[https://trashmail.com/ TrashMail]: Forwarding address, you create an email address that can be used to forward messages to a different email.

=== Paid email services ===

*[https://posteo.de/en Posteo]: Company in Germany, servers encrypted, minimum logs and payments not connected to email accounts.

*[https://www.privatemail.com/ PrivateMail]: Email service run by VPN company Torguard, they claim they do not keep logs.

*[https://www.startmail.com/ StartMail]: Dutch company offering email services encrypted with PGP and multiple email aliases, from the makers of privacy search engine StartSearch.

==Email encryption==

If you are advanced in computers and understand how OpenPGP works you will want to encrypt emails yourself instead of relaying on a company to do that for you. Privacy email services are convenient because you don´t need to do anything to secure the email and they will save you lots of time, but the risk exists that their security could be sloppy or worse, if security is really important for you, learn how OpenPGP works and use your own private key to encrypt emails this way nobody will be able to read anything without the key that only you have in your power.

Remember that the person receiving your encrypted OpenPGP message will have to know how OpenPGP works too and have the software installed to be able to decrypt it.

* [https://www.mailvelope.com/ MailVelope] - Available as a Chrome extension and Firefox addon, this extension can be used to encrypt and decrypt any webmail, it allows you to create or import your own OpenPGP keys and manage them to encrypt and decrypt messages.

== References ==

{{Reflist}}

[[Category:Technology]]

Email security

2025-06-09T13:19:53Z

Eskimo: /* Free secure email */

When communicating with other people by email, if you care about privacy you should be concerned about email content being intercepted and anonymity. The main email providers like Yahoo, Gmail and Outlook are the worst choices of email services for a boylover, these services have a backdoor for the NSA to read your email in real time, as proven by Snowden papers <ref>N.S.A. email mass surveillance: https://www.nytimes.com/2013/08/08/us/broader-sifting-of-data-abroad-is-seen-by-nsa.html</ref>, and they also scan your files.

Everytime you upload an image to Gmail, Yahoo or Outlook the attachment will be automatically scanned to detect if it is child pornography <ref>Gmail scans messages to detect child porn: http://bits.blogs.nytimes.com/2014/08/04/google-gives-child-pornography-email-evidence-to-police/</ref>. The scanning of your messages, is a privacy violation treating everybody as criminals without being one and they do not guarantee that any of your images will not be flagged by mistake as child pornography, if this were to happen, a report is automatically submitted to the CyberTipline working with the FBI or Interpol, by the time the misunderstanding has been solved your social life would have already been ruined.

Boylovers should have into account that email services offering email [[encryption]] only work if the receiver has an account with the same email provider as you or if they are using a compatible OpenPGP service.

=== Free secure email ===

*[https://tuta.com/ Tuta.com]: Company in Germany offering free email with [[encryption]] and minimal logs. This email provider is based in a 14 eyes country. Proceed with caution.

*[https://proton.me/mail Proton.me/mail]: Company in Switzerland offering free email with encrypted inbox and minimal logs.

The providers above claims are that your data is encrypted and they can´t read it and they do not keep logs but there has been instances where Proton Mail users have been traced by other means, one such case was when French law enforcement requested Swiss authorities to log the connection IP of an email address known to be used by an activist, leading to his arrest. <ref>ProtonMail logged IP address of French activist after order by Swiss authorities: https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/ </ref>. Another Proton Mail user arrested was the case of a Catalan independence activist that had entered a traceable recovery email address when registering for a Proton Mail account, when Spanish law enforcement requested Swiss authorities for this account data Proton Mail complied and handed over all they had in the account, which includes the recovery email address you enter during account registration. <ref>Encrypted services Apple, Proton and Wire helped Spanish police identify activist: https://techcrunch.com/2024/05/08/encrypted-services-apple-proton-and-wire-helped-spanish-police-identify-activist/</ref>

The bottom line here is that email providers are companies that must comply with Court orders, the companies listed above are some of the most private email providers in the World but you should trust nobody, the two activists arrested mentioned above could have avoided arrest if the first one had used a VPN to log into Proton Mail and the second one if he had entered a disposable e-mail address in the registration account but they decided to put all of the trust in the email provider and that was their downfall.

===Disposable Email===

The following email addresses come in handy for when you want to register in a forum and all you need is to receive the welcome email where a link has to be clicked on. These email addresses are not secure but they do not need registration and if combined with a [[Proxy and VPN]] can provide low or medium level privacy.

You should bear in mind that if forum accounts are approved manually, it can take days for you to receive a welcome email, by then, the disposable address you have created will no longer exist and many times the domain name of the address gives away that it is a disposable email.

These addresses are best used for forums set to automatic registration. Disposable email provides no privacy and they can be read by everybody, make sure to pick a random username.

*[https://www.guerrillamail.com/ GuerrillaMail]: Disposable address without registration needed, it can also be used reply to messages.

*[https://trashmail.com/ TrashMail]: Forwarding address, you create an email address that can be used to forward messages to a different email.

=== Paid email services ===

*[https://posteo.de/en Posteo]: Company in Germany, servers encrypted, minimum logs and payments not connected to email accounts.

*[https://www.privatemail.com/ PrivateMail]: Email service run by VPN company Torguard, they claim they do not keep logs.

*[https://www.startmail.com/ StartMail]: Dutch company offering email services encrypted with PGP and multiple email aliases, from the makers of privacy search engine StartSearch.

==Email encryption==

If you are advanced in computers and understand how OpenPGP works you will want to encrypt emails yourself instead of relaying on a company to do that for you. Privacy email services are convenient because you don´t need to do anything to secure the email and they will save you lots of time, but the risk exists that their security could be sloppy or worse, if security is really important for you, learn how OpenPGP works and use your own private key to encrypt emails this way nobody will be able to read anything without the key that only you have in your power.

Remember that the person receiving your encrypted OpenPGP message will have to know how OpenPGP works too and have the software installed to be able to decrypt it.

* [https://www.mailvelope.com/ MailVelope] - Available as a Chrome extension and Firefox addon, this extension can be used to encrypt and decrypt any webmail, it allows you to create or import your own OpenPGP keys and manage them to encrypt and decrypt messages.

== References ==

{{Reflist}}

[[Category:Technology]]

Email security

2025-06-09T13:17:52Z

Eskimo: Erasing Hushmail section because this provider is no longer relevant and adding info about logging by Protonmail

When communicating with other people by email, if you care about privacy you should be concerned about email content being intercepted and anonymity. The main email providers like Yahoo, Gmail and Outlook are the worst choices of email services for a boylover, these services have a backdoor for the NSA to read your email in real time, as proven by Snowden papers <ref>N.S.A. email mass surveillance: https://www.nytimes.com/2013/08/08/us/broader-sifting-of-data-abroad-is-seen-by-nsa.html</ref>, and they also scan your files.

Everytime you upload an image to Gmail, Yahoo or Outlook the attachment will be automatically scanned to detect if it is child pornography <ref>Gmail scans messages to detect child porn: http://bits.blogs.nytimes.com/2014/08/04/google-gives-child-pornography-email-evidence-to-police/</ref>. The scanning of your messages, is a privacy violation treating everybody as criminals without being one and they do not guarantee that any of your images will not be flagged by mistake as child pornography, if this were to happen, a report is automatically submitted to the CyberTipline working with the FBI or Interpol, by the time the misunderstanding has been solved your social life would have already been ruined.

Boylovers should have into account that email services offering email [[encryption]] only work if the receiver has an account with the same email provider as you or if they are using a compatible OpenPGP service.

=== Free secure email ===

*[https://tuta.com/ Tuta.com]: Company in Germany offering free email with [[encryption]] and minimal logs. This email provider is based in a 14 eyes country. Proceed with caution.

*[https://proton.me/mail Proton.me/mail]: Company in Switzerland offering free email with encrypted inbox and minimal logs.

The providers above claims are that your data is encrypted and they can´t read it and they do not keep logs but there has been instances where Proton Mail users have been traced by other means, one such case was when French law enforcement requested Swiss authorities to log the connection IP of an email address known to be used by an activist, leading to his arrest. <ref>ProtonMail logged IP address of French activist after order by Swiss authorities: https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/ </ref>. Another Proton Mail user arrested was the case of a Catalan independence activist that had entered a traceable recovery email address when registering for a Proton Mail account, when Spanish law enforcement requested Swiss authorities for this account data Proton Mail complied and handed over all they had in the account, which includes the recovery email address you enter during account registration. <ref>Encrypted services Apple, Proton and Wire helped Spanish police identify activist: https://techcrunch.com/2024/05/08/encrypted-services-apple-proton-and-wire-helped-spanish-police-identify-activist/</ref>

The bottom line here is that email providers are companies that must comply with Court orders, the companies listed above are some of the most private email providers in the World but you should trust nobody, the two activists arrested mentioned above could have avoided arrest if the first one had used a VPN to log into ProtonMail and the second one if he had entered a disposable e-mail address in the registration account but they decided to put all of the trust in the email provider and that was their downfall. Playing the paranoid card would have saved them from arrest.

===Disposable Email===

The following email addresses come in handy for when you want to register in a forum and all you need is to receive the welcome email where a link has to be clicked on. These email addresses are not secure but they do not need registration and if combined with a [[Proxy and VPN]] can provide low or medium level privacy.

You should bear in mind that if forum accounts are approved manually, it can take days for you to receive a welcome email, by then, the disposable address you have created will no longer exist and many times the domain name of the address gives away that it is a disposable email.

These addresses are best used for forums set to automatic registration. Disposable email provides no privacy and they can be read by everybody, make sure to pick a random username.

*[https://www.guerrillamail.com/ GuerrillaMail]: Disposable address without registration needed, it can also be used reply to messages.

*[https://trashmail.com/ TrashMail]: Forwarding address, you create an email address that can be used to forward messages to a different email.

=== Paid email services ===

*[https://posteo.de/en Posteo]: Company in Germany, servers encrypted, minimum logs and payments not connected to email accounts.

*[https://www.privatemail.com/ PrivateMail]: Email service run by VPN company Torguard, they claim they do not keep logs.

*[https://www.startmail.com/ StartMail]: Dutch company offering email services encrypted with PGP and multiple email aliases, from the makers of privacy search engine StartSearch.

==Email encryption==

If you are advanced in computers and understand how OpenPGP works you will want to encrypt emails yourself instead of relaying on a company to do that for you. Privacy email services are convenient because you don´t need to do anything to secure the email and they will save you lots of time, but the risk exists that their security could be sloppy or worse, if security is really important for you, learn how OpenPGP works and use your own private key to encrypt emails this way nobody will be able to read anything without the key that only you have in your power.

Remember that the person receiving your encrypted OpenPGP message will have to know how OpenPGP works too and have the software installed to be able to decrypt it.

* [https://www.mailvelope.com/ MailVelope] - Available as a Chrome extension and Firefox addon, this extension can be used to encrypt and decrypt any webmail, it allows you to create or import your own OpenPGP keys and manage them to encrypt and decrypt messages.

== References ==

{{Reflist}}

[[Category:Technology]]

Instant messaging

2025-06-04T14:32:32Z

Eskimo: /* Security */

Instant messaging

2025-06-04T14:27:19Z

Eskimo: Updated links to more modern anonymous messengers

Privacy Freeware

2025-06-04T13:31:38Z

Eskimo: Changed Windows 10 to Windows 11 reference

This page contains external links to free programs that will help you protect your privacy, some of the listed tools might show you advertisements or a nagging screen inviting the user to upgrade to a paid for version, they might also make it difficult for you to find the free version on their website.

=== Secure Email ===

Most privacy email services charge for their services, the free privacy email services that exist, are provided with the hope that some of their free customers will upgrade to paid accounts and with that money they finance the free service for other users. Usually free accounts are given with limited resources to encourage them to upgrade to a paid account, but it might still be enough for light email users.

One way to obtain an anonymous email account is to hide your computer IP using [[Tor]] to register with any free email provider but many free webmail providers ban Tor proxy IPs and they ask for a backup email account, the method will fail many times.

'''Warning:''' If you use the Tor Browser any website requiring you to enable Javascript presents a serious security risk. Javascript code has been used by law enforcement agencies (or LEO="Law Enforcement Officers") to defeat the security of Tor -- LEO may even have the capability to ''inject'' Javascript into websites without the knowledge of the website administrator if they control the server.

* [https://tuta.com Tuta] - Free German based encrypted email service that reportedly keeps no logs.
* [https://proton.me/mail ProtonMail] - Encrypted email service in Switzerland that does not keep logs.

'''Note:''' ProtonMail recovery email account has been used in the past by law enforcement to track down users and it could be used by malicious actors too. You should not enter any traceable recovery email address in extreme privacy situations.<ref>{{cite web|title=Proton Mail recovery email leads to arrest of Catalan activist|url=https://www.techradar.com/computing/cyber-security/proton-mail-hands-data-to-police-again-is-it-still-safe-for-activists}}</ref>

=== VPN Providers ===

Free VPN services finance their activities displaying advertisements while you surf, or with a freemium model where they convert a part of their free users into paying ones to finance the free VPN. A few other VPN services get government or private funding to help people living in oppressive regimes to bypass censorship, the funding allows them to provide a free service focused towards bypassing firewalls but keeping logs tracking the originating IP.

When choosing a VPN pick a company that will not keep any logs and is located in a jurisdiction where they have no obligation to keep them. Remember that you have no way to verify if the VPN company claims are true or not, when extreme security measures are necessary, browse the Internet with Tor instead of a VPN.

* [https://protonvpn.com/ ProtonVPN] - Company in Switzerland, no bandwidth limit, company claims they do not keep logs, not even for free users.

* [https://windscribe.com/ WindScribe] - Company is based in Canada, free version has a bandwidth limit. They claim they do not keep logs.
* [https://www.expressvpn.com ExpressVPN] - Company that is based in British Virgin Islands. They claim not to keep logs.
* [https://nordvpn.com/about-us/ NordVPN] - Company that has bases in UK, Netherlands, Poland, Germany, Lithuania, Switzerland, and Panama. The parent company is based in Netherlands. Use this VPN with caution due to the 14 eyes security alliance and other friendly countries towards this alliance.

=== Encryption Software ===

To quickly send encrypted email files or messages you can use Winrar or 7-Zip, the protection they offer is strong enough to stop even corrupt law enforcement agents, but to be sure that if your computer is ever lost or stolen no data will be recovered, you will need to use full disk encryption, file [[encryption]] alone can not protect you from temporary files and Internet browsing history leaking into your hard drive, the only way to protect is by fully encrypting your operating system.

* [https://www.veracrypt.jp/ Veracrypt] - Free open source encryption software to fully encrypt your hard drive. Available for Windows, Linux and Mac computers, but the full disk encryption option only works in Windows. In Linux and Mac Veracrypt can only be used to create encrypted virtual disks.

=== Data Wiping ===

Documents, images and videos you delete can be easily recovered with specialist software. The only sure way to get rid of a file for ever is to overwrite it with other data on top, the following programs will do that for you.

* [https://www.bleachbit.org/ BleachBit] - Internet browsing and temporary files data wiping software
* [http://sourceforge.net/projects/eraser/ Eraser] - File and hard drive empty sectors wiper
* [http://privazer.com/ Privazer] - It securely wipes temporary files and hard drive free space
* [https://www.ccleaner.com/ CCleaner] - Program to securely erase history browsing, cookies, temporary files and other personal data stored in your hard drive.

=== Password Manager ===

You should never reuse usernames and passwords if you care about online security and privacy. If you reuse in a real life self-help or entertainment discussion board the same username or email address being used for boylover activism, somebody could make the connection. A search engine query can locate all places on the Internet where that username is being employed. Another factor is that if you reuse the same password in multiple online accounts and one of those accounts is hacked, the attacker will have access to all accounts you own on the Internet. Bots can automatically attempt multiple usernames and passwords taken from a hacked database, by choosing a unique username and password for each online account you have, you will limit the damage in case of a hacking incident.

Passwords managers are needed to be able to remember dozens or hundreds of unique usernames and passwords for online accounts. There are two types of password managers:

An offline password manager database is not accessible from the Internet and you don´t have to trust third parties with your data, hence security is higher. The disadvantage is that it will be harder to access the password manager from other devices without physically moving the file and you might have compatibility issues on mobile devices.

* [https://keepassxc.org/ KeePassXC Password Manager] - Offline light weight free open source password manager that works in Windows, Mac and Linux.

Cloud based password managers are less secure than offline password managers, if the service is on the cloud you have to trust that the company holding those passwords is really as secure as they say they are and they normally charge a fee for their services. The advantage is that being on the cloud has the convenience of not having to store anything on your hard drive and it is accessible across multiple devices like smartphones and tablets.

* [https://bitwarden.com/ BitWarden] - Online password manager that can be sync across multiple devices.

=== Windows Privacy Software ===

Windows is an extremely privacy invasive operating system, if you are serious about privacy move to Linux, if for whatever reason you can´t here are some privacy tips for Windows to make Microsoft spying on you harder but be aware that Windows can not be made totally private, with each new release and update Microsoft keeps moving the base to spy more and log users.

The most important thing you should do in Windows 11 is to never use a Microsoft account to log into your operating system because this will send and link your private data to Microsoft cloud servers, there are a few work arounds to be able to use Windows 11 without an account but unfortunately Microsoft keeps changing the rules with each new update, because a work around might be out of date by the time you read this, it is best that you use a search engine with fresh information to locate the latest tricks to install Windows 11 without an account. Even when you are logged in Windows without any Microsoft account there are features like OneDrive, Microsoft cloud storage services, that are enabled by default, you could easily upload a personal picture or document to Onedrive by accident without being warned that Microsoft scans all files you upload to OneDrive to detect illegal content, something that invades personal privacy, you should disable OneDrive straight away, privacy conscious people should avoid Microsoft and Google products as much as possible.

* [https://www.oo-software.com/en/shutup10 O&O ShutUp10] - Free antispy tool for Windows 10 and 11 to quickly disable advertising IDs, OneDrive and automatic sending of crash reports to Microsoft, using a slider you can choose what services you are ok with and which ones must be disabled.

=== Free Antivirus ===

Windows 11 comes with Windows Defender, a fully featured security solution that scans your computer for malware and viruses, it is enabled by default but if you install new antivirus software, Windows will disable Windows Defender and use your preferred antivirus solution instead. Most online reviews point out at the high quality of Windows Defender, the main reason why somebody might want to use a different product it is lack of trust in Microsoft products, or somebody looking for advanced control over their antivirus software. Windows Defender has few customisation options.

* [https://www.avast.com/en-eu/free-antivirus-download Avast Free Antivirus] - During installation you might be asked if you want additional software, look out and uncheck boxes.
* [https://www.avira.com/en/free-antivirus-windows Avira Antivirus] - Free version will display nagging to try to get you to upgrade to their paid version.

=== Operating System ===

Macintosh operating systems and specially Windows, have all kind of tracking mechanisms that can be misused and besides being closed source, they are not focused in privacy. If you are really serious about security you will be better off with a Linux or BSD open source operating system that has been build with security and privacy in mind.

* [https://tails.net/ The Amnesic Incognito Live System - Tails] - Debian based operating system that can be installed in your computer, a thumb drive or run from a live DVD, this is the best choice for beginners. Tails routes your Internet data through the Tor network, with the firewall configured to make it impossible to leak your real IP. It will circumvent Internet censorship and it will leave no trace behind unless you ask it explicitly. Tails comes with a messenger, text editor, video player and many other utilities.

* [https://www.qubes-os.org/ Qubes Operating System] - Linux operating system using virtualisation to isolate every single application you have, making it is impossible for malware to spread from your Internet browser or text editor to the operating system. Quebes does not come with Tor out of the box but you can easily install Whonix, a virtual operating system similar to Tails, using a template provided by Qubes and enjoy anonymous Internet access with one of the most secure set ups possible.

=== Other ===

* [https://www.torproject.org/ Tor Project] - Browser to access the Internet anonymously.
* [https://www.whonix.org/ Whonix] - Very similar to Tails but it runs inside a virtual box. You should be advanced in computer skills to use it.
* [https://geti2p.net/ GetI2P] - Anonymous network similar to Tor that can be used for email and Internet browsing.

== See also ==

* [[Internet security tutorial‎]]
* [[Encryption]]
* [[Email_security|Email Security]]

== References ==

{{Reflist}}

[[Category:Technology]]

Privacy Freeware

2025-06-04T13:24:21Z

Eskimo: Changed Hushmail warning to ProtonMail warning

This page contains external links to free programs that will help you protect your privacy, some of the listed tools might show you advertisements or a nagging screen inviting the user to upgrade to a paid for version, they might also make it difficult for you to find the free version on their website.

=== Secure Email ===

Most privacy email services charge for their services, the free privacy email services that exist, are provided with the hope that some of their free customers will upgrade to paid accounts and with that money they finance the free service for other users. Usually free accounts are given with limited resources to encourage them to upgrade to a paid account, but it might still be enough for light email users.

One way to obtain an anonymous email account is to hide your computer IP using [[Tor]] to register with any free email provider but many free webmail providers ban Tor proxy IPs and they ask for a backup email account, the method will fail many times.

'''Warning:''' If you use the Tor Browser any website requiring you to enable Javascript presents a serious security risk. Javascript code has been used by law enforcement agencies (or LEO="Law Enforcement Officers") to defeat the security of Tor -- LEO may even have the capability to ''inject'' Javascript into websites without the knowledge of the website administrator if they control the server.

* [https://tuta.com Tuta] - Free German based encrypted email service that reportedly keeps no logs.
* [https://proton.me/mail ProtonMail] - Encrypted email service in Switzerland that does not keep logs.

'''Note:''' ProtonMail recovery email account has been used in the past by law enforcement to track down users and it could be used by malicious actors too. You should not enter any traceable recovery email address in extreme privacy situations.<ref>{{cite web|title=Proton Mail recovery email leads to arrest of Catalan activist|url=https://www.techradar.com/computing/cyber-security/proton-mail-hands-data-to-police-again-is-it-still-safe-for-activists}}</ref>

=== VPN Providers ===

Free VPN services finance their activities displaying advertisements while you surf, or with a freemium model where they convert a part of their free users into paying ones to finance the free VPN. A few other VPN services get government or private funding to help people living in oppressive regimes to bypass censorship, the funding allows them to provide a free service focused towards bypassing firewalls but keeping logs tracking the originating IP.

When choosing a VPN pick a company that will not keep any logs and is located in a jurisdiction where they have no obligation to keep them. Remember that you have no way to verify if the VPN company claims are true or not, when extreme security measures are necessary, browse the Internet with Tor instead of a VPN.

* [https://protonvpn.com/ ProtonVPN] - Company in Switzerland, no bandwidth limit, company claims they do not keep logs, not even for free users.

* [https://windscribe.com/ WindScribe] - Company is based in Canada, free version has a bandwidth limit. They claim they do not keep logs.
* [https://www.expressvpn.com ExpressVPN] - Company that is based in British Virgin Islands. They claim not to keep logs.
* [https://nordvpn.com/about-us/ NordVPN] - Company that has bases in UK, Netherlands, Poland, Germany, Lithuania, Switzerland, and Panama. The parent company is based in Netherlands. Use this VPN with caution due to the 14 eyes security alliance and other friendly countries towards this alliance.

=== Encryption Software ===

To quickly send encrypted email files or messages you can use Winrar or 7-Zip, the protection they offer is strong enough to stop even corrupt law enforcement agents, but to be sure that if your computer is ever lost or stolen no data will be recovered, you will need to use full disk encryption, file [[encryption]] alone can not protect you from temporary files and Internet browsing history leaking into your hard drive, the only way to protect is by fully encrypting your operating system.

* [https://www.veracrypt.jp/ Veracrypt] - Free open source encryption software to fully encrypt your hard drive. Available for Windows, Linux and Mac computers, but the full disk encryption option only works in Windows. In Linux and Mac Veracrypt can only be used to create encrypted virtual disks.

=== Data Wiping ===

Documents, images and videos you delete can be easily recovered with specialist software. The only sure way to get rid of a file for ever is to overwrite it with other data on top, the following programs will do that for you.

* [https://www.bleachbit.org/ BleachBit] - Internet browsing and temporary files data wiping software
* [http://sourceforge.net/projects/eraser/ Eraser] - File and hard drive empty sectors wiper
* [http://privazer.com/ Privazer] - It securely wipes temporary files and hard drive free space
* [https://www.ccleaner.com/ CCleaner] - Program to securely erase history browsing, cookies, temporary files and other personal data stored in your hard drive.

=== Password Manager ===

You should never reuse usernames and passwords if you care about online security and privacy. If you reuse in a real life self-help or entertainment discussion board the same username or email address being used for boylover activism, somebody could make the connection. A search engine query can locate all places on the Internet where that username is being employed. Another factor is that if you reuse the same password in multiple online accounts and one of those accounts is hacked, the attacker will have access to all accounts you own on the Internet. Bots can automatically attempt multiple usernames and passwords taken from a hacked database, by choosing a unique username and password for each online account you have, you will limit the damage in case of a hacking incident.

Passwords managers are needed to be able to remember dozens or hundreds of unique usernames and passwords for online accounts. There are two types of password managers:

An offline password manager database is not accessible from the Internet and you don´t have to trust third parties with your data, hence security is higher. The disadvantage is that it will be harder to access the password manager from other devices without physically moving the file and you might have compatibility issues on mobile devices.

* [https://keepassxc.org/ KeePassXC Password Manager] - Offline light weight free open source password manager that works in Windows, Mac and Linux.

Cloud based password managers are less secure than offline password managers, if the service is on the cloud you have to trust that the company holding those passwords is really as secure as they say they are and they normally charge a fee for their services. The advantage is that being on the cloud has the convenience of not having to store anything on your hard drive and it is accessible across multiple devices like smartphones and tablets.

* [https://bitwarden.com/ BitWarden] - Online password manager that can be sync across multiple devices.

=== Windows Privacy Software ===

Windows is an extremely privacy invasive operating system, if you are serious about privacy move to Linux, if for whatever reason you can´t here are some privacy tips for Windows to make Microsoft spying on you harder but be aware that Windows can not be made totally private, with each new release and update Microsoft keeps moving the base to spy more and log users.

The most important thing you should do in Windows 11 is to never use a Microsoft account to log into your operating system because this will send and link your private data to Microsoft cloud servers, there are a few work arounds to be able to use Windows 11 without an account but unfortunately Microsoft keeps changing the rules with each new update, because a work around might be out of date by the time you read this, it is best that you use a search engine with fresh information to locate the latest tricks to install Windows 11 without an account. Even when you are logged in Windows without any Microsoft account there are features like OneDrive, Microsoft cloud storage services, that are enabled by default, you could easily upload a personal picture or document to Onedrive by accident without being warned that Microsoft scans all files you upload to OneDrive to detect illegal content, something that invades personal privacy, you should disable OneDrive straight away, privacy conscious people should avoid Microsoft and Google products as much as possible.

* [https://www.oo-software.com/en/shutup10 O&O ShutUp10] - Free antispy tool for Windows 10 and 11 to quickly disable advertising IDs, OneDrive and automatic sending of crash reports to Microsoft, using a slider you can choose what services you are ok with and which ones must be disabled.

=== Free Antivirus ===

Windows 10 comes with Windows Defender, a fully featured security solution that scans your computer for malware and viruses, it is enabled by default but if you install new antivirus software, Windows will disable Windows Defender and use your preferred antivirus solution instead. Most online reviews point out at the high quality of Windows Defender, the main reason why somebody might want to use a different product it is lack of trust in Microsoft products, or somebody looking for advanced control over their antivirus software. Windows Defender has few customisation options.

* [https://www.avast.com/en-eu/free-antivirus-download Avast Free Antivirus] - It might install a website rating toolbar that can be easily uninstalled.
* [https://www.avira.com/en/free-antivirus-windows Avira (German company)] - Free version will display nagging to try to get you to upgrade to their paid version.

=== Operating System ===

Macintosh operating systems and specially Windows, have all kind of tracking mechanisms that can be misused and besides being closed source, they are not focused in privacy. If you are really serious about security you will be better off with a Linux or BSD open source operating system that has been build with security and privacy in mind.

* [https://tails.net/ The Amnesic Incognito Live System - Tails] - Debian based operating system that can be installed in your computer, a thumb drive or run from a live DVD, this is the best choice for beginners. Tails routes your Internet data through the Tor network, with the firewall configured to make it impossible to leak your real IP. It will circumvent Internet censorship and it will leave no trace behind unless you ask it explicitly. Tails comes with a messenger, text editor, video player and many other utilities.

* [https://www.qubes-os.org/ Qubes Operating System] - Linux operating system using virtualisation to isolate every single application you have, making it is impossible for malware to spread from your Internet browser or text editor to the operating system. Quebes does not come with Tor out of the box but you can easily install Whonix, a virtual operating system similar to Tails, using a template provided by Qubes and enjoy anonymous Internet access with one of the most secure set ups possible.

=== Other ===

* [https://www.torproject.org/ Tor Project] - Browser to access the Internet anonymously.
* [https://www.whonix.org/ Whonix] - Very similar to Tails but it runs inside a virtual box. You should be advanced in computer skills to use it.
* [https://geti2p.net/ GetI2P] - Anonymous network similar to Tor that can be used for email and Internet browsing.

== See also ==

* [[Internet security tutorial‎]]
* [[Encryption]]
* [[Email_security|Email Security]]

== References ==

{{Reflist}}

[[Category:Technology]]

Privacy Freeware

2025-06-04T13:13:21Z

Eskimo: Windows 10 privacy software section updated with information about Windows 11

This page contains external links to free programs that will help you protect your privacy, some of the listed tools might show you advertisements or a nagging screen inviting the user to upgrade to a paid for version, they might also make it difficult for you to find the free version on their website.

=== Secure Email ===

Most privacy email services charge for their services, the free privacy email services that exist, are provided with the hope that some of their free customers will upgrade to paid accounts and with that money they finance the free service for other users. Usually free accounts are given with limited resources to encourage them to upgrade to a paid account, but it might still be enough for light email users.

One way to obtain an anonymous email account is to hide your computer IP using [[Tor]] to register with any free email provider but many free webmail providers ban Tor proxy IPs and they ask for a backup email account, the method will fail many times.

'''Note:''' If you use the Tor Browser any website requiring you to enable Javascript presents a serious security risk. Javascript code has been used by law enforcement agencies (or LEO="Law Enforcement Officers") to defeat the security of Tor -- LEO may even have the capability to ''inject'' Javascript into websites without the knowledge of the website administrator if they control the server.

* [https://tuta.com Tuta] - Free German based encrypted email service that reportedly keeps no logs.
* [https://proton.me/mail ProtonMail] - Encrypted email service in Switzerland that does not keep logs.

'''Note:''' Hushmail is not recommended; among other things, Hushmail privacy policy mentions that they keep a record of your activities for 18 months after deleting the account.<ref>{{cite web|title=Hushmail privacy policy|url=https://www.hushmail.com/privacy/}}</ref>

=== VPN Providers ===

Free VPN services finance their activities displaying advertisements while you surf, or with a freemium model where they convert a part of their free users into paying ones to finance the free VPN. A few other VPN services get government or private funding to help people living in oppressive regimes to bypass censorship, the funding allows them to provide a free service focused towards bypassing firewalls but keeping logs tracking the originating IP.

When choosing a VPN pick a company that will not keep any logs and is located in a jurisdiction where they have no obligation to keep them. Remember that you have no way to verify if the VPN company claims are true or not, when extreme security measures are necessary, browse the Internet with Tor instead of a VPN.

* [https://protonvpn.com/ ProtonVPN] - Company in Switzerland, no bandwidth limit, company claims they do not keep logs, not even for free users.

* [https://windscribe.com/ WindScribe] - Company is based in Canada, free version has a bandwidth limit. They claim they do not keep logs.
* [https://www.expressvpn.com ExpressVPN] - Company that is based in British Virgin Islands. They claim not to keep logs.
* [https://nordvpn.com/about-us/ NordVPN] - Company that has bases in UK, Netherlands, Poland, Germany, Lithuania, Switzerland, and Panama. The parent company is based in Netherlands. Use this VPN with caution due to the 14 eyes security alliance and other friendly countries towards this alliance.

=== Encryption Software ===

To quickly send encrypted email files or messages you can use Winrar or 7-Zip, the protection they offer is strong enough to stop even corrupt law enforcement agents, but to be sure that if your computer is ever lost or stolen no data will be recovered, you will need to use full disk encryption, file [[encryption]] alone can not protect you from temporary files and Internet browsing history leaking into your hard drive, the only way to protect is by fully encrypting your operating system.

* [https://www.veracrypt.jp/ Veracrypt] - Free open source encryption software to fully encrypt your hard drive. Available for Windows, Linux and Mac computers, but the full disk encryption option only works in Windows. In Linux and Mac Veracrypt can only be used to create encrypted virtual disks.

=== Data Wiping ===

Documents, images and videos you delete can be easily recovered with specialist software. The only sure way to get rid of a file for ever is to overwrite it with other data on top, the following programs will do that for you.

* [https://www.bleachbit.org/ BleachBit] - Internet browsing and temporary files data wiping software
* [http://sourceforge.net/projects/eraser/ Eraser] - File and hard drive empty sectors wiper
* [http://privazer.com/ Privazer] - It securely wipes temporary files and hard drive free space
* [https://www.ccleaner.com/ CCleaner] - Program to securely erase history browsing, cookies, temporary files and other personal data stored in your hard drive.

=== Password Manager ===

You should never reuse usernames and passwords if you care about online security and privacy. If you reuse in a real life self-help or entertainment discussion board the same username or email address being used for boylover activism, somebody could make the connection. A search engine query can locate all places on the Internet where that username is being employed. Another factor is that if you reuse the same password in multiple online accounts and one of those accounts is hacked, the attacker will have access to all accounts you own on the Internet. Bots can automatically attempt multiple usernames and passwords taken from a hacked database, by choosing a unique username and password for each online account you have, you will limit the damage in case of a hacking incident.

Passwords managers are needed to be able to remember dozens or hundreds of unique usernames and passwords for online accounts. There are two types of password managers:

An offline password manager database is not accessible from the Internet and you don´t have to trust third parties with your data, hence security is higher. The disadvantage is that it will be harder to access the password manager from other devices without physically moving the file and you might have compatibility issues on mobile devices.

* [https://keepassxc.org/ KeePassXC Password Manager] - Offline light weight free open source password manager that works in Windows, Mac and Linux.

Cloud based password managers are less secure than offline password managers, if the service is on the cloud you have to trust that the company holding those passwords is really as secure as they say they are and they normally charge a fee for their services. The advantage is that being on the cloud has the convenience of not having to store anything on your hard drive and it is accessible across multiple devices like smartphones and tablets.

* [https://bitwarden.com/ BitWarden] - Online password manager that can be sync across multiple devices.

=== Windows Privacy Software ===

Windows is an extremely privacy invasive operating system, if you are serious about privacy move to Linux, if for whatever reason you can´t here are some privacy tips for Windows to make Microsoft spying on you harder but be aware that Windows can not be made totally private, with each new release and update Microsoft keeps moving the base to spy more and log users.

The most important thing you should do in Windows 11 is to never use a Microsoft account to log into your operating system because this will send and link your private data to Microsoft cloud servers, there are a few work arounds to be able to use Windows 11 without an account but unfortunately Microsoft keeps changing the rules with each new update, because a work around might be out of date by the time you read this, it is best that you use a search engine with fresh information to locate the latest tricks to install Windows 11 without an account. Even when you are logged in Windows without any Microsoft account there are features like OneDrive, Microsoft cloud storage services, that are enabled by default, you could easily upload a personal picture or document to Onedrive by accident without being warned that Microsoft scans all files you upload to OneDrive to detect illegal content, something that invades personal privacy, you should disable OneDrive straight away, privacy conscious people should avoid Microsoft and Google products as much as possible.

* [https://www.oo-software.com/en/shutup10 O&O ShutUp10] - Free antispy tool for Windows 10 and 11 to quickly disable advertising IDs, OneDrive and automatic sending of crash reports to Microsoft, using a slider you can choose what services you are ok with and which ones must be disabled.

=== Free Antivirus ===

Windows 10 comes with Windows Defender, a fully featured security solution that scans your computer for malware and viruses, it is enabled by default but if you install new antivirus software, Windows will disable Windows Defender and use your preferred antivirus solution instead. Most online reviews point out at the high quality of Windows Defender, the main reason why somebody might want to use a different product it is lack of trust in Microsoft products, or somebody looking for advanced control over their antivirus software. Windows Defender has few customisation options.

* [https://www.avast.com/en-eu/free-antivirus-download Avast Free Antivirus] - It might install a website rating toolbar that can be easily uninstalled.
* [https://www.avira.com/en/free-antivirus-windows Avira (German company)] - Free version will display nagging to try to get you to upgrade to their paid version.

=== Operating System ===

Macintosh operating systems and specially Windows, have all kind of tracking mechanisms that can be misused and besides being closed source, they are not focused in privacy. If you are really serious about security you will be better off with a Linux or BSD open source operating system that has been build with security and privacy in mind.

* [https://tails.net/ The Amnesic Incognito Live System - Tails] - Debian based operating system that can be installed in your computer, a thumb drive or run from a live DVD, this is the best choice for beginners. Tails routes your Internet data through the Tor network, with the firewall configured to make it impossible to leak your real IP. It will circumvent Internet censorship and it will leave no trace behind unless you ask it explicitly. Tails comes with a messenger, text editor, video player and many other utilities.

* [https://www.qubes-os.org/ Qubes Operating System] - Linux operating system using virtualisation to isolate every single application you have, making it is impossible for malware to spread from your Internet browser or text editor to the operating system. Quebes does not come with Tor out of the box but you can easily install Whonix, a virtual operating system similar to Tails, using a template provided by Qubes and enjoy anonymous Internet access with one of the most secure set ups possible.

=== Other ===

* [https://www.torproject.org/ Tor Project] - Browser to access the Internet anonymously.
* [https://www.whonix.org/ Whonix] - Very similar to Tails but it runs inside a virtual box. You should be advanced in computer skills to use it.
* [https://geti2p.net/ GetI2P] - Anonymous network similar to Tor that can be used for email and Internet browsing.

== See also ==

* [[Internet security tutorial‎]]
* [[Encryption]]
* [[Email_security|Email Security]]

== References ==

{{Reflist}}

[[Category:Technology]]

Privacy Freeware

2025-06-04T12:38:54Z

Eskimo: /* Data Wiping */

This page contains external links to free programs that will help you protect your privacy, some of the listed tools might show you advertisements or a nagging screen inviting the user to upgrade to a paid for version, they might also make it difficult for you to find the free version on their website.

=== Secure Email ===

Most privacy email services charge for their services, the free privacy email services that exist, are provided with the hope that some of their free customers will upgrade to paid accounts and with that money they finance the free service for other users. Usually free accounts are given with limited resources to encourage them to upgrade to a paid account, but it might still be enough for light email users.

One way to obtain an anonymous email account is to hide your computer IP using [[Tor]] to register with any free email provider but many free webmail providers ban Tor proxy IPs and they ask for a backup email account, the method will fail many times.

'''Note:''' If you use the Tor Browser any website requiring you to enable Javascript presents a serious security risk. Javascript code has been used by law enforcement agencies (or LEO="Law Enforcement Officers") to defeat the security of Tor -- LEO may even have the capability to ''inject'' Javascript into websites without the knowledge of the website administrator if they control the server.

* [https://tuta.com Tuta] - Free German based encrypted email service that reportedly keeps no logs.
* [https://proton.me/mail ProtonMail] - Encrypted email service in Switzerland that does not keep logs.

'''Note:''' Hushmail is not recommended; among other things, Hushmail privacy policy mentions that they keep a record of your activities for 18 months after deleting the account.<ref>{{cite web|title=Hushmail privacy policy|url=https://www.hushmail.com/privacy/}}</ref>

=== VPN Providers ===

Free VPN services finance their activities displaying advertisements while you surf, or with a freemium model where they convert a part of their free users into paying ones to finance the free VPN. A few other VPN services get government or private funding to help people living in oppressive regimes to bypass censorship, the funding allows them to provide a free service focused towards bypassing firewalls but keeping logs tracking the originating IP.

When choosing a VPN pick a company that will not keep any logs and is located in a jurisdiction where they have no obligation to keep them. Remember that you have no way to verify if the VPN company claims are true or not, when extreme security measures are necessary, browse the Internet with Tor instead of a VPN.

* [https://protonvpn.com/ ProtonVPN] - Company in Switzerland, no bandwidth limit, company claims they do not keep logs, not even for free users.

* [https://windscribe.com/ WindScribe] - Company is based in Canada, free version has a bandwidth limit. They claim they do not keep logs.
* [https://www.expressvpn.com ExpressVPN] - Company that is based in British Virgin Islands. They claim not to keep logs.
* [https://nordvpn.com/about-us/ NordVPN] - Company that has bases in UK, Netherlands, Poland, Germany, Lithuania, Switzerland, and Panama. The parent company is based in Netherlands. Use this VPN with caution due to the 14 eyes security alliance and other friendly countries towards this alliance.

=== Encryption Software ===

To quickly send encrypted email files or messages you can use Winrar or 7-Zip, the protection they offer is strong enough to stop even corrupt law enforcement agents, but to be sure that if your computer is ever lost or stolen no data will be recovered, you will need to use full disk encryption, file [[encryption]] alone can not protect you from temporary files and Internet browsing history leaking into your hard drive, the only way to protect is by fully encrypting your operating system.

* [https://www.veracrypt.jp/ Veracrypt] - Free open source encryption software to fully encrypt your hard drive. Available for Windows, Linux and Mac computers, but the full disk encryption option only works in Windows. In Linux and Mac Veracrypt can only be used to create encrypted virtual disks.

=== Data Wiping ===

Documents, images and videos you delete can be easily recovered with specialist software. The only sure way to get rid of a file for ever is to overwrite it with other data on top, the following programs will do that for you.

* [https://www.bleachbit.org/ BleachBit] - Internet browsing and temporary files data wiping software
* [http://sourceforge.net/projects/eraser/ Eraser] - File and hard drive empty sectors wiper
* [http://privazer.com/ Privazer] - It securely wipes temporary files and hard drive free space
* [https://www.ccleaner.com/ CCleaner] - Program to securely erase history browsing, cookies, temporary files and other personal data stored in your hard drive.

=== Password Manager ===

You should never reuse usernames and passwords if you care about online security and privacy. If you reuse in a real life self-help or entertainment discussion board the same username or email address being used for boylover activism, somebody could make the connection. A search engine query can locate all places on the Internet where that username is being employed. Another factor is that if you reuse the same password in multiple online accounts and one of those accounts is hacked, the attacker will have access to all accounts you own on the Internet. Bots can automatically attempt multiple usernames and passwords taken from a hacked database, by choosing a unique username and password for each online account you have, you will limit the damage in case of a hacking incident.

Passwords managers are needed to be able to remember dozens or hundreds of unique usernames and passwords for online accounts. There are two types of password managers:

An offline password manager database is not accessible from the Internet and you don´t have to trust third parties with your data, hence security is higher. The disadvantage is that it will be harder to access the password manager from other devices without physically moving the file and you might have compatibility issues on mobile devices.

* [https://keepassxc.org/ KeePassXC Password Manager] - Offline light weight free open source password manager that works in Windows, Mac and Linux.

Cloud based password managers are less secure than offline password managers, if the service is on the cloud you have to trust that the company holding those passwords is really as secure as they say they are and they normally charge a fee for their services. The advantage is that being on the cloud has the convenience of not having to store anything on your hard drive and it is accessible across multiple devices like smartphones and tablets.

* [https://bitwarden.com/ BitWarden] - Online password manager that can be sync across multiple devices.

=== Windows 10 Privacy Software ===

Windows 10 it is the most privacy invasive operating system from Microsoft. The first thing you should do is to never ever use a Microsoft account to log into your operating system, it is possible to use Windows 10 without having a Microsoft account, they just make it difficult for you to realise of this. If you login with your account everything you do can be linked to that account. Even when you are logged in without any Microsoft account, there are features like OneDrive, Microsoft cloud storage services, that comes enabled by default, and it is very easy to upload something there by accident without being warned that Microsoft scans all files you upload to OneDrive to detect illegal content, something that can be misused to invade your personal privacy, you should never store anything on the cloud and disable OneDrive straight away if you care about your personal privacy.

* [https://www.oo-software.com/en/shutup10 O&O ShutUp10] - Free utility to quickly disable advertising IDs, Cortana, OneDrive and automatic sending of crash reports to Microsoft, using a slider you can choose what services you are ok with and which ones must be disabled. There are information about what each service does next to the slider.

=== Free Antivirus ===

Windows 10 comes with Windows Defender, a fully featured security solution that scans your computer for malware and viruses, it is enabled by default but if you install new antivirus software, Windows will disable Windows Defender and use your preferred antivirus solution instead. Most online reviews point out at the high quality of Windows Defender, the main reason why somebody might want to use a different product it is lack of trust in Microsoft products, or somebody looking for advanced control over their antivirus software. Windows Defender has few customisation options.

* [https://www.avast.com/en-eu/free-antivirus-download Avast Free Antivirus] - It might install a website rating toolbar that can be easily uninstalled.
* [https://www.avira.com/en/free-antivirus-windows Avira (German company)] - Free version will display nagging to try to get you to upgrade to their paid version.

=== Operating System ===

Macintosh operating systems and specially Windows, have all kind of tracking mechanisms that can be misused and besides being closed source, they are not focused in privacy. If you are really serious about security you will be better off with a Linux or BSD open source operating system that has been build with security and privacy in mind.

* [https://tails.net/ The Amnesic Incognito Live System - Tails] - Debian based operating system that can be installed in your computer, a thumb drive or run from a live DVD, this is the best choice for beginners. Tails routes your Internet data through the Tor network, with the firewall configured to make it impossible to leak your real IP. It will circumvent Internet censorship and it will leave no trace behind unless you ask it explicitly. Tails comes with a messenger, text editor, video player and many other utilities.

* [https://www.qubes-os.org/ Qubes Operating System] - Linux operating system using virtualisation to isolate every single application you have, making it is impossible for malware to spread from your Internet browser or text editor to the operating system. Quebes does not come with Tor out of the box but you can easily install Whonix, a virtual operating system similar to Tails, using a template provided by Qubes and enjoy anonymous Internet access with one of the most secure set ups possible.

=== Other ===

* [https://www.torproject.org/ Tor Project] - Browser to access the Internet anonymously.
* [https://www.whonix.org/ Whonix] - Very similar to Tails but it runs inside a virtual box. You should be advanced in computer skills to use it.
* [https://geti2p.net/ GetI2P] - Anonymous network similar to Tor that can be used for email and Internet browsing.

== See also ==

* [[Internet security tutorial‎]]
* [[Encryption]]
* [[Email_security|Email Security]]

== References ==

{{Reflist}}

[[Category:Technology]]

Privacy Freeware

2025-06-04T12:38:29Z

Eskimo: small URL fix CCleaner, erased unnecessary www part

This page contains external links to free programs that will help you protect your privacy, some of the listed tools might show you advertisements or a nagging screen inviting the user to upgrade to a paid for version, they might also make it difficult for you to find the free version on their website.

=== Secure Email ===

Most privacy email services charge for their services, the free privacy email services that exist, are provided with the hope that some of their free customers will upgrade to paid accounts and with that money they finance the free service for other users. Usually free accounts are given with limited resources to encourage them to upgrade to a paid account, but it might still be enough for light email users.

One way to obtain an anonymous email account is to hide your computer IP using [[Tor]] to register with any free email provider but many free webmail providers ban Tor proxy IPs and they ask for a backup email account, the method will fail many times.

'''Note:''' If you use the Tor Browser any website requiring you to enable Javascript presents a serious security risk. Javascript code has been used by law enforcement agencies (or LEO="Law Enforcement Officers") to defeat the security of Tor -- LEO may even have the capability to ''inject'' Javascript into websites without the knowledge of the website administrator if they control the server.

* [https://tuta.com Tuta] - Free German based encrypted email service that reportedly keeps no logs.
* [https://proton.me/mail ProtonMail] - Encrypted email service in Switzerland that does not keep logs.

'''Note:''' Hushmail is not recommended; among other things, Hushmail privacy policy mentions that they keep a record of your activities for 18 months after deleting the account.<ref>{{cite web|title=Hushmail privacy policy|url=https://www.hushmail.com/privacy/}}</ref>

=== VPN Providers ===

Free VPN services finance their activities displaying advertisements while you surf, or with a freemium model where they convert a part of their free users into paying ones to finance the free VPN. A few other VPN services get government or private funding to help people living in oppressive regimes to bypass censorship, the funding allows them to provide a free service focused towards bypassing firewalls but keeping logs tracking the originating IP.

When choosing a VPN pick a company that will not keep any logs and is located in a jurisdiction where they have no obligation to keep them. Remember that you have no way to verify if the VPN company claims are true or not, when extreme security measures are necessary, browse the Internet with Tor instead of a VPN.

* [https://protonvpn.com/ ProtonVPN] - Company in Switzerland, no bandwidth limit, company claims they do not keep logs, not even for free users.

* [https://windscribe.com/ WindScribe] - Company is based in Canada, free version has a bandwidth limit. They claim they do not keep logs.
* [https://www.expressvpn.com ExpressVPN] - Company that is based in British Virgin Islands. They claim not to keep logs.
* [https://nordvpn.com/about-us/ NordVPN] - Company that has bases in UK, Netherlands, Poland, Germany, Lithuania, Switzerland, and Panama. The parent company is based in Netherlands. Use this VPN with caution due to the 14 eyes security alliance and other friendly countries towards this alliance.

=== Encryption Software ===

To quickly send encrypted email files or messages you can use Winrar or 7-Zip, the protection they offer is strong enough to stop even corrupt law enforcement agents, but to be sure that if your computer is ever lost or stolen no data will be recovered, you will need to use full disk encryption, file [[encryption]] alone can not protect you from temporary files and Internet browsing history leaking into your hard drive, the only way to protect is by fully encrypting your operating system.

* [https://www.veracrypt.jp/ Veracrypt] - Free open source encryption software to fully encrypt your hard drive. Available for Windows, Linux and Mac computers, but the full disk encryption option only works in Windows. In Linux and Mac Veracrypt can only be used to create encrypted virtual disks.

=== Data Wiping ===

Documents, images and videos you delete can be easily recovered with specialist software. The only sure way to get rid of a file for ever is to overwrite it with other data on top, the following programs will do that for you.

* [https://www.bleachbit.org/ BleachBit] - Internet browsing and temporary files data wiping software
* [http://sourceforge.net/projects/eraser/ Eraser] - File and hard drive empty sectors wiper
* [http://privazer.com/ Privazer] - It securely wipes temporary files and hard drive free space
* [https://www.ccleaner.com// CCleaner] - Program to securely erase history browsing, cookies, temporary files and other personal data stored in your hard drive.

=== Password Manager ===

You should never reuse usernames and passwords if you care about online security and privacy. If you reuse in a real life self-help or entertainment discussion board the same username or email address being used for boylover activism, somebody could make the connection. A search engine query can locate all places on the Internet where that username is being employed. Another factor is that if you reuse the same password in multiple online accounts and one of those accounts is hacked, the attacker will have access to all accounts you own on the Internet. Bots can automatically attempt multiple usernames and passwords taken from a hacked database, by choosing a unique username and password for each online account you have, you will limit the damage in case of a hacking incident.

Passwords managers are needed to be able to remember dozens or hundreds of unique usernames and passwords for online accounts. There are two types of password managers:

An offline password manager database is not accessible from the Internet and you don´t have to trust third parties with your data, hence security is higher. The disadvantage is that it will be harder to access the password manager from other devices without physically moving the file and you might have compatibility issues on mobile devices.

* [https://keepassxc.org/ KeePassXC Password Manager] - Offline light weight free open source password manager that works in Windows, Mac and Linux.

Cloud based password managers are less secure than offline password managers, if the service is on the cloud you have to trust that the company holding those passwords is really as secure as they say they are and they normally charge a fee for their services. The advantage is that being on the cloud has the convenience of not having to store anything on your hard drive and it is accessible across multiple devices like smartphones and tablets.

* [https://bitwarden.com/ BitWarden] - Online password manager that can be sync across multiple devices.

=== Windows 10 Privacy Software ===

Windows 10 it is the most privacy invasive operating system from Microsoft. The first thing you should do is to never ever use a Microsoft account to log into your operating system, it is possible to use Windows 10 without having a Microsoft account, they just make it difficult for you to realise of this. If you login with your account everything you do can be linked to that account. Even when you are logged in without any Microsoft account, there are features like OneDrive, Microsoft cloud storage services, that comes enabled by default, and it is very easy to upload something there by accident without being warned that Microsoft scans all files you upload to OneDrive to detect illegal content, something that can be misused to invade your personal privacy, you should never store anything on the cloud and disable OneDrive straight away if you care about your personal privacy.

* [https://www.oo-software.com/en/shutup10 O&O ShutUp10] - Free utility to quickly disable advertising IDs, Cortana, OneDrive and automatic sending of crash reports to Microsoft, using a slider you can choose what services you are ok with and which ones must be disabled. There are information about what each service does next to the slider.

=== Free Antivirus ===

Windows 10 comes with Windows Defender, a fully featured security solution that scans your computer for malware and viruses, it is enabled by default but if you install new antivirus software, Windows will disable Windows Defender and use your preferred antivirus solution instead. Most online reviews point out at the high quality of Windows Defender, the main reason why somebody might want to use a different product it is lack of trust in Microsoft products, or somebody looking for advanced control over their antivirus software. Windows Defender has few customisation options.

* [https://www.avast.com/en-eu/free-antivirus-download Avast Free Antivirus] - It might install a website rating toolbar that can be easily uninstalled.
* [https://www.avira.com/en/free-antivirus-windows Avira (German company)] - Free version will display nagging to try to get you to upgrade to their paid version.

=== Operating System ===

Macintosh operating systems and specially Windows, have all kind of tracking mechanisms that can be misused and besides being closed source, they are not focused in privacy. If you are really serious about security you will be better off with a Linux or BSD open source operating system that has been build with security and privacy in mind.

* [https://tails.net/ The Amnesic Incognito Live System - Tails] - Debian based operating system that can be installed in your computer, a thumb drive or run from a live DVD, this is the best choice for beginners. Tails routes your Internet data through the Tor network, with the firewall configured to make it impossible to leak your real IP. It will circumvent Internet censorship and it will leave no trace behind unless you ask it explicitly. Tails comes with a messenger, text editor, video player and many other utilities.

* [https://www.qubes-os.org/ Qubes Operating System] - Linux operating system using virtualisation to isolate every single application you have, making it is impossible for malware to spread from your Internet browser or text editor to the operating system. Quebes does not come with Tor out of the box but you can easily install Whonix, a virtual operating system similar to Tails, using a template provided by Qubes and enjoy anonymous Internet access with one of the most secure set ups possible.

=== Other ===

* [https://www.torproject.org/ Tor Project] - Browser to access the Internet anonymously.
* [https://www.whonix.org/ Whonix] - Very similar to Tails but it runs inside a virtual box. You should be advanced in computer skills to use it.
* [https://geti2p.net/ GetI2P] - Anonymous network similar to Tor that can be used for email and Internet browsing.

== See also ==

* [[Internet security tutorial‎]]
* [[Encryption]]
* [[Email_security|Email Security]]

== References ==

{{Reflist}}

[[Category:Technology]]

User:Eskimo

2025-06-04T11:57:54Z

Eskimo: annoying square in phrase in my profile changed using the edit instead of edit source

Never give up, no matter what the circumstance is, throughout life you will always hit high and low points, harder and easier experiences, but you have to stay strong; it's the key to everything. We did not come all this way, on this long journey, to fail, we rose to stand, not to fall, and now we will fight to the end. A champion shows who he is by what he does, perseverance, discipline, and intensity reign supreme on every champion's resume, when you fight, fight like a lion, if you get hurt, fight like a wounded lion.

'''Eskimo'''

(Last updated: 11th June 2025)

------------

:Hi. I'm [[User:User4|User4]] ([[User talk:User4|talk]])

:There is an "editing help" page being constructed here:

::[[New_BoyWiki_Editing_Help_Page]]

[[Category:Active BoyWiki editors]]

User:Eskimo

2025-06-04T11:55:32Z

Eskimo: small change to my profile deleting phrase

User:Eskimo

2025-06-04T11:54:34Z

Eskimo:

Never give up, no matter what the circumstance is, throughout life you will always hit high and low points, harder and easier experiences, but you have to stay strong; it's the key to everything. We did not come all this way, on this long journey, to fail, we rose to stand, not to fall, and now we will fight to the end. A champion shows who he is by what he does, perseverance, discipline, and intensity reign supreme on every champion's resume, when you fight, fight like a lion, if you get hurt, fight like a wounded lion.

'''Eskimo'''

(Last update: 11th June 2025)

------------

:Hi. I'm [[User:User4|User4]] ([[User talk:User4|talk]])

:There is an "editing help" page being constructed here:

::[[New_BoyWiki_Editing_Help_Page]]

[[Category:Active BoyWiki editors]]