How to protect your data.

Keywords: encryption, data protection, digital signature.

Why should you learn about data protection?

If you are a business owner or a freelance accountant and data about your customers was leaked, then you will get problems. Learning about data protection is not difficult.

The facts.

It was about 2000 year, when a computer with an operating system caught a virus just after connecting to the Internet. That is the user even did not open a WEB-browser.
It was about 2010 year, when a web-browser had enabled a harmful-script on a HTML page, and that script had rewrote the master boot record (the heart of the old disk file system, prior to GPT). That virus was trying to force victims to pay money.
You never need a lot of features that your software contains, but swindlers use them for cheating you.
Your software might be already affected by harmful-software, and you might never know about it, but swindlers know everything from your computer.

What do they do the best for you (to protect your data)?

They remove or restrict swindler-friendly features, for example an Android application can't read files that belong to another application, and you set by yourself permissions to the shared storage.
They track activity of your account by a reliable method. The most reliable tracking method is reporting your activity (especially login) via your email, because of on-time notifications, and it's the most secure transport (in opposite to mobile networks).
They allow you to use your social network account for authorization in other sites. Using a "master" account to login into other sites is the preferred authorization method, because they track your activity.
They force you to install software from well known sources such "a software store".
Of course, things like encryption, free anti-harmful-software.

* Here "They" means IT specialists - programmers...

What do they do the worst for you?

They force you to use swindler-friendly features. For example, they force you to install a browser's plugin that requires permissions to your file system, or they force you to install and use unsigned software from "untrusted sources" to resolve your problems.
They boost WEB-clients (web-browsers) with danger things such as dynamically loaded JS (including JIT), and diversity of them, instead of boosting HTML5+ (it's a static library). All WEB-browsers still partially implement HTML5. If you switch off JS in your WEB-browser, then the most HTML pages stop working.
They place recovering (installation) software on non write-protected places a HDD or a CD-card. Complex harmful-software can poison them (installation files) and break their protection.
They do not track usage of their digital signatures.

"untrusted sources" means any non-well known Internet sites, especially with non-encrypted HTTP.

If you have thoughts like "paranoia", then you should look at a vulnerability database, e.g. https://www.cvedetails.com . The media often disclose information about "hacking" of a company (even a large one).

What they must do for you?

WEB-browser's plugins and page's scripts must be able to access your files only interactively and only via the WEB-browser API. They must have access to their own "sandbox" file-system only via the WEB-browser API.

This is not difficult. Browsers must have a delegating API for all dangerous things (files access, stdin/stdout ...). Browsers must check that a plugin's binary code is not linked to the dangerous main libraries functions (e.g. GLIBC) or OS ones such as "open a file/descriptor".

Flexibility leads to vulnerability.

A software can be installed statically, e.g. C/C++ binaries, or dynamically, e.g. JavaScript on a HTML page. Historically any program has direct access to user's files. There are also security "holes", i.e. program's errors. Many languages with a JIT compiler had the program error that allows to invoke an arbitrary native (CPU) code. And so did JS. So, what is the main factor in security vulnerability in this case? Is it allowing JIT to boost a dynamically loaded JS program, or is it the "hole" in the JS compiler? So, the more software restricted, the less vulnerable it is. Restricting definitely reduces the probability of "security holes".

What do you do the worst for you?

Install unneeded software (especially from untrusted sources).
Use weak passwords
Do not learn about data protection

Strong passwords.

The weakest passwords are:

Of course, similar to "qwerty" passwords - e.g. "admin", "1234567"...
Generated passwords e.g. "87ghgjs6KYfgluy" - an user can't remember such password, and it's forced to stick a note with such password to its monitor.

Strong passwords are easy to remember. These are a set of words e.g. "raccooneatstone165".

Anyway, strong passwords are vulnerable to hidden cameras. Thus saving passwords in a browser is the preferred way. But this storage must be under your master account (to track activity). It's also desirable that browsers don't save passwords locally, they should cache them from the account Internet storage. You should sign out when you leave your computer for a long time (e.g. a vocation).

How to protect you from swindlers completely?

There is a way to protect you from swindlers completely. It's all about encryption, a digital signature, global tracking of using a digital signature, safe storing of a key for digital signature.

What is encryption? It's an encoding of a message (text, file...) with an encryption algorithm and a key. An encrypted message is not readable without the key.

Symmetric encryption algorithms use a symmetric secret key for encryption and decryption.

Asymmetric encryption algorithms use an asymmetric secret (private) key for encryption and an asymmetric public key for decryption. Asymmetric algorithms also allow to encrypt information with an asymmetric public key and decrypt it with an asymmetric secret (private) key. In these both cases the key, that is used for encryption, cannot be used for decryption.

A digital signature is an information encrypted with an asymmetric secret (private) key. A public key is available for all, so anyone can use it to decrypt a signature, and this successful decryption means that the signature was successfully verified.

A swindler can try to match the private key by using the public one and the signature. But it takes a very long time even for high-performance computers to check (try) all possible keys. Thus the common way is to steal the private key, or steal the keystore and retrieve its passphrase. You could hear that a quantum computer can easily break a RSA key. A swindler could be lucky to match a private(secret) key to a public one. So tracking of a private key usage is essential.

A "device for signing" and "global tracking of using a signature" are reliable means to resolve these problems. This "Device for signing" makes a signature itself. There is no way to get the private key from it. It contains your private key to make your signature and do other security stuff, e.g. reporting to the global tracking server about using your signature. Public keys from such devices must be actually non-public, i.e. they must be transferred and stored in a secure way. That is such devices know all current public keys, and they update them on the go. The best way is using this device as your only digital passport, thus it also will contain your photo, fingerprints and other information. You will use this device for any activity - opening a door (home, car, hotel room), sing-in into a computer and into any Internet site, making bank transfers, ATM money withdrawal, etc. You even will not need to use a pin code for making signature, a cashier will check your photo from your device, the device itself will check your fingerprints. All software must be signed with such devices. This device will make session symmetric secret keys to transfer data over the network (e.g. make HTTPS connection). This device will encrypt your data. Again, this device will make all stuff by itself, this is an autonomic "black box". So, this is an alternative way to the current encryption infrastructure, that is based on exactly public keys (certificates) that are signed by Certificate Authorities, and there the most stuff is made by hand. Of course this requires changing the law and adapting software, but finally you will be totally protected from any swindlers activities:

from stealing your money or private information (violence against you)
from faking news (violence against democracy)
from faking ratings, duplicates and other spam activity (violence against free market)
from exploiting security holes in software

And finally you do not have to learn about security at all, to think of passwords...

This will definitely hit a wide range of crime: from low level swindlers to high level scams, etc.

You may say that it smells like a "totalitarian world", that tracks all of us. But you are already totally tracked. Train/airplane tickets, public hidden or non-hidden cameras, etc. track "where you are/was". Internet tracks what you like and what you hate, i.e. it tracks your soul. Etc.

Of course, in the case of "device for signing", tracking things such as "open a door" can be optional.

Example of preventing data leakage due the security hole "allowing already authorized users to request data for another user ID".

You might have heard that a bank software had this "hole". Assume, in the future a bank will have this security hole. So, a swindler will have access to other users data. But HTTPS connection and authorization will be made by using its personal device for signing. So, the global tracking server will store this information forever. Banks usually store logs for a quite long time. So, after revealing the hole, the bank will retrieve all harmful requests from the logs. Would be a swindler so stupid to reveal and exploit security holes while all activities is signed with its personal device? That is, it can't steal another user's password and other data such as IP and MAC address to make fake requests to avoid unmasking, as it does today.