Privacy and security

The issue of privacy

As mentioned earlier, there seems to be a major push by computer (and software) manufacturers (monolithic companies aiming to globalise the world market) to sell you the very latest, possibly with poor quality control checks, and often expensive (i.e. to the level of what the market can bear) IT products using a variety of clever marketing techniques.

Given the somewhat unregulated nature and intense commercialisation of the IT industry, you may be wondering how far has the great marketing sharks in the IT industry gone to get you — the consumer — to buy, buy and buy again.

In other words, are marketing experts becoming so intrusive that your privacy is being compromised?

The bottom line for many businesses and the prime aim of marketing experts

Business professionals are in the business of making money. Generally the bigger the business, the more profit is seen as the bottom-line. As the old saying goes, "Money makes the world go around".

Though how much of a buck, or profit, can be made from the sale of a product or service is strongly determined by how we, as the consumer, perceive a product or service to be and whether we see it as of high quality and something that must be immediately bought.

This is where the skills of a good marketing expert comes into the picture. Using his/her highly trained marketing skills (often grounded in psychology), the expert can create or change the perception of goods or services by first determining who is likely to use the goods or services through effective market research (i.e. profiling and working out the target market) and then turning the product or service into a need for a target group through appropriate pricing, fancy packaging, advertising, and any other factors that help to appeal to the raw primitive emotions of the consumer (e.g. the use of sex, food, rewards etc).

A marketing expert's idea of selling more computers? Or is it just a computer geek's definition of a real dilemma? Source: Mehlman 2000, p.112.

As the chief executive of SYDAC, Adrian Smith, says:

"Understand [and if necessary change] your customer's perception of your value to them. Perception is reality." (1)

To create perception, you need information

Hence business professionals have come to realise how crucial information is to their business. They need to have the knowledge about customers and their needs so their business has a better chance of providing the right product and sell it with the right perception of it.

As Pim Fox commented in the April 2002 edition of Computerworld:

"For business managers who believe that more information equals better customer service, healthier profits and more efficient use of resources, the benefits of rapidly and coherently gluing information together seem obvious." (2)

However, more and more consumers are increasingly becoming aware (although not necessarily through the actions of this web site!) of how the marketing expert is managing to achieve the simple goal of selling products and services in order to maximise the profit of a company.

In particular, is your personal information really safe from the prying eyes of the marketing expert? And what about computer hackers? Can they learn anything about you as well? Well, let us begin by explaining how the marketing experts gather information about you.

The importance of profiling customers

To begin with, let us define the term "profiling". Profiling is the most important tool for the marketing expert. It is a technique designed to help the expert know something of yourself, your habits and the kinds of goods and services you buy and/or use (or are likely to buy or use).

There are many ways a marketing expert can profile a potential customer like yourself. The most common is the market survey where you fill out a form explaining your activities and habits. This is considered the direct form of profiling where you, the potential customer, give clear consent to have your personal information released to a marketing expert.

Another way of profiling a potential customer like yourself, as we shall see, involves surreptitiously snooping about on your computer, your web site and/or your emails for personal information without your consent or awareness of the fact. And what makes this particularly worrying is the speed in which a marketing expert can create a profile on you, your family, and your work and personal habits with the help of the right technological tools!

How does profiling help a marketing expert?

Armed with this profiling information, a marketing expert coupled with a computer guru can potentially create instant and sometimes unexpected tailored-made electronic advertisements on the Internet to target with remarkable accuracy all your needs whenever you visit a certain web site, or have them automatically sent to your mailbox or email address.

Forget about fortune tellers! This is the era of powerful marketing designed to accurately predict your habits now and in the future.

What happens if I don't buy anything?

It is good to see you are a hard cookie to break. But even if you choose not to buy anything, the marketing expert will have the resourcefulness of turning the situation into a benefit to the expert.

You see, even if the marketing expert cannot sell you a particular product or service, there is every likelihood that your information could be sold at a good price to other marketing experts or anyone else for that matter without your explicit consent. Who knows? Perhaps the Department of Social Security, the Department of Defence, or even the more extremist groups in the world may already have a detailed profile of who you are, where you live, and what you do.

So don't be too surprised if, say, your local insurance company is making decisions right now on how much you should pay for your premiums in the coming years. And all thanks to your personal information now being sold by marketing experts without your explicit approval or awareness, and almost all for the sake of profit, cost-cutting or whatever!

The importance of uniquely identifying products

But let us not stop there. Profiling is a particularly useful activity for companies in another area altogether.

According to major software manufacturers like Adobe Systems, Inc., profiling is an essential tool for law enforcement purposes so they can protect their investment in a commercial product being sold to customers. For example, the illegal white-collar crime of stealing computers and software is a major problem in the IT industry, and businesses need to find ways to combat it. So what better way to solve the problem than by profiling their customers.

But for this to work properly in the real world and so help identify the people concerned in this criminal activity, manufacturers have to "mark" their products using a unique identifier such as the use of serial numbers (3). Then, for the profiling system to work, the customers using the products must put their names and the name of the organisation on the products and eventually on the warranty card for sending to the manufacturer. (4)

The problem with uniquely identifying products

Unfortunately, with the use of any kind of unique identification mark comes a method of identifying who you are in a surreptitious manner, irrespective of the law-abiding nature of the consumer. Of course information need not have to be for law enforcement purposes. It can easily be used by marketing experts to make more money or alternatively turn your life into another episode of "Big Brother". Or why not a hacker deciding to use that information to act as an electronic "alias" of who you are so he/she may make unauthorised financial transactions?

In other words, once a computer or software is uniquely identified and personalised by the user, it is now not only possible to track down stolen computer-related goods (5), but business professionals, marketing experts and hackers can learn a lot about you and your habits by reading the personal information stored in certain kinds of files you create on a computer or within the commercial software itself without your consent or awareness of the fact.

And now with the presence of the Internet, your personal information can be instantly sent to anyone and anywhere at the press of a button, or by merely launching a software program like Adobe Photoshop or Aladdin StuffIt Deluxe.

Is this true?

Yes it is. In the old days, there wasn't much of a thing called marketing other than to present a quality product in the shop window and letting customers decide when they needed the product.

Then certain people made the quantum leap in the business world of incorporating marketing techniques to the manufacturing and selling of products as a means of increasing profit. Solid "under-the-bonnet" long-life products of the past were not important. Perception and general good outer appearance of products became the new reality.

But at least in the old days, marketing didn't turn into an uncontrollable monster. Clearly customers had a choice whether or not they wanted to buy a product and to give some of their personal information to marketing experts in various product and customer survey forms.

Then at the turn of this century, the marketing experts realised it is now possible to gather a greater amount of this personal information with greater accuracy in a surreptitious manner and with extraordinary speed thanks to new technologies like the Internet and computers.

Without adequate regulations in place, marketing experts no longer have to tell customers, or potential customers, about what they are doing in say a simple software product like Adobe Photoshop.

So by making products "Internet ready" and forcing people to use them while being connected on the Internet, the marketing experts and anyone else for that matter can gather an extraordinary amount of personal information about you in a quiet and subtle way. (6)

The most dangerous software for jeopardising your privacy are the "commercial" variety of software such as the popular Windows 98, Windows XP, MacOSX (which now essentially forces you to be online given the way the help files are now organised), Microsoft Office 98 (especially the original non-updated installation version), and Adobe Photoshop. The companies who will often do this tend to be the famous and big brand names like Microsoft, Apple and Adobe.

It is the "commercial" files produced on commercial software which usually have these built-in mechanisms and extra information stored in them to help make it easier for commercial software manufacturers to profile you and perhaps even quietly gain commercial advantage through the information you create.

Have marketing experts and manufacturers and everyone else in the digital revolution gone too far?

It is not just the information you type into the applications you install such as your name and organisation you work which can now be secretly accessed online by just about anyone.

There are tools available to download certain seemingly innocent-looking files on your hard disk to another computer. In other words, the manufacturers and marketing experts have found ways to help them electronically peep into any files that you create, or the operating system automatically creates for itself and then program certain applications to secretly send this information over the Internet the next time you are online.

Can they really learn anything about me?

What they can now learn about you and where that information can be found is really quite astonishing. Your files can easily help the manufacturers learn not only who created the files, when they were produced, what applications you used and who owns them, but also what the files contain using special tools available to the manufacturer, and even how to track you down if required (often using the information you store on your computer such as your email address, or your personal name and the place where you work).

So what was it again that they use to profile someone?

The three most important tools used by the marketing expert and manfacturers in profiling users are:

  1. Creating a unique identification mark on computers and software such as serial numbers; and
  2. Allowing the users to personalise the products they've purchased by getting them to place their names, email addresses and other personal information on the products and/or the files they produce; and
  3. Waiting for the users to either sell their files for profit or to get them connected to the Internet continuously so that certain software can be launched and so hopefully automatically send the profile information back to the manufacturer.

Some inside information about computer software and hardware manufacturers

For the curious, the following is a list of known marketing and law enforcement activities currently being implemented by software and hardware manufacturers to help commercialise and protect their products as well as to learn more about their customers and their habits when using the products:

Should I be concerned about the intrusive nature of marketing experts on my privacy?

Well, given how more and more people are using their computers in a more personal way than ever before, even when connected to the Internet or when creating certain files using commercial software, marketing experts could be learning a great deal about you with or without your consent. Even if you do decide to give your consent to having some of your personal information released to marketing experts, you are never told exactly how your personal information is being used or what they will do with your information after the marketing firm has gone out-of-business. So yes, we believe people should be concerned about giving away their privacy to marketing experts.

Let's put it this way. How happy would you be in having your credit card details and/or the names of your family members, the salary you earn, or other aspects of your personal life divulged for the world to see? When we combine this with the ease of computer hackers exploiting security flaws in your software and the fact that marketing experts are not of the same league of responsibility in looking after your personal information as police officers or reputable lawyers, then we should be concerned. Marketing experts are strangers whose job it is to make money.

Yet many US Internet users believe their personal information is safe in the hands of marketing experts. According to a research report published in August 2000 by the Pew Internet & American Life Project, it was discovered that 64 per cent of US Internet users have shared, or are willing to share, personal information in order to visit a web site. Of particular interest in the report is the 68 per cent of users who said they were not worried about whether someone else might know where they have visited online.

Fortunately this attitude is changing with a recent survey for MasterCard International entitled "The Australasian Ideals" indicating that 30 per cent of Australian Internet users thought sending private information by email is unsafe, while 23 per cent felt personal information handled by web sites was totally unsafe.

This Australian consumer view of privacy on the Internet is also being supported by the Australian Competition and Consumer Commission (ACCC). After a recent sweep of web sites by the ACCC, it was discovered that only 28 per cent had disclosed their privacy policy. As for the rest, well who knows what they might be doing with your personal information right at this moment.

Even the Australian Federal Government has admitted that one of the major obstacles to a successful e-commerce is the issue of privacy.

The Australian Federal Treasury has released a paper called "Building Consumer Sovereignty in Electronic Commerce: A Best Practice Model for Business". The publication is a comprehensive look at the legal obligations and best practice for people involved in running e-commerce sites. The paper can be freely downloaded from the Australian Federal Treasury web site at http://www.ecommerce.treasury.gov.au/.

UPDATE
July 2003

Cyber security is now a priority under the Australian Prime Minister's new National Security Division. Secretary of the Department of the Prime Minister and Cabinet, Mr Peter Shergold, said:

"It is the number one agency for the Commonwealth with regards to security matters and IT is a component of that; the division will make sure cyber security is included in policy." (9)

Richard M. Smith, chief technology officer for the US Privacy Foundation, explained the Internet privacy issue in this way:

"What some people don't understand is that the Internet is more privacy-invasive than anything we've had to deal with before. Anybody can get a name and address and put it in a little context. But the Internet lets [marketers] put it in a lot more context, with everything you've bought, everything you've read about, and everything you've looked for in a search engine.

What's also important is what happens to the information later. After companies have collected all this data, even if it's for benign reasons, not only will third-party marketers want access to it, but the police will want it, and lawyers will want it." (10)

Is my privacy really that important?

We believe your privacy is important, more so than receiving any discounts from businesses. As Craig Nathan of MEconomy said:

"People need to understand that the value of their personal information is greater than the discounts they're being offered. Otherwise, companies wouldn't offer those deals." (11)

It is certainly not a question of proving to society that you are doing the right thing by giving away your personal information to marketing experts or anyone else for that matter. It is just that people need their privacy in order to feel secure and to grow into healthy and balanced human beings without being influenced by potentially unbalanced businesspeople selling any kind of product to us. (12)

It is this human development side of life through effective preservation of our privacy and the ability to make our own choices of what we need which brings a greater potential in people to achieve great things in society. So don't be surprised if people like Richard Smith will pursue privacy rights. As Smith said:

"We have rules in our society for how we interact that people don't always think about. We don't spend a lot of time thinking about saying "hi" to people, but if someone doesn't say "hi," we notice and it bothers us. Privacy falls in the same category. We don't always think about it, but when it gets abused, it bothers us." (13)

Microsoft is going to a lot of trouble trying to convince customers to trust the company

Following the release of Microsoft's new subscription-based online (or Web-based) applications and the privacy concerns expressed by customers from previous Microsoft products not to mention the latest new Microsoft Web-based application technology, Microsoft has now sent out into the real world the Director of Privacy for Microsoft by the name of Richard Purcell.

Purcell's aim in travelling the world is nothing more than to go around dispelling the fear, uncertainty and doubt people have over the privacy (and security) issue by educating customers on the top-notch security now present in the latest Microsoft products and to convince everyone it is really okay to use Web-based applications! Yes, and pigs may fly too!

Well, if that's true, why is it that the latest Windows XP has a Windows Update utility to automatically download fixes and patches to help close security holes in the operating system? If we were to accept Purcell's word that the latest Microsoft products are now safe from the prying eyes of hackers and marketing experts, Windows XP should not need updating to fix security-related problems!

Alright, we shouldn't laugh at this. But it seems like Microsoft has not much choice at the moment given the recent privacy and security debarcles with previous Microsoft products such as Microsoft Explorer, Outlook and Office 97/98. As Purcell said to Fiona Angus of Australian Personal Computer (APC):

"Our goal is to give individuals control over their personal information. This is profound. It's a top priority. Microsoft can't say these things and not deliver. People like yourselves are going to hold us to this." (14)

Well yes, only after Microsoft has managed to spend a certain amount of time to see who their customers are, what they are doing, and then quickly plug up the security flaws in their Web-based applications before anyone outside Microsoft has a chance to find out! So while the average person on the street are oblivious to the security and privacy problems in the short term, it is unlikely non-Microsoft personnel will ever hold Microsoft accountable for any goof-ups in this department.

Come to think of it, perhaps customers may never have to worry about privacy and security problems ever again. Just pay for the yearly or monthly subscription to use Microsoft's Web-based applications and all the security and privacy problems will disappear. Why? You will never have to see the problems because they will be hidden away in the safe hands of Microsoft behind closed doors.

We can only wonder whether this is suppose to be Microsoft's answer to the perfect security and privacy system for the future?

What is also interesting to see in Purcell's argument is that people must learn to trade some of their privacy for greater security. As Purcell said:

"Every time you increase security, you reduce privacy. Privacy allows people to be anonymous and that reduces accountability." (15)

Well hold on! Being accountable to whom? Microsoft? What gives Microsoft the right to play God with us through the things we do with their products and the type of people we eventually become?

What about the idea of reducing privacy in order to increase our security? Shouldn't it suppose to be "the higher the security, the greater the privacy"? In other words, whenever you install a security program like Norton Internet Security, your privacy should be increased because there is less chance for someone else learning who you are and what you are doing while you are online?

Greater security should equate to greater privacy. Otherwise the people at Symantec - that is, the makers of Norton Internet Security - should be out-of-business by now? In fact, if what Purcell has said is true, the entire software security business would have collapsed long ago!

Then there is this fascinating issue of maintaining anonymity through privacy. Does privacy really have to mean being totally anonymous? No. It just means keeping information that is not relevant for other companies to know about you when using a service or product. It is definitely not about letting strangers know your name, contact details and everything else about your life, right down to the size of your private parts or whatever!

Perhaps Purcell was thinking in terms of Microsoft's Web-based application where in order to benefit from the higher security features of the latest Microsoft products, you must leave your personal details in the subscription form you send to Microsoft and anything else you do with the Microsoft products when you start creating your files? Is that what Purcell means by being more accountable and less anonymous in the eyes of Microsoft by having your privacy compromised for greater security?

What level of security should I have when using my computer?

If you are only going to play games or anything else that 90 per cent of the population would normally do with a computer from time to time, security should not be important.

But when it comes to our financial affairs like using our credit card number to purchase something, or the developmental side of our work and ourselves when ideas and our personality are being transformed into workable and practical solutions for selling in the marketplace, or when we talk to people in intimate ways, security has to be seen as vitally important.

And this security to protect our individualism and other sensitive aspects of our lives cannot be 99.99 per cent effective. It has to be one hundred per cent effective, or people cannot properly function in society. The whole IT industry has to get this right now, or nothing else will matter.

As David Flynn, editor of Australian Personal Computer said in April 2002:

"In the early days of computing, security was all about stopping unwanted forays into mainframes, either by hackers pushing the boundaries (often computing students) or experts with more malicious intent. And if computing had progressed no further than that, security would have remained the domain of white-coated boffins. But the PC revolution transformed ever-increasing amounts of our lives into digital form, and the Internet changed how we used and shared that information.

It also opened the door to new ways to interact with the world; from a list of your friends on instant messaging to your credit card details.

So security has become something that affects us all on the deepest level. And if the Net is to ever realize its full potential in reshaping our lives, security has to remain at the very top of the agenda.

Here's a personal example. I hate duplication, yet while preparing for a recent holiday I was once again dismayed at the number of times I had to fill out forms with information already on record, such as tickets, travel insurance, visa applications, entry permits, and ATM-friendly international debit cards.

The digital world should be smarter than that. Desktop and handheld PCs, connected on the Internet and using the lingua franca of XML to access related databases, should put no piece of information more than a few clicks away.

But in that vision, the security of my data has to be 100% guaranteed. Not 95%. Not 99.99%. Unless the industry gets that right, nothing else will matter." (16)

How do I protect my privacy?

You don't have to be a conspiracy theorist to know that your every electronic move online and on your computer is being watched or recorded. As we speak, passwords are being cracked, emails are being intercepted, log files and browser cookies are being created on your hard disk and secretly sent to other people's email addresses, and some of your Internet software could be spying on you and sending surreptitiously your personal information to strangers on the Internet.

Also, there is the physical risk of insiders (e.g. family members, friends or colleagues at work) trying to break-in to your computer. As Dr Bruce V. Hartley, technical editor of Internet Security writes:

"According to the ICSA [International Computer Security Association] , insiders cause 60 percent of computer abuse. Eighty-five percent of computer break-ins occur internally, and insiders remain the most serious threat to your intellectual property." (17)

If the abovementioned inside information is making you feel a little queezy, there are several high-tech trickery and simple common sense ways you can implement to help protect your privacy through a variety of simple security measures as we shall discuss in the next section. (18)

Don't get too obsessed with security!

Despite the whoppers you may have heard of serious security breaches of people's personal details by major corporate and/or government institutions or the humble hacker, you should not get too obsessed with security, especially if you intend to start up a business in the e-commerce industry! The last thing you want to do is to frighten off every customers by creating the ultimate super secret and formidable defence system on Earth for your personal computer (or even a Web site)! Otherwise, you may not achieve very much in life.

As Mr Rich Castagna wrote in Web Techniques: Solutions for Internet Professionals:

"Don't treat your [Web] site [or computer] like an exclusive club or some kind of secret-handshake society. Deep-six sign-ins and passwords; just let your customers enter and shop." (19)

The aim when creating any secure environment for working, playing and shopping with your computer is balance. Decide what needs to be secure and what doesn't. Just remember to bring a sense of balance to the security issue.

Should I stop using computers and the Internet because of the serious security and privacy issues?

Tempting! But again, despite the hype and some awesome stories of security breaches and the occasional misuse of people's personal information, using your computer and surfing the Internet is still a relatively safe activity. It is really up to you to ensure your personal information is safe, and to learn to use the technology available to you in a balanced way (i.e. use it when you need to).

What about those people who believe no privacy is good for business as well as law enforcement?

There is a belief going around that anyone who believes in privacy must be hiding something illegal. Therefore, no privacy is good for law enforcement, society and later for businesses (i.e. for the purposes of gathering complete, accurate and easy profiling of anyone). Nothing could be further from the truth.

Privacy is one of your fundamental human rights. It may be unfortunate that some Governments, businesses and law enforcement agencies would like to do away with our privacy altogether thanks to recent global events such as terrorism. But the fact to the matter is that for truly original solutions to world problems to be developed for the benefit of society and for people to be able to relax and be themselves, everyone needs privacy from time to time.

Privacy is essential for the healthy psychological development of every human being and is where true creativity and individualism is developed. People need to know they can have private time to create and develop new and original ideas and a personality outside of any group discussion.

Otherwise we might as well join the Army. Because in the Army, there is no privacy. You behave and look exactly like the person next to you. And you do exactly as you are told just to keep the authorities happy maintaining the status quo and living as comfortably as possible.

To put it crudely, you won't even have the privacy to fart without someone wanting to find out! This is clearly not living! Privacy is therefore a necessity to healthy human development.

Latest insights into privacy concerns for 2013

As technology gets more entrenched into people's lives, more and more technology manufacturers are using cunnings ways to gather your personal details and habits in using any technology.

As a classic example, Scott Andrews wrote in the Apple Support Communities page on 23 May 2012:

"Just updated to Snow Leopard 10.6.8 with the new iTunes 10 so I could install iOS5 on my iPhone. Now, Little Snitch keeps telling me applepushserviced is trying to connect to various subdomains of push.apple.com.

1) I thought this daemon was only on Lion. 2) what could it possibly be trying to push? 3) anybody know of a way I can take a look at what it's pushing?"

The response from one person is quite chilling and worth reading for your awareness. A user going by the name of "ds store" with the motto "At the center of the Dark Zone" (perhaps an anonymous Apple employee working at what he considers to be the Death Star from Star Wars) said:

"Nobody cares, Apple and the entire industry has shown they clearly intend to do what ever the heck they want, whenever they want and the only choice you have is not to use anything they make.

You can't use technology at all anymore without everything being recorded for some "helpful" "geewhiz bang" feature and everyone knowing about it in the process.

It's impossible to keep up with all the "what does this do and why(s)" and all the details because as soon as you get it figured out, they come up with another one. Or it takes a year or so to find out they have been doing something all along, like recording people's iPhone GPS locations and transferring that back to a Mac in a hidden file that people were using software to track others with. Apple got caught on that and called in on the carpet in front of Congress to answer for it.

Let me sum it up (and this is only what I know):

  • Google records all your searches.
  • Google and others use web bugs to track you.
  • SSD drives are not secure eraseables.
  • Cell carriers track your GPS location through tower triangulation 8 times a hour keep it for 6 months.
  • ISP's record all your web traffic and keeps it for a year, some have been selling this data now.
  • HTML 5 has introduced new cookie tracking methods.
  • There are Flash cookies, Evercookies and new forms of cookie tracking popping up all the time.
  • Facebook is recording all the websites you visit even if you log out of Facebook.
  • Apple's Safari respawns cookies, gives your location data to websites.
  • There are log files on Mac's that record all the DNS lookups (aka sites you visited).
  • Apple, Microsoft and Google all have been caught violating people's security and privacy, then give some "opt out" selection somewhere that most people don't know or bother with so eventually it just gets removed from lack of attention and outrage.
  • Devices from Cellbrite can bypass passwords, encryption and download the entire contents of over 3000 models of cell phones SSD drives in a few minutes.
  • There OS X based "nannyware" that can be used by parents, corporations, schools and business that monitor and even watch the screen of others computers, even turn on the microphone and webcam.
  • There is Linux based forensic software that can be booted off a disk/USB on Mac's or PC's and everything a person was doing with the machine laid out like a road map. Delete all you want, it still appears.
  • There is EFI firmware on Mac's that programs can be installed that bypass and work entirely outside of OS X, get online, check your drive and watch your web traffic.
  • Apple Mac's incorportate your personal identification all over the computer, broadcasts it online and over local networks ("Tim Jones computer").
  • Companies, advertising, search engines and otherwise, are in business to profile everyone at a given IP address, supposedly they can classify your personality within the first dozen or two websites you visit, they do this to target advertising at you that your most likely to click on, tugging on your beliefs, political view, age and other factors.
  • Supposedly cell phones can be turned on and into listening devices.
  • OS X 10.6.8/10.7.x [10.8.x, 10.9.x] updates are synching data from Apple for iOS devices and iCloud already.
  • OnStar and TomTom have reportedly been caught tracking users.

I used to advise people how to clean up their machines, but it's been long impossible mission now.

Your only choice(s) is if you have a hard drive:

  1. Zero erase the entire hard drive, reformat and reinstall OS X, your programs from fresh sources and files from (not TimeMachine!) backup; or
  2. Reverse clone from a pristine clone on a external drive already previously preserved in that state.

https://discussions.apple.com/message/16276201#16276201

Treat all technology like the spy/rat/snitch/fink it is and don't tell it anything you don't want the world knowing about, think about that before you click every link. Don't carry anything electronic if you don't want your location broadcasted to everyone and be targeted for advertising and other scams as you walk around a shopping mall.

The war is lost, game over."

Well, this is bit of a defeatist attitude. There is actually a lot you can do right now with just a handful of tools to stop the privacy invasion and snooping around by online strangers. However, the first thing you have to do is set up OS X in the right way the first time you run it. Follow this up by a careful choice of software tools and programs you need to use for your work that won't compromise your privacy. And finally, install and run the tools to help protect your privacy and be prepared to make careful decisions to help these tools do their job properly, then the rest is taking care of.

Of course, one day these technology manufacturers will catch on and try to stop you from making your own decisions that could affect the information these manufacturers want to receive from you. No doubt they will modify their software in such a way as to ensure the tools you use don't work or try to be sneaky. Should it get to this point, it is time to ditch the offending software and use alternatives. Only then will manufacturers start to learn a thing or two about consumer power.

Here are the essential techniques to protecting your privacy on a Apple Macintosh computer (something similar exists for PC users so check online for advice):

  1. When you receive your computer for the first time, use the OS X installation DVD to re-initialise the hard drive and set up several mountable hard disks of your choosing. Do not store personal data on the startup disks even if the OS manufacturer has supplied folders for storing the data (e.g. Documents, Pictures, Music etc). Use the other hard disks you have created to store the data in folders of your choosing and method of organising the data that makes sense to you. If other people are likely to use or access your computer, the most sensitive data should be stored in encrypted.dmg files and do not use the Password Keychain application to store your passwords for accessing these.dmg files.
  2. Always have at least two OS X startup disks (preferably one with the latest OS X in order to run the latest software, and the other and older but stable and more privacy-protected OS X version such as OS X "Snow Leopard"). When installing the latest OS X, make sure you are running from the other OS X startup disk, and before you are required to restart and run the other OS X, make a clone of the startup disk in its pristine state. In future you should never have to re-install OS X again. Just transfer a fresh copy from the backup to a free hard disk.
  3. When you run OS X for the first time, it will ask you for your personal information including your physical location, email address and so on. This information will get stored in Apple's Address Book (or Contacts.app) and will be sent to Apple and collected by other businesses. It is not necessary to give this information in order to run OS X and the software you want. So put in bogus details such as "Any User" for the name, "Any Street", "Any City" and so on for the physical address, and "anyuser@anywhere.com" for the email address. Don't worry, you can still access your emails and do everything you want later. It is just that entering all these personal details right at the beginning is not crucial to your ability to use your computer.
  4. Decide whether you need to use any Apple applications. For example, iTunes may be great to play MP3 music, but then again other third-party applications can do the same and without needing to push your music files through the Apple server allegedly in readiness to be received by your iPhone or iPad. If your life revolves around all these Apple devices and they need to be in "sync", then you might as well expect much of your personal files to be transferred in this way with Apple being the middle man checking on what you've got. But if you don't have these portable Apple devices and merely want to use your computer without "stuff" being transferred willy-nilly to Apple or other companies without your knowledge, ignore all Apple applications. For example, things like Pages.app for word processing, number crunching spreadsheets etc can be replaced by the open source and free Apache OpenOffice 4.0.1 or higher. Safari 6.0 or higher can be replaced by the more privacy-protected FireFox 25.0 or higher. And Mail.app can easily be replaced by numerous alternative third-party email receiving and sending applications that are more privacy-protected. As for the Push Services Apple has implemented in OS X 10.6.8 or higher with iTunes 10.5 or higher, this can be disabled. In the Terminal app in the Utilities folder, type:sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.applepushserviced.plist. In fact, if you have to use any Apple applications, make sure you are not on the internet when you do. All network connections should be shut down before using Apple applications (or any applications that are likely to send your data to strangers online).
  5. Get OnyX, a tool to clean out log files, caches, cookies and many other sources of archived data about where you have visited online, what you do on your computer, etc.
  6. Purchase one of the following tools: Hands Off 2.1 or Little Snitch 3.3 and run it. The only disadvantage in running these tools is that you could be bombarded in the early stages with lots of alerts within various web sites your visit as well as OS X and a number of applications, all of which are trying to send data relating to who you are, what you use, what you are doing and so on to numerous server locations. But you will have no choice if you want to protect your privacy. Eventually you will get to a point where only the essential connections needed to access common web sites you visit will be kept and everything else unnecessary will be blocked. When determining which online addresses to block, the default selection you should take will all applications and OS X while on the internet is deny until quit and see if you can still run OS X and your applications. If you are able to continue using the software, open up the Rules where these server locations are kept and how to handle them by your server-blocking tool. Change the "Deny Until Quit" to the permanent option (i.e., "Deny Forever"). If the applications don't work and you know it is not necessary for the applications to access servers online to make them work, get rid of the applications and use alternative software that will do the job properly. As for web sites you visit, things get more complicated. So here is our advice: Generally if the server location address shown by Little Snitch or the Hands Off tool contains "ads" or "advert" (for servers delivering advertisements), "counter" (for servers collecting data about how often you visit the web site), or servers that do not appear to be related to the web site you are on (probably they are designed to serve additional information on the web page from other web sites), block it until quit. If it turns out certain server addresses are considered important for running the web site in order for you to access the information you need , open the Rules and find the server address(es) and permanently give it access. Later, with trial and error, you can refine this list of servers for the web site you visit until only the most crucial servers needed to operate the web site will remain. Afterwards, any new server addresses popping up by your server-blocking tool are likely to be unrelated or unnecessary, so deny those servers as well.
  7. Set up the preferences for your Internet browser (you shouldn't be using Safari no matter how good Apple claims it is as it won't properly protect your privacy) to block pop-ups, deny sending tracking information to web sites you visit, turn off Javascript (unless you need to do things like access your bank account online), and install selected extensions or Add-ons to your browser for protecting your privacy. Things you should consider for extensions include Adblock Plus 2.4, DoNotTrackMe 2.2.9, Flashblock 1.5.17, and HTTPS-Everywhere.
  8. When doing your work on a computer, most of the time you do not need to access a network, especially the internet. In which case, turn off all network services and do your work as usual.
  9. Take great care about what you download from the internet. Some files may be designed to modify your OS or certain applications in an attempt to open up secret connections to the outside world where strangers can later obtain personal information from your computer. Little Snitch or Hands Off are powerful enough to detect most of these situations and will let you know what's happening. But sometimes you won't know for sure. Therefore, only download files that you can trust (i.e. free of any spyware).
  10. Have a reliable and up-to-date virus checking software tool running on your computer.
  11. Put a piece of electrical black plastic tape over the in-built camera. Some software and web sites can automatically activate the camera and record what you look like.
  12. The same is true of your microphone. Go under the Sound system preference pane, select the Input tab, and choose Line-In for the sound input. Drag the input volume to the lowest setting to ensure no sounds are picked up. Otherwise, the microphone and Apple's default sensitivity setting is still enough to pick up your voice and the people around you and have this data sent to Apple or another location without your consent.
  13. Do not type your name or email address into any software to register it. Sometimes this is not possible as some software require your email address to activate the software. Even so, use a free and disposable email address to activate the software and afterwards keep a copy of the software and related files (use a tool like fseventer to record the files that the application creates or changes at the point of registering and activating the software) in your backup device.
  14. Use a tool to temporarily change the MAC (Machine Address Code) if you intend to go on the internet. It can be useful to help change your IP address (if you are using a DHCP server that automatically sets the IP address for your machine) and prevent online strangers from identifying your true MAC and IP address for your machine. Otherwise, at the very least, if you can randomly change the IP address each time your go online, use the option.