A Defensive Computing Checklist    by Michael Horowitz
NOTE: I gave a presentation on Defensive Computing at the HOPE conference in July 2022
HOME | Full Site Index | Domain Names | VPNs | iOS | Android | About | Rules of the Road | DC Presentation |

SEARCH ENGINES

Search engine StartPage gets its results from Google and claims not to record your search history.

I used to suggest DuckDuckGo, but no more. One reason is that they get their results from Bing. Another reason is that they do not filter out bulls..t as well as Google does. See Fed Up With Google, Conspiracy Theorists Turn to DuckDuckGo New York Times (Feb 2022) and Top 5 Private Search Engines by Security Trails (Dec. 2019).

Neeva is a new search engine that is ad-free and private. There is both a free and paid version. They have their own database from which to draw search results, but they also get data from Apple, Bing, Yelp and others.

BEWARE THE ADS

February 3, 2023: Until further notice, think twice before using Google to download software by Dan Goodin for Ars Technica. Searching Google for downloads of popular software has always come with risks, but over the past few months, it has been downright dangerous. "Google Ads has become the go-to place for criminals to spread their malicious wares that are disguised as legitimate downloads by impersonating brands such as Adobe Reader, Gimp, Microsoft Teams, OBS, Slack, Tor, and Thunderbird." The Domain Name Rules page on this site shows how to recognize scam domain names. Not said in the article is that this can not affect iOS and Android which have their own app stores. This only affects ancient operating systems without an app store: Windows and macOS. The article also does not offer the obvious defense of blocking ads, probably because Ars Technica relies on ads itself.

From the FBI: Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users (December 21, 2022). Not really news. Quoting: "The FBI is warning the public that cyber criminals are using search engine advertisement services to impersonate brands and direct users to malicious sites that host ransomware and steal login credentials and other financial information ... Use an ad blocking extension when performing internet searches."

Scams are showing up at the top of online searches by By Geoffrey Fowler for the Washington Post (September 2022). To be clear, this is nothing new. The article discusses Google, Bing and DuckDuckGo. Quoting: "The core issue is that many search ads are sold through self-service systems, where advertisers don't necessarily need to be authorized or have their links checked by humans. The bad guys sometimes try to create thousands of accounts simultaneously, in the hopes that a few get through." The author interviewed someone from Google who refused to say what percent of their advertisers are currently verified. Microsoft, which provides both ads and search results for DuckDuckGo was no more forthcoming.

GOOGLE SEARCH

Minimize Google tracking by not being signed in to Google when making queries. You can tell if you are signed in by checking the upper right corner of the screen (see screen shots). A single letter in a circle means you are signed in, a blue "Sign in" button means you are not. Google prefers that you not do this.

Consider setting a Google Alert (google.com/alerts) for your name and address to hopefully learn when your address is leaked in a data breach. This takes a bit of skill. As an example, if George Washington lived at 123 East Main Street, his alert might be
"george washington" AND "123" AND "east" OR "e" AND "main"
With Google, the AND and OR logical operators must be in upper case. Also, Google ignores parenthesis. The 123 probably does not have to be in quotes, but this insure that it does not match 9123 or 881123. I am assuming there that the OR is evaluated before the ANDs, but I have not seen an example this complicated. Mr. Washington might want to simplify this a bit down to
"george washington" AND "123" AND "east" OR "e" or maybe
"george washington" AND "123" AND "main"
This is a good source on how to construct advanced Google searches: Advanced Search Operators by Daniel M. Russell November 11, 2022.

SafeSearch can filter explicit content from Google search results. To keep SafeSearch turned on and prevent users from turning it off, there is lock SafeSearch. Lock SafeSearch for accounts, devices & networks you manage by Google.

As of April 2022, you can ask Google to remove sensitive personal information from its search results.

  1. Remove your personal information from Google from Google (undated)
  2. Remove your personal information from Google from Google (undated)
  3. How to Remove Your Personal Info From Google's Search Results by Reece Rogers (May 2022)

Coming October 2022: The Android Google app will have a new option that should help you remove your personal data from Google searches. Open the app, click your profile and look for the new "Results about you" option. The Android Google app dated Sept 28, 2022 does not yet include this option.

BING SEARCH

I have blogged about Bing a couple times. The first time was because they removed my RouterSecurity.org website from their search results. See Banned by Bing (April 26, 2021). Then, after the site was restored it was not in its usual top spot when searching for "Router Security". No big deal, but the top search result was a really miserable article, which prompted another blog from me: Bing prefers miserable Router Security advice (May 15, 2021).

 This page: 4 views per day (over 140 days)   Total views: 628   Created: September 20, 2022
This Page
Last Updated

February 4, 2023
Total Site
Page Views

 537,190
Site Page
Views Today

  1,541
Previous
Website View

37 seconds ago
Website by
Michael Horowitz
@defensivecomput
top
Copyright 2019 - 2023