舊文件

此處文件僅供參考,請自行考量時效性與適用程度,其他庫藏文件請參考文件頁面
我們亟需您的協助,進行共筆系統搬移、及文件整理工作,詳情請查閱參與我們

Privacy and Security

出自 MozTW Wiki

於 2006年4月30日 (日) 21:14 由 Softcup對話 | 貢獻 所做的修訂 (移除廣告)
(比較) ←上一修訂 | 查看目前修訂 (比較) | 下一修訂→ (比較)

This chapter covers general information on personal privacy as well as Mozilla’s privacy and security features. This chapter does not, however, address all online privacy and security issues, nor does it represent a recommendation by mozilla.org about what consitutes adequate privacy and security protection on the Internet.

Introduction

Convenience is a double-edge sword—just as the Internet simplifies communication, the convenience also makes it easy for information to falls into the wrong hand. Loss of information security or privacy is not restricted to computer virus, unauthorized information access, or spam. In fact, most security and privacy incidents occur not due to technology failure but due to negligence or ignorance. Fortunately, this means you can protect yourself simply by practicing common sense.

While this chapter shows you how to us Mozilla’s security and privacy features, most of the information concerns basics that apply else where, online or offline.

The Simple Things

When asked about computer security and privacy, many people think about computer viruses, trojans, hacking, and the like where security and privacy are compromised due to malicious intent on the part of other people. However, many security and privacy incidents are unintentional mistakes. An classic case would be sending e-mail to the wrong person, which is just as easy as dialing the wrong number. The result is often embarrassment, which is sometimes worse than financial loss. Technology cannot catch this kind of mistake. For your own protection, education and sensibility are the keys. That said, let us look at a few simple things we can do:

Do not trust technology 
No technology is perfect.
Be suspecious 
[I've read somewhere a long time ago where a person walked into a corporate building and, identifying himself as a new employee, got a badge and his own office that day]
Hail inconvienance 
Security often causes inconvienance. Unfortunately, there is often a way to get around it. It's important that you understand the intent behind a feature before you change it.
Do not share keys and password 
Sharing increases risk; whenever possible, keep your keys and passwords to yourself. This is especially important for your master keys and master passwords.
Keep alert 
People tend to relax when things are easy and routine. That's often when accident occurs. Especially double check your recipient address (or number).

Etiquette

Be mindful of other's privacy as well. The most frequent mistakes people make is mass forwarding. This shows a lack of concern and may expose somebody's private e-mail identity to the public.

When you send an e-mail message, you can put the recipients' addresses in the To: , CC: (carbon copy), or BCC (blind carbon copy) fields. Except for BCC addresses, addresses are visible to all recipients. If you think a recipient may not want his/her identity exposed, put him/her address in BCC.

More importantly, avoid mass forwarding all together. The bigger your recipient list is, the more likely you mistakenly include unintended people.

Anonymity

[One of the biggest attraction of the Internet is anonymity, and it's not rare that new Internet users would have alias such as mickymouse123. However, the fun wears out quickly and in truth hiding your real name does not really protect your privacy. blah blah]

Encryption

Firewall

Password

Making good passwords

Remembering your passwords

There are two ways to manage your growing list passwords:

  • Keep a master password: a master password is a password to (access) all your other passwords. Instead of remembering your various passwords, you can just store them in a convenient database and set a password to it. Mozilla has a master password feature, so you can set Mozilla to remember all your passwords and then only have to type in a password once to access all your Internet accounts. You may also use other software such as Mac OS's Keychain feature to manage your passwords. Note that Mozilla and most other password management software cannot recover your master password if you have lost it. As a rule, your master password should be as long and difficult as you can manage without fail.
  • Make a hardcopy of your passwords: you can write all your password on paper and file them away. To increase your security, you can also make simple encryptions such as reversing password sequence or inserting characters that you never use in passwords. Make it difficult for others to know what the passwords are for. For example, for your mail account, identify the password with "m" instead of mail. You should not put information you can easily remember, such as your name and account user names.

Because it's much easier to lose (or forget) a hardcopy than to wipe out your hard disk, you should make duplicates of your password hardcopy and file them away separately.

Using the Password Manager

Sites opting out of Password Manager

Managing spam and mail from unknown senders

Ignore spam mail.

As good as spam-fighting technologies may become, and as good as spammers may be at evading counter measures, this has remained the most basic and effective way of fighting back since the early days of Internet.

Is it safe to read spam mail?

There has been no known incident of mail virus for Mozilla, so as far as malicious code is concerned it is quite safe to open spam mail. (However, if you forward a message to another person, be courteous and scan any attachment for virus as what is safe to you may be unsafe for another.)

Mail Attachment

Be wary of binary attachment. Although Mozilla will not execute any program from within itself, you could download malicious program to your hard drive and execute it by mistake.

Often malicious program disguise itself as innocent images, pdf, or other non-executable binary files. For Windows, this is often done by obsecuring the extension. For example, a file may be called cutepoppy.jpeg.exe (.exe is executable). Windows may hide the extension so it appears as cutepoppy.jpeg (.jpeg is an image format). The executable may even have a program icon showing as an image file icon. Sometimes, the file is zipped so that the user has to download the zip, decompress it, and then (habitually) double clicking on the unzipped file. Often the extra step is enough to confuse the average users. [Screenshot of the Microsoft Security Patch spam] [Caption: this innocent-looking message actually contains a virus.]

Confused? Yes, and in the future there may be even more sophiscated method of tricking the users.

If you have a anti-virus program, scan everything you download from the Internet. If you don't, get one! And if you get a message from an unknown sender, delete it without looking is the best way to protect yourself. How can I prevent my e-mail address being harvested?

Unfortunately, unless you keep your e-mail address to some private friends, sooner or later spammers will harvest your e-mail addresses. Spammers usually harvest mail addresses by scanning mailing list and Usenet postings and Web sites. If you are on mailing lists, you can create a public account different from your private one for posting to mailing lists. If you read newsgroups, you can use a public account or post anonymously, depending on the newsgroup rules. Mozilla newsgroups require that you use a real e-mail address.

How do I remove myself from spammers' mailing lists?

Most spam mail include opt-out instructions. However, trust that spammers lie and do not follow the instructions; any form of reply would merely confirm your existence and invite more spams.

Using de-spam services

You may, at your own risk, use spam filtering services such as those provided by your mail carrier or a third-party service such as despammed.com to automatically filter out spam mail. However, unless you are receiving a large volume of spam mail, normally filtering on your own is easy enough to require no extra help.

Can I bounce spam mail back to its sender?

You should not.

Many people have requested a bounce feature which would allow them to send a fake unknown-recipient return message back to spammers. The aim is usually to punish spammers by costing them bandwidth to receive such bounce messages. Unfortunately, such measure usually punish innocent bystanders. Spam senders often hijack other people's e-mail addresses, and bounce would do double injury to these people. Also, it costs little for spammers to send and receive messages, but it costs network carriers to process both spams and your bounce messages.

Using The Junk Mail Controls

Mozilla has a spam filter. To access it, in the mail window open the Tools menu, and choose Junk Mail Controls.

Junk Mail Controls uses the Bayesian classification method. The filter requires that you first /train/ it by showing it mail that is junk and mail that is not. Then the filter automatically classifies new mail, and you continue to correct it as it makes mistakes.

In the message list pane, there is a column for Junk Status. (If you do not see it, click on the right-most button in the list header bar, which lists subject, sender, date, etc., and check Junk Status from the pop-up menu.)

                                                       this one --.
                                                                  |
 ________________ _______________________________________________ v
 Name_________[.]| |=|_Subject________|o|_Sender_|Date_____|Total[.]
 - Daniel     [^]|  =, +[]Hello        o Sophia   2003-02-01  3  [^]
  + Inbox     | ||      []Re: Test Res o CTL      2003-03-02  1  | |
    Drafts    |:||  =, +[]Product Quot o John May 2003-03-06  5  |:|
    Templates |:||      []Re: Friday a o Joe      2003-03-06  1  |:|
    Sent      |:||      []no subject   o Internet 2003-03-07  1  |:|
    Junk      | ||  =, +[]Please fill  o John May 2003-03-20  3  | |
 _____________[v]|_______________________________________________[v]
 -------------------------------:::---------------------------------
 Subject Please fill me in on this     From John Maye Date 2003-03-20|

When you choose the Junk button, a trash can icon will appear or disappear in the column to indicate the junk status of the selected message.

Some users make the mistakes of only flagging junk mail and expect the filter to work. Remember you also need to train the filter negatives (by explicitly mark some mail as Not Junk) before auto-classification begins.

Do not be alarmed if the Junk button appears to do nothing when you first use it; the system will become very accurate if you use it often enough. For more information, read www.mozilla.org/mailnews/spam-howto.html.

Increasing junk filter accuracy

You can increase the accuracy of Junk Controls by preventing it from handling mail you are sure to be not junk. For example, you can set it up to ignore all incoming mail from people listed in your Personal Address Book. You can also setup filters to move mail you know not to be junk out of the Inbox folder (Junk Controls only handle mail in the Inbox folder and its sub-folders). By preventing Junk Controls from handling known mail, you avoid false positives and the need to /de-sensitivize/ the Junk Controls by de-flagging Junk status.

Other Privacy Controls

There are a few things that you should be aware of.

By default, Mozilla loads remote images in messages. You may not want this to happen because by sending a remote server a request to get an image you may confirm your existence.

To disable remote images in Mail & Newsgroups, open the Edit menu and choose Preferences. Choose category Privacy & Security, then choose the sub-category Images. Check the option Do not load remote images in Mail & Newsgroup messages.

If you do not wish to see any images, remote or stored in mail messages, or if you want to be able to turn on images quickly, open the View menu, choose Message Body As, and then choose Simple HTML or Plain Text. Also, open the View menu, and uncheck Display Attachments Inline. To turn on images for a specific message, choose the Original HTML option and check Display Attachments Inline

By default, Mozilla will not allow mail messages to read or write cookies. To make sure this is indeed true, open the View menu, then choose Preferences. In the Preferences dialog, choose category Privacy & Security, choose sub-category Cookies, and then check if option Disable cookies in Mail & Newsgroup is checked.

By default, Mozilla does not allow messages to execute code. To make sure this is indeed true, open the View menu, then choose Preferences. In the Preferences dialog, choose category Advanced, then choose sub-category Script & Plugins. In the Enable JavaScript for pane, make sure option Mail & Newsgroups is not checked.

Cookies

Profiles

Content (Parental) Controls

Mozilla does not provide any facility for content filtering. There, I'm done with a section

Scripts, Popups, Images, and Plug-ins

really nothing to do with security and privacy. just annoyance.

Closing remarks

This article only provides general information that everyone would need. If you want more information on spams, visit spam.abuse.net. Also read the excellent Net Abuse FAQ <http://www.cybernothing.org/faqs/net-abuse-faq.html>. Be sure you bookmark it. I did!

個人工具