Updating Your OS/Apps: Mac: Update the software on your Mac How to get macOS Sierra Windows: https://support.microsoft.com/en-us/help/12373/windows-update-faq FileHippo App Manager 2.0 Beta 4 Android: Update downloaded apps - Google Play Help Check and update your Android version - Nexus Help iOS: Update the iOS software on your iPhone, iPad, or iPod touch Malware and Virus Protection: Android/iOS: Download Lookout - Lookout Windows/Mac: Malwarebytes Anti-Malware Premium Windows: Windows 10 – Windows Defender - Microsoft Using a VPN: http://lifehacker.com/5940565/why-y...and-how-to-choose-the-best-one-for-your-needs The Best VPN Services of 2016 How VPNs Work Blocking Accounts: Facebook Twitter YouTube Instagram Reporting: Facebook Twitter YouTube Instagram Checking Apps Connected to Your Account: Facebook Twitter Google Check What's Installed On Your Device: How to quickly get a list of all the apps installed on your iPhone or iPad https://support.microsoft.com/en-us/help/17421/windows-free-up-drive-space OS X Yosemite: Install, update, and uninstall apps Android Guide: Managing Your Installed Applications Backing Up Your Device: iOS: How to back up your iPhone, iPad, and iPod touch Android: Back up or restore data on your device - Nexus Help Windows: https://support.microsoft.com/en-us/help/17127/windows-back-up-restore https://support.microsoft.com/en-us/help/17184/windows-10-onedrive Mac: Backup - Apple Support General Security Tips: Ten simple, common-sense security tips Top Ten: The Most Important Cyber Security Tips for Your Users - OpenDNS Umbrella Blog National Cyber Security Alliance | StaySafeOnline.org Password and login security tips that anyone can use Use Two Factor Authentication: How to enable two-factor authentication on popular sites Change your passwords every six months and use a password manager. Scan and update your devices regularly. Happy browsing.
Great thread idea! :) Y'know, even after taking a security course, I still have no idea how a password manager is more secure than logging into individual pages manually. Can someone explain how it's more secure for someone to obtain a dump of all of your passwords if they're able to compromise only one account- the password manager? It's cool that you can get randomized passwords generated in there, but having them all in one central location seems like a strange step backwards to me.
Thanks for the read! Definitely interesting. I still don't know that I trust my ability to create and remember a master password that I'd trust with all that information, but I do want to look into this more.
Another good tool is actually a Chrome extension that'll tell you if the site you're on is secure or not. It populates a number 0-950 (like a credit score). Higher is better. CSTAR Risk Score
Google’s Chrome Hackers Are About to Upend Your Idea of Web Security You Watching, Twitter? YouTube Just Cleaned Up Comments
Before You Use the Public Wi-Fi, Read This Pick between four great lifetime VPN subscriptions with huge savings
Ben asked over in the Politics forum about using Tor. Is there an interest here in talking about online presence and anonymity?
Tesco Bank halts online transactions after money taken from 20,000 accounts http://thenextweb.com/facebook/2016/11/08/whatsapp-wont-share-uk-user-data-with-facebook-anymore/ The importance of selecting a secure phone for business Apple's new iPhone feature could get you out of a sticky situation
Okay. So the first things first before I address encryption, VPNs, Proxies, or TOR, I just want to make sure everyone is on the same page as far as what is happening when you access websites, send emails, and use apps on your phone. Sorry that the title sounds kind of condescending on a tech thread, but we linked this into General so I don't want to confuse people who may be looking at this for the first time. The main things that we need to remember when talking about security is that anytime you access the internet, you have relinquished control of any data you provide a website or send in an email. That data is then sitting on a server somewhere out of your control. It is straight-up defense from the start. Ed is pretty eloquent on the matter of your data and surveillance. Interview starts around the 4-minute mark. Safe to say I don't expect everyone to start pulling components out of their phones. Even then if you meet in public, you can't be sure that other devices around you are compromised and correlated with other metadata, can be used to the same effect. That's basically how the founder of The Silk Road was eventually tracked down and arrested. Other stuff he did wrong So leaving the anonymity stuff for another post, encryption is concerned with one thing only: the content of data being sent over the internet whether it's the text of your email or sms message, the files on your hard drive, or the individual pages on a website that you're visiting. Take this forum for example. It uses SSL encryption to protect the content of how you use this site. If I were sitting outside your house sniffing your internet traffic I would be able to see the public IP address of Chorus.fm (104.27.176.185), but because the connection is encrypted I can't look at the actual content of the data going back and forth...which thread you're in, what you posted, which posts you like, etc. Now that being said, it would be fairly straightforward to correlate time stamps and when I knew you accessed the page, but that's just because this is a public site and that would be a very targeted attack that you're not likely going to be on the receiving end of. In the case of email or SMS (little bit different for SMS, but same principle) where I don't have access to either the sending or receiving account, the encryption makes that email or SMS unreadable to anyone but the people at either end, hence end-to-end. Encryption itself is really cool, so I'm going to talk a bit about it, but if you want to skip over to how you can start using it I'll put a gif or something once I'm done going down the rabbit hole. "key" as it is used below can be thought of like a password. This is the basic idea: In public-key encryption, you have a private key (related to you in some way) and a public key (randomly generated). When others want to send you a message, they use your public key to encrypt it. Once it is encrypted with that key, it can only be decrypted by your private key. This way if someone were to find out what key was used to encrypt the message, they are still out of luck as you should be the only one who knows your private key. This is where PGP comes in. The idea here is to also try and address privacy by adding another layer of encryption. Instead of using your public key to encrypt the actual message, this time the sender generates a random one time-use key called a "session" key. They encrypt the message using the session key, and then encrypt the session key itself with your public key and then the process is mirrored on your end to decrypt it. Sorry dark version users, the only image I found has a transparent background and I'm too lazy to fix it rn. The reason this preserves anonymity has to do with what data is stored recording something has taken place and is only as effective as its implementation. Short version, if you don't trust the site that says it's using PGP, don't trust that you're anonymous (and I'll go more into the whole concept of anonymity on another post). Okay. So, how can you encrypt things? As with all things there are apps that make it easy. Signal and ProtonMail are two that I have used. Someone also mentioned WhatsApp. For what it's worth I'm a little more cautious there because it's owned by Facebook, but that gets into other issues. Encourage or require others to use these services when discussing sensitive information, or any info you want to protect. A couple things that I would like to make very clear: Encryption hinges on the security of the keys used. If an account or password is compromised, assume the encryption is compromised. We've already touched on passwords in this thread and general. Make them long. Keep them secret in your brain only or use a password manager. In my opinion, the most important question you have to ask yourself is "Should this be on the internet?" or more precisely "Can anyone come to harm if this is read?" If the safety of other people is involved, there is no way of protecting them 100% if you communicate with them over the internet. Meet face to face. If you need to talk about things you don't want the government finding out about, meet in private and power down every device with internet access. I'm not advocating trying to go dark. You really won't be able to and it's going to largely be a waste of your time and money. I just advocate knowing who may have access to your data and taking steps protect yourself and others.
This $5 device can hack password-protected computers in just 30 seconds Twitter Is Adding New Filtering Tools in an Effort to Curb Abuse Volunteers Sign Up to Fight the Twitter Egg Onslaught