Internet Security and Safety Guide

Discussion in 'Technology Forum' started by lightning13, Oct 11, 2016.

  1. aranea

    Grill Gamer and Much Needed Ally Prestigious

    Updating Your OS/Apps:
    Mac:

    Update the software on your Mac
    How to get macOS Sierra
    Windows:
    https://support.microsoft.com/en-us/help/12373/windows-update-faq
    FileHippo App Manager 2.0 Beta 4
    Android:
    Update downloaded apps - Google Play Help
    Check and update your Android version - Nexus Help
    iOS:
    Update the iOS software on your iPhone, iPad, or iPod touch

    Malware and Virus Protection:
    Android/iOS:
    Download Lookout - Lookout
    Windows/Mac: Malwarebytes Anti-Malware Premium
    Windows: Windows 10 – Windows Defender - Microsoft

    Using a VPN:

    http://lifehacker.com/5940565/why-y...and-how-to-choose-the-best-one-for-your-needs
    The Best VPN Services of 2016
    How VPNs Work

    Blocking Accounts:
    Facebook
    Twitter
    YouTube
    Instagram

    Reporting:
    Facebook
    Twitter
    YouTube
    Instagram

    Checking Apps Connected to Your Account:
    Facebook
    Twitter
    Google

    Check What's Installed On Your Device:
    How to quickly get a list of all the apps installed on your iPhone or iPad
    https://support.microsoft.com/en-us/help/17421/windows-free-up-drive-space
    OS X Yosemite: Install, update, and uninstall apps
    Android Guide: Managing Your Installed Applications

    Backing Up Your Device:
    iOS:
    How to back up your iPhone, iPad, and iPod touch
    Android: Back up or restore data on your device - Nexus Help
    Windows: https://support.microsoft.com/en-us/help/17127/windows-back-up-restore
    https://support.microsoft.com/en-us/help/17184/windows-10-onedrive
    Mac: Backup - Apple Support

    General Security Tips:
    Ten simple, common-sense security tips
    Top Ten: The Most Important Cyber Security Tips for Your Users - OpenDNS Umbrella Blog
    National Cyber Security Alliance | StaySafeOnline.org
    Password and login security tips that anyone can use

    Use Two Factor Authentication:
    How to enable two-factor authentication on popular sites

    Change your passwords every six months and use a password manager.

    Scan and update your devices regularly.

    Happy browsing. :-)
     
  2. RyanPm40

    Trusted Prestigious

    Great thread idea! :)

    Y'know, even after taking a security course, I still have no idea how a password manager is more secure than logging into individual pages manually.

    Can someone explain how it's more secure for someone to obtain a dump of all of your passwords if they're able to compromise only one account- the password manager? It's cool that you can get randomized passwords generated in there, but having them all in one central location seems like a strange step backwards to me.
     
  3. AelNire

    @ErinLea7 Prestigious

    RyanPm40 and lightning13 like this.
  4. sponsor
  5. aranea

    Grill Gamer and Much Needed Ally Prestigious

    A Skeptic’s Guide to Password Managers and Security - Dashlane Blog
     
    RyanPm40 likes this.
  6. RyanPm40

    Trusted Prestigious

  7. armistice Oct 11, 2016
    (Last edited: Oct 12, 2016)
    armistice

    Captain Vietnam: Bestower of Tumors Supporter

    Edit: I didn't see the article @lightning13 linked. They've got it covered.
     
  8. jorbjorb

    ¯\_(ツ)_/¯

    thanks lightning!
     
    lightning13 likes this.
  9. ilikedesigning

    This isn't war. This isn't courage. Prestigious

    Another good tool is actually a Chrome extension that'll tell you if the site you're on is secure or not. It populates a number 0-950 (like a credit score). Higher is better.

    CSTAR Risk Score
     
  10. ilikedesigning

    This isn't war. This isn't courage. Prestigious

    Thankfully Chorus.fm gets a 798 ;)
     
  11. aranea

    Grill Gamer and Much Needed Ally Prestigious

     
  12. iCarly Rae Jepsen

    never cursed your name Prestigious

  13. aranea

    Grill Gamer and Much Needed Ally Prestigious

  14. aranea

    Grill Gamer and Much Needed Ally Prestigious

  15. aranea

    Grill Gamer and Much Needed Ally Prestigious

  16. armistice

    Captain Vietnam: Bestower of Tumors Supporter

    Ben asked over in the Politics forum about using Tor. Is there an interest here in talking about online presence and anonymity?
     
  17. aranea

    Grill Gamer and Much Needed Ally Prestigious

  18. aranea

    Grill Gamer and Much Needed Ally Prestigious

    Wharf Rat likes this.
  19. Wharf Rat

    We'll see summer, by and by Prestigious

    Yeah I don't know anything about it

    also i dont think ive ever been in this forum
     
  20. Whatjuliansaid

    News on once the clouds are gone. Prestigious

    Hey there
     
  21. Jason Tate

    chorus.fm @jason_tate @encorepodcast Staff Member

    I definitely think so.
     
  22. armistice

    Captain Vietnam: Bestower of Tumors Supporter

    Okay. So the first things first before I address encryption, VPNs, Proxies, or TOR, I just want to make sure everyone is on the same page as far as what is happening when you access websites, send emails, and use apps on your phone.



    Sorry that the title sounds kind of condescending on a tech thread, but we linked this into General so I don't want to confuse people who may be looking at this for the first time.

    The main things that we need to remember when talking about security is that anytime you access the internet, you have relinquished control of any data you provide a website or send in an email. That data is then sitting on a server somewhere out of your control. It is straight-up defense from the start. Ed is pretty eloquent on the matter of your data and surveillance. Interview starts around the 4-minute mark.



    Safe to say I don't expect everyone to start pulling components out of their phones. Even then if you meet in public, you can't be sure that other devices around you are compromised and correlated with other metadata, can be used to the same effect. That's basically how the founder of The Silk Road was eventually tracked down and arrested. Other stuff he did wrong

    So leaving the anonymity stuff for another post, encryption is concerned with one thing only: the content of data being sent over the internet whether it's the text of your email or sms message, the files on your hard drive, or the individual pages on a website that you're visiting. Take this forum for example. It uses SSL encryption to protect the content of how you use this site. If I were sitting outside your house sniffing your internet traffic I would be able to see the public IP address of Chorus.fm (104.27.176.185), but because the connection is encrypted I can't look at the actual content of the data going back and forth...which thread you're in, what you posted, which posts you like, etc. Now that being said, it would be fairly straightforward to correlate time stamps and when I knew you accessed the page, but that's just because this is a public site and that would be a very targeted attack that you're not likely going to be on the receiving end of.

    In the case of email or SMS (little bit different for SMS, but same principle) where I don't have access to either the sending or receiving account, the encryption makes that email or SMS unreadable to anyone but the people at either end, hence end-to-end. Encryption itself is really cool, so I'm going to talk a bit about it, but if you want to skip over to how you can start using it I'll put a gif or something once I'm done going down the rabbit hole.

    "key" as it is used below can be thought of like a password.

    This is the basic idea:

    [​IMG]

    In public-key encryption, you have a private key (related to you in some way) and a public key (randomly generated). When others want to send you a message, they use your public key to encrypt it. Once it is encrypted with that key, it can only be decrypted by your private key. This way if someone were to find out what key was used to encrypt the message, they are still out of luck as you should be the only one who knows your private key.

    This is where PGP comes in. The idea here is to also try and address privacy by adding another layer of encryption. Instead of using your public key to encrypt the actual message, this time the sender generates a random one time-use key called a "session" key. They encrypt the message using the session key, and then encrypt the session key itself with your public key and then the process is mirrored on your end to decrypt it.

    [​IMG]

    Sorry dark version users, the only image I found has a transparent background and I'm too lazy to fix it rn. The reason this preserves anonymity has to do with what data is stored recording something has taken place and is only as effective as its implementation. Short version, if you don't trust the site that says it's using PGP, don't trust that you're anonymous (and I'll go more into the whole concept of anonymity on another post).

    Okay.

    [​IMG]

    So, how can you encrypt things?

    As with all things there are apps that make it easy. Signal and ProtonMail are two that I have used. Someone also mentioned WhatsApp. For what it's worth I'm a little more cautious there because it's owned by Facebook, but that gets into other issues. Encourage or require others to use these services when discussing sensitive information, or any info you want to protect.

    A couple things that I would like to make very clear:

    Encryption hinges on the security of the keys used. If an account or password is compromised, assume the encryption is compromised. We've already touched on passwords in this thread and general. Make them long. Keep them secret in your brain only or use a password manager.

    In my opinion, the most important question you have to ask yourself is "Should this be on the internet?" or more precisely "Can anyone come to harm if this is read?" If the safety of other people is involved, there is no way of protecting them 100% if you communicate with them over the internet. Meet face to face. If you need to talk about things you don't want the government finding out about, meet in private and power down every device with internet access. I'm not advocating trying to go dark. You really won't be able to and it's going to largely be a waste of your time and money. I just advocate knowing who may have access to your data and taking steps protect yourself and others.
     
  23. aranea

    Grill Gamer and Much Needed Ally Prestigious

  24. esposimi

    It's joke Prestigious

  25. aranea

    Grill Gamer and Much Needed Ally Prestigious

    armistice likes this.
  26. aranea

    Grill Gamer and Much Needed Ally Prestigious