Internet Security and Safety Guide

Updating Your OS/Apps:
Mac:
Update the software on your Mac
How to get macOS Sierra
Windows:
https://support.microsoft.com/en-us/help/12373/windows-update-faq
FileHippo App Manager 2.0 Beta 4
Android:
Update downloaded apps - Google Play Help
Check and update your Android version - Nexus Help
iOS:
Update the iOS software on your iPhone, iPad, or iPod touch

Malware and Virus Protection:
Android/iOS: Download Lookout - Lookout
Windows/Mac: Malwarebytes Anti-Malware Premium
Windows: Windows 10 – Windows Defender - Microsoft

Using a VPN:
http://lifehacker.com/5940565/why-y...and-how-to-choose-the-best-one-for-your-needs
The Best VPN Services of 2016
How VPNs Work

Blocking Accounts:
Facebook
Twitter
YouTube
Instagram

Reporting:
Facebook
Twitter
YouTube
Instagram

Checking Apps Connected to Your Account:
Facebook
Twitter
Google

Check What's Installed On Your Device:
How to quickly get a list of all the apps installed on your iPhone or iPad
https://support.microsoft.com/en-us/help/17421/windows-free-up-drive-space
OS X Yosemite: Install, update, and uninstall apps
Android Guide: Managing Your Installed Applications

Backing Up Your Device:
iOS: How to back up your iPhone, iPad, and iPod touch
Android: Back up or restore data on your device - Nexus Help
Windows: https://support.microsoft.com/en-us/help/17127/windows-back-up-restore
https://support.microsoft.com/en-us/help/17184/windows-10-onedrive
Mac: Backup - Apple Support

General Security Tips:
Ten simple, common-sense security tips
Top Ten: The Most Important Cyber Security Tips for Your Users - OpenDNS Umbrella Blog
National Cyber Security Alliance | StaySafeOnline.org
Password and login security tips that anyone can use

Use Two Factor Authentication:
How to enable two-factor authentication on popular sites

Change your passwords every six months and use a password manager.

Scan and update your devices regularly.

Happy browsing.

 

Great thread idea! :)

Y'know, even after taking a security course, I still have no idea how a password manager is more secure than logging into individual pages manually.

Can someone explain how it's more secure for someone to obtain a dump of all of your passwords if they're able to compromise only one account- the password manager? It's cool that you can get randomized passwords generated in there, but having them all in one central location seems like a strange step backwards to me.

 

I appreciate you for making this thread. @lightning13

 

A Skeptic’s Guide to Password Managers and Security - Dashlane Blog

 

Thanks for the read! Definitely interesting.

I still don't know that I trust my ability to create and remember a master password that I'd trust with all that information, but I do want to look into this more.

 

Edit: I didn't see the article @lightning13 linked. They've got it covered.

 

thanks lightning!

 

Another good tool is actually a Chrome extension that'll tell you if the site you're on is secure or not. It populates a number 0-950 (like a credit score). Higher is better.

CSTAR Risk Score

 

Thankfully Chorus.fm gets a 798 ;)

 

How to Get Google to Stop Personally Tracking You

 

Microsoft says Russia-linked hackers exploiting Windows flaw

 

Google’s Chrome Hackers Are About to Upend Your Idea of Web Security

You Watching, Twitter? YouTube Just Cleaned Up Comments

 

Before You Use the Public Wi-Fi, Read This

Pick between four great lifetime VPN subscriptions with huge savings

 

Ben asked over in the Politics forum about using Tor. Is there an interest here in talking about online presence and anonymity?

 

Tesco Bank halts online transactions after money taken from 20,000 accounts
http://thenextweb.com/facebook/2016/11/08/whatsapp-wont-share-uk-user-data-with-facebook-anymore/
The importance of selecting a secure phone for business
Apple's new iPhone feature could get you out of a sticky situation

 

there should be.

@Wharf Rat @Jason Tate @scott

 

Yeah I don't know anything about it

also i dont think ive ever been in this forum

 

Hey there

 

I definitely think so.

 

Okay. So the first things first before I address encryption, VPNs, Proxies, or TOR, I just want to make sure everyone is on the same page as far as what is happening when you access websites, send emails, and use apps on your phone.

Sorry that the title sounds kind of condescending on a tech thread, but we linked this into General so I don't want to confuse people who may be looking at this for the first time.

The main things that we need to remember when talking about security is that anytime you access the internet, you have relinquished control of any data you provide a website or send in an email. That data is then sitting on a server somewhere out of your control. It is straight-up defense from the start. Ed is pretty eloquent on the matter of your data and surveillance. Interview starts around the 4-minute mark.

Safe to say I don't expect everyone to start pulling components out of their phones. Even then if you meet in public, you can't be sure that other devices around you are compromised and correlated with other metadata, can be used to the same effect. That's basically how the founder of The Silk Road was eventually tracked down and arrested. Other stuff he did wrong

So leaving the anonymity stuff for another post, encryption is concerned with one thing only: the content of data being sent over the internet whether it's the text of your email or sms message, the files on your hard drive, or the individual pages on a website that you're visiting. Take this forum for example. It uses SSL encryption to protect the content of how you use this site. If I were sitting outside your house sniffing your internet traffic I would be able to see the public IP address of Chorus.fm (104.27.176.185), but because the connection is encrypted I can't look at the actual content of the data going back and forth...which thread you're in, what you posted, which posts you like, etc. Now that being said, it would be fairly straightforward to correlate time stamps and when I knew you accessed the page, but that's just because this is a public site and that would be a very targeted attack that you're not likely going to be on the receiving end of.

In the case of email or SMS (little bit different for SMS, but same principle) where I don't have access to either the sending or receiving account, the encryption makes that email or SMS unreadable to anyone but the people at either end, hence end-to-end. Encryption itself is really cool, so I'm going to talk a bit about it, but if you want to skip over to how you can start using it I'll put a gif or something once I'm done going down the rabbit hole.

"key" as it is used below can be thought of like a password.

This is the basic idea:



In public-key encryption, you have a private key (related to you in some way) and a public key (randomly generated). When others want to send you a message, they use your public key to encrypt it. Once it is encrypted with that key, it can only be decrypted by your private key. This way if someone were to find out what key was used to encrypt the message, they are still out of luck as you should be the only one who knows your private key.

This is where PGP comes in. The idea here is to also try and address privacy by adding another layer of encryption. Instead of using your public key to encrypt the actual message, this time the sender generates a random one time-use key called a "session" key. They encrypt the message using the session key, and then encrypt the session key itself with your public key and then the process is mirrored on your end to decrypt it.



Sorry dark version users, the only image I found has a transparent background and I'm too lazy to fix it rn. The reason this preserves anonymity has to do with what data is stored recording something has taken place and is only as effective as its implementation. Short version, if you don't trust the site that says it's using PGP, don't trust that you're anonymous (and I'll go more into the whole concept of anonymity on another post).

Okay.



So, how can you encrypt things?

As with all things there are apps that make it easy. Signal and ProtonMail are two that I have used. Someone also mentioned WhatsApp. For what it's worth I'm a little more cautious there because it's owned by Facebook, but that gets into other issues. Encourage or require others to use these services when discussing sensitive information, or any info you want to protect.

A couple things that I would like to make very clear:

Encryption hinges on the security of the keys used. If an account or password is compromised, assume the encryption is compromised. We've already touched on passwords in this thread and general. Make them long. Keep them secret in your brain only or use a password manager.

In my opinion, the most important question you have to ask yourself is "Should this be on the internet?" or more precisely "Can anyone come to harm if this is read?" If the safety of other people is involved, there is no way of protecting them 100% if you communicate with them over the internet. Meet face to face. If you need to talk about things you don't want the government finding out about, meet in private and power down every device with internet access. I'm not advocating trying to go dark. You really won't be able to and it's going to largely be a waste of your time and money. I just advocate knowing who may have access to your data and taking steps protect yourself and others.

 

This $5 device can hack password-protected computers in just 30 seconds
Twitter Is Adding New Filtering Tools in an Effort to Curb Abuse
Volunteers Sign Up to Fight the Twitter Egg Onslaught

 

Heads up for anyone using Mega

File-Storage Service Mega Compromised by Hackers - TorrentFreak

 

Apple’s automated backups are making every iPhone owner vulnerable

 

Hackers stole personal data belonging to more than 130,000 US Navy sailors