Internet Security and Safety Guide • Page 3

I hate having a windows phone. Is there anything that I can get that lets me send messages without encryptions that I haven't heard of yet?

 

I know of WhatsApp, not sure about any others.

 

I could've sworn that became compromised at some point and changed.

 

Just saw this article regarding WhatsApp.

WhatsApp has a backdoor

 

I knew I read that somewhere. Sucks.

 

Guess this goes here

The Privacy Threat From Always-On Microphones Like the Amazon Echo

 

WhatsApp Retransmission Vulnerability | tobi.rocks

Author seems kind of douchey. He is technically right, but he makes it seem significantly easier than it is and the recipient still gets notified which makes it virtually worthless as an exploit. Pretty sure WhatsApp has two-factor now as well, so, yea...WhatsApp is still way better than unencrypted SMS. It's actual biggest flaw is that it is closed-source. And again, as always, if you need the guarantee of security, speak face to face in a room with no tech.

 

Is telegram a secure messaging app to use?

 

Is your new phone Windows as well? If not use Signal. There still isn't any great Windows app that I am aware of. I'd pick Threema or Sicher before Telegram though.

 

What about IM+ I read an old thread saying that's okay. My friend told me telegram has a backdoor so I'm gonna uninstall it. I've heard of threema, will check it out.

And yea, it's just a newer one that I had laying around but at least it's battery is removable. Hopefully I can upgrade soon or I might just start using an old android one of my parents has if I really need it.

Appreciate the tips, if you do hear of anything good let me know.

 

Looks like adware to me haha. Idk I've never heard of it. I'd probably avoid it. When in doubt:

Comparison of instant messaging clients - Wikipedia

Green is good. Red is bad. Without getting into the cryptography you kind of just have to balance how much you want a feature and how much you like the daily use of the app. Something completely uncrackable until the end of time is still only going to be used by weirdos if it's front end is a bash shell.

 

I really need to take a class on this stuff sometime, I'll trust your opinion on what you suggested though. I really don't need much other than to send basic texts though, other features are just perks.

 

Don't spend money on it. Anyone looking to get into tech should use the internet. Comp sci teachers are some of the worst teachers I ever had. There's plenty of open courses or just...youtube. Depends on what you're interested in. Modern cryptography is hard to talk about because it's an intersection of mathematics, data processing algorithms, information theory, and to a somewhat lesser degree electronic engineering all within the contexts of security and anonymity. But again, it just depends where you feel compelled to learn. It just takes the will and the time.

 

Many ‘password challenged’ internet users don’t take steps that could protect their data

 

Looks like this might be hotting up in cyberspace, this was an interesting piece on the chances of being hacked. Anyone else feel we are living in interesting/worrying times?

 

meh, chances of being hacked aren't really going up, it's just that it's all more visible/in the public eye more.


good password + 2FA wherever you can is pretty much all you need

 

Most definitely. My yahoo account was a relic but I think the worst part about that situation was Yahoo not disclosing the hack for many years after. Who wouldn't feel violated? Privacy is a huge concern. If it's not our bank accounts it's our email? Worrying times indeed.

 

Updated the OP with this
Password and login security tips that anyone can use

 

Yeah privacy is on my mind as well, in part due to hacks and also due to recent world events.

I've been reading up on it, anyone tried anything like this Best VPNs For Privacy - Secure Thoughts?

 

http://www.wired.com/2017/02/beware-mobile-vpns-arent-safe-seem/

 

So it's safe to use what'sapp again and the backdoor thing was bs?

 

Change your passwords everywhere. Literally.

sites-using-cloudflare/README.md at master · pirate/sites-using-cloudflare · GitHub

Massive Bug May Have Leaked User Data From Millions of Sites. So … Change Your Passwords

 

It's weird how this is being reported. Like, that github just puts every site that uses any version or part of CloudFlare in a document (including this one), and we weren't affected at all (I confirmed this with CloudFlare themselves). So, that seems very misrepresentative of the actual scale. And, even if someone directly had access to the database here, they couldn't get anyone's password anyway. I have fun with password-based KDF.

More info for those curious:
Incident report on memory leak caused by Cloudflare parser bug

 

Yea the vuln is essentially a MitM attack. SSL/TLS payloads could be read by attackers, but if the security of the data wasn't dependent on SSL/TLS then security is preserved.

Also yes it was super weird. Like the first response by CF seemed like they were blaming Google. It looked like it was going to be a clusterfuck for a bit there. The SHA-1 collision story has much wider implications. I'm guessing there are a lot of business-critical IPSEC tunnels out there still using it.