https://techsolidarity.org/resources/basic_security.htm
In particular:
* Do NOT install antivirus on your computers. Antivirus software is absurdly dangerous. The closest you'll come to benign AV is Microsoft's, but that's an asymptotic kind of safety.
* Do NOT go out of your way to funnel your traffic through a commercial VPN provider. If you need a VPN for your NGO or journalism outlet, let me or someone else trustworthy know, and we'll set up Algo for you. No commercial VPN provider is safe for at-risk users.
* Do NOT EVER use Tor Browser. It's the least safe browser you can use: a lagged fork of Firefox for which whole classes of security bugs are potentially WONTFIX'd, and also the only browser that goes out of it's way to collect high-value targets.
* Do NOT install Adium or Pidgin to speak to people over OTR. It's difficult to find exploitable bugs in libotr, but it is not difficult to find them in libpurple. Use Signal, WhatsApp, or Wire.
* You would have to be out of your fucking mind to install mobile AV.
Is that a general recommendation against Tor? Or would you recommend another tool to someone who wants to use Tor? Tails?
One advantage of Tor Browser is the standardization. When using the Tor Browser, you look just like every other user of the Tor Browser.
Or under Whonix just use any normal browser like Firefox.
You really just want to use Chrome/Chromium.
Grandpa thinks Avast makes his computer secure and is using their custom browser for his banking. Is my great distrust in all antivirus systems as worse than the viruses they theoretically find still valid?
And if you're paranoid like me get a managed switch and setup Snort to monitor your network. That'll protect you more than an antivirus will.
1. https://arstechnica.com/information-technology/2017/05/windo...
12,000 domains of ads and tracking blocked at the OS level!
If it becomes a problem, GalliumOS is actually good enough in most cases to use as a daily driver on a Chromebook.
However, my first level advice would be not to do banking online, but that's another story.
Yeah just don't use one of the greatest conveniences of the Internet — that solves it.
Most of the recommendations are standard (password manager, two factor authentication, basic OPSEC, ad blocking plugins) but it also has a fairly detailed discussion about the TOR browser. The recommendation to use a VPN may be controversial, but it includes a discussion of the relevant threat model, which helps.
I think the standard advice from the security community is to not use any antivirus at all and maybe only Windows Defender if you're on windows.
The advice to use Tor browser is also terrible. The Tor browser is based on an older version of Firefox ( currently version 52 vs 57 for upstream Firefox ) and so might contain known bugs.
On a side note what does the security community think about Qubes OS [0]? The approach of security by isolation is interesting.
Mozilla uses tracking scripts in Firefox, which in some versions (such as Firefox Beta, Developer Edition, and Nightly) can not even be disabled (If you go to about:config, you’ll notice that toolkit.telemetry.enabled is "locked:true").
So Mozilla themselves suggests that if you do not trust Google Analytics to hold up their agreements with Mozilla, you should instead use another browser (e.g. Tor Browser).
Either way, thanks for the pointer. Didn't knew that setting was revamped.
If you're highly technical and no one else touches your machines, then you may be fine.
The claim that no one should use it is trendy right now. The idea that your in-laws Windows box should be left with nothing on it is misguided. But all you do need is to make sure Windows Defender is running and up to date.
No word about OMEMO[1] or Conversations[2]. I think running your own XMPP Server with end-to-end encryption should be pretty safe (if needs to be safer run it within a VPN). After that the unsafest part is probably to device you use your app with (closed source firmwares nobody has ever seen).
https://xmpp.org/extensions/xep-0384.html https://conversations.im
It even tells you to install a mobile antivirus!
The “lock up your SIM” part is simply ridiculous too, this has never ever stopped anyone.
This article is terrible because it has clearly been written by non-experts who should not be writing any security guides.
Are we really ok giving full read/write access to our webpages from companies we know nothing about?
I'm considering removal of all web extensions that have read/write access.
Thoughts?
This might allow them to change the plugin at the last minute if he made an update and pushed it out.
We talk about reducing the attack surface of every other program out there, but funnily enough, almost no one mentions reducing the attack surface of the single program that's more exposed than almost any other to exploits: the web browser.
On the contrary we pile it with addon after addon and even the browser makers have long succumbed to feature creep.
[0]: https://supporters.eff.org/shop/laptop-camera-cover-set
In age ranges from 40-72+.
The "vast majority" you speak of probably mostly use a web browser and a mail client, so their interactions with the actual OS are minimal.
Sometimes I get calls about digital cameras (or phones nowadays), so then I either go there and set it up, or have them open external access in some manner (usually Teamviewer, because it's easier for them). But this is rare, and of course I don't mind talking to them and helping them anyway.
And it would also happen when they used Windows.
HN: The only place where you need to explain the difference between iOS and OpenBSD.
Whether people "want to" or not is not relevant or meaningful. People have stuff to do. Wringing one's hands about "oh, but they don't want to understand" is the toxic kind of elitism.
It provides some advice and references a number of other government sources once you dig into it.
Edit: what’s with the downvotes? Burned much? Hey, try looking at your failed ssh login attempts before and after doing this. You’re welcome.
Do as much as you can with just a Chromebook
Use 2 factor authentication
Don't go anywhere near Windows
