PsilocybeChild
Rising Star
I was working on a different version with an index but I kept running into issues I couldn't get the format right. maybe in the near future.
-
Members of the previous forum can retrieve their temporary password here, (login and check your PM).
Internet Security Walk-Through Tutorial
- Thread starter PsilocybeChild
- Start date
PsilocybeChild
Rising Star
Whatsapp now safe to use.
thehackernews.com
www.wired.com
WhatsApp turns on End-to-End Encryption by default for its 1 Billion Users
WhatsApp Just Switched on End-to-End Encryption by Default for its One billion Users
thehackernews.com
Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People
This morning, WhatsApp made the scope of the Apple-FBI encryption battle look kinda small.
ijahdan
Rising Star
Apologies if youve already covered this but I use an android phone as my only internet access and now that Ive joined the nexus, internet security is starting to concern me more. Looked into cyanogenmod but they dont seem to cover this model of phone yet. Also not sure how much more security this would offer. Should add that Im not very computer literate. Any tips?
PsilocybeChild
Rising Star
I'd look firstly at getting the encrypted communication apps. Install signal. Try it out as your default text app for a while. It encrypts texts, media, and phone calls if you communicate with anyone else that has it. It lets you know if they do and if your conversations are encrypted. Install Whatsapp, over a billion people use it and it is end-to-end encrypted. You can also make calls with it. It will show you who in your contacts is using it.
Wickr Me is also probably the messenger with the hardest security, which may be nice to have if you have friends with it, it will also show you who of your contacts has it.
Install firefox and visit a private search engine of your choice like startpage.com and click and hold in the search, then click the +magnifying glass icon to add the search engine. In settings set it as the default.
Private search engines like startpage, duckduckgo, and search.disconnect.me also have apps.
go to addons.mozilla.org and add these addons to firefox:
Clean Links
HTTPS-Everywhere
uBlock Origin
I recommend using a VPN. If you use one, set the setting in uBlock to "prevent WebRTC from leaking"
Install Adblock Plus as a firefox addon.
Or for android and then modify the networks you use and set the proxy as manual with hostname: localhost and port#: 2020
this will allow AdBlock to block garbage across android.
I suggest using a password manager like KeePassDroid and changing your passwords, and perhaps yearly, to large passwords which include letters, numbers, and symbols at at least 64+ characters. Brute forcing passwords that are just a word and a few numbers takes seconds with a powerful computer. If you do this be sure to keep a copy or 2 of your password databases on perhaps personal USB drives.
Make sure your email service provider supports end-to-end TLS encryption with other email providers who support it. Gmail does this. but if you want your email encrypted on the providers servers so that even they can't read it, switch to a provider like ProtonMail. They use open source, time tested, and trusted crypto. They recently opened their service up to the public, free of charge. They have an interesting history of being attacked. One of Europe's largest DDoS attacks in history from a nation state, which they fought off and came back stronger.
www.techrepublic.com
Hope this helps.
ProtonMail's Bunker Datacenter
Wickr Me is also probably the messenger with the hardest security, which may be nice to have if you have friends with it, it will also show you who of your contacts has it.
Install firefox and visit a private search engine of your choice like startpage.com and click and hold in the search, then click the +magnifying glass icon to add the search engine. In settings set it as the default.
Private search engines like startpage, duckduckgo, and search.disconnect.me also have apps.
go to addons.mozilla.org and add these addons to firefox:
Clean Links
HTTPS-Everywhere
uBlock Origin
I recommend using a VPN. If you use one, set the setting in uBlock to "prevent WebRTC from leaking"
Install Adblock Plus as a firefox addon.
Or for android and then modify the networks you use and set the proxy as manual with hostname: localhost and port#: 2020
this will allow AdBlock to block garbage across android.
I suggest using a password manager like KeePassDroid and changing your passwords, and perhaps yearly, to large passwords which include letters, numbers, and symbols at at least 64+ characters. Brute forcing passwords that are just a word and a few numbers takes seconds with a powerful computer. If you do this be sure to keep a copy or 2 of your password databases on perhaps personal USB drives.
Make sure your email service provider supports end-to-end TLS encryption with other email providers who support it. Gmail does this. but if you want your email encrypted on the providers servers so that even they can't read it, switch to a provider like ProtonMail. They use open source, time tested, and trusted crypto. They recently opened their service up to the public, free of charge. They have an interesting history of being attacked. One of Europe's largest DDoS attacks in history from a nation state, which they fought off and came back stronger.
Networking | TechRepublic
www.techrepublic.com
Hope this helps.
ProtonMail's Bunker Datacenter
Be careful with those FireFox plugins -- The architecture itself is flawed and a popular attack vector.PsilocybeChild said:
Also, as much as I love signal for day-to-day comms (as it bypasses SS7's SMS/MMS protocol) you cannot use the app without providing your actual phone number as well as your entire contacts list. Not exactly anonymous. Threema, otoh, does a pretty good job of both encrypting comms while providing anonymoty (though, you still need to purchase the app which gives Google Play your UUID).
Of course there's still good 'ol Pidgin with OTR...
Valmar
Esteemed member
The user is only at risk if they install a malicious extension. If one is careful and researches an extension before installing, then they're fine. This is one of the reasons that Mozilla went with a signed extension approach, which I was hesitant to accept at first, but now accept makes sense. My only wish is to be able to bypass these security measures through advanced user options. Arstechnica, Slashdot, etc, don't always look below the surface, sometimes they just report in a sloppy manner.a1pha said:
ijahdan
Rising Star
I mainly just want to use the nexus anonymously from my phone. Would a VPN be sufficient? Or would TOR for mobiles be better? From what I could gather, the two are not compatible. I dont use any social networks and dont discuss anything controversial via messaging or mail. Sorry if all this is really basic stuff that any internet user should know...
You can in fact route Tor traffic through a VPN. On a mobile though? Probably not without some clever hacking. With a mobile you also want to make sure things like GPS and cellular are turned off (only use wifi with mobile Tor/VPN and it's fairly easy to triangulate location of cell tower data). A simple VPN should be just fine.ijahdan said:
PsilocybeChild
Rising Star
Opera Becomes First Major Web Browser to Offer Free, Built-in VPN (Really a Proxy)
You have to use the developer version located here:
www.opera.com
You can also add these extensions:
Under Basic settings> Click "Block third-party cookies and site data".
Under Privacy & Security> click "Enable VPN".
Under Websites>Plug-ins> you can click "Click to play", if you want to control plug-ins like flash.
_____________________________________________________________________________________________________
Signal Desktop beta now publicly available.
_____________________________________________________________________________________________________
Updates addended to downloadable document. v2.1.8
http://www.metacompliance.com/blog/opera-becomes-first-major-web-browser-to-offer-free-built-in-vpn/
You have to use the developer version located here:
Opera Developer | Test the latest features | Opera Browser
Be first to try the latest experiments and features in Opera Browser. Download Opera Developer and see what’s in the works.
www.opera.com
You can also add these extensions:
Under Basic settings> Click "Block third-party cookies and site data".
Under Privacy & Security> click "Enable VPN".
Under Websites>Plug-ins> you can click "Click to play", if you want to control plug-ins like flash.
_____________________________________________________________________________________________________
Signal Desktop beta now publicly available.
_____________________________________________________________________________________________________
Updates addended to downloadable document. v2.1.8
PsilocybeChild
Rising Star
Google is quietly recording everything you say. Here’s how to hear it
Just talking is enough to activate the recordings – but thankfully there's an easy way of hearing and deleting them
www.independent.co.uk
You guys might want to follow the links in the article
(Welcome to My Activity)
(Welcome to My Activity)
and delete all of your google history, from your google account.
Some thoughts on the BTC tumbling paragraph, here is a lengthy article why "normal" tumbling services are still not perfectly anonymous and should be frowned upon - or at least used as another layer of security:
I'm currently testing shapeshifting BTC into Monero (XMR) with:
mymonero.com
and the TOR browser. Seems to work fine. Legit services.
I'm currently testing shapeshifting BTC into Monero (XMR) with:
MyMonero
MyMonero is the simplest way to use private digital cash, at the sweet spot between security, convenience, and features.
mymonero.com
and the TOR browser. Seems to work fine. Legit services.
PsilocybeChild
Rising Star
This is a dope little router that's only 40 bucks. It comes pre-installed with LibreCMC which is the only fully opensouce operating system and firmware for routers. You can also get a year subscription to their VPN for 100 bucks and they pre-configure the router so it's ready to just plugin and connect to. With that setup every device connected to your home network will route it's traffic through a vpn.
You can plug it into your router or replace your current router with it. either way, it secures you
This company has awesome hardware including fully open source linux laptops and pc minis with like gigs of ram, & etc.
You can plug it into your router or replace your current router with it. either way, it secures you
This company has awesome hardware including fully open source linux laptops and pc minis with like gigs of ram, & etc.
PsilocybeChild
Rising Star
Bump -- v2.2.6 Bitcoin ATMs, $40 open-source Think Penguin Routers with optional VPN service built-in, Clearing Google account history and ceasing logging. Updates since the las tversion are highlighted in yellow. Web View: https://docs.zoho.com/writer/published.do?rid=03mtud91e43ddd2fc48bdb76e20f6234765bb
PsilocybeChild
Rising Star
Monero is the new anonymous cryptocurrency that surpasses bitcoin.
MachienDome
Rising Star
Am I the only person that sees irony in downloading a PDF file about being secure?
How come you didn't directly post the info to this message board so it can be directly accessed within this thread? Isn't that the point of a message board?
I'm not trying to devalue the hard work you put into it, just wondering why you took extra steps.
How come you didn't directly post the info to this message board so it can be directly accessed within this thread? Isn't that the point of a message board?
I'm not trying to devalue the hard work you put into it, just wondering why you took extra steps.
PsilocybeChild
Rising Star
It's way too long to embed it in a post here.
In the first post there is a link to read it online.
Also. I need to update this but in the meantime.
Disable IPv6 on networks to prevent leakage.
See here: https://leaktest.online/ipv6/
The other leak tests: https://leaktest.online/
And since CyanogenMod has been discontinued.
I believe the most hardened free Android OS/rom is now Lineage OS.
In the first post there is a link to read it online.
Also. I need to update this but in the meantime.
Disable IPv6 on networks to prevent leakage.
See here: https://leaktest.online/ipv6/
The other leak tests: https://leaktest.online/
And since CyanogenMod has been discontinued.
I believe the most hardened free Android OS/rom is now Lineage OS.
***This more than likely isn't needed, but things like this are relatively simple to do and can't hurt.
Not sure if it's already been talked about in the pages here, but if you're on a linux distro and you use file sharing/receiving services (torrent or otherwise) it can be good practice to set up a decent av or ids and alter the config/txt file for the specific inbound tcp port/s being used by the application receiving the files.
Usually only a port or two that need changed in order for the av/ids to alert/drop whichever packet/s happen to hit one of the signatures/strings/hashes in the database list within the av/ids config file.
Only takes a few seconds in linux with nano to change these ports as long as you know the specific ports per the application you're using (usually you can just open up the man page for the linux app and they're listed, or you can find these ports per google. You could even run a filtered port scan on your IP and find them. Or just go to the config txt file itself to look.
Alot of these file sharing apps use ports in the 1000's-range. (e.g 9020, 1580, 6500, etc)
Also the database lists for many of the top ids's or av's are continually updated, and also with an ids like Snort you can also add your own strings/hashes/signatures in with the list - as there's many sourced lists from all over the internet that you're able to copy/paste over.
Never a bad thing if you're one to continually download things from these services.
Snort IDS, Clamav, there's several out there. Snort probably being the most granular as far as overall control and depth.
Not sure if it's already been talked about in the pages here, but if you're on a linux distro and you use file sharing/receiving services (torrent or otherwise) it can be good practice to set up a decent av or ids and alter the config/txt file for the specific inbound tcp port/s being used by the application receiving the files.
Usually only a port or two that need changed in order for the av/ids to alert/drop whichever packet/s happen to hit one of the signatures/strings/hashes in the database list within the av/ids config file.
Only takes a few seconds in linux with nano to change these ports as long as you know the specific ports per the application you're using (usually you can just open up the man page for the linux app and they're listed, or you can find these ports per google. You could even run a filtered port scan on your IP and find them. Or just go to the config txt file itself to look.
Alot of these file sharing apps use ports in the 1000's-range. (e.g 9020, 1580, 6500, etc)
Also the database lists for many of the top ids's or av's are continually updated, and also with an ids like Snort you can also add your own strings/hashes/signatures in with the list - as there's many sourced lists from all over the internet that you're able to copy/paste over.
Never a bad thing if you're one to continually download things from these services.
Snort IDS, Clamav, there's several out there. Snort probably being the most granular as far as overall control and depth.