tut

1. "If you think privacy is unimportant for you because you have nothing to hide, you might as well say free speech is unimportant for you because you have nothing useful to say."
2. ~Edward Snowden
3.  
4. I'm going to help you stay secure as possible and to make it much harder to trace you.
5.  
6. I'm going to make 6-levels depending on the level of security.
7.  
8. Note: When leveling up you will lose comfort like ecosystem, ease of use and speed.
9.  
10. LEVEL 1
11.  
12. The bare minimum.
13. •Better passwords
14. -This won't save you from spying government, ISP or websites, but it will save you against brute-force attacks.
15. Things to avoid:
16.  
17. -Don’t pick a dictionary word or a proper noun!
18. Passwords are often easy to crack because most people pick a password that is a variation on a word in the dictionary. There are simply not that many words in human languages: it is trivial for a computer to try them all! This includes words where you have replaced some letters with numbers. For example, “L0V3” is just as easy to crack as “LOVE”.
19. -Don’t use the same password for all your accounts. Also, it can be better to write down your passwords in a secure place rather than use the same one everywhere.
20. -Don’t forget to change your password. You should change your password at least once a year.
21. -Never tell anyone your password, especially if they ask for it.
22.  
23.  
24.  
25. -Basic
26. Use longer passwords and don't use same password on all servivces. Example password: PoodleLiftsReddishVolvo
27. Then just picture Poodle lifting red Volvo.
28. You will memorize it and it will be easier to use different passwords.
29.  
30. -Advanced
31. Use even longer and more advanced passwords. Passwords are so hard to remember that you need password manager. Or for optimal scenario, 2.
32. I suggest to use KeePass(Local) for main password and Encryptr (Cloud-based) for passwords that you use on different services.
33. Example password: 0#%SBiaZ##pU$Fb7UcNTEnX2@eDeK!8g#Hwo%Li
34.  
35. LEVEL 2
36. •VPN and safer browser
37. This will make you almost untraceable.
38.  
39. •VPNs
40. - always recommend using a good VPN, even for normal every day browsing.
41. -Random Note: I strongly recommend using wired connections for your internet connection at home as opposed to wireless. There have been many cases of government snooping by them breaking into networks and collecting wireless data. A classic example is the arrest of Iserdo, the creator of the Butterfly Botnet (Mariposa). Ultimately his arrest and conviction was solidified when Law Enforcement broke into his Wireless Network and monitored him, gathering all the evidence necessary.
42.  
43. I personally use Riseup and Private Internet Access.
44.  
45. But if they don't fit your needs large spreadsheet can be viewed:
46. https://docs.google.com/spreadsheets/d/1kKfpAbKMrILTqomZHsbX7cB5hrHZMmgT6yAeH4_j37I/pubhtml
47.  
48. And good guide on making VPNs more secure:
49. https://torrentfreak.com/how-to-make-vpns-even-more-secure-120419/
50.  
51. •Browser
52. -First things first, I will never recommend using Google Chrome and nothing any of you can say will change my mind on this.
53.  
54. So basically you have 2-options:
55. Firefox~fast, reliable, open source and respects your privacy.
56. Tor browser~ your choice if you need an extra layer of anonymity. It's a modified version of Firefox, it comes with pre-installed privacy add-ons, encryption and an advanced proxy.
57.  
58. There's many ways different agencies can trace you trough data your browser leaks. And if you use Chrome you are freely giving it away to Google.
59.  
60. •Browser Fingerprint
61. When you visit a web page, your browser voluntarily sends information about its configuration, such as available fonts, browser type, and add-ons. If this combination of information is unique, it may be possible to identify and track you without using cookies.
62. You can test how unique you browser is on:
63. https://panopticlick.eff.org/
64.  
65. •WebRTC
66. WebRTC is a new communication protocol that relies on JavaScript that can leak your actual IP address from behind your VPN
67. Test for WebRTC leak:
68. https://browserleaks.com/webrtc
69.  
70. •Hardening Firefox
71.  
72. https://addons.mozilla.org/firefox/addon/disconnect
73. Founded in 2011 by former Google engineers and a consumer-and privacy-rights attorney. The addon is open source and loads the pages you go to 27% faster and stops tracking by 2,000+ third-party sites. It also keeps your searches private.
74.  
75. https://addons.mozilla.org/firefox/addon/ublock-origin
76. An efficient wide-spectrum-blocker that's easy on memory, and yet can load and enforce thousands more filters than other popular blockers out there. It has no monetization strategy and is completely open source. We recommend FireFox but uBlock Origin also works in other browsers such as Safari, Opera, and Chromium. Unlike AdBlock Plus, uBlock does not allow so-called "acceptable ads".
77.  
78. https://addons.mozilla.org/firefox/addon/random-agent-spoofer
79. A privacy enhancing firefox addon which aims to hinder browser fingerprinting. It does this by changing the browser/device profile on a timer.
80.  
81. https://addons.mozilla.org/firefox/addon/self-destructing-cookies
82. Automatically removes cookies when they are no longer used by open browser tabs. With the cookies, lingering sessions, as well as information used to spy on you, will be expunged.
83.  
84. https://www.eff.org/https-everywhere
85. A Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure. A collaboration between The Tor Project and the Electronic Frontier Foundation.
86.  
87. https://addons.mozilla.org/firefox/addon/decentraleyes
88. Emulates Content Delivery Networks locally by intercepting requests, finding the required resource and injecting it into the environment. This all happens instantaneously, automatically, and no prior configuration is required.
89.  
90. https://addons.mozilla.org/firefox/addon/umatrix
91. Many websites integrate features which let other websites track you, such as Facebook Like Buttons or Google Analytics. uMatrix gives you control over the requests that websites make to other websites. This gives you greater and more fine grained control over the information that you leak online.
92.  
93. https://addons.mozilla.org/firefox/addon/noscript
94. Highly customizable plugin to selectively allow Javascript, Java, and Flash to run only on websites you trust. Not for casual users, it requires technical knowledge to configure.
95.  
96. https://pastebin.com/AUf4BB7n
97. about:config based tweaks.
98.  
99. https://github.com/pyllyukko/user.js
100. The ultimate hardening profile. No need to worry after applying with addons above.
101. (Note: You might want to disable "keyword.enabled" line.)
102.  
103. •Search engine
104. Battle for safe search engine is basically battle of two. duckduckgo.com and startpage.com.
105.  
106. I personally use startpage.com cause it has servers located at Europe, it buys results from Google and doesn't use referer.
107.  
108. To test your browser i suggest browserleaks.com and panopticlick.eff.org.
109.  
110. LEVEL 3
111. VPN paired with TOR is even more secure. And also keeping your messages secure is important.
112.  
113. •TOR
114. VPN keeps your data secure, but VPN paired with TOR makes your data almost 100% untraceable.
115.  
116. •Secure email.
117. pgp is necessary for safe emailing, but even it won't make you safe against spying provider.
118.  
119. •Email providers
120. riseup.net
121. Countermail.com
122. neomailbox.com
123.  
124. I personally use riseup.net cause they have personally encrypted storage for only your email on encrypted server. Also it can be used with client that supports pgp, they don't keep logs and can send emails over TOR.
125.  
126.  
127. •Email clients
128.  
129. https://www.mozilla.org/en-US/thunderbird/
130.  
131.  
132. •Email alternatives
133.  
134. http://retroshare.sourceforge.net/
135. Retroshare creates encrypted connections to your friends. Nobody can spy on you. Retroshare is completely decentralized. This means there are no central servers. It is entirely Open-Source and free. There are no costs, no ads and no Terms of Service.
136.  
137. •XMPP
138. Messaging trought xmpp is fast, reliable and easy. By default it only uses SSL encryption for data, but it can be configured to work with openPGP and OTR.
139.  
140. I use riseup.net as my xmpp provider cause it supports messaging trought TOR.
141.  
142. LEVEL 4
143.  
144. •Encrypted cloud storage.
145.  
146. Hosted
147. http://seafile.com/ -100 GB Storage for $10/month
148. Seafile is a file hosting software system. Files are stored on a central server and can by synchronized with personal computers and mobile devices via the Seafile client. Files can also be accessed via the server's web interface.
149.  
150. https://owncloud.org/providers -choose your host.
151. Similar functionally to the widely used Dropbox, with the difference being that ownCloud is free and open-source, and thereby allowing anyone to install and operate it without charge on a private server, with no limits on storage space or the number of connected clients.
152.  
153. Self-hosted
154. https://pyd.io/
155. Pydio is open source software that turns instantly any server (on premise, NAS, cloud IaaS or PaaS) into a file sharing platform for your company. It is an alternative to SaaS Boxes and Drives, with more control, safety and privacy, and favorable TCOs.
156.  
157. https://www.tahoe-lafs.org/
158. Tahoe-LAFS is a Free and Open decentralized cloud storage system. It distributes your data across multiple servers. Even if some of the servers fail or are taken over by an attacker, the entire file store continues to function correctly, preserving your privacy and security.
159.  
160. Related
161. https://cryptomator.org/
162. Free client-side AES encryption for your cloud files. Open source software: No backdoors, no registration.
163.  
164.  
165. LEVEL 5
166. •Encryption of data.
167. Key disclosure law - Who is required to hand over the encryption keys to authorities?
168. Mandatory key disclosure laws require individuals to turn over encryption keys to law enforcement conducting a criminal investigation. How these laws are implemented (who may be legally compelled to assist) vary from nation to nation, but a warrant is generally required. Defenses against key disclosure laws include steganography and encrypting data in a way that provides plausible deniability.
169.  
170. Steganography involves hiding sensitive information (which may be encrypted) inside of ordinary data (for example, encrypting an image file and then hiding it in an audio file). With plausible deniability, data is encrypted in a way that prevents an adversary from being able to prove that the information they are after exists (for example, one password may decrypt benign data and another password, used on the same file, could decrypt sensitive data).
171.  
172. https://veracrypt.codeplex.com/
173. I use VeraCrypt full disk encryption for all of my drives and partitions, not just my OS. VeraCrypt adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in attacks.
174. VeraCrypt also solves many vulnerabilities and security issues found in TrueCrypt, the old industry standard for full disk encryption.
175.  
176. •Domain name system (DNS)
177.  
178. https://cloudns.com.au/
179. An Australian based security focused DNS provider. Features: DNSCrypt Support to provide confidentially and message integrity, complete trust validation of DNSSEC enabled names, namecoin resolution of .bit domain names and no domain manipulation or logging.
180.  
181. https://dnscrypt.org/
182. DNSCrypt is a protocol for securing communications between a client and a DNS resolver. The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography and is very similar to DNSCurve, but focuses on securing communications between a client and its first-level resolver.
183.  
184. LEVEL 6
185. •Self contained networks
186.  
187. https://bitmessage.org/
188. Bitmessage is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. It uses strong authentication which means that the sender of a message cannot be spoofed, and it aims to hide "non-content" data.
189.  
190. https://gnunet.org/
191. GNUnet is a free software framework for decentralized, peer-to-peer networking and an official GNU package. The framework offers link encryption, peer discovery, resource allocation, communication over many transports (such as tcp, udp, http, https, wlan and bluetooth) and various basic peer-to-peer algorithms for routing, multicast and network size estimation