SHOW:
|
|
- or go back to the newest paste.
1 | Cybersecurity essentials: | |
2 | ||
3 | * use audited cryptography. do not roll your own. do not trust others that do (e.g., telegram). | |
4 | ||
5 | * harden your OS. | |
6 | https://wiki.archlinux.org/index.php/Security | |
7 | https://wiki.centos.org/HowTos/OS_Protection | |
8 | https://wiki.debian.org/Hardening | |
9 | https://wiki.gentoo.org/wiki/Hardened_Gentoo | |
10 | https://docs.fedoraproject.org/en-US/Fedora/17/html/Security_Guide/chap-Security_Guide-Basic_Hardening.html | |
11 | https://help.ubuntu.com/community/Security | |
12 | ||
13 | * encrypt your hard drive (full disk encryption, or FDE for short). | |
14 | standard LVM encryption is the best option and should be available when installing your linux distro. | |
15 | ||
16 | for a disk that is not part of your operating system, a portable drive for example, dmcrypt/LUKS is the best option but veracrypt is | |
17 | available on all platforms. keep in mind your installer may or may not encrypt your GRUB and there are several ways of dealing with | |
18 | that issue which are discussed in the Paranoid #! security guide linked in the introductory resources below. keep in mind disk | |
19 | encryption means nothing to an experienced attacker with physical access if you have not completely shut down your computer and | |
20 | wiped the RAM. | |
21 | ||
22 | * encrypt your emails. | |
23 | PGP is pretty much all we have, but it is all we need. | |
24 | https://www.enigmail.net/ | |
25 | ||
26 | your metadata may still be collected. if you care about metadata, use a disposable email account or a trusted provider. suggestions | |
27 | include protonmail or cock.li. | |
28 | ||
29 | * encrypt your instant messages. | |
30 | for better or worse XMPP+OTR is still our best bet. | |
31 | https://otr.cypherpunks.ca/ | |
32 | ||
33 | i would not depend on anything else. even if the crypto in other apps is theoretically sound, the implementation fails or the | |
34 | distribution method is inherently flawed. cryptocat is an unpopular, but good option. telegram, tox, and wickr are fucked. do not | |
35 | even bother. you might as well use skype. | |
36 | ||
37 | * use a local password manager (no cloud bullshit). | |
38 | any. it is better than what you are doing now. | |
39 | ||
40 | * strong passwords. make sure they are long and unique. | |
41 | https://www.xkcd.com/936/ | |
42 | ||
43 | * do not reuse passwords. seriously. | |
44 | if you do, consider your password public knowledge. | |
45 | ||
46 | bypassing a login wall? sure. fuck it. who cares if someone else uses it. | |
47 | anything you care about? no. absolutely not. | |
48 | ||
49 | * better yet, use randomly generated passwords. the best password is one you cannot remember. | |
50 | https://www.grc.com/passwords.htm | |
51 | ||
52 | * your new search engine is duckduckgo or searx. | |
53 | https://duckduckgo.com/ | |
54 | https://searx.me/ | |
55 | ||
56 | * your new browser is firefox. | |
57 | be sure to go into options, then security, and uncheck block malicious content. | |
58 | https://www.mozilla.org/en-US/firefox/new/ | |
59 | ||
60 | * modify some settings | |
61 | enter about:config into your url bar and apply the following modifications. do not bitch about there being too many options. that is the | |
62 | fucking point. you cannot even configure many of these settings in other browsers without modifying its source or building addons. | |
63 | https://pastebin.com/raw/T8TeepZP | |
64 | ||
65 | the changes listed above are unambiguous and unopinionated. you can go a much further than this at the expense of comfort and | |
66 | convenience. consider modifying some of the settings listed on https://github.com/pyllyukko/user.js/blob/master/user.js depending on | |
67 | the sacrifices you are willing to make for privacy and security. | |
68 | ||
69 | * now install your addons. | |
70 | required: ublock origin, https everywhere, noscript, blender | |
71 | https://addons.mozilla.org/en-US/firefox/ | |
72 | ||
73 | * apply your filters. | |
74 | required: easylist, easyprivacy. | |
75 | https://easylist.to/ | |
76 | ||
77 | * and test your results. | |
78 | https://panopticlick.eff.org/ | |
79 | ||
80 | * do not use chrome. chrome is a closed source browser by a for profit corporation. firefox is an open source browser by a non-profit | |
81 | organization. use your head. | |
82 | ||
83 | * do not use chromium either. it may be open source, but it still phones home. | |
84 | ||
85 | * block malicious sites in your hosts file. | |
86 | https://github.com/StevenBlack/hosts | |
87 | ||
88 | * use an anonymous VPN. a paid one. without traffic logs. | |
89 | do torrent over VPN. | |
90 | ||
91 | * use TOR. | |
92 | do not torrent over TOR. | |
93 | https://www.torproject.org/ | |
94 | ||
95 | * understand the difference between anonymity, privacy, and security. | |
96 | ||
97 | * read the resources paste to get started. |