SHOW:
|
|
- or go back to the newest paste.
| 1 | Cybersecurity essentials: | |
| 2 | ||
| 3 | * use audited cryptography. do not roll your own. do not trust others that do (e.g., telegram). | |
| 4 | ||
| 5 | * harden your OS. | |
| 6 | https://wiki.archlinux.org/index.php/Security | |
| 7 | https://wiki.centos.org/HowTos/OS_Protection | |
| 8 | https://wiki.debian.org/Hardening | |
| 9 | https://wiki.gentoo.org/wiki/Hardened_Gentoo | |
| 10 | https://docs.fedoraproject.org/en-US/Fedora/17/html/Security_Guide/chap-Security_Guide-Basic_Hardening.html | |
| 11 | https://help.ubuntu.com/community/Security | |
| 12 | ||
| 13 | * encrypt your hard drive (full disk encryption, or FDE for short). | |
| 14 | standard LVM encryption is the best option and should be available when installing your linux distro. | |
| 15 | ||
| 16 | for a disk that is not part of your operating system, a portable drive for example, dmcrypt/LUKS is the best option but veracrypt is | |
| 17 | available on all platforms. keep in mind your installer may or may not encrypt your GRUB and there are several ways of dealing with | |
| 18 | that issue which are discussed in the Paranoid #! security guide linked in the introductory resources below. keep in mind disk | |
| 19 | encryption means nothing to an experienced attacker with physical access if you have not completely shut down your computer and | |
| 20 | wiped the RAM. | |
| 21 | ||
| 22 | * encrypt your emails. | |
| 23 | PGP is pretty much all we have, but it is all we need. | |
| 24 | https://www.enigmail.net/ | |
| 25 | ||
| 26 | your metadata may still be collected. if you care about metadata, use a disposable email account or a trusted provider. suggestions | |
| 27 | include protonmail or cock.li. | |
| 28 | ||
| 29 | * encrypt your instant messages. | |
| 30 | for better or worse XMPP+OTR is still our best bet. | |
| 31 | https://otr.cypherpunks.ca/ | |
| 32 | ||
| 33 | i would not depend on anything else. even if the crypto in other apps is theoretically sound, the implementation fails or the | |
| 34 | distribution method is inherently flawed. cryptocat is an unpopular, but good option. telegram, tox, and wickr are fucked. do not | |
| 35 | even bother. you might as well use skype. | |
| 36 | ||
| 37 | * use a local password manager (no cloud bullshit). | |
| 38 | any. it is better than what you are doing now. | |
| 39 | ||
| 40 | * strong passwords. make sure they are long and unique. | |
| 41 | https://www.xkcd.com/936/ | |
| 42 | ||
| 43 | * do not reuse passwords. seriously. | |
| 44 | if you do, consider your password public knowledge. | |
| 45 | ||
| 46 | bypassing a login wall? sure. fuck it. who cares if someone else uses it. | |
| 47 | anything you care about? no. absolutely not. | |
| 48 | ||
| 49 | * better yet, use randomly generated passwords. the best password is one you cannot remember. | |
| 50 | https://www.grc.com/passwords.htm | |
| 51 | ||
| 52 | * your new search engine is duckduckgo or searx. | |
| 53 | https://duckduckgo.com/ | |
| 54 | https://searx.me/ | |
| 55 | ||
| 56 | * your new browser is firefox. | |
| 57 | be sure to go into options, then security, and uncheck block malicious content. | |
| 58 | https://www.mozilla.org/en-US/firefox/new/ | |
| 59 | ||
| 60 | * modify some settings | |
| 61 | enter about:config into your url bar and apply the following modifications. do not bitch about there being too many options. that is the | |
| 62 | fucking point. you cannot even configure many of these settings in other browsers without modifying its source or building addons. | |
| 63 | https://pastebin.com/raw/T8TeepZP | |
| 64 | ||
| 65 | the changes listed above are unambiguous and unopinionated. you can go a much further than this at the expense of comfort and | |
| 66 | convenience. consider modifying some of the settings listed on https://github.com/pyllyukko/user.js/blob/master/user.js depending on | |
| 67 | the sacrifices you are willing to make for privacy and security. | |
| 68 | ||
| 69 | * now install your addons. | |
| 70 | required: ublock origin, https everywhere, noscript, blender | |
| 71 | https://addons.mozilla.org/en-US/firefox/ | |
| 72 | ||
| 73 | * apply your filters. | |
| 74 | required: easylist, easyprivacy. | |
| 75 | https://easylist.to/ | |
| 76 | ||
| 77 | * and test your results. | |
| 78 | https://panopticlick.eff.org/ | |
| 79 | ||
| 80 | * do not use chrome. chrome is a closed source browser by a for profit corporation. firefox is an open source browser by a non-profit | |
| 81 | organization. use your head. | |
| 82 | ||
| 83 | * do not use chromium either. it may be open source, but it still phones home. | |
| 84 | ||
| 85 | * block malicious sites in your hosts file. | |
| 86 | https://github.com/StevenBlack/hosts | |
| 87 | ||
| 88 | * use an anonymous VPN. a paid one. without traffic logs. | |
| 89 | do torrent over VPN. | |
| 90 | ||
| 91 | * use TOR. | |
| 92 | do not torrent over TOR. | |
| 93 | https://www.torproject.org/ | |
| 94 | ||
| 95 | * understand the difference between anonymity, privacy, and security. | |
| 96 | ||
| 97 | * read the resources paste to get started. |
