# CYBERSECURITY ESSENTIALS

* use audited cryptography. do not roll your own. do not trust others that do (e.g., telegram).

* harden your OS.
  https://wiki.archlinux.org/index.php/Security
  https://wiki.centos.org/HowTos/OS_Protection
  https://wiki.debian.org/Hardening
  https://wiki.gentoo.org/wiki/Hardened_Gentoo
  https://docs.fedoraproject.org/en-US/Fedora/17/html/Security_Guide/chap-Security_Guide-Basic_Hardening.html
  https://help.ubuntu.com/community/Security

* encrypt your hard drive (full disk encryption, or FDE for short).
  standard LVM encryption is the best option and should be available when installing your linux distro.

      for a disk that is not part of your operating system, a portable drive for example, dmcrypt/LUKS is the best option but veracrypt is 
      available on all platforms. keep in mind your installer may or may not encrypt your GRUB and there are several ways of dealing with 
      that issue which are discussed in the Paranoid #! security guide linked in the introductory resources below. keep in mind disk 
      encryption means nothing to an experienced attacker with physical access if you have not completely shut down your computer and 
      wiped the RAM.

* encrypt your emails.
  PGP is pretty much all we have, but it is all we need.
  https://www.enigmail.net/

      your metadata may still be collected. if you care about metadata, use a disposable email account or a trusted provider. suggestions 
      include protonmail or cock.li.

* encrypt your instant messages.
  for better or worse XMPP+OTR is still our best bet.
  https://otr.cypherpunks.ca/

      i would not depend on anything else. even if the crypto in other apps is theoretically sound, the implementation fails or the 
      distribution method is inherently flawed. cryptocat is an unpopular, but good option. telegram, tox, and wickr are fucked. do not 
      even bother. you might as well use skype.

* use a local password manager (no cloud bullshit).
  any. it is better than what you are doing now.

* strong passwords. make sure they are long and unique. 
  https://www.xkcd.com/936/

* do not reuse passwords. seriously.
  if you do, consider your password public knowledge.

      bypassing a login wall? sure. fuck it. who cares if someone else uses it.
      anything you care about? no. absolutely not.

* better yet, use randomly generated passwords. the best password is one you cannot remember.
  https://www.grc.com/passwords.htm

* your new search engine is duckduckgo or searx.
  https://duckduckgo.com/
  https://searx.me/

* your new browser is firefox.
  be sure to go into options, then security, and uncheck block malicious content.
  https://www.mozilla.org/en-US/firefox/new/

* modify some settings
  enter about:config into your url bar and apply the following modifications. do not bitch about there being too many options. that is the 
  fucking point. you cannot even configure many of these settings in other browsers without modifying its source or building addons.
  https://pastebin.com/raw/T8TeepZP

      the changes listed above are unambiguous and unopinionated. you can go a much further than this at the expense of comfort and 
      convenience. consider modifying some of the settings listed on https://github.com/pyllyukko/user.js/blob/master/user.js depending on 
      the sacrifices you are willing to make for privacy and security.

* now install your addons.
  required: ublock origin, https everywhere, noscript, blender
  https://addons.mozilla.org/en-US/firefox/

* apply your filters.
  required: easylist, easyprivacy.
  https://easylist.to/

* and test your results.
  https://panopticlick.eff.org/

* do not use chrome. chrome is a closed source browser by a for profit corporation. firefox is an open source browser by a non-profit
  organization. use your head.

* do not use chromium either. it may be open source, but it still phones home.

* block malicious sites in your hosts file.
  https://github.com/StevenBlack/hosts

* use an anonymous VPN. a paid one. without traffic logs.
  do torrent over VPN.

* use TOR.
  do not torrent over TOR.
  https://www.torproject.org/

* understand the difference between anonymity, privacy, and security.

* read the resources paste to get started.



latest version always available at [cyberpunked.org]
to request additions, removals, or modifications, email cyberpunked@caramail.com and put /g/ in the subject line