/tech/ - Technology

Leftist Tech

Mode: Reply

Max file size: limitless

Max files: 3

Remember to follow the rules

Max message length: 4096


Open file (573.58 KB 1140x500 cyber_security.jpeg)
Privacy general Comrade 05/08/2016 (Sun) 16:12:51 [Preview] No. 54
Comrades, we need a thread on privacy. Any decent activist should try ways of staying anonymous on the web and prevent being tracked by governments and corporations.

General tips
===

* Use free software as much as you can.

* Use GNU/Linux and keep it up-to-date, to be sure that you don't have unpatched security exploits

* Don't use Flash Player, use youtube-dl instead for watching streaming videos online

* Do not use Google, use DuckDuckGo or StartPage instead

* Use a password manager like Keepass or for GNU/Linux users keepassx. Create new passwords for every site that you visit and use a strong password as a master password. A tip for easy remembering of your master password is to use a sentence. "i fucking love cookies and tits!" with extra capital characters etc. is easier to remember than some random characters and long enough to prevent brute force attacks of any kind.

* Use the Tor Browser Bundle if you really want to stay anonymous.

Firefox
====

* Go to Preferences -> History and set History to "Never remember history".

* See for additional tweaks: https://github.com/amq/firefox-debloat and https://vikingvpn.com/cybersecurity-wiki/browser-security/guide-hardening-mozilla-firefox-for-privacy-and-security

Add-ons
-----------

* Use uBlock Origin for preventing tracking etc. Bonus: use hard-mode to manually whitelist external domains on sites. Don't use uBlock but be sure to use uBlock Origin https://github.com/gorhill/uBlock/wiki/Blocking-mode:-hard-mode

* HTTPS Everywhere

* DecentralEyes: prevents CDN hosting from tracking you (Google for Jquery etc.)

* Self Destructing Cookies: only allow cookies that you choose to allow

OS
==

* Encrypt your hard drive or home partition at least

* If you use GNU/Linux, you can try to restrict systemd or syslog from logging.

* Use a distribution which takes security seriously. Also, be sure that you don't install a lot of things outside the repository. It will cover most of your needs.

Real life tips
===

* Pay with cash if you can



Feel free to provide tips to each other comrades!
Isn't the easiest make to ensure privacy to just not transmit sensitive info over the internet? Not saying this in a "NOTHING TO HIDE NOTHING TO FEAR" way, but just as a matter of simplicity, opsec and practicality. Didn't the FSB recently switch back to using good old typewriters for sensitive documents because of this?
>>55
That's a very good tip indeed. Don't expose too many personal details online.
>>55
> the easiest make
*easiest way
>Encrypt your hard drive or home partition at least
tfw to lazy to get luks working.
>Do not use Google, use DuckDuckGo or StartPage instead
Also, duckduckgo has shit results. I use it, when I don't want google to notice what I'm searching for, but for normie stuff I'm back to google. But I had my privacy fundemantally broken when I decided to stay at googlemail (whats a good alternative btw?)
>Use a password manager
Doing that and still have just a bunch of passwords. Should definitely change that behaviour.
>Firefox
Don't use it anymore, but I need a list of tracking services, so I can (ad)block them


My tip:
Don't use WhatsApp but XMPP with OTR to comunicate. When fecesbook gives you end-to-end encryption, this can only mean they don't need the contents of your messages anymore. Metadata are already usefull enough to decide which people are gonna be killed by drones, don't give the corporations more than that you can't avoid.
>>58
>tfw to lazy to get luks working.

Same. It's so much of a hassle. I wish that there was a single button solution that would encrypt my hard drive while letting all the data remain on it.

>Also, duckduckgo has shit results. I use it, when I don't want google to notice what I'm searching for

I'd recommend Startpage then. It's just a Google proxy and has almost the same results.

>But I had my privacy fundemantally broken when I decided to stay at googlemail (whats a good alternative btw?

Same here comr8. Protonmail appears to be good. If you live in Europa, you can also try Posteo. They seem very strong on privacy and you can even pay them with send cash. https://posteo.de/en

There's also this other email startup, I don't know if they are any good tbh fam. But it's free at least (as in, it costs no money).

https://tutanota.com/

Excellent tip you have on WhatsApp by the way. People forget about the importance of metadata leakage.
>>59
>https://tutanota.com/
Looks interesting, but
>made by Bernd
kc-tier tbh
>>60
You can also look at the email providers listed at:

https://www.privacytools.io/#email
For securer e-mailing:

https://emailselfdefense.fsf.org/en/

Note that metadata isn't encrypted with GPG, but your content is however.
DO NOT use FuckFuckNo. It was made and is owned by a person who ran a site called The Names Database (or something similar) which was literally a datamine which he sold for millions.
Instead use https://searx.me

For email, Tutanota is great, especially if you use it in combination with GPG. Cock.li is also excellent if you use GPG.
>>>63
Oops, http not https. if paranoid about non-SSL, run your own instance. The code is hosted on github and there are several other community run instances
>>54
HTTPS on searx.me works fine here.
>DO NOT use FuckFuckNo. It was made and is owned by a person who ran a site called The Names Database (or something similar) which was literally a datamine which he sold for millions.

One thing though, they have a Tor hidden service. I don't think that it could hurt to use that.
Another tip for my comr8s:

You can use FireJail to sandbox applications like your browser.
A stupid question:

I want full disk encryption without having to wipe my data. Is this possible? I've looked at: http://www.johannes-bauer.com/linux/luksipc/

But I'm too pussy to try. Anyone got advice?
>>91
Looks very interesting. When having the time, I will give it a try.
How about backing up your most important data and then go for it?
>>92
Thanks! It would be so nice if someone could try it. I hear lots of good stories about it on the interwebz, but I'm scared that I might forget a step and lose everything.

Of course, I can backup important stuff but then I could backup and reinstall Debian but encrypted with the same amount of effort. ;_;

To be honest, I really wish there was an easy-step-by-step guide for encrypting partitions.
https://mat.boum.org/

This is nice for anonymizing your metadata. Suppose you write a radical text, the file itself contains some bits of identifying information sometimes.

This program clears it of any metadata.
Open file (193.64 KB 900x600 1407264952099.jpg)
How safe will it be to have a server in my house for my personal email and webpage?
>>98
Depends on how good your admin-skills are. But I think, if you keep it up to date and invest some frequent work in staying informed on current security issues as well as cryptographic knowledge, much safer than having it at gmail or microsoft.
>>99
I have never administrated anything before.
Cryptography is a topic I love but getting up to date with cyber security is a mystery to me.
>>101
There is no absolute security, and when someone really wants to get into your server, he will find a way; especially when you're not a pro at defending it.
However, I don't think somebody will make the effort to crack reasonably encrypted content.
>>98
>How safe will it be to have a server in my house for my personal email and webpage?
>>98
>How safe will it be to have a server in my house for my personal email and webpage?
Install gentoo and run all webserver related services on their own user account so if they get hacked the attacker doesn't have root or other access to anything that would let him easily privilege escalate (e.g. graphics card access).

Currently i'm trying to find a secure non-root alternative to courier-imap :/

>>102
>However, I don't think somebody will make the effort to crack reasonably encrypted content.
encryption has nothing to do with this.
if you are worried about the content of your emails then you need to pgp encrypt them, but that is unrelated to running your own mail server and unrelated to the mail server's security.
reminder that all emails that aren't pgp encrypted and travel over the internet are read at least the very least by the NSA's AI.
I'm going to buy a new laptop soon. What model should I get if I want privacy? I'm going to install Qubes OS.

What do you guys think of Comodo IceDragon? It's a free Firefox-based browser (so it can have the same add-ons), but it comes with some built-in security features IIRC.

Also, what's a distribution?
>>159
Hardware shouldn't matter for privacy purposes, but the company 'System76' has good linux compatible hardware
>>160
Except for hardware-level botnet features like uefi and intel mme.
>>159
A distro is a compilation of software, which comes mostly as a ready-to-use operating system. The Qubes OS you have chosen is such a distro.

Delete
Report/Ban

Captcha (required for reports and bans by board staff)


no cookies?