|
B-Nasty posted:Are you running Windows? The laptop most likely has a TPM, so just enable Bitlocker on your disk drive and you're done. Obviously, for backups, use whatever service/USB stick method you want. Bitlocker can also encrypt USB drives. I have a pretty low-end productivity laptop so no TPM, no bitlocker. Sounds like it might be worth getting an upgrade.
|
# ? Feb 11, 2019 16:14 |
|
|
# ? May 25, 2024 00:17 |
|
Guest2553 posted:I have a pretty low-end productivity laptop so no TPM, no bitlocker. Sounds like it might be worth getting an upgrade. You can enable Bitlocker on machines without a TPM by changing some Group Policy settings. It obviously won't be quite as secure, but for most cases, it probably doesn't matter that much. It will still be way better than no full disk encryption - FDE should be enabled for every device, and Bitlocker makes it about a simple as it gets.
|
# ? Feb 11, 2019 16:50 |
|
I meant I have neither TPM nor bitlocker. I'll just veracrypt it all and hope the PC doesn't die because then until I get home.
|
# ? Feb 11, 2019 18:46 |
|
Guest2553 posted:I meant I have neither TPM nor bitlocker. I'll just veracrypt it all and hope the PC doesn't die because then until I get home. If you worry about this the best thing to do is set up some cloud storage like Google Drive or whatever and have that sync to/from your laptop. If you're specifically worried about someone getting access during plane trips, you could even upload everything to your cloud storage then wipe your laptop before checking in. Just note that this isn't a replacement for hard disk encryption, because without encryption it's trivial for someone with an undelete tool to get deleted files back.
|
# ? Feb 11, 2019 19:32 |
|
I setup an account on AMD rewards for free games and after making it I noticed my password was in the URL for account creation and searchable in my browser history. Is this bad? This seems bad
|
# ? Feb 14, 2019 15:18 |
|
If you use that password for any other account, then why do you do that? Get a password manager and change all your passwords to something unique and secure. If not, then yes that is bad, but at least it won't affect you much.
|
# ? Feb 14, 2019 15:47 |
|
You should assume that website is similarly careless with the rest of your personal info (eg name, address)
|
# ? Feb 14, 2019 15:53 |
|
Sadly if someone wants to harvest your name and address they probably won't need to go to an AMD rewards site to get it But yes don't give them your payment information.
|
# ? Feb 14, 2019 16:00 |
|
Guest2553 posted:I'll have a few weeks worth of work travel coming up, hitting about a dozen cities across North America over a couple months. My lovely laptop is coming along for the ride and I'd like to keep my banking info/porn habits to myself. I also have a non-IT background but want to get better. Don’t forget a good VPN service like Nord so all the various trackers don’t catch wind of your Tijuana donkey show habit and then start spamming your ads with stuff like saddles. Also if you’re on public WiFi, a VPN will tunnel your traffic so your poo poo isn’t plainly visible to anyone else on the network sniffing out packets. And yes, encrypt your hdd as already advised. I wouldn’t worry about backing it up to an external device before every flight unless you plan on taking the laptop as checked baggage and there’s stuff on there not backed up to the cloud or home server in some fashion. Free google drive or Dropbox or whatever should be sufficient for your travels.
|
# ? Feb 15, 2019 08:10 |
|
OSU_Matthew posted:Don’t forget a good VPN service like Nord so all the various trackers don’t catch wind of your Tijuana donkey show habit and then start spamming your ads with stuff like saddles. Yeah because those VPN providers aren't selling that info themselves. C'mon.
|
# ? Feb 15, 2019 18:42 |
|
VPNs are trash; don't trust them.
|
# ? Feb 16, 2019 01:17 |
|
Lain Iwakura posted:VPNs are trash; don't trust them. Do you mean VPN services, or just VPNs in general? I've got an OpenVPN server running on my home network that I use when I'm connected to public networks, which also lets me access stuff that's located in my home network. Is there a better set of practices to follow for this kind of basic use case?
|
# ? Feb 16, 2019 03:41 |
|
Coxswain Balls posted:Do you mean VPN services, or just VPNs in general? I've got an OpenVPN server running on my home network that I use when I'm connected to public networks, which also lets me access stuff that's located in my home network. Is there a better set of practices to follow for this kind of basic use case? VPN services--sorry for being unclear. How you use a VPN you set up yourself is a whole different kettle of fish but is generally better overall.
|
# ? Feb 16, 2019 06:58 |
|
apseudonym posted:Yeah because those VPN providers aren't selling that info themselves. C'mon. What’s the better alternative? Some definitely do, you can read it in their fine print. I specifically mention Nord since they’re based in Panama and ostensibly have a strict no logging policy. Since they’re one of the larger players in the VPN service market, evidence to the contrary would presumably be extremely damaging to their brand and business. Self preservation is at least one thing I would imagine I could put some faith in. Do you have any evidence that Nord logs activity? I mean obviously trust no-one and all that, but I am interested to see if there’s something I’ve been missing with regards to their practices. I didn’t find any evidence of IP or DNS leaking when checking it myself, so there’s that as well. Yes, you could absolutely set up a home VPN to protect yourself on public WiFi, but that’s beyond the scope of the average user, hell probably a lot of advanced users.
|
# ? Feb 16, 2019 10:47 |
|
how many vpn services that advertise "no logs" do you think have been caught logging? the ones that don't are the major exceptions and panama isn't what you're looking for
|
# ? Feb 16, 2019 11:09 |
|
So the answer is what for people who don't have the tech chops to set up their own? Not everyone has the wherewithal to configure/set up algo or an OpenVPN/IPSec VPN. Is it just a *shrug* when people ask advice? I mean most people are looking to remove themselves from being low hanging fruit out in public, not to hide from the Man.
|
# ? Feb 16, 2019 11:29 |
|
I think it's nonsense to assume all VPN providers are unsafe. A lot of the bigger ones have gotten external audits and yes, it turns out they actually don't log poo poo. Also, even if they log stuff, does it matter whether it's your ISP logging things or some foreign company? I'd rather have it be the latter, because they at least can't be ordered around by *my* government. For me, the main reason for using a VPN is so that websites I visit don't know where I'm from, because they have no right to that information. On top of that, it allows me to visit websites that are otherwise unavailable because of location-based blocking. If you're looking for a VPN I suggest starting here: https://thebestvpn.com/ I'm using ExpressVPN now. They're a bit expensive compared to some others but what's nice is that they have a test kit to see if all your data goes through the VPN and actual humans you can talk to if you can't figure it out. There's a bunch of gotchas, such as that normally DNS traffic (the bit of the internet that when you type in 'somethingawful.com' figures out where the server for somethingawful.com is actually located) and ipv6 (new internet protocol standard) traffic go over a plain connection, skipping your VPN entirely. That means websites still can figure out where you're from. The better VPN providers such as ExpressVPN actively help you prevent that. Tbf I think Nord is a bit lacking in that regard.
|
# ? Feb 16, 2019 14:04 |
|
Carbon dioxide posted:I think it's nonsense to assume all VPN providers are unsafe. Please quit while you're ahead. VPN services are trash. You're adding nothing of help to this thread.
|
# ? Feb 16, 2019 16:05 |
|
Carbon dioxide posted:If you're looking for a VPN I suggest starting here: https://thebestvpn.com/ I actually found this rather useful and informative, thanks! The nitty grity technical setup for your choice of VPN actually matters in a lot of cases, especially if you're visiting places that are actually hostile to tracking, monitoring and shutting down VPNs. I found this a while ago, and its a neat read for anyone considering the finer details of setting up their own proxy. http://blog.zorinaq.com/my-experience-with-the-great-firewall-of-china/
|
# ? Feb 16, 2019 22:22 |
|
Lain Iwakura posted:VPN services--sorry for being unclear. How you use a VPN you set up yourself is a whole different kettle of fish but is generally better overall. Thanks for the clarification. I'm just running it on my RT-N66U with Merlin's firmware, which has been working well for years since my upload is only 15Mbps. Learning how to use OpenSSL and how public key stuff works was pretty fun while setting it all up, too.
|
# ? Feb 16, 2019 22:44 |
|
Lain Iwakura posted:Please quit while you're ahead. VPN services are trash. You're adding nothing of help to this thread. The point isn’t to hide from state level actors but just a reasonable modicum of blocking trackers, especially ones that associate and log activity correlated with your usual IP addresses. Yes you still need to configure your browser to block third party cookies and trackers and install unlock origin and everything, and DNS over HTTPS is also a great thing, but we’re not Jamal Khashoggi trying to hide from our government dismembering us , just trying to block some overabundant third party tracking and tunnel traffic over public WiFi to avoid the shitshow of people being easily able to sniff out what’s going over the wire (including credentials and unencrypted Yes, some VPNs are absolutely a shot show, and you should review any service before using it. For fun, here’s a view of what information is publicly visible when you browse the web: https://ipleak.net/ A good VPN and browser configuration clears off a lot of that information. It’s low level fruit that’s easy and effective, what’s not to like when done well? If you’re worried about say the Mexican government phishing you and installing the Pegasus Trojan on your phone so a hit can be carried out because of your critical coverage (RIP Javier Valdez and his colleagues), then taking advice on a dead gay comedy forum isn’t a great idea. For the rest of us, I’d argue that it’s pretty ok, and that just saying something is trash without providing any context, argument, or examples isn’t especially helpful. I’m always looking to learn more, so please, show me what I am missing instead of just saying I’m wrong because if one service sucks, then everything must suck. And yes, this discussion isn’t counting stuff like pixel based tracking and whatnot, or the fact that anyone could buy my SSN and credit report for the price of a cup of coffee (though credit reports are usually a bit more expensive, usually around 20$ if memory serves me correctly), or that you should be using say DuckDuckGo for your searching if you care about subverting some of google’s tracking. Electronic Foundation Frontier is a good resource to peruse as well, if anyone has the time or interest in going down the internet privacy rabbit hole: https://ssd.eff.org/en
|
# ? Feb 16, 2019 22:55 |
|
Also a fun privacy and quality of life thing, especially if you have a home VPN setup, Pi-Hole is an easy to set up and !FREE! DNS Sinkhole for advertising, trackers, and even blocks some command and control server communications! Plus you can set up your home router or DHCP server to use Pi Hole as the DNS server, and then set up something like Quad9 as your DNS provider, and everything you connect to the network will be automagically protected! Quad9 does some cool real time protection against websites known to host malware, and prevents all your website requests from going through your ISP or Google and being logged for advertising and god knows what else. All you need to set it up is a spare raspberry pi (or docker container on your home server) and about half an hour of your time
|
# ? Feb 16, 2019 23:07 |
|
Coxswain Balls posted:Thanks for the clarification. I'm just running it on my RT-N66U with Merlin's firmware, which has been working well for years since my upload is only 15Mbps. Learning how to use OpenSSL and how public key stuff works was pretty fun while setting it all up, too. Just a heads-up but that router stopped getting support/updates from Merlin just under a year ago so you might want to consider replacing it. Even stock hasn't received an update since July of last year. Some dude named John has been supporting 374.x with some updates if you want to trust that: https://www.snbforums.com/threads/fork-asuswrt-merlin-374-43-lts-releases-v37ea.18914/ but IMO replacement would be better.
|
# ? Feb 17, 2019 00:11 |
|
astral posted:Just a heads-up but that router stopped getting support/updates from Merlin just under a year ago so you might want to consider replacing it. Even stock hasn't received an update since July of last year. Some dude named John has been supporting 374.x with some updates if you want to trust that: https://www.snbforums.com/threads/fork-asuswrt-merlin-374-43-lts-releases-v37ea.18914/ but IMO replacement would be better. I'm aware of that, but I'm not in a position to be spending money on an upgrade unfortunately. I've been keeping an eye on that fork and will have to rely on that for my updates for any serious bugs that come up.
|
# ? Feb 17, 2019 00:15 |
|
OSU_Matthew posted:The point isn’t to hide from state level actors but just a reasonable modicum of blocking trackers, especially ones that associate and log activity correlated with your usual IP addresses. Yes you still need to configure your browser to block third party cookies and trackers and install unlock origin and everything, and DNS over HTTPS is also a great thing, but we’re not Jamal Khashoggi trying to hide from our government dismembering us , just trying to block some overabundant third party tracking and tunnel traffic over public WiFi to avoid the shitshow of people being easily able to sniff out what’s going over the wire (including credentials and unencrypted please do not mistake you're understanding of tracking and security for advice to be given out to the general user. especially if you are not taking any notice of their concerns and asking the prudent questions to figure out what they're protecting and how much they're willing to invest time and resource-wise.
|
# ? Feb 17, 2019 00:53 |
|
Wiggly Wayne DDS posted:hate to be the bearer of bad news but trackers trying to tie activity to ips is a few decades old by now. that and if you've glanced at the history of the forums you may have noticed that there's an intersection of users who actually have pegasus-level concerns and including misinformation to placate the general end-user is not something that can be given in good conscience. The original question was someone just traveling around the country, presumably using public WiFi, hence the recommendation of using a VPN to tunnel their traffic as an added layer of protection from the kind of crap that goes on public networks. Network level protection is every bit as important as encrypting your device, and wasn’t addressed in the discussion. Yes, IP based tracking is far from the only method used, hence why I mentioned pixel tracking for instance, as well as the limitations of trying to use a VPN service to bypass nation state monitoring (with recent examples). Tracking is all about correlating data, and if you mask your IP, that’s certainly one less piece of information to correlate. What’s your solution for preventing IP based tracking? Or do you just ignore that and try to guard against the esoteric stuff? For the love of god, anyone worried about Nation State malfeasance should be getting their recommendations from an organization like the EFF, (which if you had bothered reading what I said, was linked in my previous post). The general state of cyber security is a complete shitshow, and simple things the average end user can do that are generally effective is a good thing, and should absolutely be advocated. If someone has niche concerns, there’s ample opportunity to ask and solicit advice those specific issues. All things considered, I’m still not seeing any other useful advice or criticisms beyond “things is bad.” Please, enlighten us.
|
# ? Feb 17, 2019 04:31 |
|
I guess my last post came off as pretty hostile, so I apologize. I would be interested in having a sincere discussion about what constitutes a good set of easy to implement recommendations that would help the average user bypass ubiquitous online tracking and advertising? I just read through this article: https://hackernoon.com/tracking-the-trackers-draw-connections-between-scripts-and-domains-on-website-360bc6a306df Which is an interesting attempt to quantify just how many scripts out there are tracking you every time you engage with a website. At my last job I configured the web gateway to blacklist all web traffic (even set up SSL decryption) for particular VLANs, whitelisting only approved sites. This ultimately felt like an exercise in futility, because in order to whitelist say a particular podcast for users, I had to dig through the logs and whitelist a bunch of heatmap and third party tracking sites before the website would serve the desired content. So, simply blocking everything is not an effective adblock or tracking block. So, I guess the idea is to make browsing as ephemeral as possible? One paid solution I'm aware of (that I use at my current job to run siloed investigations into phishing and malware) is Authentic8. Essentially, the company acts as a remote browsing service, where the client connects you to a VM-based browser on their servers, which gets wiped and rebuilt at the start of every browsing session. Personal license is a hundred bucks a year, which isn't the worst proposition for a seemingly good solution. For individual browsers, it can be a real rabbit hole, but here's a good link for setting up and configuring your browser for privacy: https://www.privacytools.io/ Other fun stuff includes Pi-Hole, which I mentioned a few posts earlier: https://pi-hole.net/ Pi-Hole is a nice, easy to set up, set it and forget it whole home adblock. Also, some interesting court cases about VPN service providers refusing to provide logs: 2016 United States vs McWaters 2017 United States vs Colby Not saying that's applicable to every provider or even all situations, but it does at least demonstrate some commitment to no-logging. I'm interested in privacy and security, and I'd love to hear any suggestions or advice on better stuff. This is only input from my experience and knowledge, which is far from all-encompassing, and I rely on other people who know more than I do to build that knowledge, which is why I'm sincerely interested in any input. If I'm wrong about something, I'm more than happy to admit it and learn a lesson going forward.
|
# ? Feb 18, 2019 11:15 |
|
Wiggly Wayne DDS posted:hate to be the bearer of bad news but trackers trying to tie activity to ips is a few decades old by now. that and if you've glanced at the history of the forums you may have noticed that there's an intersection of users who actually have pegasus-level concerns and including misinformation to placate the general end-user is not something that can be given in good conscience. I'm curious if there could be something added to the OP with different levels of privacy or security desired with minimum/maximum practices to achieve it? Like say if you want to protect grandma/grandpa from advert-men with a low tech level vs say a tech savvy reporter operating in a bad place that may die if they are discovered covering something people don't want them to know? It might be a cool read to pool the collective knowledge here and any sources/links as well as allow for more informed questions in an updated OP.
|
# ? Feb 18, 2019 14:33 |
I just got a warning from malwarebytes saying it blocked an outbound connection from firefox to "i . loli . net", which it categorized as ransomware (so now im paranoid now about sudden data death lol...just read up on the loli/lolita ransomware poo poo). I had a bunch of tabs open at the time, but no porn or sketchy pirated video streams or anything like that. I guess a site may have been running some bad ads or something? But it also said the connection was outgoing, not incoming? I'm dumb about security, what does this mean? Is my browser infected, and If the connection to that site had gotten through would all my poo poo be encrypted now? Are the lizardmen spying on me? Is there no danger at all because the thing was blocked and i'm reading this "outbound connection" poo poo wrong? Aside from malwarebytes, i'm running windows defender and ublock origin. Scans said everything was fine. Also, i just saw some posts saying malwarebytes is extremely bad? I thought it was one of the approved things to use, or was a few years ago at least?
|
|
# ? Mar 5, 2019 08:55 |
|
Rah! posted:malwarebytes Lol. Just use the Windows 10 virus/malware scanner, firewall, and keep Firefox up-to-date and without sketchy plugins. If you're really paranoid, Win10 has a 'Ransomware protection' option, which is basically a whitelist for applications allowed to touch user-land files (Documents, Pictures, etc.) You can always turn that on, but expect annoying behavior as it blocks many applications from writing to those locations until you allow them through.
|
# ? Mar 5, 2019 14:23 |
Rah! posted:I just got a warning from malwarebytes saying it blocked an outbound connection from firefox to "i . loli . net", which it categorized as ransomware (so now im paranoid now about sudden data death lol...just read up on the loli/lolita ransomware poo poo). I had a bunch of tabs open at the time, but no porn or sketchy pirated video streams or anything like that. I guess a site may have been running some bad ads or something? But it also said the connection was outgoing, not incoming? It's a sketchy image-host. Somebody in the funny pictures thread or somewhere was using it a while back and got mocked for it.
|
|
# ? Mar 5, 2019 14:38 |
|
A reminder that as bad as imgur can be, it became the default image host because everything else is somehow worse.
|
# ? Mar 5, 2019 14:59 |
|
Nettle Soup posted:It's a sketchy image-host. Somebody in the funny pictures thread or somewhere was using it a while back and got mocked for it. So, in layman's terms, you were probably just requesting the image from the site.
|
# ? Mar 5, 2019 15:21 |
|
Rah! posted:I just got a warning from malwarebytes saying it blocked an outbound connection from firefox to "i . loli . net", which it categorized as ransomware (so now im paranoid now about sudden data death lol...just read up on the loli/lolita ransomware poo poo). I had a bunch of tabs open at the time, but no porn or sketchy pirated video streams or anything like that. I guess a site may have been running some bad ads or something? But it also said the connection was outgoing, not incoming? Uninstall it and use what Windows 10 gave you. Don't waste your time with other AV solutions.
|
# ? Mar 5, 2019 15:45 |
|
I'm a bit surprised at how little pihole has been mentioned in this thread. I mean, I get that having firewall type security from the outside is important, as well as browsers blocking things. But it seems that these days most vulnerabilities stem from user-originated requests. I've been using it on my private net for about a year now, and it's been amazing. Since I use my own dnsmasq service, backed with pihole, the clients (wired, wireless, android, windows, mac, whatever) don't have to block anything. They just can't resolve malicious IPs. If that's not an elegant solution, I don't know what is. Granted, it's not perfect since it's kept up to date with a blackhole list. But I do love seeing those no-DNS X's on youtube ads.
|
# ? Mar 6, 2019 05:45 |
|
Why do you see ads at all?
|
# ? Mar 6, 2019 19:54 |
|
I suppose ads failing to load is a more elegant way of blocking them than removing the web elements, and it can't be detected like an adblocker can.
|
# ? Mar 6, 2019 20:54 |
|
error events fire for images that fail to load, so you could probably detect that case with decent accuracy
|
# ? Mar 6, 2019 20:56 |
|
But what separates it from a partial server outage or a bad connection?
|
# ? Mar 6, 2019 21:08 |
|
|
# ? May 25, 2024 00:17 |
|
Cup Runneth Over posted:But what separates it from a partial server outage or a bad connection? Partial server outage is something you attack statistically, by watching loads from different servers. Most pages will have many to choose from. Bad connection typically won’t just error your ad stuff, but rather different pieces each time — if it’s good enough to load the page. There are perf metrics you can use to see how different resources loaded. But honestly whether you have a pihole or a bad connection, if you don’t see my ads, that’s what I care about.
|
# ? Mar 6, 2019 21:16 |