|
First off, a really generic question: I have pretty much carelessly neglected online privacy and security in the past years, but I'm trying to improve my setup and change some habits. The OP and the thread are super helpful, but I'd like to learn a bit more. Can anyone recommend a resource that has maybe an up to date 101 of the what, why, and how of privacy and security? Something that gives a reasonable view of what I can do to get a reasonable level of privacy, why the recommended actions are necessary/how they work, and how to implement them. Also willing to pay  or read a book if that's required.Second: If I browse with a VPN (I use NordVPN, and their app that sets up the connection), what does that really give me? I realize that it changes/obscures my public IP, which should make it more difficult to identify that it is me who is browsing a certain website. OTOH, I'm aware that there are many other ways of uniquely identifying machines/users. So, if I turn on my VPN and browse website A, will they still know it's me, but rather than my IP being 120.etc it's 80...? The anxious feeling I have is anytime I go online, I have a tshirt with my name on it, but if I use a VPN, I'll put a mask on my face - but I'm still wearing that tshirt! Just typing this out makes me feel really stupid, wow. Any help to brighten up this online dullard would be appreciated.
|
#
?
Aug 19, 2018 13:31
|
|
|
|
| # ? Jun 6, 2024 12:37 |
|
|
I'm using Windows Defender for my security atm (together with ublock/noscript and periodic Malwarebytes scans) but the antimalware service executable is making explorer lag to poo poo for whatever reason on 20% near-constant CPU usage. This is the active protection part and not the scheduled scans for the record, I already tried the solution for those. What's the most decent free alternative? I was using Bitdefender before that but the free version turned to crap which was what prompted me to switch back to Defender this spring in the first place.
|
|
#
?
Aug 19, 2018 13:53
|
|
|
The best free alternative to Windows Defender not working, is to work out why Windows Defender isn't working. What you're describing isn't normal and is a symptom of a problem, possibly the same one you experienced before. You can post a thread in SH/SC but generally it's so easy to reset Windows 10 you might as well start there. 3rd party AV can mess up Defender even after it's uninstalled (it might periodically decide you already have one installed and stop). This is also a common symptom of disk issues - anything accessing the disk might periodically struggle.
|
|
#
?
Aug 19, 2018 15:22
|
|
|
Serendipitaet posted:Second: If I browse with a VPN (I use NordVPN, and their app that sets up the connection), what does that really give me? I realize that it changes/obscures my public IP, which should make it more difficult to identify that it is me who is browsing a certain website. OTOH, I'm aware that there are many other ways of uniquely identifying machines/users. So, if I turn on my VPN and browse website A, will they still know it's me, but rather than my IP being 120.etc it's 80...? The anxious feeling I have is anytime I go online, I have a tshirt with my name on it, but if I use a VPN, I'll put a mask on my face - but I'm still wearing that tshirt! If you're worried about people giving a poo poo about your amazon/facebook browsing or even P2P sites, you're probably coming at this more paranoid than you need to. If you're looking at material that could get you in trouble, just stop. Means of doing this securely require much more knowledge.
|
|
#
?
Aug 19, 2018 15:28
|
|
|
Khablam posted:Next to no online tracking is done via IP, so a VPN doesn't do much or anything for your privacy in the best case. In the worst case the server gets compromised for X days / weeks by a bad actor who can then perfectly correlate everything you do online with one identity. This kills the Ok, that's what I thought re: the first point. Also, yeah, I've considered that worst case, too. Also what if they DO keep logs, despite what they're telling me. Then... are there really any privacy or security benefits? That's what these companies are advertising, but in practice I pretty much use it just to get around geographical blocks for streaming. Luckily, I don't have to worry about the legality of any of the stuff that I'm browsing. There's things in there that I wouldn't necessarily want my mom or my employer to know about, but nothing that would get me in trouble. Where the paranoia comes in is that - as far as I understand it - sophisticated ad-focused trackers run by e.g. google or facebook can indeed correlate my online identity - i.e. the news I read and the amazon listings I browse (I'm ok with that to the extent that it pays for the content I consume), but also what porn I consume (which I find creepy and would like to avoid, ideally). Also, having said that nothing I do online would get me in trouble, what if the law changes? This is just hypothetical, but it's one of the reasons I hear whenever privacy (not just) online is discussed. Serendipitaet fucked around with this message at 16:29 on Aug 19, 2018 |
|
#
?
Aug 19, 2018 16:27
|
|
|
Khablam posted:The best free alternative to Windows Defender not working, is to work out why Windows Defender isn't working. What you're describing isn't normal and is a symptom of a problem, possibly the same one you experienced before. I'm not sure it would be disk-related, as it's only Windows Explorer that's sluggish and not other programs. And I did do a few different health-checks last time I encountered this, none of which noticed any problems with my SSD. The main thing that's weird about this (besides the fact that it's occuring at all) is that it was fine for a couple weeks after I reset Windows. But then it returned earlier this week and I quickly narrowed it down to the antimalware executable process being the culprit by noting that whenever it was running at ~20% CPU - most of the time - I was experiencing this problem, but the times it slows to <5% CPU everything responds normally. I dunno why it was fine for a while before returning. I haven't installed any AV or related software since that reset besides Malwarebytes so I imagine it has nothing to do with 3rd party AV either.
|
|
#
?
Aug 19, 2018 16:32
|
|
|
Serendipitaet posted:Ok, that's what I thought re: the first point. Also, yeah, I've considered that worst case, too. Also what if they DO keep logs, despite what they're telling me. Then... are there really any privacy or security benefits? That's what these companies are advertising, but in practice I pretty much use it just to get around geographical blocks for streaming. The best thing against agressive ad-serving trackers are browser plugins that block those trackers entirely. The simplest (but not as effective) way to do this is to enable whatever built-in tracking protection browsers have these days. Firefox has something to that regard. To be better protected use a plugin such as Disconnect or Privacy Badger (made by the Electronic Frontier Foundation). I use both but that's probably overdoing it because occassionally after an update they block things I want to see like Twitter embeds and then I have to figure out which one is over-eagerly blocking it. Considering VPNs, there are a couple reasons to use them. If you use the good ones, they are rather effective against government censorship. I would've been unable to read my mail or any western news without my VPN while in holiday in China, for instance. Another thing they allow you to do is make you appear as if you're in another country, letting you access region-locked content on video sites and the like. The legality of doing so isn't really clear and might differ per country/state. A third thing they do is put a single layer of abstraction between you and people wanting to track you. For instance, when a local organization that attempts to get uploaders of pirated material to court was asked what they did if they found someone they were tracking was using a VPN, they actually said something along the lines of: "It's not worth putting in the extra effort, we're going for the easy targets first". It won't protect you against real law enforcement if they're actually trying or anything, but it does give them extra work. Anyway, if your usecase is "I don't want my mom finding out what porn I'm looking at", your best bet without going full-paranoid "throwaway phones on public wifi while wearing a mask" mode is a combination of the following three points: - A vpn to make you slightly harder to track - A browser in incognito mode when you're looking at stuff you don't want people to find out about (this does two things - it prevents browsing history from being stored on your computer, and in incognito mode, you're logged out from everything, making the likes of Google and Facebook less likely to track you) - A privacy/tracking-blocker plugin to your browser (which needs to be enabled for incognito mode in the settings) Ideally you use a different VPN connection/IP for your incognito stuff and your day to day stuff but that's quite a bit of extra effort to set up. Of course you could also use TOR browser. TOR basically routes your connection through a dozen random computer scattered worldwide so it's like a VPN connection on steroids. And TOR browser has incognito mode built in. Note that it has been proven that if people try hard enough they can still track you through TOR, and on top of that using it makes your internet slow as hell, so it's up to you if you want to bother with it at all.
|
|
#
?
Aug 19, 2018 17:30
|
|
|
I've been looking at Lowtax's $99/3yr NordVPN ad and considering whether I need it or not. I don't do  or anything sketchy, but I do use a lot of public wifi such Starbucks or library a lot because I have no work space at home (living in tiny room with roommates).Does it provide protection on these public wifis belonging to corporations?
|
|
#
?
Aug 19, 2018 17:37
|
|
|
Serendipitaet posted:Second: If I browse with a VPN (I use NordVPN, and their app that sets up the connection), what does that really give me? I realize that it changes/obscures my public IP, which should make it more difficult to identify that it is me who is browsing a certain website. OTOH, I'm aware that there are many other ways of uniquely identifying machines/users. So, if I turn on my VPN and browse website A, will they still know it's me, but rather than my IP being 120.etc it's 80...? The anxious feeling I have is anytime I go online, I have a tshirt with my name on it, but if I use a VPN, I'll put a mask on my face - but I'm still wearing that tshirt! yes this is correct, VPNs aren't helpful in the way many people think legit reason to use a VPN:
ISPs have been caught hijacking dns responses, selling people's web history to advertisers, and injecting their own content into http responses. They may also proactively record web history on behalf of the police, depending on your country. These are the most compelling reasons to use a VPN imo. ISPs are complete fuckers who should never be trusted. That said, the easiest win you can get in terms of improving your privacy online is to disable third-party cookies and use adblock (ublock origin)
|
|
#
?
Aug 19, 2018 17:50
|
|
|
Rufus Ping posted:yes this is correct, VPNs aren't helpful in the way many people think Thanks for great breakdown.
|
|
#
?
Aug 19, 2018 18:00
|
|
|
I was using someone's macbook the other day, and they had some stupid hijack thing in safari that was diverting searches through my-search.somethingorother. Apparently they got it by installing flash when prompted, from a site whose url was about as terrible as you'd expect - I assume it was a dodgy ad that prompted them. I uninstalled the extension that was in safari, and flash, but what sort of other security measures are relevant? Recommended adblockers for Safari? I use 1blocker on my iphone, and see they have a macos version. Is there anything else I need to do? The only apple stuff I use has an i prefix, and mac os confuses and frightens me.
|
|
#
?
Aug 19, 2018 18:47
|
|
|
Sorry if this seems stupid or silly, I'm here to learn. Just ignore this post if you're not feeling constructive, please and thank you. The post is long to exhaust and express my own thoughts about solving the issues, to be able to garner the best feedback as possible for anything I might have forgotten - which may be a lot. I'm looking for advice on: -A safe as can be procedure to close some email accounts and services as cleanly as possible. -A nice transition into future email account strategy to sign-up for online services. Info | Computer: -I use only a desktop for all things Internet, gaming, etc. -I don't use any social services like FaceBook, LinkedIn, Twitter, Instagram, etc. and don't have any accounts with any social service. -I have a KeePass 2 password manager with 20-25 entries. Trying to ditch more and more services I don't use/use much, to decrease my attack surface. My Password Manager is enabled by having the KeePass master/database file on my HDD, and the file to unlock it - together with a password written down on paper - on a USB stick. That keyfile is also backed up on 2 separate Ext Hdd's, physically located in a closet and not normally connected to my computer. Info| |Phone: -I have a Samsung Android phone for 2FA verification purposes, and use Signal for calls and text. Occasional use of Goodle Maps when driving somewhere new. Never use the phone for other purposes. I might have installed/uninstalled Firefox to browse reddit/imgur on a vacation at one point. -The only apps I have installed on my Android except for the stock Samsung ROM and what it includes, are Steam Auth, Blizzard Auth, Signal, and maybe thinking of installing Authy later on for 2FA on protonmail. My sign-ups for services have always been connected to my 2 gmail accounts: Gmail account 1: My first gmail account ever created was in a breach some time ago, I believe it was LastPass. Just the address was breached, LastPass urged people to change passwords, so I did and haven't noticed anything wrong. The account was named my firstname dot lastname a t gmail dot com which I am not at all comfortable with. It was included on the website haveibeenpwned. I have sms-2FA enabled on it, as I want to quit Google Authenticator for something else. I want to abandon the account as cleanly as possible, and have been monitoring it for spam, newsletters, etc. from services I might have forgotten about. I've been trying to use GDPR and "The Right to be Forgotten" for those services as much as I can to cleanly close any service the account may have been affiliated with. Gmail account 2: I have been using another gmail account for some services as well, which I would also like to abandon as cleanly as possible. It has never been in any breach as far as I know. Also sms-2FA enabled. Possible new Gmail account 3: Seems like I need to have a gmail account in any case, to install apps from the Play Store on my phone/if I buy a new phone/etc. I might create one gmail account just for that purpose, nothing more, if I absolutely have to. I'm considering moving all online sign-ins, like Steam, bank, GoG, travel, whatever, from those two accounts, to either: One protonmail account for all services OR One email account per service and then set those accounts to be forwarded to one "main" protonmail (or other service) account. If one service gets compromised I would see spam coming into the email account for that particular service, yes? And would be better equipped to know exactly what service to cancel or let that staff know they've had a breach. ...and then continue to monitor the two gmail accounts for maybe a year more, before I cancel them. I am really not sure what measures I should take, just came up with these potential issues: -Should I have 2FA enabled for every one of those sign-ups or just the main account? Should I use Authy? Yubikey? My exact same one and only phone number for all? After what I've read in this thread, sms-2FA doesn't seem safe anymore. -I am also worried about locking myself out of my email account for good. Should I have a recovery email for the protonmail account? Should this recovery email be from another service or could I use another account from protonmail? -Can examples like <nick>steamservice at mailservice dot com and <nick>bankservice at mailservice dot com be used at all or should they always be generic email addresses, like 1234slkfbgksbg for a service, so no one has a clue about what service they are used for? Other naming/systems you guys use that you would recommend to keep track? -Plenty of other things I haven't thought of, but maybe you guys have? Sorry about the wall of text, I've tried to clean it up to be readable, but I'd like to be detailed when asking more knowledgable people what to do. I think security have become a really complicated issue just to live as a normal person, but would like to be as prepared as I can and keep learning. Thanks for any constructive input, really appreciate it, as well as the thread.
|
|
#
?
Aug 22, 2018 15:25
|
|
|
well you need to understand you're not a normal user, and that sms 2fa was always a terrible idea. you failed to mention your android phone is jailbroken, so let's just give up on securing that - no random online people aren't where you get trustworthy firmware for the most critical secret storage a regular person has. then look at your strange obsession with protonmail, if that poo poo shuts down tomorrow what are you doing? you seem to love putting the eggs in one basket and trust them wholeheartedly. let me be blunt: if you don't trust google then you shouldn't be using android, and you really don't want to use the play store so you need to make informed trade-offs. which gets us to the core of the question: what exactly are you trying to protect at this point? is your your personal information? that was already online and you're not using gdpr to cleanse that from the internet. if it's that gaming review site you've mentioned in the past no one cares and you're going to overlook something obvious anyway may as well be upfront about yourself there if you want it to be a job just want to shutdown your online presence and walk away? just tell google to delete the accounts and personal data. you're going to have to trust them on that front anyway, you're not changing that situation regardless of which law you try to invoke far as email schema you either go with a random username per-identity or service on a public-facing service, of you go with <rand16>@downsdu.ck. all you're getting there is an idea of who's been breached or selling your info. you already have a password vault, the unique email isn't anything difficult to document also yes use actual 2fa on everything, why the hell is that a question. if you're not then how the hell would you trust one of those dumb front-emails that you've setup? i mean you can't anyway but let's entertain the premise
|
|
#
?
Aug 22, 2018 16:57
|
|
|
Some specific questions, with a view to getting you to decide precisely what threat you are trying to guard against:Downs Duck posted:I might have installed/uninstalled Firefox to browse reddit/imgur on a vacation at one point. Downs Duck posted:The account was named my firstname dot lastname a t gmail dot com which I am not at all comfortable with. Downs Duck posted:I have sms-2FA enabled on it, as I want to quit Google Authenticator for something else. Downs Duck posted:to install apps from the Play Store on my phone Downs Duck posted:should they always be generic email addresses, like 1234slkfbgksbg for a service, so no one has a clue about what service they are used for? 
|
|
#
?
Aug 22, 2018 17:55
|
|
|
Wiggly Wayne DDS posted:you failed to mention your android phone is jailbroken, so let's just give up on securing that - no random online people aren't where you get trustworthy firmware for the most critical secret storage a regular person has. To expand Wiggly's point: you're going from having a large team of engineers protecting you to taking all the responsibility of making your device secure on yourself and to be blunt the post makes it clear you don't have those skills. We do. You're being paranoid and utterly unrealistic as to how attacks or attackers work, you'd be safer if you weren't trying to be smart and missing the mark so hard.
|
|
#
?
Aug 22, 2018 18:16
|
|
|
Wiggly Wayne DDS posted:well you need to understand you're not a normal user, and that sms 2fa was always a terrible idea. you failed to mention your android phone is jailbroken, so let's just give up on securing that - no random online people aren't where you get trustworthy firmware for the most critical secret storage a regular person has. then look at your strange obsession with protonmail, if that poo poo shuts down tomorrow what are you doing? you seem to love putting the eggs in one basket and trust them wholeheartedly. let me be blunt: if you don't trust google then you shouldn't be using android, and you really don't want to use the play store so you need to make informed trade-offs. Thanks for replying. Also, blunt is fine. Sorry about not mentioning the jailbroken phone and thanks for reminding me that might be an issue. The next one will not be jailbroken, but I have no idea of what brand to choose. Maybe an old Nokia and a TomTom for maps? I have no idea. You guys know better. I'd prefer it to have as little bloatware as possible. But, I digress. I'm not infatuated with Protonmail, honest, I have just seen it recommended by a lot of people and thought it might be the best service to use for now. This is why I'm asking you guys, you are way better at this than me, lot of you are professionals or seems like it. I deleted that gaming review site some time ago, so that's a non-issue. I know no one cares about that, no problem. It won't be a job, so no worries. I'm considering quitting Steam too, and other game services, at a later point. They are part of those 20-25 entries I have in my KeePass. Shutting down my gmail accounts RIGHT NOW means including cutting off my online bank, insurances and other important stuff, so I'd prefer to transfer the important entries to another email service first, for that reason alone. If not Protonmail, then please advice me on what other service to use, again I am here to learn. And I am asking some "dumb" questions to clarify beyond any doubt what to do about certain issues, because I worry that I might overlook something, because I'm not an expert on these things like you lot are. I hope that doesn't piss you guys off too much. My apologies, and thank you again for replying. Rufus Ping posted:Some specific questions, with a view to getting you to decide precisely what threat you are trying to guard against: Rufus Ping posted:why are you scared of keeping Firefox installed? Rufus Ping posted:what makes you uncomfortable about using that email address? Rufus Ping posted:why do you consider the google authenticator app worse than sms for 2fa... Rufus Ping posted:...when you happily have an android phone and use the play store? Not sure what this is about? apseudonym posted:To expand Wiggly's point: you're going from having a large team of engineers protecting you to taking all the responsibility of making your device secure on yourself and to be blunt the post makes it clear you don't have those skills. We do. Yes, you do. You have the skills and the expertise, hence my asking you. Again, sorry for pissing you guys off so hard, seems uncalled for, but you are the experts and the OP said it was okay to ask, so here I am, asking. Thanks again for the constructive inputs, not so sure about necessity of the pissed off parts in your retorts, but I'll try to learn from it anyway. I'll show myself out and go gently caress myself, enjoy your day. Downs Duck fucked around with this message at 21:41 on Aug 22, 2018 |
|
#
?
Aug 22, 2018 21:38
|
|
|
Have you been on holiday to any exotic countries lately?
|
|
#
?
Aug 22, 2018 21:51
|
|
|
Khablam posted:Have you been on holiday to any exotic countries lately? Not for years, no.
|
|
#
?
Aug 22, 2018 21:52
|
|
|
you haven't pissed anyone off, you're just not making a lot of sense and seem to be throwing out scattered ideas without telling us what you're protecting, who from and why. those are pretty critical if you want your approach evaluated, otherwise we don't know the situation you're in and will give terrible advice just break down what you're trying to protect, who you expect are trying to get it, what you'd lose if they got it, the amount of resources (manpower/experience/time) available, and why it's so critical. then recommendations can be made with context
|
|
#
?
Aug 22, 2018 22:07
|
|
|
Personally my perceived threat is cyberstalkers and Internet detectives. I don't really care about nation-states or even hackers all that much, I just don't want to be tracked down and doxxed by neckbearded creeps with their Googlefu.
|
|
#
?
Aug 22, 2018 22:46
|
|
|
Wiggly Wayne DDS posted:you haven't pissed anyone off, you're just not making a lot of sense and seem to be throwing out scattered ideas without telling us what you're protecting, who from and why. those are pretty critical if you want your approach evaluated, otherwise we don't know the situation you're in and will give terrible advice Thank you. I'm trying my best to decide what info is relevant or not. I forgot about the jailbroken phone, for example, and it was great that you brought that up. I know I am liable to forget important stuff, hence my bringing a dump of info instead of a tea spoon. I know the ideas are scattered, that's why I'm looking for advice on breaking it down. The "what" would just be my personal identity/life/personal information. I'd like to have the smallest Internet footprint possible and still be able to live normally, like continue to use online banking, but maybe do so in a safer way than sms-2FA. Maybe a Yubikey? I know next to nothing of Yubikeys. Or would Authy suffice? I'd like my personal info on as few websites as possible, and for those I do have it on, I'd like to have the possibility to delete it at my leisure, IF that's possible. From "who" would be anyone wanting to abuse that information in any way, I don't know. Someone breaching my bank for fun? Russians having fun with Steam? Finding my information somewhere? Some begrudged person I happened to insult while drunk at a party? I don't know and that's why I'd like to be careful in general. I just think that the less info about me is on the net, the less is the chance of it being abused? Like how NOT opening up your whole life with your home address, where your kids go to school, phone number and sexual preferences on every social media site known to man, is better than doing so? I'm no IT professional - we all agree - but that just seems like common sense to me. The smaller the Internet footprint, the better/safer, no? I guess a random botnet/hacker attack/breach on some big site that has my information stored and not so securely would be more likely than someone targeting me, but that's just what I think. I might be wrong. "Why" is just any horrible thing people could do to others I guess? Identity theft and trying to battle with the local police to fix that poo poo. Having my emails snooped around in, in general. Having my bank information stolen. That's the thing, I don't know what people would be after or how they would attack me, so I'd like to be as safe as I can reasonably be, with as little information about myself on the net as possible. Maybe I could use this chance to plan ahead on what email to use to sign-up with online services so I don't gently caress myself over in the future? I wouldn't know if Protonmail is going anywhere next week, if you guys do, please advice me on a good email provider to use instead? I don't hate myself (or am skilled) enough to run my own email server, so we can probably rule that out. Anyone may call me paranoid or any other derogatory term if they like, but this is what I'd feel most comfortable with going forward. It also makes sense to me, and what others might call paranoid I deem being careful. I'd like to go back in time and start Internet'ing from a clean slate, but I'll settle for the next best thing, cleaning up the most I can. Mapping out and planning ahead what I should use and how to use it, to stay as safe as possible. Maybe you guys don't have more tips on that than I already know, and that's fine, I think it better to have asked anyway. Thanks again. Cup Runneth Over posted:Personally my perceived threat is cyberstalkers and Internet detectives. I don't really care about nation-states or even hackers all that much, I just don't want to be tracked down and doxxed by neckbearded creeps with their Googlefu. Very much this, I guess.
|
|
#
?
Aug 22, 2018 23:13
|
|
|
Downs Duck posted:That's the thing, I don't know what people would be after or how they would attack me, so I'd like to be as safe as I can reasonably be, with as little information about myself on the net as possible. This is why people are calling you paranoid. "I don't know who might be after me or how, but I just want to keep myself safe!" is a very paranoid thing to say. If you, like me, are trying to protect yourself from internet detectives, here's some things you can do: 1. Don't use the same name across communities/websites. Adopt a wide variety of pseudonyms. Online handles are the first things creeps will use to try and track you down and link your Internet presence together. It's also good to use common words for pseudonyms as they are very difficult to Google. "Downs Duck" is a good one because it seems to be masked by a comic of some sorts. "Cup Runneth Over" is just going to return a bunch of Bible quotes. 2. Use different emails. Emails are the second thing that e-detectives will search for to try and link your accounts. I use MailNull to generate an infinite number of emails for everything I sign up for (insofar as I can be bothered), which redirect to my real e-mail address (and a few aliases) that I avoid giving out as much as possible. This is important because they can't be masked by being "common" -- they can always be directly searched. Usually websites are decent about protecting them from being indexed, but not always. 3. Scrub social media. Don't use Facebook, Twitter, Tumblr, Instagram, etc. as these are hotspots of personal info that, if found, can easily be used to doxx you. If you do use them, use them under pseudonyms and avoid mentioning any personal information. 4. Don't mention personal information anywhere it can be publicly accessed. It's OK to talk about your life in direct messages, for instance, because then only the person you're talking to knows you, and you presumably trust them. What you're trying to avoid is having that info permanently catalogued somewhere that someone can access from a search engine. Even public Discord servers and stuff just require someone to join them and start searching keywords for you. 5. Get a password manager, like 1Password. This is just good security practice in general as it allows you to have a variety of different, high-strength passwords for every service, which means if you ARE hacked on one account they can't use your credentials to log into another. I personally still memorize passwords for stuff like my bank account or my e-mail since those are big points of failure I wouldn't want vulnerable if my password manager somehow got exploited into dumping my password. None of this requires you to adopt 2FA (though you should) or turn into a hermit or whatever. You just need to know what your threat model is rather than just living in fear. Oh, and remember: None of this will keep you safe forever. You're only human, and you will make mistakes, and you probably already have a lot of info out there that can't be erased because it lives forever on the Internet. If someone is determined enough, they'll probably find you. Don't let it keep you up at night, because there's only so much you can do. Just do the best you can and relax. Cup Runneth Over fucked around with this message at 23:39 on Aug 22, 2018 |
|
#
?
Aug 22, 2018 23:35
|
|
|
Not having excessive amounts of personal information scattered around the internet is a fine aim. You achieve it by not handing your information out to people who have no need to know it. I have two gmail addresses. One is my full name and I use it for work and the bank and corresponding with family and other professional things - I probably use this one with less than 20 places in total. The other isn't based on my name and I use it everywhere else - according to 1Password, about 400 websites. If these places ask for my name or address or age or photograph I just refuse or make something up. It's pretty easy to do. I've subscribed to haveibeenpwned, but that doesn't let you turn back time after a break-in. So just don't give websites any information in the first place. I enable 2FA everywhere it is offered, preferably TOTP but SMS if not. There are several trustworthy TOTP phone apps. I'd happily use any of them including google authenticator. Google are much better at security than I am. This is all very straightforward to do. The only habit you have to form is consistently lying online. Never type your real name into a text box on a website. If you are feeling overwhelmed or confused by your approach to online security as an individual, you're probably overthinking it.
|
|
#
?
Aug 22, 2018 23:56
|
|
|
Cup Runneth Over posted:This is why people are calling you paranoid. "I don't know who might be after me or how, but I just want to keep myself safe!" is a very paranoid thing to say. Thank you, this is very helpful, honest. The paranoid part is still where I would say I'm just being careful in general, akin to locking my house tonight. No matter if there are script kiddies on my lawn, nation states or aliens in a UFO trying to break in, I still think a locked door is better than an unlocked one. We could debate my being paranoid or careful and where the line goes 'til the cows come home, because the line is drawn differently for everyone, whether they use 1, 2 or 10 locks on that door, or use a short password, a long one, sms-2FA, or Auth-2FA. I'm sure John Plumber two houses down would call me paranoid for using any kind of 2FA at all, because he thinks it's silly. Or lock my door, because "nothing has ever happened in this neighbourhood". And that's fine, I'll let him think that, while still locking my door and trying to learn more about securing myself online. We can still meet for bbq and talk sports. Best practices. Security within reason. 1. I've used different nicknames for a long time, so I'm doing something right. Anything from Disney/movie characters, to Spanish football players, obscure comics, German philosophers, Asian martial artists, whatever. Good, I'll keep doing that. 2. I didn't know about this service and will check it out. It seems to solve the issue I had before, about what service each email would be connected to. 3. Yeah, I personally can't stand social media and believe them to be a huge waste of time, so that sounds good too. I have plenty of friends I call or text whenever I want to do something, which works well. 4. I don't use Discord either, for this reason. 5. I use KeePass which seems to do the job well. I honestly don't live in fear, but I might be conveying that for some reason? I'm just really passionate about trying my best to be as secure as I can be within reason, and yes, that includes not wanting to live in a cave off the grid. It's like learning anything else, like, say, fixing cars. If some tire producer is above and beyond anyone else, maybe it's good to check that out for your car? It doesn't mean I'm scared that tonight I'm gonna die in a horrible car crash, it means I feel safer knowing I did my research and have good tires in this heavy snow/rain. Common sense. I just think it's good to plan ahead when you have the opportunity to do so, and that best practices should be followed, like locking your door instead of not doing it. And these 5 points you bring up really helps me out a lot, so thanks for that. Rufus Ping posted:Yeah, not having excessive amounts of personal information scattered around the internet is a fine aim. You achieve it by not handing your information out to people who have no need to know it. Appreciate it. And yes, I guess that is generally my aim and that that's okay, then. Again, I just think I'm being careful. I've used the first gmail to sign up for banks, insurance, work and other important/official stuff. What freaked me out was when it was in that LastPass breach. It seems to have had a small increase in spam, which is annoying, but not "dangerous". I reckon because I changed the password and the email address has 2FA, it's safe to continue to use it anyway? Seems I am already following the rest of the advice pretty much to the letter. Thanks again for the input. FWIW, I trust Google's/other companies' team of engineers to be better at security than myself, of course. When I say I'd like to stop using their services, it's their business plan I might have issues with.
|
|
#
?
Aug 23, 2018 09:18
|
|
|
You have no idea what the threat model for doxxing actually is, you've been spooked by recent doxxing hitting people like you, and you're walking waaaay into the weeds without any direction. I'm informing you of the problems adding to the challenge of managing your online presence. As an example, your fixation on MFA methods is like worrying about the brand of deadbolt on your door--sure, some are kinda poo poo and defeated silently with the right skilks--while perhaps you're habitually leaving large windows open elsewhere.
|
|
#
?
Aug 23, 2018 12:22
|
|
|
Downs Duck posted:I honestly don't live in fear, but I might be conveying that for some reason? Your level of fear is wildly disproportional to any perceived theat. No one cares about you, "internet detectives" working out you have a steam and GoG account isn't going to impact your life in any way. The thread already adequately covers actual security issues vis-a-vis password managers and 2FA which is ironically where you fuckup in some attempt to ... be scared of google authenticator?
|
|
#
?
Aug 23, 2018 13:07
|
|
|
Potato Salad posted:You have no idea what the threat model for doxxing actually is, you've been spooked by recent doxxing hitting people like you, and you're walking waaaay into the weeds without any direction. True, hence my asking for advice. Khablam posted:Because you're saying things like you need to close down using steam and other gaming services because of "russians" and warning the thread you used Firefox once on holiday. It's not fair to connect these. I might close down Steam and other services because I don't use them as much as I used to and it seems plausible to cut out services I no longer use. Because of "Russians" is just any other person that would like to gently caress with my life and who knows more about attacking me digitally than I know to fend against. I used Firefox while on holiday was just to be honest about what I use my phone for and not. If it wasn't relevant, that's okay. But maybe don't connect these things into a strawman argument? My level of concern is valid in my mind. I expect no one cares about me, yes. I do however see a risk of ending up being attacked or hosed over because I forgot to set some security measure that would have been simple to do. Hence, my asking the thread, to educate myself. I also don't see the problem in my investigating other Authenticators than Google's if I might want to steer away from their services at a later point in my life? Misconstruing that as my "being scared of Google Athenticator" seems like another strawman and just plain dishonest to me? Edit: This is to no one in particular, and beside the scope of pure facts/advice, but I'm curious: In general, I would prefer the advice without the sass, sarcasm, and assholery that comes with it, but if the two are inseparable when IT-experts dispense advice, I'll take it and try to pick the great advice out from the flow of poo poo. Not sure why chef Ramsay and IT-people have this in common that the best way to teach people is to shame, insult, and ridicule them, but maybe it's a stellar teaching method I haven't caught up on yet? Is it like basic military training where the purpose is to tear people down to build them up again? Is it a cocksure belief that your field of IT is better than all other fields and professions on the planet? Why the hostility? Why the absolute fury when someone comes in and asks you about something? It doesn't come off as "snarky" or "edgy"; it comes off as incredibly aggressive to the point of it being absurd. Isn't it a confidence booster that your expertise is actually asked for by another person? Why answer if you couldn't care less? Do you have to trade-off answering by including an insult, for it to merit your time of day? Why do I feel like I'm browsing a thread full of professional experts during the first half of a post, then the next half reads like a 4-chan teenager wanting to lash out at someone just because he knows less about a field than they do? It's that great Dr Jekyll/Mr Hyde divide that gets me wondering. I am just perplexed about it and can't imagine professional settings where the junior surgeon, assistant architect, or heli-pilot student asks their mentors for best practices on stuff and they are rewarded with this truckload of pissing rage from their betters, inbetween "be careful of the jugular in these circumstances" and "try to build it this way, so you utilize the sun better", "watch the tree tops, especially when doing x and y". I'm not a petit fleur vase and can take it, but I just don't see the value of decorating a great Advice Steak with a big Rage Turd. Your professional or semi-professional expertise in computers warrant that you are better than this. The advice is great, the insults seems childish and I see no benefit in including them in otherwise great answers. I am not trying to be a dick here, I am honestly curious: Is it the field itself that is so stressful, is it depression among a certain type of person doing computer work, or something else entirely? Is it more stressful than saving kids at the ER or running into burning buildings with a helmet and ax? Because I see this plethora of angriness in more IT-people than other professions, whenever I come across them and I am seriously wondering what causes several of people in that particular field to act this way. I ask a mechanic about my car, he doesn't respond like this, I ask a nurse about my condition, she doesn't respond like this. They both seem happy to help, confident that their expertise is valued. Anyway, I'll peruse the advice I've gotten once more, and try to go from there. Thanks again for the advice between the insults and sorry for the wall of text. Food for thought or just ignore. Be well, people. Downs Duck fucked around with this message at 15:03 on Aug 23, 2018 |
|
#
?
Aug 23, 2018 14:12
|
|
|
I wasn't thinking there would be a way for this to get...weirder? But there it is. The mechanic metaphor you're using isn't accurate. It's like you're asking a mechanic how to get your car to protect you from street cleaners? IDK, I'm trying to grasp this and I just don't have time for it and shouldn't have posted when I already had a hint this was going to be a little unhinged. Potato Salad fucked around with this message at 15:29 on Aug 23, 2018 |
|
#
?
Aug 23, 2018 15:25
|
|
|
Potato Salad posted:I wasn't thinking there would be a way for this to get...weirder? But there it is. Seems straightforward to me. Potato Salad posted:The mechanic metaphor you're using isn't accurate. It's like you're asking a mechanic how to get your car to protect you from street cleaners? IDK, I'm trying to grasp this and I just don't have time for it and shouldn't have posted when I already had a hint this was going to be a little unhinged. Hmm? "If I ask a mechanic about my car" is like me saying I want him to protect it from street cleaners? Where did "street cleaners" come from? To make it easy, a mechanic or a nurse wouldn't respond like many (not all) IT-professionals do (various degrees of angry/insults/etc like in this thread), when asked politely about something related to their field of expertise. In my humble, anecdotal experience. Downs Duck fucked around with this message at 15:50 on Aug 23, 2018 |
|
#
?
Aug 23, 2018 15:28
|
|
|
As someone who does this on the regular: the way to scrub your online presence is to painstakingly delete content you can get to, delete the accounts you can delete, scramble/mis-address those you cannot, and use minimal social media from here on out. There's only so much you can do about archive sites and ad data. Flip side is that unsophisticated s0cia1 media h4xx0rz really know how to leverage small ad buys/quotes to efficiently exfiltrate old data on service consumers. If you're unable to deal with catastrophe-worrying, stop doing the things online that if shown to the public or your boss that would ruin you. Don't leave really easy info on social media, and stop doing things that make you a target.
|
|
#
?
Aug 23, 2018 15:37
|
|
|
Downs Duck posted:Hmm? "If I ask a mechanic about my car" is like me saying I want him to protect it from street cleaners? Where did "street cleaners" come from? exactly
|
|
#
?
Aug 23, 2018 15:38
|
|
|
Potato Salad posted:As someone who does this on the regular: the way to scrub your online presence is to painstakingly delete content you can get to, delete the accounts you can delete, scramble/mis-address those you cannot, and use minimal social media from here on out. There's only so much you can do about archive sites and ad data. Flip side is that unsophisticated s0cia1 media h4xx0rz really know how to leverage small ad buys/quotes to efficiently exfiltrate old data on service consumers. If you're unable to deal with catastrophe-worrying, stop doing the things online that if shown to the public or your boss that would ruin you. Thank you, I'll add this to the rest of the advice I've gotten. Potato Salad posted:exactly Erhm, where did you get "street cleaners" from, because I never mentioned anything like that in my post anywhere. But it doesn't matter, thread derail and all that, thanks again for your advice. Downs Duck fucked around with this message at 15:44 on Aug 23, 2018 |
|
#
?
Aug 23, 2018 15:39
|
|
|
Thanks to everyone who contributed to my questions.Potato Salad posted:You have no idea what the threat model for doxxing actually is, you've been spooked by recent doxxing hitting people like you, and you're walking waaaay into the weeds without any direction. Potato Salad posted:As someone who does this on the regular: the way to scrub your online presence is to painstakingly delete content you can get to, delete the accounts you can delete, scramble/mis-address those you cannot, and use minimal social media from here on out. There's only so much you can do about archive sites and ad data. Flip side is that unsophisticated s0cia1 media h4xx0rz really know how to leverage small ad buys/quotes to efficiently exfiltrate old data on service consumers. If you're unable to deal with catastrophe-worrying, stop doing the things online that if shown to the public or your boss that would ruin you. This sounds super interesting and I would like to know more. If you could point to a reference or would be willing to effortpost about it, I would appreciate it.
|
|
#
?
Aug 23, 2018 16:14
|
|
|
Everybody who wants to be secure with their devices almost never does a risk assessment and thus applies security incorrectly, improperly, and unnecessarily intrusively.
|
|
#
?
Aug 23, 2018 16:33
|
|
|
Downs Duck posted:Erhm, where did you get "street cleaners" from, because I never mentioned anything like that in my post anywhere. But it doesn't matter, thread derail and all that, thanks again for your advice. We're over here going "street cleaners?? guy buddy they are no threat just chill" and you respond with "but theoretically street cleaners COULD attack me in my car so is super gluing my doors shut a good defence?" 
|
|
#
?
Aug 23, 2018 16:47
|
|
|
Downs Duck posted:This is to no one in particular, and beside the scope of pure facts/advice, but I'm curious: This is comedy gold. Pip pip, cherio, enjoy your perusing old chap.
|
|
#
?
Aug 23, 2018 16:56
|
|
|
Khablam posted:Because wanting your car to protect you from street cleaners is as relevant to your meat-space security as closing down GOG to protect from the Russians, or creating fake email accounts for / closing down steam. Excuse me? I think you need to read those posts once more. I never said anything about "street cleaners" in any way, shape or form, that other poster did. Also, with this dishonest "closing down GOG to protect from the Russians, or creating fake email accounts for / closing down steam"-poo poo, you are just repeating the same strawman as before, please stop doing that? porktree posted:This is comedy gold. Pip pip, cherio, enjoy your perusing old chap. Agreed. Downs Duck fucked around with this message at 17:14 on Aug 23, 2018 |
|
#
?
Aug 23, 2018 17:09
|
|
|
what do you have against street cleaners
|
|
#
?
Aug 23, 2018 17:12
|
|
|
Wiggly Wayne DDS posted:what do you have against street cleaners Contact a local mechanic for more advice.
|
|
#
?
Aug 23, 2018 17:16
|
|
|
|
| # ? Jun 6, 2024 12:37 |
|
|
Wiggly Wayne DDS posted:what do you have against street cleaners Nothing. I just hate when a perhaps sleep-deprived poster tells me I wrote about them, and then another poster jumps down my throat believing I did and puts together topics that have nothing to do with eachother to misconstrue strawmen  Khablam posted:You never know if they're going to clean your windscreen or trick you out of your bank account. Wow, not eager to quit your poo poo, are you?
|
|
#
?
Aug 23, 2018 17:17
|
|