|
Crack posted:OK I have a few opinions. First of all, please don't use chrome because gently caress google. Same goes for google search (you can use an anonymising service like startpage or disconnect) gmail, google docs, google analytics (can you even still block this?). At the least delete emails not "archive" them, if you think you might wish to view it later download via a secure protocol to an email client, and backup. Noscript is great! quote:Also turn your phone off when you aren't using it, better yet remove the battery. Not only will you be saving yourself from cancer but I'm sure everyone has heard of the stingray by now. I also use D-VASIVE which disables the mic etc if I'm not using that functions. Finally, please get RedPhone, TextSecure, Signal, w/e, and advise your friends to do the same. More adoption of this tech is better for everyone, it's Snowden approved and from a couple talks I watched of his Moxie is p much top of the game right now and appears to be doing it for the right reasons. Related to that, don't trust SSL (padlock) as implemented right now. And pgp isn't great. quote:Please don't use dropbox. Or Hola. If something is free, how do the developers profit and maintain servers? Same goes for pirated content - in this case though I'm not talking about the dev behind the content but the dev that's put some sneaky code into that pdf of some esoteric magazine or whatever where it's fairly unlikely there have been enough downloads / educated users to leave a warning that you've been owned. quote:If you're still using WEP it might be time to consider suicide, but WPA is vulnerable too now because Moxie has generously offered WPA/WPA2 cracking as a cloud service for 30 dollars or something, you get results in 20 mins or 40 iirc (if vulnerable). quote:If your housemates are idiots it might be a good idea to disable all incoming / outgoing connections on your router because if you are reading this thread you quite possibly already have malware and aren't the best educated on it. Oh and if you are paying rental for some plastic poo poo your isp provides (with a modem too!) try and return it and invest in an actual router. quote:(disclaimer: I'm no security expert but i love my hat, and I think information security is equally or even more important for many people than pure focus of viruses etc)
|
# ¿ Jun 2, 2015 20:31 |
|
|
# ¿ May 2, 2024 07:03 |
|
Crack posted:Thanks for the criticism people, hopefully I can learn something from it. I'll respond to a post now and another later otherwise these posts will be too large.
|
# ¿ Jun 4, 2015 15:32 |
|
Crack posted:But what about uMatrix?!
|
# ¿ Jun 13, 2015 15:51 |
|
ThermoPhysical posted:Yes, I read it twice before asking and it says nothing about cloud-based AVs or if they're even worth anything. Basically it starts out how antivirus programs are outdated and not worth buying and then some settings for traditional AVs that arent cloud-based.
|
# ¿ Jul 30, 2015 16:16 |
|
Mr Chips posted:what, nothing about applocker/SRPs on Windows?
|
# ¿ Oct 22, 2015 08:36 |
|
It won't stop malware but it's useful to control software with callbacks.
|
# ¿ Sep 3, 2016 13:48 |
|
Samizdata posted:You know, most of EMET is baked into 10, albeit without the granular controls. Also, how to you justify "DEATH TO THIRD PARTY AV, but not THAT third-party AV!"? (As Defender was originally from Giant Software if I remember correctly)
|
# ¿ Oct 7, 2016 20:50 |
|
remember kids even the run of the mill exploit kit allows for single-serve exploits, don't trust a second check on an url
|
# ¿ Nov 5, 2016 00:27 |
|
stick to configuring your own vpn on a home server or vps rather than touching the poo poo paid ones
|
# ¿ Feb 3, 2017 10:30 |
|
............... no. run openvpn and configure it. paid services will use outdated libraries, pre-shared keys and as much garbage as possible
|
# ¿ Feb 3, 2017 10:49 |
|
Seaside Loafer posted:Really honestly? I cant tell from the meta humor sometimes I'll do it as a stopgap if its real. if they're refusing any guidance and you've even offered to do it all for them you have to weigh your options up as poo poo going wrong in the future will fall back on you
|
# ¿ Jun 1, 2017 15:07 |
|
judge a company by how they respond to vulnerabilities, not that they've existed at all in an evolving codebase
|
# ¿ Jul 11, 2018 19:54 |
|
well you need to understand you're not a normal user, and that sms 2fa was always a terrible idea. you failed to mention your android phone is jailbroken, so let's just give up on securing that - no random online people aren't where you get trustworthy firmware for the most critical secret storage a regular person has. then look at your strange obsession with protonmail, if that poo poo shuts down tomorrow what are you doing? you seem to love putting the eggs in one basket and trust them wholeheartedly. let me be blunt: if you don't trust google then you shouldn't be using android, and you really don't want to use the play store so you need to make informed trade-offs. which gets us to the core of the question: what exactly are you trying to protect at this point? is your your personal information? that was already online and you're not using gdpr to cleanse that from the internet. if it's that gaming review site you've mentioned in the past no one cares and you're going to overlook something obvious anyway may as well be upfront about yourself there if you want it to be a job just want to shutdown your online presence and walk away? just tell google to delete the accounts and personal data. you're going to have to trust them on that front anyway, you're not changing that situation regardless of which law you try to invoke far as email schema you either go with a random username per-identity or service on a public-facing service, of you go with <rand16>@downsdu.ck. all you're getting there is an idea of who's been breached or selling your info. you already have a password vault, the unique email isn't anything difficult to document also yes use actual 2fa on everything, why the hell is that a question. if you're not then how the hell would you trust one of those dumb front-emails that you've setup? i mean you can't anyway but let's entertain the premise
|
# ¿ Aug 22, 2018 16:57 |
|
you haven't pissed anyone off, you're just not making a lot of sense and seem to be throwing out scattered ideas without telling us what you're protecting, who from and why. those are pretty critical if you want your approach evaluated, otherwise we don't know the situation you're in and will give terrible advice just break down what you're trying to protect, who you expect are trying to get it, what you'd lose if they got it, the amount of resources (manpower/experience/time) available, and why it's so critical. then recommendations can be made with context
|
# ¿ Aug 22, 2018 22:07 |
|
what do you have against street cleaners
|
# ¿ Aug 23, 2018 17:12 |
|
DoctorTristan posted:Do you know the difference between a straw man and an analogy?
|
# ¿ Aug 23, 2018 17:52 |
|
how many vpn services that advertise "no logs" do you think have been caught logging? the ones that don't are the major exceptions and panama isn't what you're looking for
|
# ¿ Feb 16, 2019 11:09 |
|
OSU_Matthew posted:The point isn’t to hide from state level actors but just a reasonable modicum of blocking trackers, especially ones that associate and log activity correlated with your usual IP addresses. Yes you still need to configure your browser to block third party cookies and trackers and install unlock origin and everything, and DNS over HTTPS is also a great thing, but we’re not Jamal Khashoggi trying to hide from our government dismembering us , just trying to block some overabundant third party tracking and tunnel traffic over public WiFi to avoid the shitshow of people being easily able to sniff out what’s going over the wire (including credentials and unencrypted please do not mistake you're understanding of tracking and security for advice to be given out to the general user. especially if you are not taking any notice of their concerns and asking the prudent questions to figure out what they're protecting and how much they're willing to invest time and resource-wise.
|
# ¿ Feb 17, 2019 00:53 |
|
whoever is giving you other opinions please share so we can bemuse ourselves at them
|
# ¿ Jan 14, 2022 03:10 |
|
Subjunctive posted:My daughter (high school) had an assignment this week to spec out a PC build for a fictional graphic designer, and two of the items the teacher expected to see on the list were antivirus software (he recommended ESET) and malware removal software (MalwareBytes). I explained to my daughter that we are a Windows Defender house and that I would come and talk to the teacher if he objected. Some things are worth fighting for.
|
# ¿ May 26, 2023 21:53 |
|
Magnetic North posted:Is this a joke/meme? Or is this real?
|
# ¿ Mar 5, 2024 12:58 |
|
|
# ¿ May 2, 2024 07:03 |
|
all a vpn is doing is changing where your requests for any resources online are coming from. so effectively you're paying for a company to see where all your packets go to by you giving it to them first and them pinky swearing they're not reselling data. this is marketed under the guise that you're only doing it with stuff you don't want other people to know about too soooo
|
# ¿ Mar 5, 2024 18:09 |