Meetup: Cyber Security, Safety, & Privacy
# Just want the meat?
# Defense easy mode (Getting started)
- Use Signal to message (and convince others to) instead of SMS, Whatsapp and Telegram.
- Use an anonymous search engine instead of Google
- Use a privacy focused browser like Brave (mobile and PC).
- https://brave.com/
- Add “HTTPSEverywhere on PC/Mac/Linux”
- Use a password manager with strong passwords that you don’t reuse them.
- https://www.lastpass.com/
- https://1password.com/
- https://bitwarden.com/
- Make sure your password manager has a strong password.
- Use Protonmail or Fastmail over Gmail
Check to see if you’ve been compromised
- http://haveibeenpwnd.com/ Explore other privacy focused services
- https://www.privacytools.io/
Want to learn more? Read on.
# Define/Philosophy
# Security
- Encryption.
- In transit: TLS, VPN, End to End.
- At rest.
# Safety
- Use your devices, network and the internet without being exposed to bad actors.
# Privacy
- Data about your communications or behaviors belong to you.
- Metadata: HIV, Suicide, political email.
- https://www.youtube.com/watch?v=pcSlowAhvUk
# Cyber/Digital
- Data, communications and behaviour.
# Risks
Data, Digital/Physical Assets. (Hackers/Scammers)
- Passwords, bank accounts, digital assets.
- Rainbow tables.
- Brute force.
- Hashing.
- How can this be stolen/compromised?
- Social engineering/Phishing.
- Hacks, local and on services you have accounts with. Hashing.
- Malware/Trojans.
- Passwords, bank accounts, digital assets.
Privacy. (Corporate manipulation, Government)
- Spying/Tracking.
- ISP.
- LTE.
- Fiber/Cable.
- WiFi
- Open.
- Secure.
- MITM.
- Carrier.
- DNS.
- Tracking services + AI.
- Facebook example.
- Abortion.
- Foreign actors.
- ISP.
- Surveillance.
- AIrtags.
- Airguard.
- Tracker Detect.
- License plate readers.
- Bluetooth MAC readers/scanning.
- Gun shot detection.
- Ring Cameras + LEO.
- AIrtags.
- Spying/Tracking.
Mobile devices
- Location.
- Towers/Trilateration.
- Cell site simulators.
- Encryption.
- Bluetooth/WiFi.
- Randomization.
- WiFi scanning.
- Mobile Advertising Indentifier
- Spying on communication.
- SMS/Calls.
- Phone components and sensors.
- GPS.
- Malware.
- Does turning your phone off work?
- Cryptomining.
- Compromised apps.
- Faraday?
- Location.
Ransomware.
# Attack vectors
- Cloud file hosting.
- Google Drive.
- iCloud.
- Microsoft OneDrive.
- Dropbox.
- Encrypted? (Search)
- SMS.
- Carriers can read your messages.
- Carriers store your messages.
- Messages can be recovered if deleted.
- Encryption.
- Messangers.
- Trackers.
- Email (plain text)
- Protonmail outside protonmail.
- Passwords
- Weak.
- Reused.
- Passwordless.
- Sessions, authenticated once, can expire.
- Multifactor.
- Know.
- Have.
- Are.
# Plan
- Protect what is likely?
- https://ssd.eff.org/module/your-security-plan
- https://ssd.eff.org/module/seven-steps-digital-security
# Defense
# Easy mode (Getting started)
- Use Signal to message (and convince others to) instead of SMS, Whatsapp and Telegram.
- Use an anonymous search engine instead of Google
- Use a privacy focused browser like Brave (mobile and PC).
- https://brave.com/
- Add “HTTPSEverywhere on PC/Mac/Linux”
- Use a password manager with strong passwords that you don’t reuse.
- Use Protonmail or Fastmail over Gmail
Check to see if you’ve been compromised
- http://haveibeenpwnd.com/ Explore other privacy focused services
- https://www.privacytools.io/
# Easy mode (Comprehensive)
- KISS.
- Yourself.
- Backup, not copy.
- Keep your devices updated.
- No updates?
- 0-Day.
- Cloud hosting.
- Android Safety
- App firewall.
- TrackerControl
- Use an anti-virus/anti-malware.
- Web Browsing
- Use a safe browser like Brave.
- Test yours here:
- Use HTTPSEverywhere.
- TLS.
- Use uBlockOrigin.
- Use Privacy Badger.
- Use a safe browser like Brave.
- Search
- Use DDG or Brave search.
- Social
- Don’t engage.
- Use safe social networks.
- Increase privacy as much as possible.
- Messaging
- Don’t use SMS, Whatsapp, Telegram.
- Use Signal.
- Email
- Use Protonmail or Fastmail.
- Passwords
- Use a password manager.
- Lastpass.
- 1Password
- KeePass
- Bitwarden
- Don’t reuse your passwords.
- Strong passwords.
- Security questions.
- 2FA.
- Avoid using biometrics only.
- Use a password manager.
- Behaviour.
- Opening/answering email/calls/messages.
- What if your bank calls you?
- IOT.
- Use safe IOT devices.
# Advanced mode
- Cloud storage.
- Self-hosted, group hosted.
- Device updates: Advanced.
- Web browsing
- Use TOR network.
- https://en.wikipedia.org/wiki/Tor_(network)
- Privacy (not complete).
- Protest, free speech, whistle-blowers, dark web.
- Network protocol, original packet sender is TOR exit node vs. the sender.
- Use TOR network.
- Messaging
- Verify Signal key fingerprints.
- Use Matrix/XMPP.
- Element.
- End Point Security.
- Email
- Use PGP. (Publickey)
- https://en.wikipedia.org/wiki/Pretty_Good_Privacy
- https://en.wikipedia.org/wiki/Public-key_cryptography
- Sessionkey + Public & Private key.
- Dilligence.
- Self-host email.
- Drafts?
- Use PGP. (Publickey)
- Internet Access
- VPN?
- WIreguard.
- Logging/Audit/becomes ISP?
- What is VPN good for?
- TOR browser.
- VPN?
- Device data safety
- Full disk encryption.
- DNS
- IOT
- Block IOT devices from reaching the internet.
- Android safety
- GrapheneOS.
- App firewall.
- Border Crossings.
- Clean device (computer/phone) + Secure delete.
- Hidden partition.
- Encryption.
- Self incrimination.
- Asked for your password, no obligation to give it.
- Seizure.
- Backed up data.
- https://ssd.eff.org/module/things-consider-when-crossing-us-border
- Network Security
- IDS/IPS.
- Firewall.
- DNS.
# Closed vs. Open-Source rant
- Security through obscurity.
- Voting machine example.
- Password managers.
- Software audits.
- Patents.
# Resources
# Test your devices
- Has your email address been involved in hacking of large databases? http://haveibeenpwnd.com/
- Is your browser giving away a lot of information? (Test all of your devices) https://coveryourtracks.eff.org/
- Is your network secure? (Look for Shields up!) https://www.grc.com/default.htm
- EFF - https://ssd.eff.org/