Encrypt all the things!

Posted on
Page
of 138
  • Bugger, the VPN breaks my Plex remote access. More googling required it seems

  • You can probably tunnel that. Depends on what is launching the VPN.

  • The future of wearable tech, I can't wait

    https://vimeo.com/166807261

  • Future?
    I remember seeing the world like that in the 70's when we were still using £SD

  • Was just looking at google analytics logs for my site and under Service Provider, I see "dod network information center".

    So... Dafuq?

  • Apparently some network providers in the states (Sprint, for the most part) have some stuff behind dod firewalls.

    I had three visits from there, all with a 100% bounce rate and average visit time of 00:00:00.

  • A guide on being privacy aware in 2016.

    https://vox.space/blog/89/being-privacy-aware-in-2016

    It's pretty good, as these things go.

  • LFGSS went full SSL today :)

  • Sexy Sexy London

  • So, SSLLFGSS then!

  • More likely, TLSLFGSS.

  • Very soon it will be TLS1.3LFGSS.

    Probably one of the first TLS1.3 sites on the web.

  • Though there are issues.

    I haven't yet solved the non-SSL images problem. Being so many images pasted in that are http://

    I may yet re-write how I do all images, just to track them, so that I can identify the domains and which ones are not SSL, so that I can then either rewrite those links or proxy them.

  • help! I am a google-dependent novice. I would like some help in becoming less so, or suggestions as to where to go to learn. I will re-read this thread, but much of it passes over my head...

    I just bought a new android phone and would like, before using it, to work out how to get a slightly better level of security and to be tracked slightly less. I also need to buy a new computer for home.

    At the moment I use gmail, but have my own email domain that directs there. I don't use any banking apps (although I'd like to but concerned I don't have good enough protection if my phone gets nicked). I basically feel like I am not making best use of my phone because I am concerned about security/tracking.

    What relatively simple steps can I take to upgrade my security and protect my data / whereabouts a bit?

    E.g. stop using gmail, google drive, calendar and google maps, but replace them with what?
    continue using them but encrypt files before saving them to google drive?
    use firefox with some or all of these plug ins, use duck duck go and just keep all of my internet usage separate from my google account?
    get keepass or lastpass (which?) and/or yubico?
    start using a VPN?

    Basically clueless, but I'd like to take back a little control over my online life and protect myself if my phone gets nicked. Is that a pointless aspiration?

  • Disable Device Backup, don't geotag your photos, don't use social media, disable location services, use Tor, use a VPN, actually probably should just sell the phone and communicate verbally in person ;)

  • Why do you feel that Google are such a threat to you?

    Do you understand that the vast majority of the people you communicate with are probably using Gmail, GDrive, etc and that as a result, you not using Google doesn't mean that everything you are cannot be inferred from the data of others?

    If Google, specifically, are your concern then your only choice is to not use a Play Store device, to pull out totally.

    Just buy a "feature phone".

    There's really no point trying. This is like saying you don't want Apple to track you but want to use an iPhone. It's just pointless.

    If you want to be secure from a non-Google entity, then we can have a conversation.

    In that case I'd say:

    • Install few to no apps, only those you explicitly trust
    • Use Signal for full end to end encryption
    • Use streisand as a VPN
    • Turn off as many permissions as practical, i.e. location services, etc
    • Use Firefox with uOrigin adblocker
  • I'm in much the same situation, although I understand a lot more of what's said in this thread, how to do a lot of it goes over my head.

    Things that I have done:
    Started using KeyPass (as I can store the file in Dropbox/Google drive and it syncs automatically for me) for password management. There is a good app for it on the Play store too.
    Started to shift to running my own email server (on a RaspPi, instructions here I need to upgrade mine from a Model B really). I use the K-9 mail app on Android for it, and Thunderbird on the PC
    I've set full disk encryption on my phone.

    Things I ought to do:
    Get the NAS working fully, so that it does backups and acts as cloud storage for me, rather than using Dropbox/Drive.
    Work out if I can use full disk encryption on my PC.

  • Work out if I can use full disk encryption on my PC.

    Wah!

    It's possible to encrypt every OS out there.

    Do it.

    People lose laptops, people replace them and start using new ones and never wipe the old one, all kind of things.

    Full disk encryption is a default no-brainer.

    It means: If anything happens, who cares... your data is safe, and your computer is a brick.

    Sure, someone can replace the OS and get a computer out of it, but they can never access your data.

    There's only a few things I tell everyone to do:

    • Use full disk encryption
    • Use a password manager (LastPass unless you specifically know why to pick something else)
  • Well, more how to do it that anything. I'm on Windows 10 Home rather than Pro, so BitLocker isn't available by default.

    I ought to check the version of Windows 7 that I have for the Desktop, and see if I can reuse that, but I also need to get the data off of the desktop too.

    Does Windows 7 do an ongoing check to see if the OS key has been used elsewhere?

  • Do you use last pass premium?

    In the end I gave up with it on my tablet because it became a bit of a hassle and ran out. I never picked it up again on my mobile.

  • Yes.

    And it works with the Android fingerprint reader, which is convenient.

    But using a fingerprint reader means that I have to turn the phone off before passing through certain bits of security.

    One can be compelled to supply identity (fingerprint) but not something you know (unlock pattern) which is 1st amendment, etc.

  • One can be compelled to supply identity (fingerprint) but not something you know (unlock pattern) which is 1st amendment, etc.

    Indeed. A fingerprint is a username not a password.

    You can't (easily) change a fingerprint.

  • If you want to be super-paranoid:

    Root the phone*, install a google free AOSP ROM, start in aeroplane mode, encrypt )if you can - some ROMs & recoveries are tricky about encryption)

    Sideload F-droid, sideload non-google versions of everything you like

    Install a fine grained permissions manager, disable all permissions that aren't required for normal operation of the app, and aren't dependencies for other apps.

    Install an app manager that allows you to move / disable system apps

    Install various spoof apps (spoof location, spoof IMEI, phone number, MAC address etc.)

    Run your own internet-based storage, run your own VPN on a box somewhere like Panama

    Browse with script blockers, ad blockers, and cookie blockers

    To start with...

    * be careful, as some root tools are going to send pretty much everything you ever do on your phone back to some random server in a far off land

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview
About

Encrypt all the things!

Posted by Avatar for Velocio @Velocio

Actions