Encrypt all the things!

BTW, my colleague went to China and needed to secure an iPhone, he wrote down how to do it because there's always a risk that we'll miss a step:

https://blog.filippo.io/securing-a-travel-iphone/

We already use burner laptops, etc.

I made my own phone and I use it on the mobile network I made last year.

Enter your text here...

Thank you! I don't have a specific problem with Google, I don't like having all of my eggs in one basket though. Point taken that they know everything about me through my friends anyway.

Sifting through the easiest things I can do:

Encrypt my computer (and my phone?)
Get lastpass

I like the sound of this: "Install a fine grained permissions manager, disable all permissions that aren't required for normal operation of the app, and aren't dependencies for other apps." and if I can find an app that does that without needing the phone to be rooted I will.

Some of these instructions:

"Install few to no apps, only those you explicitly trust
Use Signal for full end to end encryption
Use streisand as a VPN
Turn off as many permissions as practical, i.e. location services, etc
Use Firefox with uOrigin adblocker"

might get used as well - e.g. Firefox with the adblocker...

Maybe I am paranoid.

I recently tried to dump Google but in the end, settled on google apps for business (eg: something@yourname.com).

Apparently it isn't as intrusive as punter Gmail although you should fiddle with all the privacy settings no matter what service you use.

Last pass sounds good but I'm yet to try it.

And of course, encrypt all the things.

That's a handy guide. Bookmarked.

No way man, you can 'wire' tap the string.

I love reading this thread. Most of the time I literally have no clue what people are on about but it deffo sounds important.

So it looks like the plan is still to have encryption that can be broken http://www.theregister.co.uk/2016/07/14/gov_says_new_home_sec_iwilli_have_powers_to_ban_endtoend_encryption/

I wonder how far down this route they're going to go before realising that this is unimplementable. Even if they manage to get Google, Apple, WhatsApp, etc onboard the technology is out there and open source with things like Signal.

Illegal encryption. Reminds me of the early days in the 90s when PGP above a certain level was banned outside of the USA because they classified encryption as a munition.

Jokes. Guess I'll be breaking the law in the future.

So the national serum institute wanted/needed to send all health info on every Dane, incl. psychiatric history, social security number etc. to the national statistics office. How did they do it?: By fucking burning it, unencrypted, onto CDs and then using the completely useless Danish Mail as a courier, which obviously meant that it got delivered to the Chinese Visa Office... They've since given the, now opened, package back. Jesus Christ.

Link?

http://www.infosecurity-magazine.com/news/health-data-nearly-every-dane/

Here's a question. I just cluelessly changed my laptop's dns settings to use Google's IPv6 ones.

Everything still works but will it actually make things speedier? What's the point?

Tl;dr

Yes it will make things speedier.

Because most operating systems will attempt an IPv6 lookup before falling back to IPv4. Which means your DNS will be faster.

The point is that we can stop using NAT, and every device will get it's own IP address, and routing is much simpler, and everything is easier.

Well, in theory... because the catch is that a lot of people use NAT as a defensive perimeter. They shouldn't because it's not such a thing, but they do because software has been shitty in the past and it was enough to stop most things.

So long-term... as IPv6 goes everywhere, one must also think about how to secure devices that used to be just "inside" the network when they become externally visible by default.

Cool. I get it now.

One more thing: do DNS settings manually entered in the OS apply to all networks you connect to or do you have to do it per network?

It will apply to all networks.

However...

If you connect to a network that doesn't support IPv6, then what it is going to do is to fallback to whatever IPv4 DNS is supplied in the DHCP settings for that network.

If you want to assert that you use Google DNS, you should fill in IPv4 DNS as well as IPv6 DNS.

What are the suggestions for encrypting an external USB HDD. Needs to be Windows compatible and prefereably, although not essential, Linux compatible.

I'd normally use Truecrypt but it seems to be playing up a bit on Windows 10.

I give up when it comes to external USB devices.

Usually just encrypt files themselves via gpg instead.

I want a IPV6 now. How do I get one?

In the UK?

http://aaisp.net/

If I had to use a BT supplied internet... I'd use them.

UAE bans VPNS:

http://loyaltylobby.com/2016/07/28/uae-bans-use-of-vpns-proxy-servers-with-up-to-544k-fine-imprisonment-if-caught/

Yahoo has apparently been hacked. If you've got any accounts with 'em, change your password.