Computer Security Guide (basics) by Rainy

Okay folks, this article is pertenant to our people. As we all know, computer security is paramount to many of us, to reduce the risks of state snooping, as well as being hacked and so on. So our friend Rainy has written an article with some good advice on the subject, and she has kindly allowed me to copy and paste here for everyone to see.


 

Last Updated: April, 2017
Hiya everyone! hope everyone is doing well today!
Okay so this is what it says on the tin: keeping snoopers out of your business! Much of this isn’t news and leans towards “stating the obvious”, but hopefully some of it is helpful. A TL;DR is included at the bottom.
Disclaimer: I am not an expert! this is not a substitute for pen-testing! my experience comes from knowing people in the business, and personal research.
——–
The internet is a backchannel that wasn’t available for previous rights movements. So, our computer security is fairly important! including phones too, though this article focuses on computers (phone info may be added later).
Other things to consider though are analytics, surveillance, home security, and paper trails. Evidence is covered very well by Christine (Consanguinamory and the Police) and Jane Doe (the ten rules to keeping your relationship secret; No Comment). Thank you both very much for writing these articles!
First and Foremost
No security system is 100% secure, and that’s okay.
It’s all about balancing what you put in (time, money, energy), with what you get out (risk reduction, peace of mind)
Misused security systems won’t work very well.
Knowing what to expect or who might be looking for you helps.
A chain is only as strong as its weakest link.
Anonymity is the most powerful form of security.
Forethought, caution, and common sense go a looonnng way.
COMPUTER SECURITY
We can divide up into Hardware and Software attacks.
~~*//SOFTWARE\\*~~~
——–FIREWALL
Protection against software intrusion. Have a good firewall, and preferably more than one anti-malware program (they may not always play nice but it’s like a buddy system). If you can’t afford commercial software, ZoneAlarm makes a good free one, but be careful during the install screens where ZA often offers third-party software which is intrusive (opt-out). Comodo antivirus is also highly rated, but I felt their EULA/Privacy Policy/Terms of Service was unattractive (and so haven’t personally tried it); they offer considerably more third-party software. ZoneAlarm is easy to use, and comes with optional antivirus. Comodo better accommodates advanced users, and has a sandbox feature (programs run in a sandbox generally cannot affect your computer). Both have ‘stealth’ capability (appear offline to foreign computers).
——–ANTIVIRUS
Symantec’s Norton Antivirus is highly recommended as commercial antivirus, and it’s built on a solid engine. ClamWin (AKA ClamAV engine) is reliable freeware, and can be bundled with ClamSentinel (which is a system monitor of sorts). ClamSentinel may be too ‘enthusiastic’; if used, make sure to change settings to “Report Only” and not “Quarantine”. Otherwise, it may accidentally cripple software by wrongfully identifying files as bad and then isolating them. However, ClamSentinel tediously logs even minor system file changes, which can be helpful. ClamWin can also be adjusted to work with proxies (i.e. TOR Browser), though if you’d rather not do that, you can update your virus database manually via direct download from their server.
If you can set up your antivirus to automatically scan files that are downloaded, that helps!
——–BROWSER
For the browser, Google Chrome and Mozilla Firefox both perform admirably, but you have to go into the settings to optimize it for privacy. Other decent browsers are Epic and TOR (TOR is built on Firefox), though TOR may require some reading. Everything else… is best treated like someone can see everything you do.
If you can, set your browser to “Load HTTPS when possible”. HTTPS offers website authentification, whereas HTTP can’t protect your information from being intercepted & redirected.
——–PROXY, VPN, & IP-BLOCKERS
The proxy everyone knows is TOR, and I don’t know a better one. TOR isn’t intended for multimedia, it’s really designed to keep you anonymous. There’s a popular conception that TOR is used only by criminals, but that’s not true. Activists in Saudi Arabia and China use TOR, and first-world governments do too.
A VPN (Virtual Private Network) isn’t a proxy, but isn’t bad to have either. There’s many out there, but in my experience, the free ones aren’t worth using, and commercial services (if you can afford one) aren’t always secure either. I think there are good ones, but I haven’t looked in a while.
An IP-Blocker is a program which blocks all signals originating from a specified IP. Typically, you feed it a list of IPs, like those used by federal agencies, invasive companies, and suspected attack sites. Because we can’t know all malicious IP addresses, IP-Blockers won’t stop everything. They may stop a third or some such like that. I’ve used Privoxy & Peerblocker, but that was a long time ago! I don’t know if they’ve improved or not. So, at your discretion.
——–EMAIL
For email, Proton Mail works great! requires no sign-up email, offers optional dual-password authentification, has a website which interfaces with TOR Browser, doesn’t keep records, offers two-way encryption for email, protected by Swiss Privacy Law, and has their facility in a secure location. Zoho Mail can people out of your inbox, and prevented NSA penetration some years back. However, Zoho recently changed their ‘Terms of Service’, so that files remain on their servers for 1 year after deletion. I feel they may have received pressure to do this, but regardless, I can’t recommend them for long-term use with sensitive information. I’ve heard many good things about Tutanota, but have no experience with it. Tutanota’s desirable features include end-to-end AES-256 and Open-Source code. There are also many “one-time use” email providers, who provide a temporary address for free, without asking for details.
——–SEARCH ENGINE
DuckDuckGo doesn’t keep data like Google or Bing (IPs, cookies, analytics, beacons, etc.). There’s also Startpage, which is decent as well. Gibiru bills itself as a privacy-oriented search engine, but isn’t up to DuckDuckGo’s standard. DuckDuckGo’s downside is what you might expect: it’s not as efficient as Google. It will find most things you want to find, and it can find some things that Google won’t. This is the engine I used when searching for an understanding community.
——–OPERATING SYSTEM (WINDOWS)
There’s not as much to be said about operating systems. Most people have experience with some form of Windows, or Mac OS. A great hurdle for Windows is also its greatest boon – popularity. This broad compatibility is what makes it so widely used, but the bigger they are the more attention they receive from snoopers. So, the largest amount of malware & penetration techniques are developed for it.
A particular problem comes with Windows 8 & 10. Both systems perform extensive data mining, which generates Microsoft income via third parties. This can be mitigated by adjusting settings, but not shut down. There are home-built programs which can be installed to further restrict invasive behavior & data upload, but I’m not aware of any that stop it altogether. Microsoft gives us assurances that they protect our data, but in light of past breaches (regardless of company), this seems unlikely. Furthermore, their data mining is especially vulnerable to certain (not necessarily difficult) computer attacks.
Unfortunately, MS support for Windows 7 ceased sometime last year. That being said, I recommend using Windows 7 64-bit if possible. Around half of MS users still do, and hardware/software advanced have not rendered Windows 7 obsolete. If you need a copy of Windows 7, utilities exist for downloading legal copies from Microsoft’s servers (activation keys must be provided by you). Windows 7 can legally be made to run without such a key for roughly one year, after which it’ll still function, but not as well. If you are worried about receiving operating systems from over the internet, that’s understandable. You can verify a file’s integrity with a hash checking program (see programs list below).
If you’d rather not use Windows 7, then I recommend Windows 10 over Windows 8. While invasive, they have made considerable progress regarding built-in firewalls, and Edge Browser also offers substantial security improvements.
——–OPERATING SYSTEM (OTW: OTHER THAN WINDOWS)
Feeling intrepid?
Mac OS is solid, though some of this is due to being comparatively smaller in customer base than Microsoft.
Another good choice is Linux, which comes in a (very!) wide variety of distributions, tailor-made to user bases (such as Scientific Linux). Less known malware than Mac OS, and Linux’s open-source code is fairly robust. The Linux community (and Debian in particular) is always working on new developments, so there’s no software or update shortage – though they may be unfamiliar programs to many.
Linux distributions are often not as straightforward as Mac or Windows, and some don’t have much of an interface. They do have some crossover with Windows programs, through the use of a software translation layer called WINE (Wine Is Not [an] Emulator), but while I was doing testing with them it still had a way to go and it probably still does. There’s also a piece of software called ndiswrapper (which allows use of certain Windows .dll files). Mac OS has a similar “emulation” program as well if I remember right, with similar success rate (I think it might also be WINE).
Ubuntu Linux is decent, especially version 16.04 (Xerial Xenus), and they have learned that their userbase does NOT want invasion of privacy. There’s also Tinfoil Hat Linux… if you want to go there. It does have some rather innovative features, though most are for disrupting EM sniffers & ‘Evil Maid’ attacks (when someone gets physical with your computer). Qubes Linux is also an interesting new distro, which partitions your computer into many smaller pieces. So, if invasive software gets in, it (for the most part) can’t escape its compartment.
If you feel you can’t remain in your country, then I recommend Tails Linux. Tails Linux is not for everyday use. You’d need a USB Flash Drive (2.0 or 3.0), which you install Tails on. Without getting detailed, Tails appears as a new computer every use, with a different location. You can’t save files or make permanent changes on a Tails installation, and it doesn’t run much software except for TOR Browser and a few simple things. I don’t think it’s very difficult to use, but that may just be my opinion! Tails can be carried on your person anywhere you go, since it isn’t dependent on a particular computer.
I’ve not tried Open BSD, but from what I’ve read, it’s also a very well-fortified (and stable) open-source operating system.
Beyond these, there is Solaris Trusted (Sun Microsystems), which has performed well in hackathons and corporate environments. And then XTS-400 (BAe), which isn’t really suited to the task at hand, but it is very secure and can run Linux applications too. It may not be available to the public. It’s military.
Side Note: Be careful about erasing Operating Systems from store-bought low-budget laptops! their hardware may require proprietary software that can’t be found elsewhere and can’t be backed-up. Linux’s community has been good about releasing open-source fixes for this, but that doesn’t mean they’ve covered them all.
——–BE PRUDENT!
Besides software, good protection against intrusion is “be careful what you download!”, including Flash and other net scripts which run automatically by default (can usually be turned off in browsers). These scripts aren’t often secure. Legit programs may also try working monitoring software into your computer for soooo many reasons; read their EULAs, Terms of Service, and Privacy Policies. If this is too daunting, that’s understandable. My experience tells me the longer it is, the more likely there’s something nasty in there.
Regarding software downloads, I use QuickHash. A hash is like a thumbprint; by comparing a known “Safe” hash to your hash, it proves whether a file has been tampered with or not. When comparing hashes, make sure to use SHA-256 where available; MD5 and SHA-1 are not hard to break.
Sometimes, companies won’t include notice of such software even in their legal documents. This is rare because people usually find out, resulting in legal repercussions. An example is Sony and Lenovo (Metrion in Europe), who tried this.
Also, I wouldn’t use public internet (especially public wifi) for sensitive information! some hotspots are secure, but most aren’t, and you can make a good illicit living stealing information from people who use those. This can be somewhat circumvented if you use end-to-end encryption, but if you don’t have to don’t chance it.
Oh, and set up a password on your wifi network if you use one. Direct cables would be better, and are more reliable, but aren’t always possible.
Mostly, software attacks won’t come from authorities, as they are more likely to gain knowledge of our relationships from friends, neighbors, or other family members. However, it’s still possible.
More likely would be vigilantes who don’t understand our position, random malware which lowers security performance, and opportunists who could use information for blackmail.
~~*//HARDWARE\\*~~~
Hardware attacks are different and, when concerning police, more likely. If police come with a warrant, in some regions (including but not limited to the UK) this allows them to force access to digital devices (including encrypted files) in the area covered by warrant; refusal is imprisonment. At this point, it’s nice to have them really clean beforehand!
——–CLEANING
As expected, clean your temp caches, cookies (if they are allowed), history, and so on. Windows often has hidden caches, you may have to dig for these. Their location varies from version to version; google is good help for finding all that as I don’t know all the specifics for all the versions (my apologies!). There are also some good programs out there to expedite the process (CCleaner). A note to CCleaner users, my sister recently ran some tests using recovery software, and even with a multi-pass erasure, files remained. She believes CCleaner may not be erasing the Cluster Tips, though that doesn’t quite explain it. Running this test yourself with similar software should show whether a similar problem exists on other computers.
——–WIPING
What gets deleted is still retrievable with the right software, and it isn’t hard to find nor hard to use. Installing a new operating system does not change this; old files from old systems linger on.
For this you need a wiping program. FileKiller and Eraser are good, and Eraser has a portable version (no installation required). Eraser may get stuck on 35-pass wipes, which is secure but slow… so far, no advice on fixing that!
Currently, 3 passes is solid and such data will be irretrievable, but years later we may be able to read it. So, for extra security, use 7 passes – make sure you get “Cluster Tips” (that’s a bit wordy to explain). Filekiller may not hit “Cluster Tips”, but Eraser definitely does. Both programs are freeware.
If you use a standard HDD, wiping free space permanently removes any files previously deleted but not wiped. If you use a Solid State HDD (also known as SSD), be sparing with the wipes, as that cuts down on their lifespan. Furthermore, SSDs do not need as much wiping (different data storage mechanism). This applies to thumb drives too, which use a Solid State medium. Also, wipers may not finish quickly depending on what you’re feeding the muffin monster! so don’t save it for last minute emergencies.
If you plan on donating, selling, or chucking your computer, use DBAN first. DBAN (Dariks Boot And Nuke) is a small program and easy to learn. It will take out everything short of the BIOS (UEFI on newer computers). Larger HDDs may need a day so be ready for that. DBAN requires an external medium (like a cheap thumb drive or CD) to work. It also works well if you know that your machine has been compromised by worms beyond repair; it is very reliable!
Be careful using DBAN on newer computers; some UEFIs are difficult to access, making OS reinstallation difficult. Also, be careful with laptops, as some (Acer I’m looking at you!) put proprietary fan-control software on the original OS that does not back-up when making the OS back-ups… so if you nuke it, that software’s gone for good and your fans won’t activate, rapidly leading to a burnt-out motherboard. If you’re not sure, check your model online regarding OS installations.
Aside, DBAN is good policy all around, because unwiped financial & personal information isn’t uncommon in identity theft.
——–ENCRYPTION
If you have files you can’t erase but might incriminate you, use encryption. TrueCrypt is very good but discontinued; successors include VeraCrypt and CipherShed. I prefer VeraCrypt, as they’ve addressed TrueCrypt’s vulnerabilities. Both are backwards-compatible with TrueCrypt files. TrueCrypt is still consider “mostly secure”, and definitely better than nothing!
VeraCrypt allows you to make “fake” passwords; if authorities pressure you to open files, you enter your fake, which reveals files you’ve pre-chosen different from what you’re really hiding. VeraCrypt comes with many different algorithms, and can optionally use a “Key” file that you select.There are many other good ones, and having more than one helps (different algorithms have different weakspots), especially a small-time home-brewed crypter. Those don’t have many known exploits!
But, don’t use two encryption programs on the same file! Sometimes this can work (VeraCrypt has multi-encryption stream options) but more commonly it causes blocks to form in the files and the right analysis (that’s a bit wordy to go into) can break the file like that.
A good password, at least 8-10 characters (more the merrier), alphanumeric, is important for the encryption to work properly. If you can’t remember the password, you *can* write it down on paper (better not to store it on a computer), but in a search/seizure that won’t last. There are memory techniques for passwords, but they may not work for everyone! Oh and make sure that it has AES-256 options (most AES-256 algorithms should be secure till maybe 2020). Like wiping, encrypting/decrypting takes time. This is worth keeping in mind for options that encrypt/decrypt your entire (non-Operating System) HDD volume when you power on/off your machine. Newer processors may have dedicated subroutines for AES services, which decreases your waiting time.
Some computers feature hardware encryption. This is generally a good thing, but don’t be misled and do some reading on the model first! some use weak encryption or (more commonly) poorly-implemented strong encryption which is easily bypassed.
A log-on password isn’t bad, but this isn’t a substitute for encryption, because there are very easy ways around log-on passwords. BIOS passwords are slightly trickier, but can also be bypassed.
——–STEGANOGRAPHY
If you can’t be caught with encryption, wipers, or other privacy-enabling programs, there’s steganography. Like hiding stuff in plain sight, you hide one file in another by turning the target file into a pattern and sewing that into a host file so that the code can’t be discerned on a glance. Steg programs are often illegal in such places too, so you may need to erase or hide it somewhere afterwards.
Mostly, this shouldn’t be a problem, but if you’re in the UK or European Union where such laws are strong it might not be a bad idea for future consideration (better to have it and not need it than need it and be unable to access it anymore!).
Steganography’s main strength is no one knows what to look for, and so it passes under people’s noses. If you know a stegged file is on a computer, you can’t tell which one it is so you have to check everything. Besides being time consuming and really really annoying, most local precincts aren’t familiar with it.
Smaller target files steg better. Larger host files steg better.
Steganographic files *can* be detected with proper techniques, ESPECIALLY if your original file wasn’t encrypted. Encrypted files always look like noise, so you can steg them in all sorts of places without causing noticeable patterns in a host file, even when proper detection techniques are applied.
Hopefully this won’t be necessary! but seemed worth mentioning.
My sis recommends using OpenPuff. I don’t know where she found it.
——–EMERGENCIES
If your machine is *not* ready for police inspection, but there’s one at your door, then wiping and encryption aren’t options anymore (too slow).
Really there’s not many pleasant solutions for this! There are some fancy HDDs which use physical measures to self-destruct with a command (yes it’s very James Bond, very neat stuff), but that’s not exactly affordable. Safer than they sound though. You *can* use a microwave, but it’s dangerous, may destroy your microwave, and may not render your HDD fully unreadable. Solid State devices are even more robust against EM fields.
For bets degaussing, a much more powerful electromagnet is needed. They aren’t exactly affordable either, and likely won’t destroy Solid State media or RAM/ROM. In most cases your RAM isn’t a problem since it refreshes each reboot, but there’s a small window right after shutdown where it has data on it that can still be read.
Electronic devices are pretty robust in some ways; using a hammer will keep it from working on your machine, but won’t destroy your data. They are not as fragile as they might seem either.
There are chemical solutions too, which will very effectively destroy drive and data, but they’re dangerous and I can’t recommend that to anyone without experience working with chemicals!
Also, in the United States, if police have probable cause to believe there is evidence in a house or on a machine that is under immediate threat of destruction, they can search without a warrant. Warrantless searches of computer information also include US borders (though not often because they go through a lot of people every day), where they need “reasonable suspicion” that someone is a criminal in order to take a device in for deeper analysis.
——–LOCKS
Some tower cases have built-in locks to keep someone from taking stuff out, and some flash drives are encased in a locking mechanism (a cryptex).
Overall locks shouldn’t be relied on as they won’t hold up against a warrant, and once seized, they won’t bother picking them, they’ll use industrial cutting/drilling tools. Locks will still help against RAM-removal attacks (AKA Cold Boot Attack) due to RAM’s short-lived nature… but really cold boot attacks aren’t something you see municipal police do anyway!
If you feel you still want (or need) a lock, try finding an abloy lock. They are damn near impossible to pick!
These aren’t sufficient protection against social engineering, which (hopefully) we won’t encounter.
~~*//RESOURCES\\*~~
Many good freeware programs are available on Sourceforge ( https://sourceforge.net/ ); many are open-source, and all are put through scanning procedures to ensure they aren’t malware carriers. This isn’t perfect, people have broken into Sourceforge before, but it’s as common as any other net resource; make sure to scan your files. If you can’t find a file on Sourceforge, put its name in google and that will probably find it. Another website worth mentioning is Softpedia ( www.softpedia.com ). There may be links added later, if it is a problem! and as usual, be careful what you download.
Not all of these are necessary, but they’re helpful:
QuickHash Generates a file’s unique hashcode identifier. Can be used to ID altered files, including malware.
OpenPuff Steganographic “file hider”.
VeraCrypt Versatile encryption software. Basically next-gen TrueCrypt.
ZoneAlarm Freeware firewall, but be careful to avoid installing any third-party offers.
VirtualBox makes an “imaginary” sandbox computer on the HDD; resource demanding but useful for running tests & stuff
DBAN Dariks Boot And Nuke, for when you absolutely have to start from scratch
ClamWin clamwin is great, nice ^_^ simple, free
ClamSentinel system monitoring app, it can go a bit crazy “quarantining” things if you don’t make it relax
TheOnionRouter TOR; a proxy network. It *can* be broken, but that requires user error, integral malware, or mad dedication.
TOR Browser Works with TheOnionRouter
Eraser has a flash-drive standalone option, and very good options too
7-zip a nice versatile file-zipping program, has AES-256 options (but isn’t a dedicated encryptor)
CCleaner used to clean up “crumbs”, has some registry modification stuff too
Puppi Linux small easy CD-portable version of Linux, can serve as a boot disk
Tails Linux Flash drive installed version of Linux. Useful for absolute anonymity, when lives depend on it.
~~*//OTHER NOTEWORTHY THINGS\\*~~
okay about home security
Avoiding break-ins is especially desirable because any reported break-ins will get police attention (not reporting may be preferable in some cases). Furthermore, if you have a landlord and live in the United States, they can grant police access to your home without a warrant, and they have little reason not to. Police conduct such searches when no one’s home.
If there are things you need but shouldn’t have, purchase a small safe. Be careful, because they aren’t all quality made! You can stash a small safe in many places. A safe requires a warrant to force an owner to open it (if they have a warrant for a house, that also counts). Laws may vary from region to region. If possible, a safe with a built-in combination lock is good, as not only can you “accidentally forget” your combination, but they’re not as flaky as digital locks, and can’t be opened as easily as keyhole locks. Also, in the US, combination locks are in a murky area right now and enjoy some degree of protection, due to the US 5th Amendment. This may not last, but it doesn’t hurt!
onto surveillance
Street surveillance, invasion of privacy or not, is not likely to be problematic. Surveillance of your home is more concerning, but also not that likely. In the United States, it requires a warrant – though some jurisdictions skirt around that. In order for direct surveillance to be useful, it’s often more effort (time, money, energy) than most are willing or able to put in, especially when there’s more pressing police cases. Spying on conversations without planting anything isn’t impossible (laser microphones; not as
strange as it sounds!), but not likely something we’d encounter.
paper trails
Mainly, digital paper trails, which can connect the dots to find out who’s doing what on the net. This isn’t too much of a problem though, again because the effort needed to make most servers comply (as well as wading through data logs) doesn’t make it very appealing! and we should be protected under freedom of speech laws (where applicable). But anyways, better if we keep personal information quiet.
Most other physical paper trails aren’t much concern either, as long as you can keep up appearances accordingly. A decade ago I had done a lot of reading on birth certificates (looking for loopholes and stuff), but it wasn’t very promising and so most of it is all foggy now.
analytics
This one can really drive people crazy! thankfully analysts don’t run with local police departments often, and when they do it’s for higher-priority cases. Federal agencies have more, but again we’re not their priority. Building a profile isn’t easy; you can quickly narrow down a location/identity quite a bit, but there’s diminishing returns. Unless someone makes critical mistakes (like posting selfies), it takes time to get profiles just right. They’re not always accurate then, either.
Could this be a concern? maybe someday, but not anytime soon. By having prudence in what we keep to ourselves, we can screen out most snoopers. Past that, exhaustive effort is required to remove patterns, and (technically) it’s not possible to remove them all.
~~*//wrapping up!\\*~~
Hopefully this isn’t too intimidating, because most of this is “worst case scenario”. This is especially true because (with some pragmatism) there’s not really a lot of physical/digital data to hide. Anonymity has drawbacks, but also has advantages, and they’re not minor.
This is my second draft. If anyone has ideas to add/improve on, questions, details, or if a topic seems superfluous, please let me know! repeated scrutiny patches up holes… in particular, paperwork isn’t my strength, that was always my sister’s expertise. There’s still a lot she could teach me about that.
As for police, most aren’t inherently bad. They are very worn-down people, and they have a job to do, and they’re mostly indifferent (or hostile) to us. They prioritize rules and law. Yes, they will bend the rules. No, we shouldn’t trust them, they are not on our side. But, they are people, and some aren’t unsympathetic to us – mostly because they would rather deal with *real* criminals.
We can’t rely on or presume them to sympathise, even if they say they do. If you must interact with an officer, treat them politely. Cooperation is unwise, but cordial refusal and a sincere apology can help smooth things out. They don’t often get to see humanity’s decent side in their work.
Once, while talking about his work, a family member (homicide investigator) said “We only catch the dumb ones”. Hearing that was disheartening, and also slightly relieving. Much of my family is very attentive to detail, very old-fashioned, and not very forgiving. My sis and I always felt a sword of damocles; a “worst case scenario” always felt plausible.
But, if we let them silence us, then they win.
Totally not going to happen.
Very much love,
Be good and stay safe out there
and that’s all she wrote!
TOO LONG, DIDN’T READ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
TL;DR
~some stuff about security:
No security system is 100% secure
All about balancing what you put in with what you get out
If you don’t use a system right, it won’t work
If you know what to expect or who might be looking for you, it helps
A chain is only as strong as its weakest link
Anonymity is the most powerful form of security
Forethought, caution, and common sense go a looonnng way
~some useful tips:
read Jane Doe’s articles”the Ten Rules to Keeping Your Relationship Secret” and “No Comment”
read Christine’s article “Consanguinamory and the Police”
fine tune for privacy either Google Chrome, Mozilla Firefox, or TOR Browser
use Proton Mail
DuckDuckGo is a handy privacy-centric search engine
Be careful what you download (seriously)
keep temp files/cookies/history/etc clean
use Erasing (not ordinary deleting) with sensitive data
if you can’t erase incriminating data, encrypt it
don’t wait until the last minute to do either of these things, then it’s too late
know your local laws concerning your privacy rights and police rights
keep up appearances (this is worth repeating)
be very careful with police (this is worth repeating)
make some time to read the rest of this post
keep calm and carry on
~some handy programs:
QuickHash Generates a file’s unique hashcode identifier. Can be used to ID altered files, including malware.
OpenPuff Steganographic “file hider”.
VeraCrypt Versatile encryption software. Basically next-gen TrueCrypt.
ZoneAlarm Freeware firewall, but be careful to avoid installing any third-party offers.
VirtualBox makes an “imaginary” sandbox computer on the HDD; resource demanding but useful for running tests & stuff
DBAN Dariks Boot And Nuke, for when you absolutely have to start from scratch
ClamWin clamwin is great, nice ^_^ simple, free
ClamSentinel system monitoring app, it can go a bit crazy “quarantining” things if you don’t make it relax
TheOnionRouter TOR; a proxy network. It *can* be broken, but that requires user error, integral malware, or mad dedication.
TOR Browser Works with TheOnionRouter
Eraser has a flash-drive standalone option, and very good options too
7-zip a nice versatile file-zipping program, has AES-256 options (but isn’t a dedicated encryption program)
CCleaner used to clean up “crumbs”, has some registry modification stuff too
Puppi Linux small easy CD-portable version of Linux, can serve as a boot disk
Tails Linux Flash drive installed version of Linux. Useful for absolute anonymity, when lives depend on it.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s