What steps can I take to be more secure on the internet?

CryptoKitten, 9 months ago

Buy two security keys (like yubikeys) and use them.

itchy_lizard, 9 months ago (edited 9 months ago)

Add chameleon add-on so your browser fingerprint changes every 60 seconds.

Tobin, 9 months ago

Got it, that’s a super neat plugin!

itchy_lizard, 9 months ago

I’m confused about Proton and Thunderbird. Is it possible to use Thunderbird with proton encrypted email?

jagungal, 9 months ago

Yes, but you have to buy a subscription to Protonmail Bridge which see decrypts the emails for Thunderbird.

Tobin, 9 months ago

Also, Proton is actually only end-to-end encrypted when emailing other proton email addresses

Nioxic, 9 months ago

In this day and age… write your pass words down in a notebook instead of saving them on your pc/the internet

You can pepper them for extra safety

itchy_lizard, 9 months ago

This is terrible advice. Use a password manager and know how to make backps.

nanoUFO, 9 months ago

There is nothing wrong with using a well made open source password manager like keepass.

Fullest, 9 months ago

Set up 2FA/MFA for all of your accounts wherever supported. It’s probably one of the few easier things you can do that is missing from your list, and you will vastly improve your security posture for it.

I just use Google authenticator but there are plenty of other apps out there if you’d prefer something else.

itchy_lizard, 9 months ago (edited 9 months ago)

This but make sure you don’t do 2FA via SMS. It’ll make your account less secure

thetreesaysbark, 9 months ago

Can you explain why?

walkercricket, 9 months ago

The SMS communication is not secured at all as it’s not encrypted and you can’t encrypt it. Your wifi and your whole internet network however is generally fully encrypted by default.

Daefsdeda, 9 months ago

Use the noscript addon. It protects your data by blocking all javascripts. Sadly it makes a hassle of going on a site but you will suprised how many javascripts are only there for tracking.

Also, I use ecosia as a search engine which is non profit. all profits go to the enviroment. Using !g before the prompt and it uses google and since i use privacy badger, ublock and noscript i dont think they track too much.

Tobin, 9 months ago

I just got noscript, and now I realize how much websites use JavaScript, I keep on needing to pause it on my tabs 😆

Daefsdeda, 9 months ago

Eventually you will notice a patern of which ones are needed for basic function (the domain your on, wp.com, squarespace and sometimes google.com) i just switch them to trusted or if they can track temp trusted.

Sometime im also lazy and turn most to temp trusted but if i have time i work out the important ones.

I find it really distrustful that my doctors site uses many trackers.

TairikuOkami, 9 months ago

Use a safer DNS preferably encrypted to prevent tampering/poisoning, like NextDNS, ControlID or Cloudflare (Malware version), that alone will do wonders, because it blocks malicious downloads, phishing, C&C, etc. List: adguard-dns.io/kb/general/dns-providers

Napain, 9 months ago

prism-break.org/en/here is a bunch of free and private Software suggestions for all plattforms this really hooked me up

Cornelius_Wangenheim, 9 months ago

Update your browser, OS and other software promptly. Same for whatever network devices you use.

Don’t use an admin/root account as your daily driver. Use an unprivileged account and elevate as needed.

Keep a backup of your important data in offline / immutable storage.

poopman_42069, 9 months ago

-moved from brave to firefox Why? Brave is open source. -bought my own domain for my email so I can switch providers Great to have more control over your assets, but I don’t think this is exactly more secure. -Switched to duck duck go They sold out forever ago. Your search history is probably safe with Google and not all that lucrative to fraudsters anyway. -bought the proton package VPNs are pretty worthless for typical privacy use cases. Instead of your ISP logging your browser data, Proton does, and they’re glowies anyway. If you really want to hide your activity, just use tor! It’s not as worthless for typical stuff as it used to be, it can even do 360p video. So you’ve got no excuse to feed your porn habits to the cloud. Also, before anyone says “boohoo, you’re stressing the network with video”, literally anything but video will always be doable even if everyone tries to watch video, because noone’s gonna watch video if video isn’t watchable. Supply and demand, yo. -installed Bitwarden for password managing Isn’t that an online password manager? Keeping all your passwords in the cloud? No bueno! I use KeePassXC for local storage, database on a local network drive under a router without an internet connection. But really, you could always just write them down like our grandparents used to do. Should be fine as long as the feds don’t come knocking.

I definitely recommend one of those data eraser services that contacts all the data brokers and gives them legal notices to erase your data from their systems. It’s a shame they’re necessary, but oh well.

Tobin, 9 months ago

moved from brave to firefox Why? Brave is open source

Brave Search has been selling data they don’t own, for AI to train with, which makes me distrust the Browser

bought my own domain for my email so I can switch providers. Great to have more control over your assets, but I don’t think this is exactly more secure.

It does keep my business accounts secure, but I guess that’s different than internet security

Switched to duck duck go They sold out forever ago. Your search history is probably safe with Google and not all that lucrative to fraudsters anyway

Do you have any sources/info? I was not aware of them being sold out.

If you really want to hide your activity, just use tor!

True, for general use though, Tor is just so slow.

Keeping all your passwords in the cloud? No bueno!

Bitwarden is fairly secure, and open source as a plus. but I do keep a notebook backup too.

I definitely recommend one of those data eraser services that contacts all the data brokers and gives them legal notices to erase your data from their systems. It’s a shame they’re necessary, but oh well.

Yes, I should check them out.

Neferic, 9 months ago

Take away admin permission from your default accounts. It's not enough any more to be careful. There are web browsers/operating systems that have code execution vulnerabilities. Chrome just released a patch two days ago for this reason.

Manifish_Destiny, 9 months ago

If you want to get really serious go to stigviewer.com and go dig through the security controls for the software you use.

merde, 9 months ago

what OS are you on?

Tobin, 9 months ago

Windows

spacedancer, 9 months ago

It would be a good idea to explore Linux if you care about all the telemetry Windows collects. There are distros out there that are so user friendly that someone using Windows their entire life can hit the ground running, like Linux Mint.

merde, 9 months ago

— … Here’s a short list of what I’ve done, but I’m wondering if I’m missing anything important: …

— what OS are you on?

— Windows

i think you’ve found something important that you’re missing

Tobin, 9 months ago

Haha, that’s a good point. I can’t change to linux for work reasons, but I should look into dual boot.

meiti, 9 months ago

Not an expert, but you need to define your “threat model” first. Whom against want you to harden your security?

Tobin, 9 months ago

That’s a good point. Mostly protecting my data from sites, hiding info from my (shared) internet owner and ISP, keeping accounts secure, and steering clear of viruses. Among other stuff.

venoft, 9 months ago (edited 9 months ago)

If you share internet you definitely need a vpn. Anyone who can log into the router can see your exact internet history. Depending on the exact situation you can also set up vlans, but only if the other person cant just simply disable them at the end point (router). Maybe you can setup your own router behind the current one with a build-in always-on vpn.

Custom email aliases and password managers are great just in case one account gets hacked they cant just use that account to log into other sites.

Viruses, just don’t click on suspect links, check for phising etc in emails, harden your browser by blocking JavaScript as much is possible without it breaking the websites. And don’t use windows, since most viruses target that. Linux and Mac are less targeted and have better build in security.

And update all your stuff regularly, even things like router firmware.

Oh and don’t attach iot products to the internet, those usually have terrible security and can be used to break into your network. Block them in the router (again, having your own router helps) and preferably put then on their own vlan.

citizen, 9 months ago (edited 9 months ago)

• MFA all accounts that support it
• important accounts use hardware key like Yubikey
• Ditch SMS mfa use Authenticator or hardware key
• custom email aliases (proton have SimpleLogin) use separate email for every account just like password
• change your browsing habits from YouTube instagram twitter to privacy alternatives (there is Firefox plugin Privacy Redirect)
• use separate vm for higher risk browsing or separate computer (tails)
• get VoIP phone number redirect your current phone to VoIP.
• use pre paid phone only for internet and never use it for phone or sms. For more paranoid activate away from home using fake name (Mint mobile for instance doesn’t check if it’s real)
• use phone that was never registered to your name (don’t reuse old phones)
• setup always on VPN on your home on router with killswitch so you never reveal your IP accidentally
• use privacy oriented DNS service

If you into privacy I recommend Extreme Privacy book that goes over many things. The lengths that you go to protect your privacy will depend on your threat model. Privacy is expensive unfortunately.

14th_cylon, 9 months ago (edited 9 months ago)

custom email aliases (proton have SimpleLogin) use separate email for every account just like password

voluntarily subjecting yourself to mitm attack is… uh… not the smartest idea in the world 😂

and definitely not something you should advise to someone asking how to increase their security.

get VoIP phone number redirect your current phone to VoIP.

you have to pay for every such call. and what is the security gain here?

use phone that was never registered to your name (don’t reuse old phones)

that is to protect you from nsa, in some enemy of the state scenario?

setup always on VPN on your home on router with killswitch so you never reveal your IP accidentally

again, what scenario is this useful in? lets say i am not really into international terrorism…

The lengths that you go to protect your privacy will depend on your threat model.

yeah, and reading your advises, you are obviously some james bond hunted by 10 enemy intelligence services at once 🤣

venoft, 9 months ago

Why would using email aliases increase you mitm attack vector threat?

14th_cylon, 9 months ago

because unless you use some paranoid email that can do this in house (and majority of people do not) it means using third party service, which is, by definition, that man in the middle.

citizen, 9 months ago

Thanks for your comments I had a good laugh as well. Take my upvote 😂

KingJalopy, 9 months ago

I don’t understand. Can you explain?

14th_cylon, 9 months ago

i think the person i am replying to is watching too much tv and his advices are silly and/or bad. if your question is more specific, well, be more specific ;)

KingJalopy, 9 months ago

Shit I replied to the wrong comment my bad.

14th_cylon, 9 months ago

ok then