by Max Barry

Latest Forum Topics

Advertisement

4

DispatchMetaReference

by The Planar Isotopies of The Passerine Islands. . 63 reads.

Sam's Quick Guide for Internet Privacy and Security


The opinions expressed here are mine alone. I am not a security expert; I just wear a tinfoil hat am a person who thinks some precautions should be taken by everyone who uses the internet.

This advice applies to everyone from computer experts to your grandma who barely knows how to use Facebook. However, I believe the people who should be most conscientious of their online behavior and security are a) minors and b) leftists.

Mini-rant:

Minors, it may feel like the things you post online have no repercussions, and usually this is probably true. However, a lot of harm can be done if your personal information got out. We are all aware that there are corners of the internet who are capable of causing real harm to others through harassment, manipulation, and violence. The problem here is that many of these people will specifically target minors. You also need to think ahead and remember that nothing will ever completely disappear from the internet. That post you made when you were 13 can be dug up a decade later and used against you.

Leftists, we may not be living under 1950s McCarthyism, but that doesn't mean there isn't rampant anti-communist sentiment. It can lead to harassment from fascists and threats made against you or your loved ones. Anarchists and revolutionaries are at risk of being accused of crimes by their governments. Additionally, depending on what kind of work you do, some jobs still require you affirm that you have never been a card-carrying communist, and if your online profile is linked back to you in the future, it could cost you a job.

None of this is said to scare you, but I do think everyone should be aware of the risks and know how to stay safe on the internet.

Hopefully this guide can help.

General Tips
If you do nothing else, I suggest skimming over this section.


Personal Info

  • Please be incredibly cautious with what information you share online. Public records exist, and with just a little digging, someone could find your full name, address, pictures, phone number, email, or family members' names. More info on this here.

  • What you can do:

    • Use different usernames for every site.

    • Use an alias or nickname.

    • Don't share your full name in public spaces or with people who you do not trust.

    • If you use your given name online, be cautious of telling others what city you live in, what school you attend, or where you work. These can easily be pieced back together.

    • Anywhere that has your full name such as Facebook, Instagram, or LinkedIn should be set to private and not searchable on search engines.

    • Don't post pictures of yourself. Just don't, it's a terrible idea. Someone can reverse image search and find info about you or use your picture without your consent.

Passwords

  • Use a strong, unique password for every website.

  • Check Linkhave i been pwned? to see if any of your passwords have been leaked in data breaches.
    Change all of these immediately. You can also subscribe to be notified of future breaches - it is completely free.

  • Use a password manager that isn't built into your browser. My recommendations (as of Oct 2021) are:

    • Bitwarden - if you use more than one device

    • LastPass - if you only use one device

  • Use Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA) when available. This means even if someone gets a hold of your password, they still can't log into your account.

    • At a minimum, use these for banks, emails, Discord, and the social media sites you use most

    • Authenticator apps are more secure than getting a text, so use that when available. My recommendations (as of Oct 2021) are:

      • Duo

      • Google Authenticator

      • Authy

Websites, Emails, & Phishing

  • Do not click suspicious links. If it sounds too good to be true, it probably is.

  • Always check a suspicious link first to make sure the url matches the website you expect it to take you based on context.

    • On a computer, you can hover over a link, and in the bottom-left of the screen, it will show where that link is taking you.

    • On a phone, you can long-press the link to see more/copy the link address. Then you can paste it into a notes app and see where it leads.

    • If you still aren't sure, paste the link into Linkthis website, and it will tell you if the site has any malicious content.

  • Check the sender. Phishing emails often come from email addresses that are similar but not exactly like the person they say they are.

  • If someone attempts to extort or blackmail you (often asking for bitcoin), Don't Panic. Just delete the email.

    • A common threat is that they have compromising images of you and you have 24 hours to respond to them or they will be sent to family/friends/bosses.

    • They don't. But they want to make you afraid because people who are afraid do not think rationally and are more likely to fall for these scams.

More Info
If you want more details and to know why or how these things happen, read on. There is also a fantastic source on doxxing and media privacy Linkhere. Otherwise skip to FAQ.


Doxxing

  • Sharing personal information like your name or where you live with strangers can potentially lead to harassment both on- and offline.

  • One risk is doxxing. This means that someone who figures out private details about you can spread this information with people you don't know for nefarious purposes. This infamously happens on sites like 4chan or 8chan. For fun or out of malice, someone will anonymously post your name, phone number, email, or home address. This can lead to a swarm of trolls harassing you and your family by spamming you, sending you graphic images, or even showing up at your house.

  • A related issue is swatting. This is when someone accuses you of a serious crime and emergency services are sent to your home. It is named after the American SWAT teams which have been called on people who have been doxxed.

  • Because of this, you should make it as hard as possible for someone to identify you. While this can sometimes happen because someone thinks you've slighted them, it can also happen because the person was bored and thought it would be funny, because you've become viral for one reason or another, or - frankly - because you are a minority or woman on the internet.

  • This event is rare, but it is also scary. If you have been doxxed, there are some steps you can take.

    • Don't Panic. It will be okay.

    • If someone is threatening you, get somewhere safe and call local authorities to report it. I know, I know, ACAB, but many cities have teams dedicated to stalking that can help figure out what to do next. Your safety is the #1 priority.

    • Document everything. Take screenshots and back up this information where it can't be accessed by someone who potentially has access to your accounts. Send it to a friend you trust, and have them save it to the Cloud (Google Drive, Dropbox, iCloud, etc.) This can help catch whoever is responsible.

    • Use encrypted communication when possible. WhatsApp may be owned by Facebook, but it is still more secure than text. Signal and Telegram are other options, but fewer people have these already.

    • Change all your passwords that matter, focusing on those you think might be compromised. Randomly generate these and save them to a password manager or write them down. Use an authenticator app if you aren't already.

Viruses

  • The reason you want to avoid a phishing attack is it can infect your computer with a virus.

  • If you download a sketchy file, it is now on your computer, and like a real virus, it starts to spread to other files. The person who gave you the virus has embedded data and code into this file that does a number of things. It goes into other files and inserts itself into them. It can delete files or cause your computer to crash.

  • A virus can also install a keylogger. This means that every time you type something, it stores that data and sends it back to whoever installed it on your machine, and they could potentially steal your SSN or any passwords you type.

  • You can protect yourself from getting viruses.

    • The best way to prevent this is to not go to sketchy sites, click fake links, or download files from places you don't know.

    • That said, stuff happens. Sometimes, you just want to watch a movie that's not on Netflix. But sometimes innocent sites can have problems where they've been hacked or have a malicious ad on their page, and a file gets downloaded without you knowing. There are some ways to make browsing safer regardless of what you're doing.

    • Download an antivirus on every device. I use Avast on Mac and Kaspersky on Windows and Android. Both work great. I don't use Sophos Home, but I use the paid version for work, and it's fantastic.

    • Use browser extensions to block ads and make sure sites are encrypted. I use Adblock and Firefox's HTTPS-Only Mode respectively.

    • Change your browser settings so it prompts you every time a site tries to download something.

Hacking

  • lol haxxxx

  • This is probably obvious, but this is rarely what it's depicted as in shows and movies. More often than not, this is when someone gets your password and starts posting spam.

  • How does it happen?

    • This either comes from malware (viruses) or, more often, obtaining your password.

    • If you click a link, they may spoof the website you think you're going to and ask you to log in. Now they have your password and can start posting spam.

  • But what about 2FA?

    • This is where authenticator apps come into play.

    • If you use your phone number to verify logins, these messages can be intercepted. This means that if someone knows your number and some other details like your birthday/SSN/security questions, they can route incoming texts to their phone.

    • One way that they do this is by calling your service provider and saying that "you" lost your phone and need to transfer the number to a new SIM card. Then your number gets transferred to them.

    • From here, they can log into your bank or email. Since it's a new device, they will get a text asking to confirm that it's really "you" logging in. They click the link or copy the temporary code, and now they have access to your account.


FAQ


What search engine should I use?
I do not support Google and its practices. Not only do they collect a lot of unnecessary data for the purpose of advertising, but they can and will hand over your data to the government upon request. For that reason, I wouldn't suggest using them. DuckDuckGo is the best for casual users.

What browser should I use?
Again, frick Google, so not Chrome. The browser with the best trade-off of usability and security right now in my opinion is Firefox. LinkHere's a guide on how to adjust your settings in Firefox to make it more secure and private.

What is a VPN?
VPN stands for virtual private network. It encrypts your data and routes all your web traffic through networks not directly linked to you.

Do I need a VPN?
Probably not.* Most people do not need one for everyday activities, though they are helpful for getting around content blocked in your country.

It used to be the case that you needed a VPN if you planned on accessing websites with sensitive info like banking data while on public WiFi (think coffee shops, airports, etc.) Since it encrypts your data, it protects you from being seen by anyone else using the same public WiFi. Encryption is now built into almost every site. If the url starts with https://, the site is encrypted, and you don't need to worry.

If you want to be extra safe, you can install LinkHTTPS Everywhere to encrypt all sites.

Tom Scott has Linka fantastic video on this topic. I cannot recommend this enough.

(*if you work with proprietary information or large amounts of data, your company likely expects you to use a VPN. I'm not talking about you right now though lol)

But I really need a VPN!
Alright, sure. VPNs do hide the URLs of the websites you visit from your Internet Service Provider (ISP). Your ISP will never see the contents of the pages you visit regardless of whether you use a VPN. The only thing they get is the domain name. If you don't want them to have access to that, maybe a VPN is the way to go. Just remember that the company who makes the VPN can still see what sites you visit.

If you are going to use one, r/privacy has some info Linkhere.

People keep talking about Tor. What is it?
Let me say in advance, I do not use Tor, and I am not an expert. From what I understand, Tor takes what you do on the internet, and instead of sending it through one network, it distributes it across multiple networks. This makes your data difficult to piece back together and therefore more secure than using a traditional VPN.

More info about Tor can be found Linkhere.

I still have other questions!
If you are still worried about security, r/privacy has a lot more info. LinkHere's their wiki. You can also message me.

I probably made some mistakes here. If you have any corrections, please message me.

RawReport