In recent years the eyes of many has been opened by a multitude of intrusions, attacks and disclosure of what was thought of as safe information. From my perspective little was real news, even if the methods and magnitude of the breaches were. One might assume that larger social websites would have a department full of people wearing tin-foil hats. This post is not about any particular story since there are many and they have been discussed by smarter people then me anyway.
So what is this post about?
That my dear reader is a very good question, mostly this will be a simple walk through of how I manage the security of my own desktop but also some pointers and resources that you should check out.
Since it is tradition to start with what is the core of the issue at hand let us begin by writing; you are never safe. Data security is much more then just what you have on your home computer. It is now also automatically synced to the cloud, or transparently shared by social networks to advertisers.
So to keep your data safe what can you really do? The system is not really aimed towards neither privacy nor security. You are at the mercy of the weakest link in the chain of services, providers, ad-networks, tracking, frameworks and so on. Visit any popular site today and you will notice that you are loading data from not only one but several different resources, images, fonts and so on.
This is a fairly simple one; do not use Chrome and Microsoft Edge. I’ll repeat that; do not use a browser made for and by companies who also have a vested interest in saving information about you for other purposes. Not to say that Safari, Opera or Firefox are in any way better. But in the case of Firefox (and I admit to being biased here) you can at least block scripts.
To help protect yourself start with the following addons:
If I were you I would also read the information Privacytools.io has about Firefox and how to secure it. Visit “About:config” in Firefox and change all the settings suggested in the guide. Or do the ones that I use:
media.peerconnection.turn.disable = true media.peerconnection.use_document_iceservers = false media.peerconnection.video.enabled = false media.peerconnection.identity.timeout = 1 privacy.firstparty.isolate = true privacy.resistFingerprinting = true privacy.trackingprotection.enabled = true browser.cache.offline.enable = false browser.send_pings = false browser.sessionstore.max_tabs_undo = 0 browser.urlbar.speculativeConnect.enabled = false dom.battery.enabled = false dom.event.clipboardevents.enabled = false geo.enabled = false media.navigator.enabled = false network.cookie.cookieBehavior = 1 network.cookie.lifetimePolicy = 2 network.http.referer.trimmingPolicy = 2 network.http.referer.XOriginPolicy = 2 network.http.referer.XOriginTrimmingPolicy = 2 webgl.disabled = true browser.sessionstore.privacy_level = 2 network.IDN_show_punycode = true
The observant reader might have noticed that I am equating the word security with privacy somewhat. This is true, they are often seen walking hand in hand.
Now some of the cookie settings we changed will annoy you quite a bit, mostly due to the fact that if you close the browser the logged in session will be removed. So you will have to login again to all the social networks you hang out on. This is the trade off you will have to do and entering your password more often is a good segue into the next topic.
Are you the one who has a password that you reuse? Or do you try and keep at least a couple of passwords that you rotate between different sites? In both cases you should be aware that it is neither safe nor smart to actually know your passwords at all. Since I am a firm believer in the terminal I use the Linux tool called pass. A easy way to generate, protect and store passwords. Other tools that you might have heard of is LastPass or Keepass, both of which are password managers that will assist you having more secure passwords.
My tactic is simple, remember one ridiculously long and complex password phrase that protects my password-store. Then generate even more stupidly long passwords for each and every service I use online.
Another tip is to never store any encryption keys in the password store, so if someone gains access to the password store they will never be able to gain access to any data and vice verse.