OLLI Course: Be Safer on the Internet

OLLI Course: Be Safer on the Internet webadmin Thu, 01/15/2015 - 16:19

Course Summary

  • computer security? Fall 2018: Ashland
    previously offered: Fall 2017: Ashland; 2016 Fall: Ashland; 2016 Winter: Medford; 2015 Fall: Ashland; 2015 Spring: Ashland
  • Sessions: 6
  • Course URL: http://communicrossings.com/olli-course-be-safer-internet
  • The goal of this lecture course is to help you improve the privacy and security of your personal information -- online and offline.
  • It presents preventive strategies, discusses trade-offs and prioritizes practical steps to reduce your risks (even from the NSA!) for computers, tablets, smartphones and the "Internet of Things".
  • Topics include strong passwords, password managers, software updates, local & cloud backups, WiFi and router setup,
    browsing, email, messaging, encryption, malware, ad blocking, VPNs, social media, travel.
  • Students should be familiar with the location of their system and browser settings.
  • Specific settings will be demonstrated only for latest macOS and iOS (iPad/iPhone) systems, Safari browser and selected apps.
  • However, users of Android, Windows and other/older devices could use provided references to adjust similar settings.
  • Recommended e-book: Take Control of Your Online Privacy (discounted version available).
  • More about the course: Introduction: Approach, Audience, Devices, Topics, E-books

About the Instructor

steve

Safer Internet: Introduction

Safer Internet: Introduction webadmin Mon, 02/16/2015 - 11:12

Quotes

The "Problem"

  • The Internet's initial design did not foresee today's privacy and security problems.
  • Instead, the Internet has evolved like patchwork over the past 45+ years.
  • cat identityHuman nature has not evolved much over the millenia.
  • Users can be gullible; governments, spies and criminals are attracted to ever more sensitive data and weak safeguards.
  • More people & devices are connected to the Internet, for many more uses, from more locations.
  • With inexpensive online storage, data tends to accumulate.
  • personal dataTotal online privacy is basically impossible, but also probably not what you want.
  • Ordinary people with ordinary needs can still avoid the biggest privacy and security threats.
  • Additional sections -- from All Courses: Introduction [menu]
  • Resources: where to find materials, i.e., here
  • Navigation: using this web site
  • Handouts: how to create your own printed version

References

Safer Internet: Introduction: Approach

Safer Internet: Introduction: Approach webadmin Mon, 02/16/2015 - 11:16

This course plans to:

  • TCYOPFollow Joe Kissell's e-book: Take Control of Your Online Privacy {TCYOP}
  • Vary the sequence of Topics and depth of coverage, depending on student questions and background
  • Offer even more advice, and links to many articles: reviews, news, issues
  • Help you understand the kinds of information you might want to protect, and from whom, as well as techniques to improve privacy.
  • Explain 'just enough' of the underlying infrastructure and technology to enhance understanding
  • Emphasize preventive, proactive measures -- rather than deal with post-loss emergencies
  • paranoid security expertPrioritize (by difficulty: [1,2,3]) some manageable steps you can take to reduce your privacy and security risks -- [4] though not completely from the NSA.; see Audience [1-4] descriptions
  • Present trade-offs: convenience/effort for you vs. sensitivity/value of your info; one size does not fit all
  • Update advice over time, based on new threats and tools -- check Course Updates section
  • Guarantee that...

Safer Internet: Introduction: Audience

Safer Internet: Introduction: Audience webadmin Mon, 02/16/2015 - 11:14

Who

  • dogYou -- "ordinary" users with willingness to:
  • Explore settings on your computers/devices and read articles
    -- or if you're not DIY, at least understand the risks/issues (and show to your 'techie')
  • Take action: make some immediate changes, and create a plan for later actions,
    while avoiding procrastination, panic, guilt or information overload
  • Ask questions, especially about jargon (or see PC Glossary definitions of Computer and Internet Terms)

Advice Levels / Tags

  • [#] prefix on advice/references suggests audience, importance and/or effort:
  • [1]: Beginners with some familiarity with system/browser settings; mostly easy
  • audience relevance[2]: Intermediate; moderate, less common, some complexity
  • [3]: Advanced; more complex; special situations; programmers, administrators; maybe research or future-oriented
  • [4]: Extreme; dissidents, journalists, whistleblowers, celebrities, lawmakers, lawbreakers, corporations, paranoids
  • This Chart Shows How Computer Literate Most People Are 12/7/2016

Safer Internet: Introduction: Devices

Safer Internet: Introduction: Devices webadmin Mon, 02/16/2015 - 11:20

Devices, Devices, Devices

  • you vs. techModern-day desktop computers, laptops, tablets, and phones provide similar capabilities, and most web browsers and email applications provide similar features, often with similar names -- though there can be annoying small differences.
  • Ideally, this course would offer approaches and advice for many platforms.

Operating Systems

  • tech supportIt would be difficult -- for Joe K. in {TCYOP}, or me in this course -- to provide or discuss up-to-date recommendations and configuration advice specific to every site, device model, operating system version, application, and tool, for every country.
  • Steve will list or demonstrate specific examples of settings for only most recent macOS (formerly "OS X") & iOS (iPad, iPhone) -- not: watchOS, tvOS
  • He will also demo (and sometimes recommend) specific applications in different categories, e.g., browser: Safari; email: Mail; disk backup: Time Machine, Carbon Copy Cloner; password manager: 1Password; VPN: Witopia; ad blocker: Adblock Plus, 1Blocker [iOS], etc. -- there may be other viable alternatives for you (platform, features, costs)
  • tech supportIf you're using Windows, Android, Chromebook, Linux, or an older version of macOS or iOS, or some other wearable or home device/camera/streaming box/system (e.g., "Internet of Things"), don't panic -- you should be able to locate corresponding settings by exploring your device or reading articles (I provide many).
  • Each topic has links to articles in a References section, subdivided by platform and subtopics.
  • Also, see section: Finding More Help: other e-books, classes, consultants.

configureSystem Settings

Access

Search

Before Change

After Change

  • Save any new login name, password, recovery key, security answer, etc. in a secure place, e.g., password manager -- see Passwords section

Apps

  • IE icon grandmaCheck Internet-related Preferences, Settings or Tools for your device's apps, e.g.,
  • web browsers: Firefox, Google Chrome, Internet Explorer, Opera -- in addition to Safari
  • mail clients: Outlook, Thunderbird -- in addition to Mail
  • communication, social networking, maps, etc.

Access

Search

  • macOS: Launchpad > Search
  • terminologyiOS: swipe down on home screen > Search

Update / Buy

  • macOS: Apple menu > App Store
  • iOS: App Store

Safer Internet: Introduction: Topics

Safer Internet: Introduction: Topics webadmin Mon, 02/16/2015 - 11:21

Sequence

No. of Sessions

  • summaryTypical privacy & security recommendations could be summarized in 5 minutes or so: free 1-page 'cheat sheet', or the Quick Start section {TCYOP-3: 9-10; TCYOP-2: 8-9; TCYOP-1: 11-12}; there are many articles with titles such as "10 Things You Can/Should...", e.g.,
  • Protecting Your Digital Life in 9 Easy Steps 1. Download Signal, or Start Using WhatsApp to send text messages; 2. Be wary of clicking on unfamiliar links or documents and apply software updates; 3. Protect your computer’s hard drive with FileVault or BitLocker — and back up your data to an online backup service, external hard drive, or both; 4. The way you handle your passwords is probably wrong and bad (use strong unique passwords, stored in a password manager); 5. Protect your email and other accounts with two-factor authentication; 6. Use a browser plug-in called HTTPS Everywhere; 7. Invest in a Virtual Private Network, or VPN; 8. Remember that incognito mode isn’t always private; 9. Do sensitive searches in DuckDuckGo; 5/16/2017
  • However, if you'd like to understand background, context, tradeoffs, see demonstrations, and ask questions (and have me speak more slowly), six sessions turns out to be about right. In Fall 2017, these are now 2 (instead of 1.5) hour sessions so we should be able to cover and discuss more.

What We Won't Cover

  • Problems with your specific device & configuration (esp. non-Internet related); however, I may include tips about usage and costs; also see More Help section for learning, troubleshooting recommendations
  • Other non-digital privacy / security issues: paper, home, surveillance, death, etc. -- some in Offline Reference sections
  • Other Internet technical questions and social issues -- ask me to re-offer OLLI course: Internet History and Issues
  • Some [2] intermediate and most [3-4] advanced issues, depending on time and class interest

Safer Internet: Introduction: Discounts

Safer Internet: Introduction: Discounts webadmin Sat, 05/09/2015 - 04:39
  • Besides educational discounts on TCYOP (suggested e-book), discounts are sometimes available for software, services, and e-books -- some listed here and under various topics
  • 50% off all TakeControl titles; sale ends Sun, 10/29/17
  • 1Password (password manager): those who join Tidbits.com can receive member discounts on Mac or Windows version of 1Password (25%), other Take Control e-books (30%), etc.
  • There may be discounts available for bundles, or to user groups, e.g., on TakeControl books 30% for AshMUG members
  • For other products/services, there may be occasional online promotions, especially around "Cyber Monday" (after Thanksgiving) or special dates, e.g., World Backup Day (Mar 31 for backup products).
  • Witopia (VPN): if subscribing to Witopia VPN service, use this referral link (or code: Q8Hg3YRM) to receive a 15% discount; Steve receives a similar credit.
  • If you don't need unlimited voicecalls, unlimited texting and/or unlimited cell data (at 4G speeds), you can save money by having a monthly, pay-for-what-you-need cellular phone plan. I suggest checking your bills over past year to see your average monthly usage. I pay < 1/2 with Consumer Cellular for our calling, texting and data compared to AT&T; if you decide to switch to Consumer Cellular, mention that Steve Weyer referred you, and we'll both get a credit; if you're an AARP member, you'll save an additional 5% per month

Safer Internet: Introduction: E-books

Safer Internet: Introduction: E-books webadmin Sat, 05/09/2015 - 04:34

TCYOP

  • TCYOPAs mentioned earlier, this course is based on Joe Kissell's e-book: Take Control of Your Online Privacy {TCYOP}, from the excellent Take Control series of technical e-books. TCYOP is suggested but not required for this course; this course generally uses the same chapter/section headings and sequence.
  • The instructor can obtain a discounted price for registered OLLI students (in multiples of 10).
  • Students request & prepay before/at the first class -- $3 or $4 depending on number ($3 if exactly 10, 20, 30 or 40)
  • Instructor will order copies; Take Control emails e-book to Instructor in a few days
  • Instructor e-mails the .pdf e-book version to students.
  • To view the .pdf version, students need a PDF reader application; many are free, e.g., Adobe Reader (for computers, tablets, phones), Preview (for macOS), or iBooks (iOS).
  • Later, students can download an updated .pdf version (if available, for free or at a discount) and a .epub (iBooks) or .mobi (Kindle) version, e.g., for a tablet or eReader; see "Ebook Extras section" {TCYOP-3: 149; TCYOP-2: 132; TCYOP-1: 119}.

TCYOP Editions

  • 3.0; 4/2017; 152pp.; reg: $15; OLLI: $3-4
  • 'cheat sheet'; free; 1 pp. .pdf
  • sample; free; 53 pp. .pdf
  • 2.0; 5/2015; 135pp.
  • 1.1; 3/2014; 123pp.
  • "{TCYOP-3: #}" in course material refers to Chapter and Figure pages in the current .pdf edition
  • "{TCYOP-2: #; TCYOP-1:#}" (in smaller font) refers to pages in older editions (for students from previous terms).

Other E-Books

  • Read Me First: A Take Control Crash Course understand user interface, System Preferences (macOS), Settings (iOS) for the Take Control series; free versions: web, .pdf, .mobi (Kindle), .epub (iPad); version 1.0: 49 pp.; 9/3/2014
  • TakeControl publishes many other e-books about related topics, e.g., 1Password, Apple Mail, Backing up your Mac, Dropbox, FileVault, iCloud, iOS, macOS, Mac Security, Passwords -- most with free sample chapters; you can save $ if you're a Tidbits.com member, or order multiple e-books.

Safer Internet: Introduction: Finding More Help

Safer Internet: Introduction: Finding More Help webadmin Sat, 05/09/2015 - 04:53

Online

  • flowchartHelp / ? in your OS and applications -- as you look for and change settings.
  • E-books, e.g., Take Control of Your Online Privacy, other Take Control e-books
  • This course's References sections for each topic, especially for your OS
  • Support sections on hardware / software vendor web sites: manuals, tutorials, FAQs, software updates, forums
  • Tech blogs / magazines, e.g., LifeHacker.com; ArsTechnica; macOS/iOS: Tidbits.com

Groups, Classes

People, Companies

Safer Internet: Privacy, Security, Anonymity

Safer Internet: Privacy, Security, Anonymity webadmin Tue, 01/27/2015 - 08:13

Quotes

Definitions

  • dogPrivacy: freedom from observation or attention
  • Security: freedom from danger or harm
  • Anonymity: freedom from identification or recognition
  • Advice, settings and tools may affect more than one of these, and be repeated for different topics

Analogy: paper postal mail

  • envelopePrivacy: postcard vs. envelope
  • Security: stolen check or ID; white powder; locked mailbox
  • Anonymity: no return address; PO box
  • "Before" network diagram: {Figure 1. TCYOP-3: 44; TCYOP-2: 39; TCYOP-1: 39}

References

Analogies

Safer Internet: What Do You Have to Hide?

Safer Internet: What Do You Have to Hide? webadmin Thu, 01/29/2015 - 13:19

Why?

  • dogEveryone is at risk:
  • Anyone who has ever had a loan or credit card -- very likely affected by 9/2017 Equifax breach
  • Anyone whose SSN, email or other sensitive details have been -- or will be -- hacked by a careless company or incompetent government agency
  • Anyone unaware of good security and privacy practices -- encourage them to take this class!
  • [3] Any high-profile target: celebrity, politician, business, investigative journalist, political dissident, whistleblower

Quotes

General

  • circus guessContact information: home address, phone, email -- yours and family
  • Vital Statistics: your birthday, birthplace, family members
  • [Refs]: "How Many Times Has Your Personal Information Been Exposed to Hackers?" [quiz]
  • [Refs:Identity]: "Here's what your stolen identity goes for on the internet's black market"
  • [Refs:Identity]: "Five Common Scams Directed at Seniors"
  • Financial information: SSN, credit cards, purchases, tax returns, bank statements
  • Your current and past locations
  • [Refs:Vehicles]: "Chevy Malibu 'Teen Driver' Tech Will Snitch if You Speed"
  • fantasy lots of infoPhotos
  • [Refs]: "California becomes first state to convict someone for operating a revenge porn website"
  • Medical information
  • [Refs:Health]: "29 million US health records exposed by data breaches between 2010 and 2013"
  • [Refs:Health]: "Ancestry.com DNA Privacy Statement: advertising relevant to genotype"
  • Password(s): if a password is stolen, login to that site and change it, before a hacker does -- hopefully, you have devious security question answers and/or 2-factor authentication for any sensitive accounts.
  • However, if you re-used that password for other sites -- a big no-no -- you'll have to scramble...
  • Email, chat, and other communication history
  • Browsing behavior -- current and historical {List. TCYOP-3: 73-74; TCYOP-2: 58-60; TCYOP-1: 58-60}; browser 'footprint'
  • closed captioning google glassPersonally-identifiable vs. anonymously-aggregated information; content vs. metadata
  • Data across different sites via cookies or IP address (or 'browser fingerprint') can reveal patterns, and lead to individuals
  • [Refs]: "Why You Should Protect Even Your Most Unimportant Data"
  • Other devices: voting systems, (smart)TV, set-top/streaming box, game console, smart watch, health/fitness trackers, home automation, car; section: "Internet of Things" (IoT)
  • Others' devices: cameras, wearable technology

Identity Theft

  • If you have ever had a loan, mortgage or credit card, you are very likely affected by the recent (9/2017) Equifax breach -- with at least your birthdate, name, address, SSN available to hackers worldwide
  • Or, you may be vulnerable due to other past -- or future -- leaks from other companies or government agencies with sloppy security.
  • blankieHowever, there are still some things you can do to minimize the damage -- many of them free (with some redundancy)
  • Closely monitor credit card activity for unrecognized charges with your credit card companies -- at least monthly, but preferably more often.
  • Set up SMS and/or email notifications with your credit card company for charges over certain amounts or from certain sources, esp. online, international.
  • Setup credit card monitoring & fraud alerts, check your credit report & score, e.g., creditkarma.com
  • Freeze credit reports with all 3 credit reporting agencies -- to prevent future applications for mortgages, auto loans, credit cards with your SSN
  • Stay tuned -- due to public or legal pressure, more free services may become available, for longer periods
  • Enroll in Equifax Trusted ID Premier: free for a year; FAQ; I was initially concerned about Equifax's lax security, fumbling tone-deaf response, and executive irregularities (dumping stock after breach; music degree credentials for CSO (Chief Security Officer), who's resigned, along with CEO); however, they seem to have addressed some of these concerns via their complimentary service (hopefully they'll willingly (or be forced to) extend), which includes:
  • 3-Bureau Credit File Monitoring and automated alerts of key changes to your Equifax, Experian, and TransUnion credit files
  • Equifax Credit Report Lock: allows you to prevent access to your Equifax credit report by third parties, with certain exceptions -- 'lock' similar to a 'freeze', though with fewer regulations; stay tuned for clarification
  • Social Security Number Scanning of suspicious web sites
  • Copy of your Equifax Credit Report
  • Up to $1 million in ID theft insurance. Helps pay for certain out-of-pocket expenses in the event you are a victim of identity theft
  • Enroll in TransUnion TrueIdentity: free, which includes:
  • Freeze TransUnion credit report
  • Stay up to date with monitoring, alerts and credit reports
  • Up to $25,000 in ID theft insurance
  • freeze Experian credit report: free or $10 (depends on state); be sure to generate & save PIN; additional costs to unfreeze or remove?
  • other various Experian services/plans most not free; IdentityWorks Plus & Premiums plans are, I think, overpriced and unnecessary -- you can get much of the same for free elsewhere, e.g., other credit agencies, CreditKarma.com, ProtectID (AAA members)
  • freeze Innovis credit report: free; lesser known than the 'big 3' credit agencies, but since it's free, why not?
  • [Refs:Equifax]: "Stephen Colbert: Equifax Just Equi-F'ed Everyone" (video)
  • [Refs:Identity]: "LifeLock Agrees to Pay $100 Million Fine in Settlement With F.T.C."
  • [Refs:Identity]: "Which Credit Monitoring Service Should You Use?"
  • [Refs:Identity]: "4 Things You Should Do About the Equifax Hack"
  • File your income taxes as early as possible -- so that a hacker doesn't file for you and claim a refund
  • [Refs:Identity]: "Sign Up at irs.gov Before Crooks Do It For You"

References

Attacks

Equifax

Financial

Home

Health

Identity Theft

Vehicles

Voting

Safer Internet: Who Wants Your Private Data?

Safer Internet: Who Wants Your Private Data? webadmin Thu, 01/29/2015 - 13:25

Quotes

Summary

  • modern lifeAdvertisers, your ISP/cell provider, "Big Data" -- to support 'free' content or generate revenue
  • [Refs:Companies]: "How Target Figured Out A Teen Girl Was Pregnant Before Her Father Did"
  • [Refs:Companies]: "When a Company Is Put Up for Sale, in Many Cases, Your Personal Data Is, Too"
  • Employers, neighbors, stalkers, a vindictive ex
  • Banks, lenders, and insurance companies
  • [Refs:Companies]: "Banks Now Eyeing Cell Phone Metadata To Determine Your Loan Risk"
  • Hackers ('black hat')
  • [Refs:Hackers]: "Malware attacks give criminals 1,425% return on investment"
  • Major copyright holders (RIAA, MPAA)
  • obama verizon share everything"Big Brother": the government and law enforcement. NSA, GCHQ (UK), FBI, ... -- anything goes for 'war on terror'
  • [Refs:Govt]: "Sen. Ron Wyden thinks the next big cybersecurity bill could make things worse"
  • [Refs:Govt]: "If You Don't Care About The NSA Because You 'Haven't Done Anything Wrong,' You're Wrong"

References

Companies

Government

Hackers, Trolls, Doxers

ISPs

Policy

Safer Internet: Develop a Privacy Strategy

Safer Internet: Develop a Privacy Strategy webadmin Thu, 01/29/2015 - 13:32

Quotes

Policy / Law

  • terms and conditions"Privacy policies" specify how your information will be used / shared -- no guarantee of protection or enforcement; if you have some time, read/scan -- rather than blindly accept
  • Most companies do not provide details about robustness of their security practices (because they're clueless, embarassed?)
  • Terms & Conditions and Privacy Policies can change without notice, usually not for the benefit of users
  • e.g., Linkedin: User Agreement (T&C), Privacy Policy; also: Ad Choices; Community Guidelines; Cookie Policy; Copyright Policy
  • Government regulations & laws lag the technology;
    if they exist, they often favor corporate donors and surveillance agencies over consumers

Behavior

  • best practicesAccept that some changes are necessary; to get the most out of this class, some homework is required. Advice & tools change over time -- security is akin to game of "whack-a-mole"
  • Invest attention and energy upfront to be proactive before problems occur.
  • Learn good habits, such as backing up regularly, updating software, choosing strong passwords, storing passwords securely, logging out when not using your computer; connecting to known, encrypted WiFi networks, etc.
  • [Refs:Tech]: "How the Experts Protect Themselves Online (compared to Everyone Else)"
  • [Refs:Behavior]: "'Security fatigue': Computer users tired of too many passwords, warnings"
  • [Refs:Behavior]: "The psychological reasons behind risky password practices"
  • Pray? Cyberinsurance?
  • type A BTV / movies often do not accurately portray security threats / practices
  • [Refs:Behavior]: "Hollywood's take on cybersecurity"
  • Before: minimize personal information that you provide / volunteer
  • After: purge info from data brokers
  • [Refs:Tech]: "Privacy Tools: Opting Out from Data Brokers"
  • Avoid installing malware inadvertently, e.g., clicking on links in suspicious emails, panicking & responding to scary popups
  • "Social Engineering" can often defeat many otherwise secure systems -- especially if request comes from harried "boss", desperate "friend", incarcerated "grandchild", irate "customer"
  • PEBKAC[Refs:Behavior]: "Majority of Americans fall for email phishing scams" (quiz)
  • "PICNIC":...
  • the "Pledge": don't do anything stupid! {TCYOP-3: 36-38; TCYOP-2: 33-34; TCYOP-1: 32-34}

Planning

  • risksConsider risks & needs by:
  • location: home, school, work, vacation
  • task: banking, searching, communicating, entertainment
  • device: phone, tablet, computer, etc.
  • type of information: required, optional, sensitive, personal
  • convenience: all mail, calendar, search, payments, passwords with one trusted provider, or different places?
  • companies you use: what is their business model? how "free" are their services? do they track you? e.g., Facebook, Google (advertising) va. Apple (hardware)

Technology

  • plan"Technology is...
  • "1) Everything that's already in the world when you're born is just normal;...
  • "1) When a distinguished but elderly scientist...
  • keep calmMake one-time changes, such as more secure passwords, system & browser settings, privacy options on social networking sites, etc.
  • [Refs:Tech]: "9 Facts About Computer Security That Experts Wish You Knew"
  • Since it would overwhelming to do everything that we'll discuss immediately, be selective and phase in gradually over months.
  • Ongoing: check vendor sites for updates; refer back here to course summaries & reference articles

Summary

References

  • sections: Behavior; Technology
  • summary{TCYOP-3: 29-38; TCYOP-2: 27-34; TCYOP-1: 28-34: Fix the Easy Things; Choosing Better Passwords; About Two-Factor Authentication; Create Privacy Rules for Yourself; Purge Your Info from Data Brokers; Cope with Special Cases; Take the Pledge}; many general articles below
  • Vendor sites for privacy and security information, e.g.,
  • Apple: Security Software Updates; Gatekeeper; FileVault 2; Privacy Controls; Password Generator; iCloud Keychain; Sandboxing; Runtime protections; Antiphishing; Find My Mac
  • Apple: Manage Your Privacy Secure your Devices: passcode; Touch ID, Find My;
    Secure your Apple ID: password, security questions, 2-step verification;
    Stay secure: phishing, passwords, notifications;
    Sharing: iCloud settings, location data, apps, ads, private browsing, children's privacy, diagnostic data
  • Apple: iOS Security iOS10 white paper: System Security; Encryption and Data Protection; App Security; Network Security; Apple Pay; Internet Services; Device Controls; Privacy Controls; Apple Security Bounty; .pdf; 3/2017
  • Apple: Privacy Built-in; Government Information Requests; Privacy Policy
  • AARP: Online Safety Technology Education and Knowledge (TEK) Center
  • Security starts with you (and us) Vanguard: Our online security protocols, Monitoring for fraudulent activity, Security inside Vanguard, When you call us; you: Secure your computer, Protect your mobile devices, Safeguard your identity online, Don't forget your U.S. postal mail
  • paranoid expertTakeControl: Are Your Bits Flipped? trust; excerpt of e-book
  • EFF: Surveillance Self-Defense TOC copied: 12/1/2016
  • Overviews: An Introduction to Threat Modeling; Choosing Your Tools; Creating Strong Passwords; Keeping Your Data Safe; Seven Steps To Digital Security; What Is Encryption? Why Metadata Matters
  • Animated Overviews: How Strong Encryption Can Help Avoid Online Surveillance; How to Make a Super-Secure Password Using Dice; Protecting Your Device From Hackers; Using Password Managers to Stay Safe Online
  • Tutorials: How to: Avoid Phishing Attacks; Circumvent Online Censorship; Delete your Data Securely on Linux, Mac OS X, Windows; Enable Two-factor Authentication; Encrypt Your iPhone, Your Windows Device; Install and Use ChatSecure; Use KeePassX; Use OTR for Mac, Windows, Linux; Use PGP for Linux, Mac OS X, Windows; Use Signal for Android, iOS; Use Tor for Windows, Mac OS X; Use WhatsApp on Android; Use WhatsApp on iOS
  • Briefings: An Introduction to Public Key Cryptography and PGP; Attending Protests (Intl., USA); Choosing the VPN That's Right for You; Communicating with Others; How Do I Protect Myself Against Malware? Key Verification; Protecting Yourself on Social Networks; The Problem with Mobile Phones; Things to Consider When Crossing the US Border
  • Playlists: Academic researcher? Activist or protester? Human rights defender? Journalism student? Journalist on the move? LGBTQ Youth? Mac user? Online security veteran? Want a security starter pack?
  • camerasPasscode: Modern field guide to security and privacy CS Monitor; cybersecurity news and analysis
  • The WIRED Guide to Digital Security choose your profile:
    [1] Civilian: You're a regular user, but hackers and malware are lurking: 7 Password Tips; Basic Smartphone Security; Resist Phishing Attacks; Keep Your Kids Safe; Protect Yourself from Doxing;
    [3] Public Figure: Activist? Journalist? Politician? Consider yourself a target: How to Encrypt All Your Data; Google Advanced Protection: a Step-by-Step Look; Use Tor for more than just Browsing; Physical Steps to Amp up your Digital Security;
    [4] Spy: Professionals are after you. Time to get serious; How to Remove the Mic from your Devices; Sniff Out Bugs Planted in your Room; Extra Paranoid Measures for Superspies; 12/9/2017
  • Foiling Cyberspies on Business Trips 11/12/2017
  • How to Protect Your Information Online How do I know if my personal information has been taken? What if I'm certain my data has been stolen from Equifax? Should I change my passwords? How do I create stronger passwords? Are passwords enough? Won't security questions protect my data? 9/7/2017
  • Consumer Reports will begin assessing cyber security and privacy safeguards when scoring products 3/6/2017
  • Where to Donate to Protect the Internet in 2017 The American Civil Liberties Union; The Electronic Frontier Foundation; Freedom of the Press Foundation; Open Whisper Systems; The Tor Project; 12/25/2016

Behavior

Technology

Safer Internet: Offline Data

Safer Internet: Offline Data webadmin Tue, 01/27/2015 - 15:09

Quotes

Summary

  • What happens to your information if:
  • your devices and/or backups are lost, stolen, destroyed or corrupted -- at home or while travelling?
  • lost homeworkyou neglect to install security updates?
  • you lose/forget your passwords?
  • you donate or sell your computer?
  • you become forgetful, incapacitated, or dead?

References

Safer Internet: Offline: Passwords Intro

Safer Internet: Offline: Passwords Intro webadmin Thu, 07/16/2015 - 14:53

Summary

  • MRI cloggedPasswords are ubiquitous, but not the most secure or convenient way to authenticate someone's identity.
  • Create passwords as strong as possible (or at least, more than required).
  • Store, sync and access most of your passwords via an encrypted 'password manager' (PM) -- most commonly, an application (like 1Password, LastPass, Dashlane); Apple-only users could use barebones, built-in iCloud KeyChain; paranoids could copy/paste via a local encrypted file
  • Minimize sharing passwords with others maybe within family for streaming devices?
  • Ideally, you need to remember only 2+ strong passwords: one for PM, one for (each) device.
  • A fingerprint can be convenient, and stronger than simple 4-6 digit passcode, but it can be cloned by hackers, and compelled by police.
  • World Password Day: May 5th create strong passwords; use a different password for each account; get a password manager; turn on multi-factor authentation; Betty White videos; security quiz

What is a "Strong" Password?

  • babyUnique -- don't reuse
  • Uncommon -- don't choose from worst: 25, 100, 500
  • Typically, 15+ characters long -- long phrases, and/or including mixed case, digits, punctuation.
  • Main (device & PM) passwords should be memorable -- and not too inconvenient to enter on your device.
  • For a phone/tablet, make longer than minimum 4-digit passcode, e.g., 8+ digits
  • iOS: ... > Passcode options > Custom Numeric/Alphanumeric Code -- see Accounts
  • Strong passwords usually don't need to be changed (unless they've been compromised).
  • If site requires answers to security questions, provide answers to questions that no one can lookup or easily guess -- or lie; create your own questions if possible.
  • We'll look at multi-factor methods later, e.g., using temporary codes from mobile phone or an authenticator app.

How to Generate a Password

  • correct horse battery stapleTo avoid predictability, consider creating a random password.
  • Use "password generator" in your Password Manager, e.g., pronounceable
  • macOS: System Preferences > Users & Groups > Password > Change Password > "lock": Password Assistant : Memorable
  • Be cautious about using online password generators: HTTPS? logging?
  • Manually generate multi-word phrase, e.g., Diceware; English
  • Roll die 5 times to select a word from a list of 7776 (65) words in a language.
  • Generate 4+ words; customize to increase strength even more
  • Other passwords (stored in your PM) can be long, random, complex, e.g., 64 characters of gibberish -- since you don't have to remember or type them.

How to Test Password Strength

  • best practicesTest the strength ("entropy") of your current passwords and new candidates.
  • Entropy is roughly a function of
  • the size of character set (# of possibilities): 0-9, A-Z, a-z, punct.!, dictionary list
  • to the power of the length of password sequence (number of characters / words)
  • decreased by rules, such as common recognizable patterns, e.g., 12345, pet names, common phrases, keyboard sequences, etc. -- and cracked password lists
  • Higher entropy means less predictable, i.e., more attempts / time to guess or crack by brute force
  • entropy equationGeneral recommendation: passwords should have 'high' entropy: 75 (or more)
    thousands of "centuries" to crack; though time estimates are unreliable due to sharing of known password lists by hackers, and increases in processing power.
  • Different sites can evaluate same password differently; Poor/Good/Strong labels or 'strength gauge' are inexact.
  • Similar caveats (to generation) for online password testers: HTTPS, logging?
  • My favorite checker: zxcvbn: numerical score with explanation; zxcvbn can be run locally (no network).
  • correct horse battery stapleShort 'random' phrases, e.g., correcthorsebatterystaple: 45 (only; via DiceWare).
  • Increase strength: more words, punctuation, misspellings, reversals, acronyms, invented words, other languages; however, hackers already anticipate simple substitutions like $ for S, 1 for L, etc.
  • Include 'unusual' chars (accented, foreign, etc.) -- check availability / compatibility for cross-platform use, e.g., opening password manager
  • macOS: System Preferences > Keyboard > Keyboard > Show keyboard and emoji (&symbol) viewers in menu bar > Show Keyboard Viewer
  • macOS: System Preferences > Keyboard > Input Sources > Show input keyboard in menu bar (this is still enabled if you disable Show kbd and emoji viewers)
  • (kbd icon) > Show Keyboard Viewer: view / select key
  • keyboard: press appropriate key combos, e.g., Option-
  • iOS: keyboard: hold down key to see possibilities
  • iOS11: Settings > General > Keyboard > Smart Punctuation: off -- if some chars don't appear; note:
    'flick down' can be used instead of Shift
  • strength change tomorrowWeaker passwords, e.g., 8-digit phone PINs, might be adequate if device limits login attempts or can auto-erase.
  • 64 random characters, e.g., via a Password Manager, typically might have entropy: ~346 (trillions of centuries)

How to Store Passwords

  • postitsHuman memory should be fine for several strong passwords: one for PM, one for (each) device -- but be sure to backup elsewhere, e.g., Safety Deposit Box
  • Paper or a file might be ok if it's truly hidden and/or coded
  • Recommendation: use a password manager app, such as 1Password
  • PM encrypts passwords on your device; shares (sync / backup) between devices / cloud
  • PM navigates to correct site; PM automatically fills-in userid and password -- usually
  • PM recognizes password changes, and automatically updates -- usually
  • PM organizes sites like bookmarks / favorites -- usually searchable
  • PM integrates with your browser (and maybe system & other apps via icon menu)
  • PM can store other related info, e.g., unusual answers to security questions
  • 1Password and password security AshMUG: Peter DeGroot presentation; video; links; how-tos; 9/8/2015
  • Later section: Browsing: Passwords, discusses passwords, password managers (e.g., 1Password, Dashlane, LastPass), and related issues in more detail, along with reviews and articles.

Safer Internet: Offline: Accounts

Safer Internet: Offline: Accounts webadmin Tue, 01/27/2015 - 16:48

Why?

  • + Protect (encrypt) personal, sensitive (even deleted) files with a strong password (macOS: FileVault; iOS: default)
  • + Deny others easy access to your device: auto-login apps, e.g., messaging, email, password resets
  • - Inconvenience of entering password, esp. if short timeout

Basic

  • username basis with boss[1] Set a strong password / passcode on your computer, tablet, phone
  • Set a longer timeout to minimize your logins and inconvenience; shorter timeout when travelling?
  • Limit number of login attempts? auto-erase?
  • Add contact info maybe -- in case of loss (vs. Privacy) -- see Services: Location section
  • Protect sensitive files on drive -- see Encryption section
  • Avoid giving your password to tech support (esp. remote scammers) -- and if you do, change it immediately afterwards
  • baby usernamemacOS : System Preferences > Security & Privacy > Change Password
  • System Preferences > Users & Groups > Password > Change Password -- to set initial password, or change other accounts
  • System Preferences > Security & Privacy > Require password > (time)
  • Use same strong admin password for main disk (FileVault) and backup drive, e.g., TimeMachine
  • iOS: Settings > Passcode > Turn Passcode On
  • iOS: Settings > Passcode > Change Passcode > Passcode Options: Custom Alphanumeric Code, Custom Numeric Code, 6-Digit Numeric Code
  • Use more than default PIN, e.g., 4-digit (iOS 8), 6-digit (iOS 9+); so attacker won't know length and will take much longer
  • Although letters and symbols can be included, a much longer numeric PIN can be entered more easily on larger number-only keypad; still difficult to brute force if OS limits login attempts
  • iOS: Settings > Passcode > Require Passcode > After x minutes/hours shorter when traveling?
  • iOS: Settings > Passcode & gt; Allow Access When Locked : Today View, Recent Notifications, Control Center, Siri, Home Control, Return Missed Calls
  • iOS: Settings > Passcode > Erase Data after 10 failed passcode attempts
  • iOS: Settings > Touch ID & Passcode fingerprint sensor on selected models, e.g., iPhone 6

Intermediate

  • login[2] Setup separate accounts for each user
  • Admin account for installs/updates; 2nd admin backup account
  • Non-admin accounts for routine use to avoid accidental malware
  • Setup "Parental Controls" on shared computers?
  • When: now, or the next time you upgrade your OS or replace hardware, and migrate user info
  • macOS: System Preferences > Users & Groups

Advanced

  • admin acct[3] Set a firmware password (macOS, Win) to prevent booting with other OS, accessing file system
  • May still be appropriate for some high security situations; alternatively, enable whole disk encryption
  • [3] Set a SIM PIN on cellular devices, e.g., iPhone, some iPads -- see Connection : WiFi section

References

Android

Apple ID

iOS

macOS

Windows

Safer Internet: Offline: Backups

Safer Internet: Offline: Backups webadmin Tue, 01/27/2015 - 17:28

Why?

  • disaster recovery+ Recover files lost because of disk/SSD failure, corruption, theft
  • + Encrypt backups to reduce impact of theft, surveillance
  • + Reverse an unwanted or incomplete software update
  • + Reduce effects of ransomware (hacker encrypting and holding your files hostage)
  • pray+ Access files in cloud from multiple devices
  • - Procrastination; initial setup effort
  • - Making it a habit

Quotes

What, Where, When?

  • bedtime story"Data loss is when you no longer have access to your own data...
  • "Data theft is when someone else gets access to your data illicitly...
  • Manual: selected files/folders copied to/shared with a USB drive or a cloud folder; must remember to do it
  • Incremental: only what's changed; automatic; user files, multiple versions, settings (contacts, bookmarks)
  • Complete: everything; user files/settings plus system, apps; ideally a bootable clone
  • delete homeworkLocal: a partitioned external disk is a convenient, inexpensive location for several backups
    e.g., Time Machine, Carbon Copy Cloner, SuperDuper;
    disk manufacturer may provide backup software, e.g., Retrospect
  • Recommendation: purchase external disk 4x (or larger) size of your internal storage:
    1x for clone; 2-3x for incremental (more if multiple versions/deleted files are maintained)
  • e.g., for 250G internal disk/SSD, use 1Tb (or larger) drive:
    250G for clone, 500-750G for incremental; ?G for archive misc. partition
  • macOS: don't yet convert external drive to High Sierra's new APFS format until bootable clones are supported
  • [2] Encrypt backup drives during setup -- or later, e.g., FileVault; see Encryption section
  • [3] Use separate external drives for incremental and for clone -- to reduce risk of single drive failing or lost
  • cloud lost homeworkRemote/Offsite: cloud services can provide free / inexpensive, encrypted remote backup for email, photos, contacts, notes, passwords, calendar, selected files etc., e.g., DropBox, Google Drive, Box, OneDrive, Backblaze; located separately from your devices / home
  • World Backup Day March 31st (just before April Fool's)
  • Once/year is better than never ;-); however, more often is better for new or changing, important info, e.g., hourly/daily for incremental (cloud), daily/weekly for incremental (disk), weekly/monthly for complete
  • restore husbandInternational Verify Your Backups Day every Friday the 13th
  • Checking that your backups actually occurred and that you can restore files are just as important
  • [Refs]: "When will your hard drive fail?"; "11 Stupid Backup Strategies"
  • [Refs]: "It's World Backup Day, Now's a Good Time to Check Your Backups"

Incremental

  • brain sidesFrequency: daily/weekly -- more often if many changed files; also, before any system updates
  • Mac (to disk): Time Machine > Open Time Machine Preferences
  • Mac (restore): Time Machine > Enter Time Machine [image]
  • [Refs:TimeMachine]: "How to Set Up Time Machine Backups in Mac OS X"
  • What to backup via iCloud?
  • iOS: Settings > (your acct) > iCloud: Photos, Mail, Contacts, Calendars, Reminders, Notes, Safari, News, Home, Game Center, Siri, Keychain, Find My iPad/iPhone, iCloud Backup
  • macOS: System Preferences > iCloud: Photos, Mail, Contacts, Calendars, Reminders, Safari, Notes, Keychain, Back to My Mac (File/Screen Sharing), Find My Mac
  • Email backup may not be necessary if using IMAP, i.e., messages already stored on ISP's mail server
  • How much is backed up / shared in iCloud?
  • iOS: Settings > (your acct) > iCloud > Storage > Manage Storage > Backups: device; Documents&Data
  • iOS: Settings > (your acct) > Family Sharing -- setup
  • iOS: Settings > (your acct) > iCloud > Manage Storage > Share With Family -- share iCloud storage
  • What's shared: Apple media purchases, Apple Music family plans, iCloud storage plans, Photo album, Calendar, Reminders, Locations, Find My iPhone family view
  • Not shared: songs in iTunes Match (not purchased in the iTunes Store), in-app purchases, items hidden by a group member, some apps from the App Store (this is left up to each developer)
  • macOS: System Preferences > iCloud > Manage... (lower right)
  • macOS: icloud.com > Settings (home) > Storage
  • NSAIs the cloud "safe"?
  • The strength of the encryption mainly depends on the strength & security of the encryption key -- in addition to the password you use to login to service
  • If cloud provider has that key, files are vulnerable to hacking or government request -- only you should know / control separate 'private key (not same as password)
  • Extremely secure if file already encrypted 'end-to-end', e.g., 1Password (on Dropbox);
    or service uses a separate (non-account) key which only you have, e.g., Backblaze; encrypting in transit (HTTPS:) is assumed; is file decrypted by provider before being re-encrypted?
  • Ideally, 2-step authentication is avail to protect account -- section: Passwords
  • [Refs:Cloud]: "What does Dropbox do to protect my stuff?"
  • [Refs:iCloud]: "iCloud security and privacy overview"

Complete

  • make imageFrequency: weekly/monthly; also, before major system cleanup & updates
  • iOS (USB): iTunes (macOS,Win) > (device) > Summary > Backups
  • Good insurance against ransomware (Malware, Encryption), disk corruption
  • macOS (to disk): Carbon Copy Cloner
  • [Refs:CarbonCopyCloner]: "Review: Carbon Copy Cloner 5"
  • punishmentmacOS (to cloud): CrashPlan (incrementally, automatically) -- note: Crashplan Personal no longer available after 10/2018; possibly use Backblaze or Carbonite(Windows ok, but not Mac)
  • [1] USB/disk (at remote site), e.g., bank Safety Deposit box, trusted friend's house
  • ufo[1] While travelling, backup digital photos
  • [Refs:Photos]: "The best way to manage your photos online in 2015"
  • [1] Paper: important device & account passwords (esp. for password manager!) in SD box
  • Save .pdf of various paper documents, e.g., manuals for devices & appliances from manufacturers sites
  • [Refs:Death]: "Preparing Digital Assets for Your Eventual Death"
  • [Refs:Paper]: "Top 10 Backups Everyone Should Have (not Just Computer Backups)"

What I Use

  • update backup iTunesincremental [ext disk]: macOS: TimeMachine -- files; several times/week
  • incremental [remote]: macOS, iOS: Dropbox --1Password passwords, notes; ongoing
  • incremental [remote]: macOS, iOS: iCloud -- Safari, Settings, etc.; ongoing
  • incremental [remote]: macOS: CrashPlan* -- all files; ongoing (I will be migrating in 2018, probably to Backblaze)
  • complete [ext disk]: macOS: Carbon Copy Cloner -- files, apps, system; monthly, esp. before macOS updates
  • complete iOS: iTunes(macOS) -- files, settings, etc. (Manual) before iOS updates -- see screenshot on right

Intermediate

  • [2] Computer-to-(remote friend's) computer; CrashPlan (free) -- no longer provided
  • [2] If you host a blog or website, save backups.
  • e.g., WordPress.com > Dashboard > Tools > Export

References

Android

Carbon Copy Cloner (Mac)

Backblaze

Cloud

Crashplan

  • CrashPlan: Archive Encryption Key Security Options Standard: Secured with a salted and hashed version of your account password
    Archive key password: Secured with a salted and hashed version of your archive key password
    Custom key: Encryption key is replaced by a custom key that is never escrowed on a master server
  • How to move from CrashPlan for Home to another backup solution 8/23/2017
  • CrashPlan Discontinues Consumer Backups Carbonite Mac version offers neither versioning nor the option to use a personal encryption key; it artificially restricts upstream bandwidth, making it significantly slower than many competitors; Backblaze: no peer-to-peer backups, local backups, or a multi-user discount for families; process of restoring files requires more steps; limits on deleted files; 8/22/2017
  • CrashPlan 4.3 7/19/2015

Death, Divorce

Dropbox

Future

Google

Home

iCloud

iOS

macOS

Natural Disaster, esp. Cascadia Quake

Paper, Other

Photos

SuperDuper (Mac)

TimeMachine (Mac)

Web Sites

Windows

Safer Internet: Offline: Software Updates

Safer Internet: Offline: Software Updates webadmin Tue, 01/27/2015 - 16:51

Why?

  • reasons+ Security patches for system, built-in apps (e.g., browser, mail), other network apps
  • + Other privacy / security settings or other features
  • ? Performance: speedup or slowdown
  • ? Storage: increase or decrease
  • - Potential bugs or app incompatibility / unavailability
  • - Change/procrastination (in general): possible unwanted/missing features; different user interface; learning time
  • - What to update? time to do updates; slow update servers

Quotes

Basic

  • updating itselfBackup -- both incremental and clone -- both before cleanup and before actual installation; see Backup section
  • Allow enough time for backup, download and install -- and if things don't go well, for troubleshooting or restoring previous system version
  • Update your system and application software, especially related to browser, security, cloud, network
  • If you keep your device up-to-date, it should be easier to cope with incremental system & app releases
  • Minimize number of applications and add-ons, esp. if infrequently or not used -- see Erasing section
  • Each user will have different risk vs. benefit tradeoffs
  • Install updates and applications only from official store, or reputable developers -- don't jailbreak!
  • Do not update browser extensions, e.g., Flash, or apps when prompted via a browser popup -- use app store, or app or extension's own 'Check for Updates' command
  • Save $ by purchasing apps only once for each family device
  • iOS: Settings > (your acct) > Family Sharing
  • macOS: System Preferences > iCloud > Manage Family
  • protect me from bad thingsLook for install options -- often checked by default -- that might install unwanted extensions or adware, or change settings (home page, search engine); e.g., Oracle's Java installer
  • system: e.g., Android, iOS, macOS (formerly "OS X"), Windows
  • apps: e.g., Adobe Reader; Microsoft Office; Skype
  • add-ons, which customize/extend an app, esp. a browser
  • plugins: e.g., Adobe Flash; Oracle Java -- or consider uninstalling altogether
  • extensions: e.g., Adblock Plus, HTTPS Everywhere
  • brainHow to check your OS version:
  • iOS: Settings > General > Software Update / About : Version
  • macOS: [apple] > About

Incremental

  • upgrade itIncremental or standalone security updates and bug fixes, e.g., .1, .2 (.0 = major); usually no new features
  • You can usually wait a day or two -- or even longer if no security fixes, or bug fixes for your particular device -- to avoid:
  • buggy releases, esp. for older devices -- rarer now due to wider beta testing by developers and daring users
  • slow stores / upgrade servers
  • individual apps: check for updates upon startup (preference), or manually (via menu)
  • probably ok to ignore updates for apps that you never use, e.g., built-in apps like GarageBand (but why not remove if unneeded or offload if easily re-downloaded?)
  • browser extensions: once installed, most browsers check/update automatically

Android

iOS

  • 2 things: updates, taxes[Refs:iOS:Current] iOS
  • iOS: Settings > General > Software Update
  • iOS: App Store > Updates
  • iOS users may want to use iTunes to update iOS: easy to backup first
  • for OTA (over the air) updates via WiFi or cellular
  • < iOS9: update can fail due to low device memory
  • ≥ iOS9: update can be slower; apps are removed/reinstalled if needed to create temporary space
  • Allow easier installation of free apps?
  • iOS: Settings > (your acct) > iTunes & App Store > Password Settings > Free Downloads > Require Password: off
  • [Refs:iOS]: "Hacking Team hack reveals why you shouldn't jailbreak your iPhone"

macOS

  • reading[Refs:macOS:Current] macOS
  • [apple] > About > Software Update
  • macOS: App Store > Updates -- macOS and selected apps
  • macOS: System Preferences > App Store: download/install, password
  • adobemacOS: Safari > Preferences > Extensions > Updates : Install Updates Automatically
  • macOS: Microsoft Excel > Help > Check For Updates
  • macOS: Firefox > Firefox > About Firefox
  • macOS: Adobe Reader > Help > Check For Updates
  • macOS: System Preferences > Flash Player > Advanced > Updates
  • [Refs:macOS:Office]: "Microsoft Office 2016 15.xx and Office 2011 14.xx"

Windows

Major OS updates, e.g., macOS 10.x.0, iOS x.0

  • everything movedUsually about once/year
  • iOS: usually no security or bug fixes are provided for older versions, so you should upgrade 'as soon as possible'; usually less complex than desktop upgrades
  • macOS: incremental security fixes are still provided for previous system and browser for 1-2 years, so if there are really major changes, e.g., app incompatibility, user interface makeovers, missing features, performance issues, you could delay your upgrade -- though not indefinitely; probably better to wait than have to downgrade later
  • Generally, you could wait a week or two for ".1" version to be released to avoid major bugs, especially if there are no critical security fixes and there are significant changes, e.g., file system
  • When you are ready to upgrade:
  • Read articles here about latest version, e.g., Android, iOS, macOS, Windows, or buy Take Control e-books to find out more about what's changed, compatibility/adequacy of your hardware (to run new os) and of apps (with new os), cleanup & backup steps, new features that you might actually like to have (or old features that might be removed that you can’t live without), installation advice
  • Remove unused applications and browser add-ons -- see Erasing section
  • Check App Store for incremental or other updates to OS and apps (including Safari, iTunes for macOS); backup!
  • Check if new OS version is incompatible with any important applications you have, e.g., upgrade info, release notes, vendor sites
  • macOS: (apple) > About This Mac > System Report > Software > Applications: 64-bit(Intel) -- some 32-bit apps may still continue to work under High Sierra.
  • iOS10: Settings > About > Applications: 'these apps may slow down your iPad and will not work with iOS 11 if they are not updated'
  • For incompatible apps, consider upgrading version or finding a (free) alternative.
  • Instead of Microsoft Office 2011, which may not work with macOS 10.13 (High Sierra): HS 32-bit app incompatibility; plus, Microsoft has stopped providing support and security patches
  • offline apps: Microsoft Office 2016 -- $$; Steve's spouse upgraded to this
  • macOS/iOS iWork suite: Pages, Numbers, Keynote -- free; Steve switched to these
  • Open Office, LibreOffice, NeoOffice -- free
  • cloud-based storage & office suite (via browser): Microsoft: OneDrive: Word, Excel, PowerPoint Online -- free;
    Office 365 -- subscription; includes apps (And,iOS,Mac,Win), 1Tb OneDrive cloud storage, 60 Skype minutes/mo.
  • Google Drive: Docs, Sheets, Slides -- free
  • Apple's iCloud: iWork (Pages, Numbers, Keynote) -- free
  • Backup -- create a bootable clone (in case something seriously goes wrong); see Backup section
  • [2] Check disk permissions, repair (if necessary)
  • macOS (< 10.10): Disk Utility > Repair Permissions -- or run Maintenance (or Onyx) utility
  • [3] Restart from Recovery partition; check main disk; repair (if necessary)
  • macOS: restart w/ cmd-R > OS X Utilities > Disk Utility > Repair Disk
  • [3] Check hardware, e.g., memory
  • macOS: restart w/ D key; diagnostic runs automatically
  • [Refs:macOS:Current]: "macOS 10.13 High Sierra Now Available: When Should You Upgrade?"
  • [Refs]: "Why You Should Upgrade (On Your Own Terms)"

Replace?

  • obsoleteStrongly consider replacing your device if security/privacy problems are no longer patched in your OS version
  • usually if your computer OS is > 2 major versions behind; still ok: macOS: -1: 10.12 (Sierra), -2: 10.11 (El Capitan); Windows: -1: 8, -2: 7
  • usually if your tablet/phone OS is 1 or more major versions behind; i.e., iOS 10, Android 6
  • Your device doesn't support a newer OS -- or needs extra memory that you cannot (or do not want to) add
  • Apps you rely on are no longer provided/supported on your old OS -- and no updates are available
  • In the meanwhile, use an actively maintained browser, e.g., Firefox, Chrome -- rather than built-in browser, i.e., macOS Safari, Windows IE; and consider using the device only for casual (non-encrypted) browsing
  • [2] You could switch to a different OS, e.g., Windows <--> macOS; Android <--> iOS -- or Chromebook or Linux
  • When purchasing a new device, especially a subsidized or less expensive one, request that vendor remove pre-installed bloatware, crapware, adware
  • patchesIf you're switching between different OS (versions or vendors), check if migration tools are available for contacts, bookmarks, settings, photos, accounts, etc.
  • When donating / discarding old device -- see Erasing section
  • [Refs]: "This Chart Shows How Long iOS and Nexus Devices Get Updates"
  • [Refs]: "Interactive Comparison Charts: Laptops, Phones, Tablets"
  • [Refs:Android]: "The Real Crapware Problem Is on Android: handset makers, wireless carriers"
  • [Refs:Windows]: "The Complete Guide to Avoiding (and Removing) Windows Crapware"

Intermediate/Advanced

  • no dinner[2] Update software/firmware on other devices, e.g., router, smart TV
  • [3] Install test/beta official OS versions -- if you are a developer, bugged by a bug, can't live without a new shiny feature, or crave living on the 'bleeding edge'.
  • [3] Update web site management/blog software on your host -- after data backup, and testing in non-production environment, e.g., Content Management System (CMS), e.g., Drupal, WordPress

References

Android

Current: Android 8.0 (Oreo); 9/4/2017; 9.0 (?) -- Fall 2018

Misc.

iOS

Current: iOS 11.2; 11/2/2017; 10.0 (and earlier): no updates; 12.0: expected 'Fall 2018'?

Misc.

macOS

Current: OS X 10.13.2 12/6/2017; 10.11-10.12: expect security updates; 10.14: expected 'Fall 2018'?

Misc.

Microsoft Office

Replace, Switch

Windows

Current: Windows 10 (Fall Creators) 10/17/2017; End-of-life XP(4/2014), Vista(4/2017); 7-8: expect security updates

Misc.

Safer Internet: Offline: Encryption

Safer Internet: Offline: Encryption webadmin Tue, 01/27/2015 - 17:30

Why?

  • captain crunch decoder+ Prevent others from viewing sensitive files, notes, passwords
  • ? More difficult for law enforcement to read files or add spyware
  • ? Re-enter password to access files
  • - Time to setup (little slowdown for actual encryption/decryption these days)

Summary

Quotes

Basic

  • coffee canEncrypt entire partition or volume
  • iOS9+: automatic -- assuming strong passcode
  • macOS: System Preferences > Security & Privacy > FileVault;
    i.e., FileVault 2; not recommended: "Legacy" FileVault (version 1)
  • You'll have to re-enter password after Logout / Shutdown, or sleep timeout; if you have a very strong macOS account password, you could encrypt using that same password and have it saved in KeyChain for convenience
  • Also encrypt backup (incremental & clone) partitions/drives
  • macOS: Time Machine > Open Time Machine Preferences > (partition/disk) > Encrypt backups
  • [Refs:macOS]: "How to encrypt your Mac with FileVault 2, and why you absolutely should"
  • [Refs:macOS]: "Carbon Copy Cloner: how to create an encrypted, bootable volume using FileVault"
  • binary code upside downA few general notes about encryption strategy and strength
  • If you need to share key / password with someone else, communicate via alternate channel,
    e.g., if transferring file via email, send password via text or phone -- or in pieces
  • Backup any encryption key somewhere secure, e.g., password manager, SD box;
    if you also save recovery key in cloud (iCloud, Microsoft), you could access it, but so could government (legally or illegally)
  • For strong encryption, look for "AES-128" or "AES-256" (Advanced Encryption Standard) -- and create a strong password!
  • Avoid weak encryption, i.e., weak password (even with AES-128,-256), or older .zip format; standard .pdf or Office file
  • [Refs]: "How secure is AES against brute force attacks?"
  • disguiseEncryption will become more vulnerable over time with faster processing, better algorithms, uncovered backdoors, more invasive laws / exceptions.
  • [Refs:Govt]: "Apple, Google, and leading cryptologists urge President Obama to reject backdoors in smartphones and other devices"
  • [Refs:Govt]: "Forcing suspects to reveal phone passwords is unconstitutional, court says"
  • Files backed up to the cloud are usually encrypted automatically -- however, if provider has the password, this could be subpoenaed; if file/folder URL is shared or discovered, anyone could access file

[2] Selected Notes

  • grocery listmacOS: Keychain Access > Secure Notes
  • [Refs:macOS]: "Using Secure Notes to store secret information"
  • iOS: Notes > (share icon) > Lock Note
  • [Refs:iOS]: "How to Password Lock Notes on iPhone & iPad"

[2] Selected Files / Folders

  • "zip" utility w/ strong encryption, e.g., 7-Zip (= Keka on macOS) -- not older zip format
  • [Refs]: "How to Use 7-Zip to Encrypt Files and Folders"; "Five Best File Encryption Tools"
  • [Refs]: "Use an Encrypted Zip File to Secure Files in Dropbox"

[2] Selected Volume

  • evil plan wrenchCreate a "Disk Image" (embedded, compressed volume) -- if you don't want to encrypt entire disk (or have older Mac system)
  • macOS: Disk Utility > File > New > Blank Image > encryption, image format: sparse bundle
  • [Refs:macOS]: "How to increase Mac security with partition encryption"

References

Android

Government

Government: FBI vs. Apple

iOS

macOS

Quantum; Future

Windows

Safer Internet: Offline: Erasing Your Device

Safer Internet: Offline: Erasing Your Device webadmin Sat, 02/28/2015 - 13:48

Why?

  • pencil+ Your device is running out of space
  • + Do you want others to access your files on a donated / discarded computer, phone, printer or other device?
  • + Your files may still be accessible after normal delete -- unless encrypted, or stored on SSD (solid state drive) instead of regular (spinning) hard disk
  • + Deleted / hidden information in a file might be recoverable
  • - Different meanings for "delete/erase"
  • - Have to remember to setup or check

Quotes

[2] Erasing Apps -- and associated settings, and maybe data

  • To find out how much storage is used on your device: (esp. for apps, movies, videos, podcasts, music, photos, iOS backups)
  • iOS10: Settings > General > Storage&Cloud Usage > Storage > Manage Storage
  • iOS: Settings > General > iPad/iPhone Storage: Offload Unused Apps; iCloud Photo Library; individual apps
  • iOS: Settings > iTunes & App Store: Offload Unused Apps
  • macOS: [apple] > About This Mac > Storage > Manage
  • To remove not only an app, but also its settings, storage caches, etc.:
  • iOS: press down on app icon to enter move / delete ('jiggly') mode
  • tap "x" in upper left corner
  • popup: "Deleting (app) will also delete all of its data"
  • (press Home button to exit 'jiggly' mode)
  • To immediately delete related iCloud data:
  • iOS10: Settings > iCloud > Manage Storage > (device) > disable old app
  • iOS: Settings > (your acct) iCloud > Manage Storage > (app) > Delete Documents & Data
  • macOS: just dragging an app (from Applications folder) to Trash does not remove extra preference/library files
  • Use app's uninstaller (if one is provided) or an app removal utility, e.g., App Cleaner
  • [2] macOS: (select files/folders) > ctrl-click > Compress -- to reduce size of files you want to keep, but access infrequently; rename .zip if desired; delete originals when done
  • [3] macOS: Monolingual removes unused languages (and processor architectures) from System/Apps , e.g., just keep English yields ~2Gb
  • [3] macOS: (HD/SSD) : "Previous System" folder (if present: ~1-2Gb) can be deleted, but it can be very difficult/tricky to actually Empty Trash

Secure File Erasing

  • Even if you empty Trash / Recycle Bin, various utilities might be able to recover file content.
  • macOS: (≥ 10.10) use FileVault: erased file sectors are still encrypted -- thus unreadable; see Encryption section
  • macOS (< 10.10): Finder > Secure Empty Trash
  • Or, you can erase entire device -- next

Securely Erasing Device

  • ergonomicsSecurely erase drive before donating, discarding, recycling, selling or transferring your device; to be nice, re-install OS
  • [1] iOS: Settings > General > Reset > Erase All Content and Settings
  • [Refs:iOS]: "How to erase your iOS device and then set it up as a new device or restore it from backups"
  • [Refs]: "How Do I Securely Erase My Phone Before I Sell It?"
  • Trigger auto-erase if lost or stolen?
  • iOS: Settings > Passcode > (passcode) > Erase Data -- after 10 failed passcode attempts
  • iOS: Settings > (your acct) > iCloud > (device) > Find My iPhone/iPad -- allows you to erase remotely
  • [2] macOS: erase disk and install OS
  • You've already backed up anything you care about
  • Boot from Recovery Partition (option-R during Restart); or your bootable clone; for older macOS, boot from DVD or USB
  • Utilities: Disk Utility > (select drive) > Erase -- generally use Format: Mac OS Extended (Journaled) (for now, don't use High Sierra's APFS); for older macOS, and non-SSD, use option to Erase Free Space: 3 (or more times), if available
  • Utilities: Reinstall macOS/OS X
  • [Refs:Mac]: "Apple: How to reinstall macOS"
  • [Refs:macOS]: "Disk Utility's erase free space feature"
  • [Refs]: "HowStuffWorks: 10 Things to Do Before You Wipe Your Computer"

[2] File Redaction

  • very funny redactedSome source files (e.g., .doc, .pdf, .jpg) can retain layers / versions of info, i.e., metadata, or track changes; it might be recoverable via copy/paste or tools; just deleting it or overlaying an annotation may not be enough!
  • So, omit sensitive info from files in the first place: content as well as metadata such as Author, Organization
  • or, save edited document or selected screen area as an image
  • or, copy/paste selected (non-sensitive) info into a simpler format, i.e., one that removes any hidden info -- or use redaction tools (next)
  • Remove photo metadata; e.g., phone location via iOS: Photo Investigator
  • Redact a .pdf or source document to remove sensitive info -- using proper tools, i.e., Adobe Acrobat Pro; otherwise, simple annotations / changes can be selected, copied, revealed
  • [Refs]: "Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF" (PSA from NSA)

References

Android

iOS

macOS

Photos

Recycling

Windows

Safer Internet: Keep Your Internet Connection Private

Safer Internet: Keep Your Internet Connection Private webadmin Thu, 01/29/2015 - 14:21

Quotes

Summary

  • not privateUnderstand privacy risks: WiFi, cellular, DNS, ISP
  • Always use WPA2 for Wi-Fi networks you control; avoid DNS problems
  • Use a VPN when you're on any open or unfamiliar network
  • Use HTTPS: for web browsing (and SSL/TLS for email) when available
  • Avoid malware
  • Turn off unnecessary services, e.g., location
  • Turn on your computer's firewall

Preview: privacy / security / anonymity via encryption / indirection

  • internet fairyRecall the letter / post office analogy in Privacy, Security, Anonymity section?
  • We're mostly concerned about content (postcard vs. letter) -- encryption
  • The address (actual vs. PO Box) could be important too -- indirection
  • The following figures show the effect of encryption from various techniques
  • What's not shown: which information might be added, e.g., ads, tracking, malware
  • which information might be saved on client or servers, e.g., history, logs, caches
  • how secure your data is on their server, e.g., passwords, medical records, credit card, social security no.
  • how someone else accesses information you've 'published', e.g., email recipient, blog reader
  • no encryptionNone: {Figure 1. TCYOP-3: 44; TCYOP-2: 39; TCYOP-1: 39} -- at right
  • [1] HTTPS: for browser, SSL/TLS for email [device-to-final specific site] {Figure 6. TCYOP-3: 55; TCYOP-2: 47; TCYOP-1: 47}
  • [1] Wi-Fi (WPA2) [device-to-router]: {Figure 3. TCYOP-3: 46; TCYOP-2: 41; TCYOP-1: 41}
  • [2] VPN [device-to-intermediate server; some address] {Figure 4. TCYOP-3: 48; TCYOP-2: 43; TCYOP-1: 42}
  • [3] Tor [device-to-intermediate servers; most of address] {Figure 14. TCYOP-3: 87; TCYOP-2: 77; TCYOP-1 (Figure 13): 77}

References

  • xwd{TCYOP-3: 39-63; TCYOP-2: 35-55; TCYOP-1: 35-55; Wi-Fi connections, Cellular connections, DNS disruptions, ISP monitoring, Router monitoring, Malware, Location discovery, Quantum Computing and Encryption, Prevent Snooping}
  • Crosswords: Connection; Malware

Safer Internet: Connection: Encrypt Wi-Fi

Safer Internet: Connection: Encrypt Wi-Fi webadmin Fri, 01/30/2015 - 16:50

Why?

  • maslow hierarchy+ Protect unencrypted traffic from hackers and eavesdroppers -- at least part of the way
  • + Block unauthorized users (slowdowns, datacaps, illegal activity)
  • - Some admin setup required
  • - Provide password to your users

Quotes

Connection Problems

  • If your Wi-Fi connection seems 'stuck', first try toggling Wi-Fi connection off/on; check that expected router reconnects
  • macOS: (Wi-Fi icon) > Turn Wi-Fi Off/On
  • iOS: Settings > Wi-Fi: off/on -- note: disabling via iOS11 Control Center does not completely turn off!
  • [Refs:iOS]: "EFF: iOS 11's Misleading 'Off-ish' Setting for Bluetooth and Wi-Fi is Bad for User Security"
  • If just one app not working, e.g., browser ok, but not email, close/reopen app
  • [2] Reset/get new device IP address
  • iOS: Settings > Wi-Fi > (current network "i" icon) > Renew Lease
  • macOS: System Preferences > Network > Advanced > TCP/IP > Renew DHCP Lease
  • Reboot device
  • Turn off power to cable/DSL modem and router; turn on modem; wait ~60 seconds; turn on router; wait until Wi-Fi connection reappears
  • [3] [Refs:Mac]: "Fix Wi-Fi Problems in macOS Sierra"

Wi-Fi Encryption

  • playgroundIf you use HTTPS: for web browsing and SSL/TLS for email (and both you and server have latest security updates), much of your important traffic will already be encrypted.
  • However, this isn't always possible for all sites & situations, and there are other reasons to protect your router and connection.
  • Encrypt Wi-Fi networks you control with WPA2 (Wi-Fi Protected Access)
  • Weak/no password could create problems if neighbors use your connection (& IP address) for illicit activities or excessive downloads -- not an issue if your WiFi range does not extend outside, or for hard-wired devices (via Ethernet cable)
  • relativesWEP (Wired Equivalency Protocol) is easily cracked, barely better than no encryption
  • WPS (Wi-Fi Protected Setup) lets you use WPA without having to enter a long password; however, you may be vulnerable if you have not changed the pre-shared WPA key from the factory default setting, and PIN feature is enabled -- one reason why WPA is less secure than WPA2
  • What should you do about recent (10/16/2017) WPA2 protocol vulnerability (KRACK: Key Reinstallation Attacks)?
  • Install software upgrades for your devices -- and any firmware upgrades for your router -- as soon as they become available; ensure that your router is using WPA2 instead of WPA2/WPA or WPA; also router should be using AES rather than TKIP encryption
  • In the meanwhile, assume any Wi-Fi connection (esp. away from home) is vulnerable, and treat as an open (unencrypted) network, i.e., if you can't connect to a critical site via HTTPS:, use a VPN
  • [Refs:Wi-Fi]: "Severe flaw in WPA2 protocol ('KRACK') leaves Wi-Fi traffic open to eavesdropping"
  • [Refs:Wi-Fi]: "The Difference Between WEP, WPA, and WPA2 Wi-Fi Passwords"
  • [Refs:Wi-Fi]: "Wi-Fi Protected Setup (WPS) is Insecure: Here's Why You Should Disable It"
  • wpaNetwork figures
  • with no encryption (Wi-Fi, SSL/HTTPS): {Figure 1. TCYOP-3: 44; TCYOP-2: 39; TCYOP-1: 39}
  • with Wi-Fi encryption: {Figure 3. TCYOP-3: 46; TCYOP-2: 41; TCYOP-1: 41}
  • Netgear WPAChange encryption level to WPA2 -- not WPA or WPA2/WPA combo
  • Use AES rather than TKIP encryption (note: Netgear figure shows incorrect settings)
  • consult your router manual (download .pdf from manufacturer) to locate settings
    and local IP address, e.g., http://192.168.1.1 router is a local self-contained web server!
  • Use web browser to connect locally to router, or use manufacturer configuration app
  • Apple Airport {Figure 2. TCYOP-3: 45; TCYOP-2: 40; TCYOP-1: 40}
  • Netgear: Wireless Settings > Security Options > WPA2
  • TP-Link: Wireless (freq) > Wireless Security > WPA2 [screenshot]
  • Check encryption level from client: none?, WEP?, WPA? WPA2?
  • warningmacOS: menubar > [option-click] Wi-Fi icon: current network stats displayed; other networks: hover to display stats
  • iOS: Settings > Wi-Fi insecure connection warning (right)
  • iOS9: there doesn't appear to be a built-in way to see security details of any routers, whether connected or not
  • Android, macOS, Windows: How to Check WiFi Security Encryption Type 1/24/2014
  • die tombstoneDon't connect automatically to open (insecure) Wi-Fi networks -- unless using a VPN.
  • By default, macOS & iOS connect automatically only to "known" networks, i.e., open or password-protected networks that you've connected to before
  • Automatic connections might occur in older systems or on other platforms?
  • For a new, unknown network, you can be prompted to join it, or to select it manually. it won't connect automatically
  • macOS: System Preferences > Network > Wi-Fi > Ask to Join New Networks : "on" (prompt you when a new network is avail) or "off" (you'll select manually)
  • high altitude dolomitesiOS: Settings > Wi-Fi > Ask to Join Networks (same as macOS)
  • iOS: Settings > Wi-Fi > (select network > 'i' > Auto-Join -- customize for individual networks
  • iOS: If a friend's iOS 11 device tries to connect to your Wi-Fi network, you’ll receive a prompt that lets you send over the password by tapping Send Password
  • To remove a network from the list of automatically connecting "known" networks (that you've connected to previously)
  • macOS: System Preferences > Network > Wi-Fi > Advanced > W-Fi > (select network) > "-"
  • iOS: Settings > Wi-Fi > "i" (for network) > Forget This Network
  • [2] To make your network freely available to others, e.g., during a disaster, setup a separate guest network (with no password), rather than disabling security on your regular network [screenshot]
  • [Refs:Wi-Fi]: "How (and Why) to Safely Open Your Wi-Fi Network During a Disaster"
  • keep calm[2] Consider using a Virtual Private Network (VPN) (covered in next section) if
  • no password; in a public area, attacker might provide access point, e.g., "Free WiFi"; or greedy ISP might inject ads
  • weak password: WEP, WPS
  • widely known password, e.g., coffee shop
  • [Refs:Wi-Fi]: "The Dangers of Unsecured Wifi Hotspots"
  • [Refs:Wi-Fi]: "Big Vulnerability in Hotel Wi-Fi Router Puts Guests at Risk"
  • If you setup your smartphone to share its data connection via Wi-Fi (aka 'Personal Hotspot' or 'tethering'), be sure to set a password for security and to avoid others using your data allocation.
  • iOS: Settings > Personal Hotspot (if Cellular Data on) > On (Wi-Fi,Bluetooth,USB); Wi-Fi Password: ???

Router Password, Updates

  • p-a-s-s-w-o-r-d routerSet a strong admin password -- this is for router itself, different from the Wi-Fi password you use or supply to guests
  • if required to be short, also change admin user name
  • Netgear: Maintenance > Set Password
  • TP-Link: System Tools > Password [screenshot]
  • xkcd[2] Check if an update (usually infrequent) is available for your router's firmware (i.e., low-level software), automatically upon login, or manually.
  • Netgear: Maintenance > Router Upgrade
  • TP-Link: System Tools > Firmware Upgrade [screenshot]
  • If you rent a router from your ISP, check with them about updates.

[2] Router/Device DNS

  • Netgear DNSChange DNS (Domain Name System) name servers; e.g., Netgear (right)
  • free: OpenDNS; Google Public DNS; Recursive DNS
  • benefits: speed; security; non-existent domains (ad redirection)
  • Netgear: Basic Settings > DNS Address
  • TP-Link: DHCP > DHCP Settings [screenshot]; Network > WAN [screenshot]
  • If you have no router (or it's someone else's), you can change DNS directly on device via "Network > DNS settings"
  • config atomiOS: Settings > WiFi > (network: "i") > Configure DNS
  • macOS: System Preferences > Network > Advanced > DNS > DNS Servers
  • macOS: If possible, create separate network profile, e.g., Home, Travel?
  • [Refs:DNS]: "7 Reasons to Use a Third-Party DNS Service"; "Pharming Attack Targets Home Router DNS Settings"
  • kindergarten[3] Encrypt DNS lookups -- either via VPN or via a utility, e.g., DNS Crypt
  • benefits: privacy; security (spoofing and man-in-the-middle (MiTM) attacks)
  • e.g., DNS Crypt from OpenDNS (now Cisco): article, download free for macOS, Win, Unix and rooted/jailbroken Android, iOS devices
  • macOS: [menubar] > "DNSCrypt"

[3] Advanced

  • Netgear remoteDisable remote administration -- hopefully it was already off by default
  • Netgear: Advanced > Remote Management
  • TP-Link: Security > Remote Management [screenshot]
  • If you change many admin settings, consider making a backup.
  • Netgear: Maintenance > Backup Settings
  • TP-Link: System Tools > Backup & Restore
  • On some devices, e.g., iPhone, iPad*, you can lock your SIM card so that cellular data can't be used without entering a PIN -- whenever you swap SIM cards or restart. To enable, disable or change your SIM PIN:
  • iPhone: Settings > Phone > SIM PIN
  • iPad: Settings > Cellular Data > SIM PIN (*Wi-Fi + Cellular models)

References

Android

DNS, IP Addresses

iOS

macOS

Modem, Router

Wi-Fi

Windows

Safer Internet: Connection: Use a VPN

Safer Internet: Connection: Use a VPN webadmin Sat, 01/31/2015 - 15:12

Why?

  • proxy+ Provide more encryption to protect data when no encryption (SSL or Wi-Fi), especially when travelling
  • + Provide some additional privacy and anonymity; other possible reasons below
  • - Difficult to choose between a few good and many mediocre/bad services; questionable reviews
  • - Setup; may not work with certain networks
  • - Performance
  • - Cost

[2] Intermediate

  • tunnelUse a Virtual Private Network (VPN) to connect to the Internet when you're on an open, insecure or unfamiliar network
  • e.g., cellular and (non-WPA) Wi-Fi networks when travelling or telecommuting
  • e.g., non-secure (http:) sites, e.g., to minimize ad injection, MITM (man-in-the-middle) attacks
  • Suggestion: initially, try a free, limited service, e.g., Hotspot Shield or Opera browser; later, upgrade to a paid service
  • How much of connection is encrypted? {Figure 4. TCYOP-3: 48; TCYOP-2: 43; TCYOP-1: 42}
  • [Refs:Products]: "Five Best VPN Service Providers"
  • [Refs:Govt]"China Cracks Down On VPN Services After Censorship System 'Upgrade'"
  • tunnel[Witopia]: Why do I need a personal VPN?
  • You desire extra security from online bad guys and identity thieves
  • You don't want your Internet Service Provider, or owner of a network you're connecting through, to log, monitor, and/or control what you do online
  • You want to hide your IP address so you can protect your identity and location
  • You don't want search engines, such as Google, Yahoo, AOL, and Bing recording and storing every Internet search you perform -- potentially forever
  • You use Wi-Fi Hotspots
  • You have a company-issued VPN but don't wish to use it for personal business
  • You use the Internet at hotels or other shared hospitality or public networks
  • You live in, or are visiting, a country that blocks Skype, Facebook, Twitter, or other Internet services
  • You live in, or are visiting, a country that engages in Internet censorship or monitoring of content
  • You wish to encrypt your VoIP traffic
  • You want to use a service or application that is geographically restricted by IP address
  • You simply desire extra privacy and security and want to round out your firewall and anti-virus protection for a complete security solution
  • great firewall of chinaConsiderations:
  • price
  • performance -- it can be (much) slower
  • company experience, longevity, privacy policy, trustworthiness
  • anonymity decreased by server logs?
  • network reliability, availability
  • bandwidth/transfer limits
  • configuration ease & support
  • Joe's current recommendations {TCYOP-3: 49-50} (all platforms, unless otherwise noted)
  • Free, specific browser, e.g., Opera; Mac, Win
  • Free, ad-supported, usage caps, e.g., Hotspot Shield; privacy risk?
  • [Refs:Govt]: "FTC must scrutinize Hotspot Shield over alleged traffic interception"
  • Paid subscriptions:
  • Cloak; Mac, iOS, Android
  • Disconnect Premium; browser only? includes other privacy and security features
  • IVPN
  • NordVPN; also routes your connections through Tor
  • Private Internet Access (PIA)
  • WiTopia* ('myPersonalVPN') *if you decide to subscribe to Witopia, please use this referral link (or code: Q8Hg3YRM) -- you'd receive an immediate 15% discount, and Steve receives a similar credit!
  • hooraye.g., WiTopia configuration: all platforms
  • [1] macOS, Win; "WiTopia's super-advanced VPN client software. We may have actually made encryption fun."
  • macOS: WiTopia > Quick Connect [screenshot: menu]; [screenshot: app]
  • [2] more custom setup required: Android; iOS; Linux; Witopia: "Android and iOS apps coming this year"; 4/12/2015 ?
  • iOS: Settings > General > VPN > (select configuration) [screenshot]
  • iOS: Settings > General > Add VPN Configuration {Figure 5. TCYOP-3: 51; TCYOP-2: 44; TCYOP-1: 44}
  • note: once any VPN configuration has been added, Settings > VPN shortcut appears
  • comparison of protocols; setup: IPsec; L2TP; IKEv2; [3] OpenVPN/OpenSSL most secure/customizable; [3] PPTP older, not recommended

[3] Advanced

References

Android

Government

iOS

macOS

Products / Reviews

Video

Windows

Safer Internet: Connection: Avoid Malware

Safer Internet: Connection: Avoid Malware webadmin Thu, 01/29/2015 - 15:17

Why?

  • upgrade+ Malware can compromise online identities and accounts.
  • + Malware can access, compromise local files.
  • - Requires "be-aware" and software -- paying attention and updating system, apps and AntiVirus tools (if applicable)

Quotes

Types

  • heebie jeebies hissyViruses Wreak Havoc On Your Files
  • Spyware Steals Your Information
  • Scareware Holds Your PC for Ransom
  • Trojan Horses Install a Backdoor
  • Worms Infect Through the Network
  • There's often overlap

User

  • attachmentPay attention -- most malware requires active user involvement
  • Don't click on links or open attachments in an unexpected email from "friends", "boss", "family"
  • Don't click on links in popups, or unknown links in web pages, esp. ads
  • Do not respond to popups that "hijack" your browser, esp. those that "found malware" or download unexpected 'Flash updates' -- just quit browser (see Block Ads section if you can't close/quit); reputable companies do not use such annoying / scare tactics
  • remote access virus[Refs]: "Most Cyberattacks Are Phishing Related, Not Sophisticated Technical Attacks";
    "Hygiene, Honeypots, Espionage: 3 Approaches To Defying Hackers"
  • [Refs:macOS]: "Scary Internet Scam Becoming Disturbingly Common -- browser hijacking: pop-ups, tech support / FBI; spyware, ransomware"

Apps / Web Sites

  • star trekInstall & update your software -- system and applications -- by downloading only from vendor's app store (if screened), app's own Update preference or control panel, other reputable sites -- see Offline Data: Software Updates
  • macOS: App Store
  • iOS: App Store
  • macOS: System Preferences > Security & Privacy > General > Allow Apps Downloaded From: [screenshot]
  • [1] Mac App Store
  • [2] Mac App Store and Identified Developers
  • [3] Anywhere -- note: option hidden by default in 10.12
  • bat tool[2] To open an "unidentified" app that you're sure about:
  • macOS: Applications > (ctrl-click app) > Open > Open
  • iOS: use the TestFlight app to accept expected invitations from known developers
  • Use browser Bookmarks / Favorites or a password manager to access web sites -- see later section: Browsing: Go To Correct Site
  • double agentEnable phishing/malware/plugin warnings
  • macOS: Safari > Preferences > Security > Fraudulent sites; Internet plug-ins [screenshot]
  • macOS: Firefox > Preferences > Security > Block reported attack sites / web forgeries / add-ons
  • macOS: Chrome > Settings > Advanced Settings > Privacy > Protect you and your device from dangerous sites
  • iOS: Settings > Safari > Privacy & Security > Fraudulent Website Warning [screenshot]
  • [2] Don't automatically open downloaded files (check file types)
  • macOS: Safari > Preferences > General > Open "safe" files after downloading [screenshot]

Anti-Virus (AV)

  • bleachInstall & maintain antivirus software on your device, if applicable & desired
  • Be careful where you obtain malware protection software -- some may be malware / adware itself -- especially if obtained via ad links, popups, pop-under windows
  • Having AV installed is no excuse to be careless
  • iOS: unnecessary
  • macOS: optional -- to avoid distributing infected files to others, e.g., Windows friends, or if still using external portable media from unknown sources: USB drives, CD/DVD, floppies, etc.
  • virus definitions may not include newest threats; scanning may slow down, interfere with system
  • examples: Avast; Avira; ClamXav; Comodo; Sophos
  • note: if you're running Windows on macOS (using Boot Camp, or virtualization software like VMware Fusion or Parallels Desktop), you should absolutely run Windows anti-malware software -- Mac anti-malware won't help
  • bacteriumIf you must use others' devices to access your accounts, make sure they're well-protected (antivirus) and maintained (software updates) -- see Mobile Privacy section, esp. to avoid keyloggers or other spyware
  • [Refs]: "San Francisco techies are hiring this Wiccan witch to protect their computers from viruses and offices from evil spirits"
  • [Refs:AV]: "AVG Proudly Announces It Will Sell Your Browsing History to Online Advertisers"; "Gadgets Bring New Opportunities for Hackers"
  • [Refs:Ransom]: "For PC Virus Victims, Pay or Else" (ransomware)

[2] Manage / Minimize Plugins, Extensions, Add-ons

  • macOS: Safari > Preferences > Security > Allow plugins [screenshot]; [screenshot: Plug-in Settings]
  • macOS: Firefox > Preferences > Applications
  • macOS: Firefox > Preferences > Security > Warn me when sites try to install add-ons
  • macOS: Chrome > Preferences > Advanced Settings > Privacy > Content Settings > Plugins; also Unsandboxed Plugins
  • shell phone pluginsConsider disabling problematic, obsolete, infrequently-used plugins
  • some sites, e.g., YouTube, default to HTML5 for video if Flash not present; Java less popular
  • iOS: unnecessary -- since Flash and Java are not allowed
  • configure to selectively load a plug-in if desired, or re-install if needed
  • remove obsolete plugins, e.g., Microsoft Silverlight
  • macOS: Finder > (disk/user) > Library > Internet Plugins
  • [Refs:Flash]: "Adobe Flash will die by 2020, Adobe and browser makers say"
  • [Refs:Plug-ins]: "How I ditched the security risks and lived without Java, Reader, and Flash";
    "Cybercriminals target Silverlight browser plug-in users with new exploit kit"

[2] Flash: Update, Block or Uninstall

  • flasheriOS: NA
  • macOS: I generally recommend uninstalling Flash from system; if necessary to use for some Flash-based sites, selectively use Google Chrome, which keeps Flash up-to-date automatically, provides "sandboxing", and also auto-pauses certain videos / ads
  • macOS: Chrome > chrome://plugins > Enable, Always Allow to Run maybe possible to run on-demand selectively via ctrl-click?
  • example (crossword): USA Today
  • If you do need to use Flash more frequently / conveniently, make sure it's always up to date and control using a flash blocker
  • macOS: System Preferences > Flash Player > Advanced > Updates
  • macOS: System Preferences > Flash Player > Storage > Delete All
  • macOS: Safari > Preferences > Extensions > Get Extensions : ClickToFlash
  • macOS: Safari (ctrl-click) > ClickToFlash Preferences
  • macOS should automatically disable insecure versions, and display message: 'Blocked plug-in', 'Flash Security Alert' or 'Flash out-of-date'
  • [Refs:Flash]: "It's time to uninstall Adobe's Flash from your Mac - here's how"
  • [Refs:Flash]: "Firefox Now Blocks Flash By Default"
  • [Refs:Flash]: "Super (Flash) Cookies Lurk in Your Browser"

[2] Java: Update, Block or Uninstall

  • flasheriOS: NA
  • macOS: System Preferences > Java > Update [screenshot]
  • macOS: System Preferences > Java > Security > Security Level
  • macOS: Safari > Preferences > Security > Allow Plugins > Website Settings : Java : Ask [screenshot]
  • notice if installer wants to install anything else or change settings by default, e.g., Yahoo homepage, search engine -- uncheck anything you don't want!
  • examples (crosswords): NYT via Seattle Times
  • [Refs:Java]: "Do you need to uninstall Java to be safe from its vulnerabilities?"

[3] Advanced

  • posterDon't "jail break" or "root" your device, i.e., don't install unofficial or pirated system/application software -- or visit "warez" or "dark" sites
  • JavaScript: on
  • JavaScript (not the same as 'Java') is essential for most modern sites; most browsers don't provide an option to disable
  • macOS: Safari > Preferences > Security > Enable JavaScript
  • You can generally remove tracking scripts by using a Content/Ad Blocker -- see Block Ads section
  • WebGL: on
  • WebGL (Web Graphics Library) JavaScript-based graphics using GPU
  • macOS: Safari > Preferences > Security > Allow WebGL
  • If administering your own website, check system log for suspicious activity, e.g., logins to non-existent or unauthorized accounts, unexpected accesses to admin pages or to non-existent modules / pages; add suspicious IP addresses to a blacklist

References