Extra Security Measures

[SilkSkull]

Besides the usual passwords and 2FA, what are the extra security measures you take when online or even just with your offline data/hardware?

Personally I am a little bit nuts when it comes to security, this is my current list of software and techniques:

• First I use KeePassXC to use a different password for everything and generate secure and long passwords
• Of course with a program to remember passwords for me I've done away with my fingerprints everywhere except opening my phone (Just for speed's sake
• When file or text encryption is needed I use Gpg4Win for generating and using PGP keys, as well as verifying messages and downloads
• I'm currently in the process of setting up a hardware key for my main PC as well as a backup incase I manage to lose the hardware key

That's my list (At least until I add or remember more :P)

[shevek]

I use separate email addresses for separate purposes or sites

[BlazingCobaltX]

I've recently adapted the 3-2-1 rule for our family back-ups: Three external hard drives, two different types of media, one copy off-site. Though I realise I may have missed the 2 different types of media step...

[Guest]

I use Bitwarden for passwords, and I pay for their premium plan (which is actually quite cheap) because it gives me neat security reports that are pretty useful! I also try to use 2FA whenever possible, although it's a pain in the ass to be honest and it's gotten me locked out of accounts before that I'm still trying to get back into.

[SilkSkull]

I've recently adapted the 3-2-1 rule for our family back-ups: Three external hard drives, two different types of media, one copy off-site. Though I realise I may have missed the 2 different types of media step...

That is a good idea but it can be very easy to lose track of steps xD

I use separate email addresses for separate purposes or sites

That's something I gotta get around to doing, especially since I already use about 6 emails 

I use Bitwarden for passwords, and I pay for their premium plan (which is actually quite cheap) because it gives me neat security reports that are pretty useful! I also try to use 2FA whenever possible, although it's a pain in the ass to be honest and it's gotten me locked out of accounts before that I'm still trying to get back into.

I might give bitwarden a try, I have been meaning to for quite some time now. Also a good app for making 2FA easier and more secure is FreeOTP+

[j]

Quote from: shevek on Today at 08:02:47 am

    I use separate email addresses for separate purposes or sites


That's something I gotta get around to doing, especially since I already use about 6 emails 

this doesn't have to be a huge hassle! a lot of domain providers also offer customers the option to set up full-blown mailboxes as well as forwarding email address. some will let you edit the DNS records for your domain, too.

this means that you don't have to setup an individual inbox for each service or site you use; you can create one central inbox, then have a bunch of addresses for different sites that forward to your one inbox.
for instance: i use melonland@sbcv.co.uk for emails from melonland, but that forwards to some other vague inbox that i'm not going to list here, meaning that i only have to login to one inbox for everything!

---

aside from that, here's some of the security / privacy steps i take:

- do everything on paper.
  this is true for everything from writing fiction to writing code.
  i write stuff on paper, then if i want to translate things to digital format, i can.
  it gives me the space to think about whether making something digital is /really/ a good idea,
  because digital media is often recoverable, even if you're offline.
  a lot - if not all - CPUs are proprietary, so i can never know if some commands are running in the
  background to discreetly connect to the internet and work some spyware.
  similarly, erasing data from anything digital is notoriously difficult.
  you can delete stuff, sure, but data can remain on a hard drive after erasure.
  it would take writing block zeros to a disk to fully wipe a disk (afaik), which can take days depending
  on the size of the device.
  similarly, RAM can be processed (so data you have in your applications, like the text in my browser
  as i'm writing this) in a similar way, via a cold boot attack.

  where i can, i hand-deliver letters instead of emails, talk to people away from devices and
  entertain myself without computerized technology.
- i don't use a vpn.
  loads of arguments for and against vpns that i won't peddle.
  my threat model doesn't need one; there's no guarantee (even if you're relying on auditing which is
  just fancy word-of-mouth!) that the data you send to a VPN server isn't being logged somewhere and
  used.
  the /only/ guarantee of a working VPN in my opinion is one you self-host, which is pretty useless
  unless you have a lot of friends that connect to it, otherwise you're just shifting your requests
  from one device to another.
  even if you adopted this approach: how can your friends trust you?!
- my operating system boots entirely into ram!
  everything is kept on a usb which i boot off of.
  then, all the package files and dependencies are kept on a separate usb stick so i can install them
  on-demand in my terminal.
  this makes booting my computer /insanely/ fast; prevents disks from dying quickly and keeps me safe
  (there's no hard-drive i need to write zeros to!)
  as for digital files... i write them on paper / print them when i can!
- i avoid encryption.
  i would /love/ a world where asymmetric encryption was the default for the messages we send.
  unfortunately, i believe that encryption is counter-intuitive to my threat model.
  some third party spying on me is going to be less suspicious of me if i blend in as an average internet
  user (which is why i try to stay away from the net!) than if i were to encrypt things.

anyway, that's very much in alignment with /my/ threat model. if security is your biggest concern: go off of the devices you use!

[SilkSkull]

this doesn't have to be a huge hassle! a lot of domain providers also offer customers the option to set up full-blown mailboxes as well as forwarding email address. some will let you edit the DNS records for your domain, too.

this means that you don't have to setup an individual inbox for each service or site you use; you can create one central inbox, then have a bunch of addresses for different sites that forward to your one inbox.
for instance: i use melonland@sbcv.co.uk for emails from melonland, but that forwards to some other vague inbox that i'm not going to list here, meaning that i only have to login to one inbox for everything!

---

aside from that, here's some of the security / privacy steps i take:

- do everything on paper.
  this is true for everything from writing fiction to writing code.
  i write stuff on paper, then if i want to translate things to digital format, i can.
  it gives me the space to think about whether making something digital is /really/ a good idea,
  because digital media is often recoverable, even if you're offline.
  a lot - if not all - CPUs are proprietary, so i can never know if some commands are running in the
  background to discreetly connect to the internet and work some spyware.
  similarly, erasing data from anything digital is notoriously difficult.
  you can delete stuff, sure, but data can remain on a hard drive after erasure.
  it would take writing block zeros to a disk to fully wipe a disk (afaik), which can take days depending
  on the size of the device.
  similarly, RAM can be processed (so data you have in your applications, like the text in my browser
  as i'm writing this) in a similar way, via a cold boot attack.

  where i can, i hand-deliver letters instead of emails, talk to people away from devices and
  entertain myself without computerized technology.
- i don't use a vpn.
  loads of arguments for and against vpns that i won't peddle.
  my threat model doesn't need one; there's no guarantee (even if you're relying on auditing which is
  just fancy word-of-mouth!) that the data you send to a VPN server isn't being logged somewhere and
  used.
  the /only/ guarantee of a working VPN in my opinion is one you self-host, which is pretty useless
  unless you have a lot of friends that connect to it, otherwise you're just shifting your requests
  from one device to another.
  even if you adopted this approach: how can your friends trust you?!
- my operating system boots entirely into ram!
  everything is kept on a usb which i boot off of.
  then, all the package files and dependencies are kept on a separate usb stick so i can install them
  on-demand in my terminal.
  this makes booting my computer /insanely/ fast; prevents disks from dying quickly and keeps me safe
  (there's no hard-drive i need to write zeros to!)
  as for digital files... i write them on paper / print them when i can!
- i avoid encryption.
  i would /love/ a world where asymmetric encryption was the default for the messages we send.
  unfortunately, i believe that encryption is counter-intuitive to my threat model.
  some third party spying on me is going to be less suspicious of me if i blend in as an average internet
  user (which is why i try to stay away from the net!) than if i were to encrypt things.

anyway, that's very much in alignment with /my/ threat model. if security is your biggest concern: go off of the devices you use!

I'm surprised it took this many posts to mention threat models, this can create very different security needs and I'm glad to hear a different type of security because of your threat model. I also love and need to look into the idea of using multiple emails and using forwarding!

[ThunderPerfectWitchcraft]

-Using nearly exclusively Open Source Software
-Updating regularly
-Full disk encryption
-Using an adblocker/NoScript
-Using long, complicated passwords.

[Melooon]

Occasionally people will send me obscure zip files; I do sometimes take some extra precautions when opening such zips!

I download them in an isolated virtual machine running linux; and sometimes I will run ClamAV on them to check that nothing is amiss.

So far they have all turned out to be very nice collections of textures and gifs to add to my sites

[Cobra!]

I use Librewolf as my browser, which is a fork of Firefox that removes the sneaky telemetry it has.

I use Mullvad VPN, which can’t identify you because your account is literally just a number. No email addresses or any personal information is stored as far as I know! It’s also good enough to fool pretty much everything that tries to tell you where you are, so that’s neat!

I also use add-ons like Chameleon to spoof my profile that gets sent to websites.

I should look into getting a physical address book so I can store any numbers that way instead of storing my contacts on an Android.

[SilkSkull]

-Using nearly exclusively Open Source Software
-Updating regularly
-Full disk encryption
-Using an adblocker/NoScript
-Using long, complicated passwords.

These are really good tips especially for people not wanting to have to go down the route of a lot of extra software!

Occasionally people will send me obscure zip files; I do sometimes take some extra precautions when opening such zips!

I download them in an isolated virtual machine running linux; and sometimes I will run ClamAV on them to check that nothing is amiss.

So far they have all turned out to be very nice collections of textures and gifs to add to my sites

That is a really good idea for any potentially weird file, it's also so weird to me to imagine receiving random zip files of gifs xD

I use Librewolf as my browser, which is a fork of Firefox that removes the sneaky telemetry it has.

I use Mullvad VPN, which can’t identify you because your account is literally just a number. No email addresses or any personal information is stored as far as I know! It’s also good enough to fool pretty much everything that tries to tell you where you are, so that’s neat!

I also use add-ons like Chameleon to spoof my profile that gets sent to websites.

I should look into getting a physical address book so I can store any numbers that way instead of storing my contacts on an Android.

I gotta try that add on! I also recommend checking your local drug store or pharmacy for address books!