Internet Security 101
, _/(( _.---. .' `\ .' ` ^ = / \ .--' | / )'-. ; , <__..-( '-.) \ \-.__) ``--._) '.'-.__.-. '-...-' Hello I am the CryptoParty Cat, Id like to teach you some basic of Internet Security.
The CryptoPartyHandbook is a great place to start. Don't let the length put you off, you don't need to read the whole thing. This page will just give a quick summary of various tools and tips.
Browse anonymously using Tor
It is important to understand the limitations of Tor. It keeps your location obscured, but won't stop you from posting to your twitter account under your real name. The biggest danger with Tor is that exit nodes can eavesdrop on communications. Using https will protect you from this, so keep an eye out for sites that use it, and sites that don't. Spot the difference in these two images: https (secure) versus http only (insecure).
_._ _,-'""`-._ (,-.`._,'( |\`-/| `-.-' \ )-`( , o o) -bf- `- \`_`"'- DNS is the achilles heel of Internet Security.. DNS traffic is sent unencrypted by default to your ISP and is easily logged.
- dnscurve.org - DNSCurve encrypts all DNS packets. It's still being developed and is likely not userfriendly YET.
- dnscrypt.org- DNScrypt authenticates and encrypts communications between a client and a DNS resolver. User interfaces are available for using it with OpenDNS servers.
I recommend everybody install DNScrypt... it shouldn't cause any problems and is easily disabled.
Browsing online with additional privacy
/;) (;( A,=,A ,;;;;, );) /;6;6;\/;;;;;;\/;/ =\;;t;;/=;;;;/;;;/ `==;;;;;""|;;;/ ||;| \\;\ jgs ((;;| ((;;\ ``"` ``"`
If you visit a page starting with http:// (and not https://), the connection is not encrypted and is Fair-Game for anybody with the means to record your traffic. When using a public wifi connection at a cafe and you access Twitter or Facebook using http, your traffic is broadcast publicly and your session can be hijacked.
HTTPS stops this.
- https://www.eff.org/https-everywhere/ - This extension for firefox/chrome defaults many of the major websites to **https** by default. The list of websites included in this extension grows with each release and helps protect your privacy easily with no noticeable difference to your browsing habits.
Stop Websites Tracking You
Many websites can track you as you browse the internet via the sharing buttons that are included on some pages and sites. Facebook is the most prolific, tracking you if you have logged out of Facebook or if you are not even a member of Facebook! Google adsense and analytics could also be used to track your presence on the internet. This information can be and has been subpoenaed by governments. Protect yourself by installing the following browser extensions.
Do Not Track Plus
Ad companies and social networks are tracking everything you do on the web. They know what sites you visit, when you visit them and how often you do...and they know who you are. DNT+ blocks the tracking so you can browse freely and safely.
Ghostery is your window into the invisible web – tags, web bugs, pixels and beacons that are included on web pages in order to get an idea of your online behavior. Ghostery tracks over 1,000 trackers and gives you a roll-call of the ad networks, behavioral data providers, web publishers, and other companies interested in your activity.
Advertisers and other third parties track, clutter, and slow down your web browsing. Disconnect makes the web your business not theirs
Local shared objects (LSOs), commonly called flash cookies (due to their similarities with HTTP cookies), are pieces of data that websites which use Adobe Flash may store on a user's computer. Local shared objects are used by all versions of Adobe Flash Player and version 6 and above of Macromedia's now-obsolete Flash Player. While websites may use local shared objects for purposes such as storing user preferences, there have been privacy concerns regarding local shared objects, and they may be considered a breach of browser security.
These extensions will remove LSOs for you.
Hardening Web Browsers
Mobile Phone Security (Android)
Everybody has a mobile and it's almost impossible to live without one.. but it's a very common 'joke' that cell phones are tracking devices that make phone calls. What can you do to secure your phone?
- TextSecure Beta by Thoughtcrime Labs - TextSecure is a security enhanced text messaging application that serves as a full replacement for the default SMS app. All text messages are stored in an encrypted database on the device so if your phone is lost or stolen, your messages will be safe. while offering the additional bonus of all communication with other TextSecure users being encrypted during transmission and can't be monitored over the air.
- Cats taken from https://user.xmission.com/~emailbox/ascii_cats.htm