Showing revision #63ab0a53 of page basic_security


/f/freeasinfreedom's Guide to Basic Computer Security

Introduction

Welcome, comrade.

You've taken your first step towards being a digital ghost, immune to the powers of the tyrannical government of your choice, the evil corporation of your choice, and the exploitative bourgeoisie as a whole. The secret to not having your privacy invaded while on-line is this:

  • Stop using the internet

  • Stop using computers

Unfortunately, no system is fully secure, and that should be the first thing you learn here. Almost every program has it's bugs, and no program, service, or system should ever be trusted as perfect.

This is all to remind you to be sceptical of any system's claims. The less they admit their own faults and limitations is probably the less secure they actually are.

That being said, the rest of this guide will teach you how to minimize the number of possible holes in your system. This could go into more detail about things like how to design threat models, but the intention is to create something that most people can pick up and use.


Digital Security

Digital security here refers to things that matter while actively using a computer.

General Pointers

  • Keep your software as up-to-date as possible. This is critical because vulnerabilities in older versions of software have more time to be discovered and exploited. Many tools used by the NSA and CIA only work for older versions of Linux.

  • Use free software whenever possible. Free software does not mean free as in free beer, but free as in free speech (see the GNU project's definition for more details). Free software generally ensures that the software isn't doing anything you don't want it to do, as you have access to the source code to verify what it's doing. It also means the person or group that maintains the software can't get you in trouble for using it in a way they don't like.

  • Download software only from trusted sources, like your OS's package manager, trusted 3-rd party repositories (like RPMFusion), F-Droid, or the website of the developer. If you don't use a package manager, verify the download using it's PGP key, if the developer provides one. A guide on how to do this on Linux can be found here. If you're using Windows or macOS, you're wasting your time verifying your downloads.

Internet Browsing

Tor Browser

The Tor Browser the simplest way to access the Tor Network, which is a feat of computer science and a massive community undertaking. While the entirety of the network is too complex to explain here, it basically functions by encrypting your internet traffic, sending it to an entrance node, and routing it through several servers, each stripping off one layer of encryption, until it reaches an exit node, where it is sent to the server you actually wanted to contact. This way, no server has access to both the sender or receiver of the information and the actual content that it's sending or receiving. It's generally trusted as the best way to anonymize your network traffic.

You can download it here. Make sure to verify the signature using the guide above in general tips.

Tor is not perfect, however. At the exit node, the last of the Tor encryption is stripped off, so anything unencrypted can be read by the exit node or any servers it passes through before returning to Tor. Making sure that your traffic is encrypted by other means, specifically using websites that support https:// instead of http://, add another layer of protection. A more complete understanding of vulnerabilities can be found here.


Source code

Introduction
==========


Welcome, comrade.

You've taken your first step towards being a digital ghost, immune to the powers of the tyrannical government of your choice, the evil corporation of your choice, and the exploitative bourgeoisie as a whole. The secret to not having your privacy invaded while on-line is this: 

* Stop using the internet

* Stop using computers

Unfortunately, no system is fully secure, and that should be the first thing you learn here. Almost every program has it's bugs, and no program, service, or system should ever be trusted as perfect.

This is all to remind you to be sceptical of any system's claims. The less they admit their own faults and limitations is probably the less secure they actually are. 

That being said, the rest of this guide will teach you how to minimize the number of possible holes in your system. This could go into more detail about things like how to design threat models, but the intention is to create something that most people can pick up and use. 

************

Digital Security
============

Digital security here refers to things that matter while actively using a computer. 

## General Pointers

* Keep your software as up-to-date as possible. This is critical because vulnerabilities in older versions of software have more time to be discovered and exploited. Many tools used by the NSA and CIA only work for older versions of Linux.

* Use free software whenever possible. Free software does not mean free as in free  beer, but free as in free speech (see the [GNU project's definition](https://www.gnu.org/philosophy/free-sw.html) for more details). Free software generally ensures that the software isn't doing anything you don't want it to do, as you have access to the source code to verify what it's doing. It also means the person or group that maintains the software can't get you in trouble for using it in a way they don't like.

* Download software only from trusted sources, like your OS's package manager, trusted 3-rd party repositories (like RPMFusion), F-Droid, or the website of the developer. If you don't use a package manager, verify the download using it's PGP key, if the developer provides one. A guide on how to do this on Linux can be found [here](https://www.linuxbabe.com/security/verify-pgp-signature-software-downloads-linux). If you're using Windows or macOS, you're wasting your time verifying your downloads.

## Internet Browsing

__Tor Browser__

The Tor Browser the simplest way to access the Tor Network, which is a feat of computer science and a massive community undertaking. While the entirety of the network is too complex to explain here, it basically functions by encrypting your internet traffic, sending it to an entrance node, and routing it through several servers, each stripping off one layer of encryption, until it reaches an exit node, where it is sent to the server you actually wanted to contact. This way, no server has access to both the sender or receiver of the information and the actual content that it's sending or receiving. It's generally trusted as the best way to anonymize your network traffic. 

You can download it [here](https://www.torproject.org/projects/torbrowser.html.en). Make sure to verify the signature using the guide above in general tips.

Tor is not perfect, however. At the exit node, the last of the Tor encryption is stripped off, so anything unencrypted can be read by the exit node or any servers it passes through before returning to Tor. Making sure that your traffic is encrypted by other means, specifically using websites that support https:// instead of http://, add another layer of protection. A more complete understanding of vulnerabilities can be found [here](https://www.torproject.org/docs/faq.html.en#AmITotallyAnonymous).