Showing revision #c3dbb6ea of page basic_security
/f/freeasinfreedom's Guide to Basic Computer Security
-
Introduction
-
Never Assume You Are Safe
-
Know That Anything You Do Might Be Vulnerable
-
Given Enough Time, Resources, and People, Any System Can Be Cracked
-
Digital Security
-
General Pointers
-
Internet Browsing
-
Mobile Security
Introduction¶
Welcome,
You've taken your first step towards being a digital ghost, immune to
the powers of the tyrannical government of your choice, the evil
corporation of your choice, and the exploitative bourgeoisie as a whole.
The secret to not having your privacy invaded while on-line is this:
-
Stop using the internet
-
Stop using computers
Unfortunately, no system is fully secure, and that should be the first
thing you learn here. Almost every program has its bugs, and no
program, service, or system should ever be trusted as perfect.
This is all to remind you to be sceptical of any system's claims. The
less they admit their own faults and limitations is probably the less
secure they actually are.
Never Assume You Are Safe¶
Know That Anything You Do Might Be Vulnerable¶
Given Enough Time, Resources, and People, Any System Can Be Cracked¶
That being said, the rest of this guide will teach you how to minimize
the number of possible holes in your system. This could go into more
detail about things like how to design threat models, but the intention
is to create something that most people can pick up and use.
Digital Security¶
Digital security here refers to things that matter while actively using a
computer.
General Pointers¶
-
Keep your software as up-to-date as possible. This is critical because
vulnerabilities in older versions of software have more time to be
discovered and exploited. Many tools used by the NSA and CIA only work
for older versions of Linux.
-
Use free software whenever possible. Free software does not mean free
as in free beer, but free as in free speech (see the GNU project's
definition for more
details). Free software generally ensures that the software isn't doing
anything you don't want it to do, as you have access to the source code
to verify what it's doing. It also means the person or group that
maintains the software can't get you in trouble for using it in a way
they don't like.
-
Download software only from trusted sources, like your OS's package
manager, trusted 3rd party repositories (like RPMFusion), F-Droid, or
the website of the developer. If you don't use a package manager, verify
the download using it's PGP key, if the developer provides one. A guide
on how to do this on Linux can be found
here.
If you're using Windows or macOS, you're wasting your time verifying
your downloads.
-
If you're not paying for a product, and the program isn't free software, chances are they're making money off of you somehow, usually through tracking and ads. There are some exceptions to this, but do not trust any non-free gratis software to be secure or private.
Source code
Introduction
==========
Welcome,
You've taken your first step towards being a digital ghost, immune to
the powers of the tyrannical government of your choice, the evil
corporation of your choice, and the exploitative bourgeoisie as a whole.
The secret to not having your privacy invaded while on-line is this:
* Stop using the internet
* Stop using computers
Unfortunately, no system is fully secure, and that should be the first
thing you learn here. Almost every program has its bugs, and no
program, service, or system should ever be trusted as perfect.
This is all to remind you to be sceptical of any system's claims. The
less they admit their own faults and limitations is probably the less
secure they actually are.
## Never Assume You Are Safe
## Know That Anything You Do Might Be Vulnerable
## Given Enough Time, Resources, and People, Any System Can Be Cracked
That being said, the rest of this guide will teach you how to minimize
the number of possible holes in your system. This could go into more
detail about things like how to design threat models, but the intention
is to create something that most people can pick up and use.
************
Digital Security
============
Digital security here refers to things that matter while actively using a
computer.
## General Pointers
* Keep your software as up-to-date as possible. This is critical because
vulnerabilities in older versions of software have more time to be
discovered and exploited. Many tools used by the NSA and CIA only work
for older versions of Linux.
* Use free software whenever possible. Free software does not mean free
as in free beer, but free as in free speech (see the [GNU project's
definition](https://www.gnu.org/philosophy/free-sw.html) for more
details). Free software generally ensures that the software isn't doing
anything you don't want it to do, as you have access to the source code
to verify what it's doing. It also means the person or group that
maintains the software can't get you in trouble for using it in a way
they don't like.
* Download software only from trusted sources, like your OS's package
manager, trusted 3rd party repositories (like RPMFusion), [F-Droid](https://f-droid.org/), or
the website of the developer. If you don't use a package manager, verify
the download using it's PGP key, if the developer provides one. A guide
on how to do this on Linux can be found
[here](https://www.linuxbabe.com/security/verify-pgp-signature-software-downloads-linux).
If you're using Windows or macOS, you're wasting your time verifying
your downloads.
* If you're not paying for a product, and the program isn't free software, chances are they're making money off of you somehow, usually through tracking and ads. There are some exceptions to this, but do not trust any non-free gratis software to be secure or private.
## [Internet Browsing](https://raddle.me/wiki/basic_security/internet_browsing)
## [Mobile Security](https://raddle.me/wiki/basic_security/mobile)