What steps can I take to be more secure on the internet? (lemmy.world)

submitted 1 year ago by Tobin@lemmy.world to c/cybersecurity@sh.itjust.works

53 comments fedilink hide all child comments

So recently I've gotten a bit more serious about my internet security, and made some changes. Here's a short list of what I've done, but I'm wondering if I'm missing anything important:

Moved from Brave to Firefox
Bought my own domain for my email (so I can switch email providers at any time)
Switched to Duck Duck Go from google (It's gotten worse anyways)
Bought the Proton package (VPN, Encrypted email, etc...)
Installed Thunderbird (instead of microsoft mail app)
Installed uBlock Origin
Installed Bitwarden for password managing (My passwords are also no longer all the same)

Is there anything that I have missed that should be a priority for internet security?

top 50 comments

sorted by: hot top controversial new old

[-] stevedidWHAT@lemmy.world 20 points 1 year ago

I’m gonna be straight with you.

Cybersecurity isn’t just about doing all the things secure and private. It’s also about judging/predicting likelihood of your risks so as not to over do it.

You are already above and beyond what you need to secure the average person (Firefox switch is eh, Firefox can still be locked down or “hardened” via config changes.)

I can’t offer any further advice without knowing your “enemy.”

Is this just for general purpose use or are you especially risky in a specific area

[-] Tobin@lemmy.world 4 points 1 year ago

You raise a good point. I would say for the most part, I fall under general purpose, with some exceptions. I guess what I’m wondering is, are there security/privacy things that everyone should have, but most people just don’t know about?

[-] stevedidWHAT@lemmy.world 3 points 1 year ago

You’re doing just fine then! I’d look into hardened Firefox configurations and I’d probably honestly reduce what you’re all doing with email. It’s a bit redundant - to have three customizations to what’s essentially one experience.

Your browser will be fine 99% of the time with script blockers like umatrix, config hardening, not using chrome/chromium. So using protons web interface is probably just fine. Even then, emails usually not too crazy for the average user in terms of risk either, besides it being a focal point for pivoting off of (use different emails for different areas you want to segment and keep using that manager software (passwords, accounts etc)

Keepass is free and works great to secure your stuff

[-] drone509@discuss.tchncs.de 3 points 1 year ago

I really disagree re: email. Proton's web interface is fine, but if you're going to use a desktop client, and many people prefer to, I think thunderbird is a better choice than outlook. Further, having a personal domain for email is great if you ever want to switch providers. It's pretty much the only way to not have to email dozens of people telling them "Sorry, you won't be able to reach me at this address anymore." If you do any sort of business over email encrypting it is a good choice, because it is possible to both spoof email and to intercept and read it.

[-] stevedidWHAT@lemmy.world 1 points 1 year ago

Good points! We’re actually in agreement on all of these things, my opinion about email was not including a desktop app as browser viewing for me has been just fine (remember I have multiple email accounts so each account gets relatively low traffic on a per account basis)

The custom domain thing seems handy but how often are you really changing emails if you have multiple to begin with too, either or works I’m just biased toward my own habits lol

[-] drone509@discuss.tchncs.de 2 points 1 year ago

You're doing it when protonmail goes out of business suddenly, or changes their privacy rules, or decides they want to raise prices and you don't want to pay. You can never really predict these things, and having a cheap (domain names can be like $15 a year) option is great.

[-] stevedidWHAT@lemmy.world 1 points 1 year ago

That’s a fair point.

Idk I think I’m to the point these days where if I were to lose access to a side account I had locked down that heavily it wouldn’t be with anything majorly important of my life and I’d just start that persona/online activities again with a new one

load more comments (1 replies)

[-] stevedidWHAT@lemmy.world 3 points 1 year ago

Don’t even get me started on sms-based vulnerabilities (cough cough apple)

[-] itchy_lizard@feddit.it 13 points 1 year ago* (last edited 1 year ago)

Add chameleon add-on so your browser fingerprint changes every 60 seconds.

[-] Tobin@lemmy.world 1 points 1 year ago

Got it, that's a super neat plugin!

[-] thisbenzingring 13 points 1 year ago

You can think about your physical network. Do you own the device that connects to your ISP? Do you have a gateway device between you and it? Do you have an open WiFi or is it quiet and password protected? Do you have a switch that can vlan all the iot devices or guest wifi network?

[-] reginagrogan@mastodon.social 7 points 1 year ago

@thisbenzingring @Tobin I’m like a LAN party baby

[-] citizen@sh.itjust.works 12 points 1 year ago* (last edited 1 year ago)

MFA all accounts that support it
important accounts use hardware key like Yubikey
Ditch SMS mfa use Authenticator or hardware key
custom email aliases (proton have SimpleLogin) use separate email for every account just like password
change your browsing habits from YouTube instagram twitter to privacy alternatives (there is Firefox plugin Privacy Redirect)
use separate vm for higher risk browsing or separate computer (tails)
get VoIP phone number redirect your current phone to VoIP.
use pre paid phone only for internet and never use it for phone or sms. For more paranoid activate away from home using fake name (Mint mobile for instance doesn’t check if it’s real)
use phone that was never registered to your name (don’t reuse old phones)
setup always on VPN on your home on router with killswitch so you never reveal your IP accidentally
use privacy oriented DNS service

If you into privacy I recommend Extreme Privacy book that goes over many things. The lengths that you go to protect your privacy will depend on your threat model. Privacy is expensive unfortunately.

[-] 14th_cylon@lemm.ee 4 points 1 year ago* (last edited 1 year ago)

custom email aliases (proton have SimpleLogin) use separate email for every account just like password

voluntarily subjecting yourself to mitm attack is... uh... not the smartest idea in the world 😂

and definitely not something you should advise to someone asking how to increase their security.

get VoIP phone number redirect your current phone to VoIP.

you have to pay for every such call. and what is the security gain here?

use phone that was never registered to your name (don’t reuse old phones)

that is to protect you from nsa, in some enemy of the state scenario?

setup always on VPN on your home on router with killswitch so you never reveal your IP accidentally

again, what scenario is this useful in? lets say i am not really into international terrorism...

The lengths that you go to protect your privacy will depend on your threat model.

yeah, and reading your advises, you are obviously some james bond hunted by 10 enemy intelligence services at once 🤣

[-] venoft@lemmy.world 5 points 1 year ago

Why would using email aliases increase you mitm attack vector threat?

[-] 14th_cylon@lemm.ee 1 points 1 year ago

because unless you use some paranoid email that can do this in house (and majority of people do not) it means using third party service, which is, by definition, that man in the middle.

[-] citizen@sh.itjust.works 5 points 1 year ago

Thanks for your comments I had a good laugh as well. Take my upvote 😂

[-] KingJalopy@lemm.ee 1 points 1 year ago

I don't understand. Can you explain?

[-] 14th_cylon@lemm.ee 1 points 1 year ago

i think the person i am replying to is watching too much tv and his advices are silly and/or bad. if your question is more specific, well, be more specific ;)

[-] KingJalopy@lemm.ee 2 points 1 year ago

Shit I replied to the wrong comment my bad.

load more comments (1 replies)

[-] Fullest@sh.itjust.works 7 points 1 year ago

Set up 2FA/MFA for all of your accounts wherever supported. It's probably one of the few easier things you can do that is missing from your list, and you will vastly improve your security posture for it.

I just use Google authenticator but there are plenty of other apps out there if you'd prefer something else.

[-] itchy_lizard@feddit.it 1 points 1 year ago* (last edited 1 year ago)

This but make sure you don't do 2FA via SMS. It'll make your account less secure

[-] thetreesaysbark@sh.itjust.works 4 points 1 year ago

Can you explain why?

[-] walkercricket@sh.itjust.works 2 points 1 year ago

The SMS communication is not secured at all as it's not encrypted and you can't encrypt it. Your wifi and your whole internet network however is generally fully encrypted by default.

[-] meiti@lemmy.world 6 points 1 year ago

Not an expert, but you need to define your "threat model" first. Whom against want you to harden your security?

[-] Tobin@lemmy.world 3 points 1 year ago

That’s a good point. Mostly protecting my data from sites, hiding info from my (shared) internet owner and ISP, keeping accounts secure, and steering clear of viruses. Among other stuff.

[-] venoft@lemmy.world 4 points 1 year ago* (last edited 1 year ago)

If you share internet you definitely need a vpn. Anyone who can log into the router can see your exact internet history. Depending on the exact situation you can also set up vlans, but only if the other person cant just simply disable them at the end point (router). Maybe you can setup your own router behind the current one with a build-in always-on vpn.

Custom email aliases and password managers are great just in case one account gets hacked they cant just use that account to log into other sites.

Viruses, just don't click on suspect links, check for phising etc in emails, harden your browser by blocking JavaScript as much is possible without it breaking the websites. And don't use windows, since most viruses target that. Linux and Mac are less targeted and have better build in security.

And update all your stuff regularly, even things like router firmware.

Oh and don't attach iot products to the internet, those usually have terrible security and can be used to break into your network. Block them in the router (again, having your own router helps) and preferably put then on their own vlan.

[-] Daefsdeda@sh.itjust.works 5 points 1 year ago

Use the noscript addon. It protects your data by blocking all javascripts. Sadly it makes a hassle of going on a site but you will suprised how many javascripts are only there for tracking.

Also, I use ecosia as a search engine which is non profit. all profits go to the enviroment. Using !g before the prompt and it uses google and since i use privacy badger, ublock and noscript i dont think they track too much.

[-] Tobin@lemmy.world 1 points 1 year ago

I just got noscript, and now I realize how much websites use JavaScript, I keep on needing to pause it on my tabs 😆

[-] Daefsdeda@sh.itjust.works 1 points 1 year ago* (last edited 1 year ago)

Eventually you will notice a patern of which ones are needed for basic function (the domain your on, wp.com, squarespace and sometimes google.com) i just switch them to trusted or if they can track temp trusted.

Sometime im also lazy and turn most to temp trusted but if i have time i work out the important ones.

I find it really distrustful that my doctors site uses many trackers.

[-] itchy_lizard@feddit.it 5 points 1 year ago

I'm confused about Proton and Thunderbird. Is it possible to use Thunderbird with proton encrypted email?

[-] jagungal@sh.itjust.works 4 points 1 year ago

Yes, but you have to buy a subscription to Protonmail Bridge which see decrypts the emails for Thunderbird.

[-] Tobin@lemmy.world 3 points 1 year ago

Also, Proton is actually only end-to-end encrypted when emailing other proton email addresses

[-] Cornelius_Wangenheim@lemmy.world 4 points 1 year ago

Update your browser, OS and other software promptly. Same for whatever network devices you use.

Don't use an admin/root account as your daily driver. Use an unprivileged account and elevate as needed.

Keep a backup of your important data in offline / immutable storage.

[-] Neferic@kbin.social 4 points 1 year ago

Take away admin permission from your default accounts. It's not enough any more to be careful. There are web browsers/operating systems that have code execution vulnerabilities. Chrome just released a patch two days ago for this reason.

[-] Napain@lemmy.ml 4 points 1 year ago

https://prism-break.org/en/ here is a bunch of free and private Software suggestions for all plattforms this really hooked me up

[-] CryptoKitten@sh.itjust.works 3 points 1 year ago

Buy two security keys (like yubikeys) and use them.

[-] merde@sh.itjust.works 3 points 1 year ago

what OS are you on?

[-] Tobin@lemmy.world 1 points 1 year ago

Windows

[-] merde@sh.itjust.works 3 points 1 year ago* (last edited 1 year ago)

— … Here's a short list of what I've done, but I'm wondering if I'm missing anything important: …

— what OS are you on?

— Windows

i think you've found something important that you're missing

[-] Tobin@lemmy.world 1 points 1 year ago

Haha, that’s a good point. I can’t change to linux for work reasons, but I should look into dual boot.

[-] spacedancer@lemmy.world 3 points 1 year ago

It would be a good idea to explore Linux if you care about all the telemetry Windows collects. There are distros out there that are so user friendly that someone using Windows their entire life can hit the ground running, like Linux Mint.

[-] Manifish_Destiny@lemmy.world 2 points 1 year ago

If you want to get really serious go to stigviewer.com and go dig through the security controls for the software you use.

[-] Nioxic@lemmy.world 1 points 1 year ago

In this day and age.. write your pass words down in a notebook instead of saving them on your pc/the internet

You can pepper them for extra safety

[-] itchy_lizard@feddit.it 7 points 1 year ago

This is terrible advice. Use a password manager and know how to make backps.

[-] nanoUFO@sh.itjust.works 6 points 1 year ago

There is nothing wrong with using a well made open source password manager like keepass.

load more comments

this post was submitted on 21 Jul 2023

74 points (98.7% liked)

Cybersecurity

5396 readers

57 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social