this post was submitted on 30 Jun 2025
18 points (100.0% liked)

WomensStuff

377 readers
145 users here now

Women only trans inclusive This is an inclusive community for all things women. Whether you're here for make up tips, feminism or just friendly chit chat, we've got you covered.

Rules…

  1. Women only… trans women are women, and transphobic or gender critical talk isn’t allowed. Anyone under the trans umbrella (e.g. non-binary, bigender, agender) is free to decide whether a women's community is a good fit for them.
  2. Don’t be a dick. No personal attacks, no aggression, play nice.
  3. Don’t hate on groups, hatefilled talk about groups is not allowed. Ever.
  4. No governmental politics, so no talk of Trump actions etc. We recommend Feminism@beehaw.org for that, but here is an escape from it.
  5. New accounts or users with few comments may have their posts removed to prevent spam and bad-faith participation.

founded 3 months ago
MODERATORS
LadyButterfly@lemmy.world
CheeseToastie@lazysoci.al
foxglove@lazysoci.al
LadyButterfly@piefed.blahaj.zone
dandelion@piefed.blahaj.zone
18
Calling all tech people... (lemmy.world)
submitted 1 week ago by LadyButterfly@lemmy.world to c/womensstuff@piefed.blahaj.zone
24 comments fedilink hide all child comments
 

I'm looking for someone who could do a post on tech safety. So staying safe online, avoiding giving too much data away and anything that you thought would be useful. If you can help comment here or DM me

top 24 comments
sorted by: hot top controversial new old
[–] bacon_pdp@lemmy.world 11 points 1 week ago (1 children)

Well I am not a tech but my husband works doing computer security and if I gave his full security speech it would sound insane.

Short version is: use a password manager (like Keepassxc). Don’t post any pictures. If you are worried about being identified, don’t talk about your personal life.

As the things that you try to defend against get more advanced: Linux, refusing to use software that you don’t have the source code for, disabling JavaScript, encrypted messaging (signal), encrypted messages (gnupg), one time pads via a deck of cards, bootstrappable builds, offline systems, hard tokens and one way network diodes.

[–] BroBot9000@lemmy.world 6 points 6 days ago (1 children)

Damn! Solid advice. Would love to hear his whole spiel.

[–] bacon_pdp@lemmy.world 7 points 6 days ago (1 children)

There is no such thing as a secure computer. You can bury it in cement and drop it in the deepest hole in the ocean. If someone needs access to it bad enough, they will get in.

Computer security is about costs to gain access. If they need physical access, far fewer people can be compromised. If that physical access does not gain them additional access; it forces them to spend man power to compromise more systems physically. Thus making things more expensive.

The estimated cost of breaching a level 1 system should be $100K, a level 2 system $10 million, a level 3 system $10 billion and the root of your trust $10 trillion.

White listing is the baseline standard for software running on your computer. If it is not signed by a level 2 system, then it will not run on your computer. The binary itself is reproducible and your package manager can be used to sanity check the build from the server. Your web browser runs in a container which only has access to your downloads folder with write only permissions and the files will be marked as non-executable (not that it will matter as they can’t possibly be signed). The browser is the tor browser and all traffic will be routed unless you login to your bank account.

I am supposed to use a program called fig to create information for social media accounts. (Name, age, address, username are generated and Keepassxc is to generate a unique, random, strong password and store the output from fig).

If messaging friends, I use signal and if I need extra message security, I am to shuffle a deck of cards and put the order into a program which uses it for sending a “one time message” then give the deck of cards to the recipient.

https://www.schneier.com/academic/solitaire/

Something about one time pads being used for nuclear weapons and submarines and the security of the physical transfer of the one time pads. And embassies getting a hard drive full of just one time pads.

(I skipped a bunch but that is what I remember)

[–] ZDL@lazysoci.al 1 points 6 days ago (2 children)

There is no such thing as a secure computer. You can bury it in cement and drop it in the deepest hole in the ocean. If someone needs access to it bad enough, they will get in.

My SO says the same thing. (He's an electronics engineer who writes the software buried inside devices.) "For every can there is a can opener." He also rants about different attacks, the worst one apparently being a "rubber hose attack". (I think he means people getting tortured to open up whatever it is.)

[–] bacon_pdp@lemmy.world 1 points 6 days ago

My husband says that is the most basic attack (he calls it thermo-rectal cryptanalysis; which is when they stick a soldering iron in your ass and then turn it on and wait until you tell them everything that you keep secret before they turn it off) and is just one example of why physical access is often game over.

Another involves liquid nitrogen and stealing keys out of RAM.

Another involves voltage manipulation to get chips to leak keys and why you want only public keys in certain chips (like the BIOS which is just read-only flash memory that has an electrical switch for enabling writing) He likes Libreboot/coreboot.

[–] mauuumauukittycat@piefed.blahaj.zone 1 points 6 days ago* (last edited 6 days ago)

“rubber hose attack” sounds like a move in cuphead

[–] flynnguy@programming.dev 9 points 6 days ago

The EFF https://ssd.eff.org/ has a lot of good info.

[–] recursive_recursion@lemmy.ca 5 points 6 days ago* (last edited 6 days ago) (1 children)

I can definitely help with this👍

For general talking points:

  • reducing phone apps always running in the background, beeing choosy with which apps should have "Background Data Usage" allowed/enabled.
  • what kinds of apps to install? Proprietary vs Open Source? (most if not all proprietary apps will collect and sell any data they can, free proprietary apps means you are the product)
  • Who do I know that has been consistently trustworthy online? Can I ask them for help?
    • try to provide the least amount of Personally Identifying Information (PII) if possible, no need to share entire life stories unless you're sure you can trust the person online.

I'm sure I know more about this as I personally try to help my friends and family protect themselves, just can't think of more to add atm.

Feel free to hit me up if you have any questions🤗

[–] LadyButterfly@piefed.blahaj.zone 1 points 6 days ago

This is an excellent comment! Thanks for sharing

[–] Zorsith@lemmy.blahaj.zone 4 points 6 days ago* (last edited 6 days ago) (1 children)

Bit higher level, but this should cover arguably 50% of tech safety risks: other people.

Section 2.2 of this, and maybe section 2.4

https://www.professormesser.com/security-plus/sy0-701/sy0-701-video/sy0-701-comptia-security-plus-course/

Edit:

Also, disable everything you don't need in settings, everywhere (apps, entire systems, etc). If you don't know what it is, and the description sounds like a non-security setting, disable it anyway and hope nothing breaks. If something does break, read up on the setting more and assess the risk of enabling it again.

Device hardening like that makes you a harder target, and unless you're important or somebody hates you, they'll give up quickly.

[–] LadyButterfly@piefed.blahaj.zone 2 points 6 days ago (1 children)

Blimey I looked at permissions and there were loads of things that had access to things they shouldn't. Then looked at apps and I've got ones sharing info and I've no clue why they're on the phone at all. Nice one!

[–] Zorsith@lemmy.blahaj.zone 1 points 6 days ago

Lot of weird stuff out there. Samsung wont let the basic camera app function without location access IIRC, as an example

[–] oftheair@lemmy.blahaj.zone 3 points 6 days ago (1 children)

We could help if you'd like!

[–] LadyButterfly@piefed.blahaj.zone 1 points 6 days ago (1 children)

That would be great if you could! No rush on it just whenever you can.

[–] oftheair@lemmy.blahaj.zone 2 points 6 days ago (1 children)

What do you want us to do exactly?

[–] LadyButterfly@piefed.blahaj.zone 1 points 6 days ago (1 children)

Could you just do a post about staying safe online? More than basics about no photos etc. There's some great info in this thread but I don't understand any of it. It's just putting it together in a simple way.

[–] oftheair@lemmy.blahaj.zone 1 points 6 days ago (1 children)

Yes, we can do that. We are very good at explaining things in easy to understand ways.

[–] LadyButterfly@piefed.blahaj.zone 1 points 6 days ago (1 children)

That's great thanks so much oftheair!

[–] oftheair@lemmy.blahaj.zone 1 points 6 days ago (1 children)

Sure, it'll take a while but we will write it.

[–] LadyButterfly@piefed.blahaj.zone 1 points 6 days ago (1 children)

You're a star thanks 😊

[–] oftheair@lemmy.blahaj.zone 2 points 6 days ago

giggles You don't know how accurate or funny this is. Thank you.

[–] python@lemmy.world 10 points 1 week ago (2 children)

Like, specifically as a woman? I think all the common net safety advice still applies - don't use your real name, don't be too specific on where you're from, don't post pictures of your face etc.

I might not have the best insight tho, since I've always preferred to present somewhat gender-neutral with all my online personas 🐍

[–] ZDL@lazysoci.al 2 points 6 days ago

I've always preferred to present somewhat gender-neutral with all my online personas.

I used to do that, then decided "to Hell with hiding behind ambiguity". I decided, in short, that if sexist assholes want to treat me badly because of what I have between my legs they can rot in Hell. I block early and block often online these days.

Of course I don't have pictures of me online. (Two have leaked to the best of my knowledge, and the youngest of those is ... I want to say a dozen years old now?) My online name is not my real one (though someone who knows my real one will appreciate my choices in online IDs and probably get a giggle out of it). And since the wannabe dom incident of, like, 30 years ago, I do not share my phone number, address, employer, etc. to anybody online ever.

[–] LadyButterfly@lemmy.world 3 points 1 week ago

Thanks mate, those are crucial points. I'm hoping someone can do something more in depth