avatar

opal

wowaname

wowana.me

website source; use git clone git://wowana.me/wowana.me.git to clone this repository.

staying-safe-online.md (6428B)

      1 # staying safe online
      2 <!--[time 201908240015.20]-->
      3 
      4 this is an E-mail I typed out and figured it'd be fitting as its own
      5 public post:
      6 
      7 > If you want the closest thing to true anonymity from software
      8 > perspective, I'd suggest Tails because it's pre-configured to proxy
      9 > everything through Tor. It can be run with a live CD / USB on bare
     10 > metal, or it can be used in a virtual machine of the user's choosing
     11 > (personally I use qemu for Linux, and I think virt-manager is a GUI
     12 > frontend for it, but a lot of people may have heard of VirtualBox
     13 > which is cross-platform). Even I use Tails for certain things
     14 > although I consider myself to be proficient and able to set up my own
     15 > anonymous system; sometimes it isn't worth the trouble when I need to
     16 > be sure that my system is safe, though.
     17 > 
     18 > If you want an "everyday setup" where anonymity isn't key, but you
     19 > still want security and casual privacy, drop Windows in favour of
     20 > Linux, and grab the Tor Browser if you want to browse the Internet
     21 > through Tor (not limited to onion websites, which seems to be a
     22 > misconception for people "exploring the deep web"). Steam can play a
     23 > lot of games in Linux, Wine can run many Windows programs, and as a
     24 > last resort, a user can set up a Windows virtual machine or set up
     25 > dual-booting (although from my understanding, Windows can fuck with
     26 > dualboot partitioning, so this might be an advanced topic. Personally
     27 > I don't trust Windows with hardware access at all, anymore). One big
     28 > issue (that unfortunately I have to face as well) is NVidia graphics
     29 > support in Linux. The best solution to any NVidia issues is to replace
     30 > the NVidia GPU with AMD, because AMD ships open-source drivers, or, if
     31 > the user doesn't do much gaming then it's likely fine to just use the
     32 > integrated graphics from the CPU. It's an unfortunate fact that NVidia
     33 > is very anti-consumer; if I had other suggestions you'd bet I would
     34 > say, but my friend and I (and many other people) have had nothing but
     35 > issues with NVidia.
     36 > 
     37 > For additional safety, no matter whether you use Tor Browser in
     38 > Tails, or Tor Browser in Linux, or even a normal browser in Linux
     39 > like I do: I strongly suggest disabling JavaScript by default for
     40 > sites you don't trust. In Tor Browser, it's as simple as clicking the
     41 > NoScript icon in the toolbar to whitelist a website. There was a
     42 > NoScript bug found not too long ago that allowed sites to bypass
     43 > settings regardless, but this has since been fixed and hopefully
     44 > there will not be similar incidents in the future. This is why I
     45 > strongly dislike modern Web browsers; they're too big to make sure
     46 > that they're entirely bug-free. (I personally use uMatrix instead of
     47 > NoScript, because it's much more configurable and can block more than
     48 > scripts, but it's probably not best to suggest in a "basic tips"
     49 > YouTube video.)
     50 > 
     51 > Like I said in my previous E-mail, a VPN does not help with anonymity
     52 > in any way. You can still stick in that sponsorship for PIA if you
     53 > make clear it's only to keep users' Internet activity away from
     54 > *their own ISP*, and it gives them a different IP address perhaps in
     55 > a different country, if they so choose. This can be useful for
     56 > accessing region-locked websites, for instance, or for casual privacy
     57 > to prevent other people from finding someone's home IP address. The
     58 > VPN can still see and track all users' activity, but my opinions of
     59 > PIA aside, I believe from a business standpoint they will be very
     60 > careful about what they do with user information. Just know though,
     61 > depending on what country a VPN is based in, they might be forced to
     62 > comply with requests for user information by law.
     63 > 
     64 > Enough about software; usually people are able to follow along until
     65 > it comes to something scary: they aren't safe until they change their
     66 > own behaviours as well. I was taught one thing as a kid, practically
     67 > every year in school there was a poster or a computer lab teacher
     68 > telling us "don't share your personal information with strangers
     69 > online". This seems to have been forgotten with the rise of social
     70 > platforms that encourage or require users to use their real info, and
     71 > it's really sad that things have taken a turn for the worse in this
     72 > regard. Even before I knew what Tor was, I never gave people so much as
     73 > my name, and to this day, while I did say some dumb shit in my early
     74 > teenage years (who hasn't done things before that seem foolish to them
     75 > now?) I can at least say I don't regret how I handled my personal
     76 > information during all these years. Nowadays, the Internet is a more
     77 > hostile place, with more people understanding the power of "big data"
     78 > and keen on collecting user information, with all the serious threats
     79 > regarding IoT security vulnerabilities (allowing for large-scale DDoS
     80 > attacks for cheap, or potentially worse attacks against the devices
     81 > themselves). So, it's more important than ever not to give anyone any
     82 > information that one might regret sharing later.
     83 > 
     84 > Keeping a healthy amount of scepticism toward other users and services
     85 > online has always been a rule of thumb as well, albeit one that's lesser
     86 > talked about. (It's normally brought up by school librarians and English
     87 > teachers, who urge students to ensure that their citation sources are
     88 > credible.) A lot of people especially on Tor phrase it as "don't trust
     89 > anyone" which is an imprecise piece of advice. It might be good advice
     90 > for people who don't yet know what signs to look out for that tell apart
     91 > a normal user from a con artist or a federal agent (and federal agents
     92 > are perhaps best-equipped to produce convincing cover identities). I
     93 > don't open up to many people online, but I have definitely made at least
     94 > a couple real connections with Tor users. A lot of people, I don't
     95 > *need* to trust, such as the people I ask to join the moderation team on
     96 > Hidden Answers, or others I ask advice / questions from, for instance.
     97 > In the former case, I give moderators just enough access to the site to
     98 > do their jobs, and if a rogue moderator happens to slip through, the
     99 > damage is normally easily reversible. And we have had some cases of
    100 > rogue moderators -- usually just scammers who abused their position for
    101 > extra credibility, though. In the latter case, I can use my own logic to
    102 > verify whether someone's advice sounds reasonable, or I can cross-verify
    103 > with other sources.