online privacy and security

ONLINE PRIVACY AND SECURITYA PRACTICAL GUIDE BY ALEX HYER

INTRODUCTIONWHO CARES AND WHY

WHY CARE?

• Largely personal/situational• Values• Activities• Paranoia

• Future Proofing• Passive Monitoring• Theft Protection

PRIVACY = SECURITY

• Unknown data cannot be used against you• Known data can be misconstrued• Legals things now may become illegal

Cost-Reward of Privacy

Difficulty Effectiveness

Cost

Rewa

rd

Cost-Reward of Privacy

Difficulty Effectiveness

Cost

Rewa

rdEveryone

The Concerned

The Cautious

The Paranoid

Criminals and

Dissidents

INTUITIONA HIGH-LEVEL SUMMARY OF HOW ONLINE SECURITY WORKS

GOAL

• Send private message/data• No one can view but intended recipient

• Prove message was from you• Uniquely sign message

KEYS

• Private Key• Sign your messages and decrypt others’ messages• For your eyes only• Encrypt and guard

• Public Key• Encrypt messages to you• For everyone• Often on public servers for download

ASYMMETRIC ENCRYPTION

Hello World

iQEcBAE…

Hello WorldPrivate Key Public Key

Encryption

Hello World Private Key hQEMA0l.

.. Public Key Hello World

Signing

PGP BLOCK

ENCRYPTED W/ PUBLIC KEYhQEMA0l5rOqhZR0XAQgAldtO8qyeZKNtYWyOHlAPMO9xPZCWz8y+o4GQPZmNjPtI1kc820MNeXM9kyHL0/dMLSWcNd/tpjbKnSEj5e+MRSnJF58t5HJs6AH1FQdeMc34gYIC3Mb08/Ekdyx3kA79fl5ctyWQPneM4HkROzPcpfEYrOaFxQ1B28PF9oZe3pxsfXMkuGZtqHYm1GbZdmIjtoEx12vXVW6Aae7XvW1h0gjmThTp36LHQdMd0LwCIeAboDUkruxN58LPnK8839PqycwVVA2LKiS/N+PzJoNn0pkwykvhLw6DPmbkyIiHHt+y3qNRklJ+99p5a+INsZ/OkVr/5iNlxm0QofA66AMADdJGAfKj5ki8L/4bpZfXIUb6OqVB0iPUEmbowS9McaqD1ED7+p9tvouBmUgv5NCoGwUY1XnY/LOo5+kjQs8SvY9Zax8YMtExow===KIk8

SIGNED W/ PRIVATE KEYiQEcBAEBCAAGBQJYlux1AAoJEEkyli9xA+LrEhQH/2QMdKU8C4pxXfzgwZLMmSYiA2MQLR1dbXN7VfsUsr47HHda+KK0mnwb8rJHn6A9UPsrFIRAxwf5u83Ixatf63A/YW0SEOYs79uRnS3jzc4VNFLN/kv/NbYuXE6qCk4HCbSlzWr4mIp5CJigIhpVbqTtlX1Ag0X0Dz8e7QLrndzbZsQ8ZA4OOIiQ9wmM1F88bWbPOG5BLeZrUaIgFezrxNHs/2TkC8HLE/UtLfN3ahlUwL0xfa+OvLUJEodKzP6afmsZXV1zNAdZS09i8YqAgKaLWqgOO69XIMW4rxcuZtblkJro8Op8k6ZGE5wfsaTAsNlQW68GaAFrjui58Fn0Y6Y==YeDb

FINGERPRINT

7A5B 1EF4 4599 0D5C C2BF 49E3 4932 962F 7103 E2EB

PUBLIC KEY EXAMPLEmQENBFiFfY8BCACsavJ7w7Xc2OUS3PE2ZPMBP6q/6WydGgNhrayxcrGYqo8JY2U5v3ethZ8150RbM+oF50YKozQvXkid13TlIq2K8ESYzUibzLvALWxaTZ6RLFicDYsxYCM1VvIliG0eJyonpuTtol2id5iQ3kaJbTjYl2py4PC5vKzsjoS8WdFpkpfYVk4B8BhIOXuIXpGAwbgR8qmBPlhGLIGjsLnIGgHFtGSaS5du96hBnUGWz0jau/DrAtuPHkkasAYAAwMrQahtTykh5EryCHkS08fCBvnfdPsGAldoXO04Ua7iABKrIISR2bou6CH7g8XyumTMvSP5k/ru+7thfQh3+SNSVeUtABEBAAG0LUFsZXggSHllciAtIFdpbmRvd3MgMTAgPHRoZW9uZWh5ZXJAZ21haWwuY29tPokBOQQTAQgAIwUCWIV9jwIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEEkyli9xA+LrUIYH/1knD6OhDXZwmQRLY/TIKSrXWRv7QUBqYMDcxPkKIesAL6uUCfQ6GzYoGdp06ngw46L54shgDK2n2yKHy5ew2g/2P/3FusbwKIxoltvNem5EvWvudZkbYy6Rs1zjduOAz/1xagGZEuQ4K4UTSKJChc9G+i2F5/g6LkZR4tUWFyAboC4f9gsPr8YKapOxnMmBxYpWCgwtKQHz1fgc8n0g5yLudFWn3ugh3yJhYRuGgu4kXIy1bsduP39JTUFpTCIWIaAXoZ2FbWkje8AurLIwB+Ul994X1a7xwnYdkt5MCvAHoKARPsDWHCjY5Ht8kvUUH6nxEqk3YyT8VDSfsZXH5pG5AQ0EWIV9jwEIAKr6qQ/37ElYT/OQHqlJ9Jd+mjjIaNmcTCInlIK8//3qSwB5Pg7srdaKG59uHPbhDlYR+nl3aCOycibAvG/+z28uCH9InW2uZiW/ejd+p+xzo4s85yJi4iifsZ8dPnVz/LT4/msRQCLSen0rmXidoNCggRPcUKj7qayii3739qGM0Il3Vptomiy5OzV9VOnYsMacnT93NsJZ8GKRgzYZRthci9xU6vgQL3MZge9WtupkLkLJ4bq6l+1qbSr7sp3LRVv9VziguVpom7uwki9Z6RiNTs1uuUyadAFvokgxtxihihW6+/gkP0hAE4ASS3ND2I4DMQX+2snABPcxtbzQeJkAEQEAAYkBHwQYAQgACQUCWIV9jwIbDAAKCRBJMpYvcQPi6yVvB/wMtYG7wvRPBj20OoIk+2LhEd6FFbZOE9fPRuqSJnUid2cnUTvfyyRDwvAd16l3EBzq4+k9FL7/93qmDpYjy2iHRnydeDU9INKF0OQQZJVBjN7CehX1jhB+OkKwoft8cR8HN/ZAMZE7vBEWSyyNUFftvXVlFQwx6bf2udkXnpgyDc1H9vtDnUx7DtWomTPLZw39WKdgHOSM0SaRaGCz5Gn1HPJzGGKjz6UMUCuMOqK2IuZLic6IUOmGrc1pUxydhfmVpMZF9yZyvL0/bi6TFVNg2FkMcV7lcOcezqscdqZGOIF05qEmox9NMV8h8liGp7rYd2JjFqlHz2dfhCbJmeeG

EASY PRIVACYPRIVACY FOR EVERYONE

ENCRYPT YOUR PHONE• Often defaults• Mitigates theft• Phones often vulnerable

once accessed

LOOKOUT

• Phone antivirus• Phone wipe and reset• GPS tracking and photos

SIGNAL PRIVATE MESSENGER• Fully featured texting app• End-to-end encryption• Only to Signal users

• Android, iOS• Optional password• Identity verification

FIREFOX

• Web Browser• Stops font fingerprinting• Innumerous plugins (uBlock Origin)• Transparency• Privacy Plugins

• HTTPS Everywhere• Better Privacy• Google Redirects Fixer

UBLOCK ORIGIN

• Best advertisement blocker• Stops “fingerprinting”

• Better quality-of-life• Prevents intrusive sites

ESET NOD32 ANTIVIRUS• Powerful antivirus• Consistent track record• 99.5% block rate• No false positives• Low-profile• F-Secure also a good option• Norton and McAfee are crap

MALWARE BYTES

• Useful anti-malware• Free for scans, costs for real

time• Broad range of software• Extremely fast• Compliments more specific

security software

PRIVACY FOR A LITTLE CHANGEPRIVACY TECHNIQUES WORTH THEIR TWO CENTS

PROTONMAIL

• Email service in Switzerland• End-to-end encryption• Like Signal, only encrypted

w/ ProtonMail users

WI-FI PRIVACY POLICE• Wi-Fi Control for Android• Stops location broadcasts• Prevent Man-In-The-Middle

attacks (MITM)

NETGUARD

• “No Root” Android Firewall• Control app internet traffic• Block IP addresses• Built-in ad servers if installed

via GitHub

TOR BROWSER

• Web Browser• Encrypts connections• Obscures identity• Bypasses firewalls

ORBOT AND ORFOX• Web Browser and Proxy for

Android• TOR Browser for Android• Force all internet traffic

through TOR

LINUX/GNU

• Privacy-Minded OS• Extremely secure• Many built-in privacy tools• Easy distributions• Mint• Ubuntu

WORTHWHILE PRIVACYCHANGING HABITS

KEEPASS 2

• Password manager and generator• Highly encrypted• *nix, Windows, macOS, Android,

iOS• Prevents password reuse• LastPass also good but less

control and not as tried and true

2FA

• Two-Factor Authentication• Prevents hacking less

robbery• Use everywhere available• Duo Mobile, Google

Authenticator

NOSCRIPT

• JavaScript, XSS, and Frame Controller• Biggest security culprits• Breaks most websites on

first visit, must whitelist

APPLOCK

• Android App Locker• Lock apps of interest• Prevent installing and

uninstalling app• Hides self from attackers

OPENVPN

• Open-Source VPN• Get a VPN in general• TOR

• Encrypts connection in vulnerable networks• DO NOT USE MOST PAID

SERVICES

SPREADING YOUR WINGSPRIVACY W/O APPS

GNUPG

• Key creator and manager• GNU Privacy Guard• All platforms• Create keypairs, give out public key as

needed• Encrypts keys• Encrypt and sign raw text

ENIGMAIL

• Email plugin for GnuPG• Need local email client• Requires setup• Complex w/ GMail

• Need initial setup• Password needed every time

you want to send encrypted email

OPENKEYCHAIN

• GnuPG for Android and iOS• Encrypt text and email

(when using K-9 Mail (Android only))• Intuitive management• Easy key sharing

technologies

BUNKERING DOWNEVADING THE NSA

TAILS

• Live USB OS• All internet traffic through TOR• Minimal functionality• Encrypted drive• Forgets everything when

turned off• MAC Spoofing

BITCOIN

• Cryptographic currency• Launder through Bitcoin

Tumblers• Anonymous• Difficult to track

DARK MAIL

• Email services via TOR• Some servers move

between countries• Identity just a random

string

MOBILITY

• Stay on the move• Use burner wireless routers• Use public Wi-Fi in new

locations w/ VPNs

CONSTANT EFFORT

• Always learning• Honing skills• Never messing up• Watching your back

PRIVACY IS IN YOUR HANDSTHE EFFORT IS WORTH THE REWARD

CONCLUSIONS

• More effort = better privacy and security• Effort input depends on your values/circumstance• Numerous apps available• Power is in your hands