Information Security Basics

Here are some general information security guidelines. Please feel to share.

Download:  PDF   Word

See also articles from FreeCodeCamp on Medium.com: Your privacy is under attack from several terrifying new laws and How to encrypt your entire life in less than an hour


padlocks with latters and numbers floating around themInformation Security Basics

In putting this document together, I used information that I’ve picked up over the years on my own, information from the Electronic Frontier Foundation, and interviews with data security consultants. I’ll add to the document as I get new or updated information. It’s important to remember that no system is secure 100% of the time, so be careful what you use and how you use it. There is no single solution to secure your data. You’ll probably want to use several of these apps to protect your data. As one security expert I talked to put it, “Security is about inconvenience.”


* Install Updates

When, for instance, Apple pushes out a new system update, install it. Most updates contain at least some new security features and the company wouldn’t release if they didn’t think they were important. Keep all your devices up to date!


* Signal Private Messenger app

An encrypted text and voice app available for both iOS and Android. To communicate, both parties must be using Signal.

One nice Signal feature is that you can specify a message to delete itself in a specified period of time once it’s been seen. Simply tap the person’s name at the top of the text screen, Toggle Disappearing Messages, and use the slider to set the time.

IMPORTANT: You can only use it on a single device. If you put Signal on one phone and install it on another using the same phone number, the app on the first phone will shut down.

Download the Signal app
iOS: Apple App store
Android: Google Play

DESKTOP VERSIONS: You can use Signal right from your desktop. The Android and iOS versions are apps that operate through the Chrome browser. You can download the Signal Desktop via the Google Web Store.


* Facebook Messenger Secret Conversations

This is an encrypted conversation between two Facebook friends talking via the Messenger app. The messages are encrypted so that even Facebook can’t read them. You can set messages to delete themselves after a set period of time. Simply call up a chat page for the person, tap their name, scroll down the menu, and tap Secret Conversation.


* VPN (Virtual Private Network)

VPN encrypts all of your internet traffic for your ISP, so they can’t see what you’re uploading or downloading. However, VPN doesn’t hide your data from the network you’re using. When choosing a VPN company, make sure they don’t keep user logs or records.

There are free VPN services available, but I’m paranoid and prefer trusted paid services. Some trusted ones are Tor (which comes with its own browser) and Freedome (Freedome is simple to install and use, and it’s the favorite of one of my consultants).

Some VPN companies you might want to avoid because your data could be exposed:
CactusVPN
IBVPN
IPVanish
My Expat Network
SunVPN
SuperVPN
Unblock VPN
VPN.cc
VPN.ht
VPNTunnel
WorldVPN


* Sharing Files Securely

If you want to send someone a file, you don’t have to do it through email. OnionShare is an app that lets you share a file of any size with another person. When you load a file, OnionShare creates a small, temporary server on your computer so that others can download the file through the Tor browser. The only requirements are the OnionShare app and the Tor Browser.

OnionShare
https://onionshare.org/

Tor Browser (for Mac, Windows, Linux, and phones)
https://www.torproject.org/download/download


* Search engines

DuckDuckGo
Unlike Google, DuckDuckGo doesn’t track your searches, so there’s no one peeking over your shoulder, looking for (and remembering) keywords they can use later to push ads to you. However, though it won’t track you, any searches you do through DuckDuckGo will be saved in your history just like Google searches. If you want to be extra careful, occasionally clear your browser history

You can add DuckDuckGo to your browser as an extension or use it from their site.
https://duckduckgo.com/

Disconnect
It uses Google’s search engine, but scrubs cookies and acts as an intermediary, so it’s more private. There are free and paid versions.
https://disconnect.me/


* Encrypted instant message apps

Used for real time conversations for individuals or groups. Here are some trusted ones.

Mac OSX: Adium
https://adium.im/

Windows and Linux: Pidgin
https://pidgin.im/

iOS and Android: ChatSecure
https://chatsecure.org/

Mac OSX, Windows, and Linux: Jitsi (good for messaging, as well as voice and video chat)
https://jitsi.org/


* Encrypting data on iOS devices

Data Protection setting for iPhones and iPads:

  1. Set a strong passcode for the device.
  2. To make sure, go to Settings.
  3. In Settings, go to Touch ID & Passcode.
  4. Make sure Data Protection is enabled (scroll to the bottom of the screen). If you created a Passcode, Data Protection should be on automatically.

* PGP (Pretty Good Privacy) for email

PGP will encrypt your email end-to-end. There are a few steps to setting up PGP, but these articles can help you through the process.

PGP for Max OSX
https://ssd.eff.org/en/module/how-use-pgp-mac-os-x

PGP for Windows
https://ssd.eff.org/en/module/how-use-pgp-windows

PGP for Linux
https://ssd.eff.org/en/module/how-use-pgp-linux

If you don’t want to handle your own email security, Proton is a completely encrypted mail service you can use. However, security experts I’ve heard from say using it can put you on a watch list, so it’s probably best to avoid it.


* Deleting data

When you empty the trashcan on your computer, the data file isn’t automatically removed. It’s invisible to you, but the data can remain until it’s written over. To delete a file completely, the computer must overwrite it. However, removing a file completely from your drive isn’t always easy. It’s even harder on SSD drives and USB flash drives.

If you’re on an Apple computer and running OSX 10.10 or older, you can go to the Finder and select Secure Empty Trash. This feature was removed from OSX 10.11 because Apple couldn’t guarantee complete deletion on newer SSD-based computers.

Here are some articles that will help you securely delete data from various machines.

Mac OSX
https://ssd.eff.org/en/playlist/journalist-move#how-delete-your-data-securelymac-os-x

Windows
https://ssd.eff.org/en/playlist/journalist-move#how-delete-your-data-securelywindows

Linux
https://ssd.eff.org/en/playlist/journalist-move#how-delete-your-data-securelylinux


* Securing your laptop/desktop computer data

Information coming soon.


* Online resources

Electronic Frontier Foundation Surveillance Self-Defense primers
https://ssd.eff.org/en