Information Security Basics

Here are some general information security guidelines. Please feel to share.

Download:  PDF   Word


padlocks with latters and numbers floating around themSome General Information Security Basics

In putting this document together, I used information that I’ve picked up over the years on my own, through the Electronic Frontier Foundation, and by interviewing data security consultants. It’s important to remember that no system is secure 100% of the time, so be careful what you use and how you use it. You’ll probably want to use several of these apps to protect your data. Setting things up can be a nuisance, but as one security expert I talked to put it, “Security is about inconvenience.”


* Install Updates

When, for instance, Apple pushes out a new system update, install it. Most updates contain at least some new security features and the company wouldn’t release if they didn’t think they were important. Keep all your devices up to date!


*VPN

VPN (Virtual Private Network) encrypts all of your internet traffic for your ISP, so they can’t see what you’re uploading or downloading. However, VPN doesn’t hide your data from the network you’re using. When choosing a VPN company, make sure they don’t keep user logs or records.

There are free VPN services available, but they usually have slow download speeds, data caps, and are often unreliable when it comes to security. A trusted free one is Tor (which comes with its own browser). Paid VPN services with good reputations are Freedome (Freedome is simple to install and use, and it’s the favorite of some of my consultants) and TorGuard.

Tor Project and Browser
https://www.torproject.org/

Freedome VPN
https://www.f-secure.com/en/web/home_global/freedome

TorGuard VPN
https://torguard.net/


* Messenger apps

Signal is a fully-encrypted text and voice app available for both iOS and Android. Once you’ve installed the app on your phone, you use it like any messaging app.

One nice feature of Signal is that you can specify a message to delete itself in a set period of time. In Signal, simply tap the person’s name at the top of the text screen, Toggle Disappearing Messages, and use the slider to set the time.

WhatsApp is another encrypted messaging app. However, it’s owned by Facebook and they’re not exactly known for protecting their users’ information.

If you use Chrome for your browser, you can download a desktop version of Signal.

Download the Signal app:
iOS: in Apple App store
Android: Google Play


* Location tracking on your phone

Be careful of the apps you install on your phone and tablets. Check each one as you add it. Some will default to collecting ALL of your location data. However, many apps, such as Google Maps, have an option to only track your location when you’re using it.

A lot of photo apps also want to track your location. Some surprising phone apps that will track your location if you don’t change them are Wikipedia, many airline apps, Twitter, Snapchat, Grubhub, Evernote, and Chrome. Check each app’s defaults as you add it.


* Storing and Sharing Your Files Online

You might want to store documents or images online to share or view at remote locations. SpiderOak One is simple to use and will be very familiar to anyone who has used Dropbox. With SpiderOak, there’s a folder on your desktop called SpiderOak Hive. It works like the Dropbox folder: you simply drag files into the folder and they’re automatically uploaded to the server so that you can access them across your devices.

All of your SpiderOak files are encrypted end-to-end. Files on Dropbox’s servers are not encrypted and could be read by third parties. SpiderOak encrypts your data during transmission and uses a “zero knowledge” system to store your files. This means that while your data is on their servers no one else—including SpiderOak—can read it. Only you can decrypt the files. There are desktop, iOS, and Android versions available.

Download Links
https://spideroak.com/one/download/


* Search engines

DuckDuckGo
Unlike Google, DuckDuckGo doesn’t track your searches, so there’s no one peeking over your shoulder, looking for (and remembering) keywords they can use later to push ads to you. However, though it won’t track you, any searches you do through DuckDuckGo will be saved in your history just like Google searches. If you want to be extra careful, occasionally clear your browser history

You can add DuckDuckGo to your browser as an extension or use it from their site.
https://duckduckgo.com/

Disconnect
It uses Google’s search engine, but scrubs cookies and acts as an intermediary, so it’s more private. There are free and paid versions.
https://disconnect.me/


* Tracking cookies

Just as location tracking on your phone can reveal location, tracking cookies follow your movements as you move around the web. Here are some tools that will help you avoid being tracked.

Privacy Badger
Is a browser extension for Firefox, Chrome, and Opera. It stops advertisers and third-party trackers from finding where you go and what pages you look at on the web.
https://www.eff.org/privacybadger

Disconnect
Is a simple tracker blocker for most phones and tablets. It also provides secure web searching. There are premium versions with more features.
https://disconnect.me/

MacScan
Is software that will scan your harddrive for tracking cookies and malware that you might already be on your computer. It will also block future trackers from making their way onto your drive. It costs $49.99.
https://www.securemac.com/macscan


* Email Security

If you don’t want to handle your own email security, Protonmail is a completely encrypted mail service based in Switzerland. Depending on how you use email (and store old messages), the downside of Proton is that it can be expensive.

Protonmail
https://protonmail.com/

There are other email solutions. Using PGP (Pretty Good Privacy) will encrypt your email end-to-end. Setting up PGP can get a little complicated, but these articles can help you through the process.

PGP for Max OSX
https://ssd.eff.org/en/module/how-use-pgp-mac-os-x

PGP for Windows
https://ssd.eff.org/en/module/how-use-pgp-windows

PGP for Linux
https://ssd.eff.org/en/module/how-use-pgp-linux


* Burner Phones

A burner phone is a disposable model that usually comes with set number of minutes on it. It works like any other phone, but since it’s not your primary device, if anyone—for instance, law enforcement, an informer, or a thief—gets hold of it, they will only find the data associated with that phone. Burners are good phones to bring to demonstrations or actions, anywhere you might get arrested. Don’t put your contacts list on it. Don’t call a lot of friends or family, since the calls can be traced. Do put your lawyer’s number on the phone. You can buy burner phones at places such as Amazon, but you can also buy them at many corner stores and most airports. If you pay with cash, there will be no credit card trail for the purchase.


* Your DNS Settings

DNS is the Internet’s phone book. Every time you visit a site or send an email, your device looks for a DNS number through your ISP. Cloudflare is an online security with a good reputation. One new free service they offer lets you use their DNS system to surf the web. This means that your ISP won’t be tracking every site you visit or email you send or receive. Some ISPs even sell your DNS information to third-party vendors who can use it to target you with ads.

Here are simple instructions for switching to Cloudflare’s DNS system (via Lifehacker).

Windows

  • Pull up your Control Panel > Network and Sharing Center (or Network and Internet) > Change Adapter Settings (or View network status and tasks > Change Adapter Settings).
  • Right-click on your Ethernet or wi-fi connection and select Properties
  • Select Internet Protocol Version 4 (or 6) and click Properties
  • Click “Use The Following DNS Server Addresses”
  • For IPv4 (most people), use the addresses 1.1.1.1 and 1.0.0.1
  • For IPv6, use the addresses 2606:4700:4700::1111 and 2606:4700:4700::1001
  • Click OK, close the network settings window, and restart your browser

MacOS

  • Pull up System Preferences > Network
  • Click on your Ethernet or wi-fi connection and select Advanced
  • Click DNS, and clear out (minus sign) all the entries in the DNS Servers section
  • Click the plus sign and add 1.1.1.1 and 1.0.0.1 for IPv4, or 2606:4700:4700::1111 and 2606:4700:4700::1001 for IPv6
  • Click on OK, and then click on Apply. Close the Network window and restart your browser.

Android

  • You’ll have to use a static IP address to enable a custom DNS on Android, which is going to get complicated. Cloudflare recommends you configure your wireless router to use its DNS instead.
  • Pull up your router’s settings. (How you do that varies by what type of router you have; consult your router’s manual if you’re not sure how to do it.)
  • Locate the section in your router’s settings where you can change its DNS settings—again, this differs by router and could be buried under some kind of “Advanced” menu, so you might have to do a bit of searching.
  • Replace any of its DNS settings with Cloudflare’s: 1.1.1.1 and 1.0.0.1 for IPv4 or 2606:4700:4700::1111 and 2606:4700:4700::1001 for IPv6.
  • Save your settings and restart your router.

iOS

  • Tap on the Settings app > Wi-Fi > Tap on the “i” next to your wireless connection > Configure DNS, and then select Manual
  • Delete any existing DNS entries
  • Add two new entries: 1.1.1.1 and 1.0.0.1
  • Tap Save.

* How to Encrypt Data on Mac devices

For iOS devices

Data Protection setting for iPhones and iPads:

  1. Set a strong passcode for the device
  2. To make sure, go to Settings
  3. In Setting, go to Touch ID & Passcode
  4. Make sure Data Protection is enabled (scroll to the bottom of the screen). If you created a Passcode, Data Protection should be on automatically.

Mac desktops or laptops

Data Protection setting for your computers:

  1. Go to the apple at the top left of your desktop
  2. Click the apple and use the pulldown menu to highlight System Preferences
  3. Click the Security & Privacy button
  4. Click FileVault
  5. Click the lock at the bottom left of the screen and enter the administrator name and password
  6. Click Turn On FileVault
  7. Click the lock again to save the change

* Other useful resources

A DIY to Feminist Cybersecurity
https://hackblossom.org/cybersecurity/

EFF Surveillance Self-Defense
https://ssd.eff.org/en

The Smart Girl’s Guide to Privacy by Violet Blue
Available in print and ebook formats

How to encrypt your entire life in less than an hour
by Medium.com freeCodeCamp