Security notes - security for the everyday person: Difference between revisions
Jump to navigation
Jump to search
(2 intermediate revisions by the same user not shown) | |||
Line 64: | Line 64: | ||
==Is it important to encrypt...=== | ==Is it important to encrypt...=== | ||
===Is it important to encrypt my laptop or phone?== | ===Is it important to encrypt my laptop or phone?=== | ||
<!-- | <!-- | ||
tl;dr: | tl;dr: | ||
* if you think | * if you think it'll get stolen specifically for the data on it, sure | ||
* it helps against some [[evil maid]] style attacks | |||
* if you think a not-specifically-interested thief might still poke around, and want peace of mind that they can't, yes | |||
:: it's not hard to lose a phone | |||
* do not assume encrypted devices do much against law enforcement, | * do not assume encrypted devices do much against law enforcement, | ||
:: in that in a lot of places, you are more or less ''required'' to give them access somehow, and your refusal will have implications | :: in that in a lot of places, you are more or less ''required'' to give them access somehow, and your refusal will have implications | ||
* if you want to sure that after the next reboot people will have a ''hard'' time getting in, yes. | |||
: '''but''' If it's still on, you might be protected by nothing other than screen lock | |||
Line 79: | Line 88: | ||
{{comment|(and unlike most other kinds of devices, not taking them there ''defeats their point'' so people just ''will do that'')}}. | {{comment|(and unlike most other kinds of devices, not taking them there ''defeats their point'' so people just ''will do that'')}}. | ||
But also that more design went into | |||
Line 140: | Line 150: | ||
--> | --> | ||
==Is it important to encrypt my PC?== | ===Is it important to encrypt my PC?=== | ||
<!-- | <!-- | ||
tl;dr: | |||
: if you think it'll get stolen specifically for the data on it, yes. | |||
: it helps against some [[evil maid]] style attacks | |||
: if you | : if you think a not-specifically-interested thief might still poke around, and want peace of mind that they can't, yes | ||
: yet practically | : yet practically | ||
:: people don't generally take their PCs anywhere - LAN parties happen... less than since the nineties | :: people don't generally take their PCs anywhere - [[LAN parties]] happen... less than since the nineties | ||
:: the first two of the above assumes you are a person of interest, and someone is taking the time specifically on you | |||
:: even theft by non-interested people is not too much threat. Yes, they could poke around, but chances are that they or the next owner will just reinstall the thing. | :: even theft by non-interested people is not too much threat. Yes, they could poke around, but chances are that they or the next owner will just reinstall the thing. | ||
Line 163: | Line 175: | ||
:: ...or other things | :: ...or other things | ||
* added disks would have to be separately encrypted | * added disks would have to be separately encrypted | ||
--> | |||
<!-- | |||
===Is it important to have secure boot / Trusted Execution features / pre-boot authentication=== | |||
It depends on your threat model. | |||
Each of these helps in different ways, | |||
but none of them may be overly relevant. | |||
Say, if you have full disk encryption, physical access does not immediately get people into that data, | |||
but you might care about an [[evil maid]] style attack -- someone tampering with an unattended device, | |||
in this case e.g. to get you to type a password into something that is something else. | |||
Secure boot help ensure you are typing a password into the right thing. | |||
At least, it ups the stakes of the attack - which would now have to replace ''firmware'', | |||
which is very high-effort (complex and model-specific). | |||
Trusted execution | |||
Pre-boot authentication e.g. disables drive reads until, | |||
it e.g. means people cannot boot a liveUSB environment without ''you'', | |||
but neither of these things adds anything when you use full-disk encryption anyway. | |||
Pre-boot auth | |||
Full disk encryption ups the | |||
However, if the device is password protected, as with full disk encryption, the firmware of the device needs to be compromised, usually done with an external drive | |||
Line 341: | Line 395: | ||
Most people are not helped by them, but it depends on your [[threat model]]. | |||
If not, you might just buy into [[fear, uncertainty, and doubt]], and/or a sales pitch, and are not more secure. | |||
Which can even have net-negative effect, when nothing changed, | |||
when you only ''think'' you are safer, and act more careless. | |||
'''Do you want to be anonymous?''' | |||
Your ISP knows who you are. | |||
You specifically told them when you asked them to put hardware in your house. | |||
Instagram, facebook, and twitter know who you are. | |||
You specifically tell them every time you log in. VPN ''cannot'' do anything to change that. | |||
Sites that do not ask for login (and do not try to track you) already didn't know before, and still don't with VPNs. | |||
Sites that do [[browser fingerprinting]] tricks to try always worked, and still do with VPNs. | |||
So nothing changed. | |||
'''Do you want to be harder to place?''' | |||
Internet address based [[geolocation]] will generally do no better than place you in a city | |||
(See also [[Javascript_notes_-_browser_related,_APIs#Geolocation_API]]), | |||
but there are people, such as livestreamers, who do care about that. | |||
With VPNs, IP geolocation will locate the VPN servers instead. | |||
...assuming, of course, you don't tell that site it is allowed to geolocate you in other ways. | |||
'''Do you want to hide your browsing traffic from passive snooping (e.g. coffee shop)?''' | |||
For one, this is sort of illegal, so generally not done | |||
If you want to hide your browing traffic -- -- it 99% was already | |||
Latest revision as of 17:32, 27 June 2024
Security related stuff.
Securing services
Unsorted - · Anonymization notes · website security notes · integrated security hardware · Glossary · unsorted |