Difference between revisions of "Security notes - security for the everyday person"

From Helpful
Jump to: navigation, search
m (Is it important to use a VPN?)
m (Is it important to use a VPN?)
Line 245: Line 245:
  
  
That said, while most people wouldn't get much out of one, there are a somea few ''types'' of online presences are better off with one.
+
That said, while most people wouldn't get much out of one, there are a some few ''types'' of online presences are better off with one.
  
  
  
 +
Upsides
 +
* getting around country restrictions, or even just sites that overzealously switch you to the country you're in while traveling
 +
: ...using VPN not for its security, privacy, or encryption, just the fact it is effectively a [[proxy]] to elsewhere
  
  
Upsides
 
 
* Defeating listening/blocking as sometimes done on public WiFi (usually illegal, but that doesn't mean they don't)
 
* Defeating listening/blocking as sometimes done on public WiFi (usually illegal, but that doesn't mean they don't)
:: Redundant in that: other WiFi clients already can't snoop on you (because of how WiFi works), except with some specialist hardware
 
 
:: Redundant in that: the network behind it can't snoop on HTTPS traffic, which is now common (and always was on banks and such)
 
:: Redundant in that: the network behind it can't snoop on HTTPS traffic, which is now common (and always was on banks and such)
 +
:: Redundant in that: other WiFi clients already can't snoop on you (because of how WiFi works), except with some specialist hardware
 
:: useful in that: the network behind it ''can'' listen to plain HTTP, and DNS lookups, and SNI headers (and block based on each)
 
:: useful in that: the network behind it ''can'' listen to plain HTTP, and DNS lookups, and SNI headers (and block based on each)
:: useful in that: that network cannot see what you're connecting to, e.g. "logging into work"  
+
:: useful in that: that network cannot see what you're connecting to, e.g. "logging into work"
  
* the above may at most revealing where you work, or what you are interested in
+
* the above may reveal very little - e.g. where I work or what I'm interested in
:: which I generally wouldn't care about
+
:: which I generally wouldn't care about, and most places wouldn't care to collect (can't correlate it to much)
 
:: but I also don't mind people ''not'' knowing that
 
:: but I also don't mind people ''not'' knowing that
  
  
* defeating trackability of people who are specifically interested in you
+
* defeating some of the trackability of people who are specifically interested in you
 
: (...but please don't bait scammers unless you know what you're doing)
 
: (...but please don't bait scammers unless you know what you're doing)
  
 
* people wishing not to get doxxed.
 
* people wishing not to get doxxed.
 
: say, livestreamers.
 
: say, livestreamers.
: lets you hide your home IP address. That only lets people narrow down to area, maybe city - but is still a reasonable defense -- (assuming it is not your only one!)
+
: lets you hide your home IP address. IP usually only gives you area, maybe city - but is still a reasonable defense (assuming it is not your only one!)
  
  
 
+
* avoiding warnings from your own ISP (or others) for using P2P
* getting around country restrictions
+
: this won't be in the ads for dubious-legality reasons
: ...using VPN not for its security, privacy, or encryption, but for the fact it is effectively a [[proxy]] to elsewhere
+
 
+
* avoiding warnings from your own ISP for using P2P
+
: this and the previous are not in the ads for dubious-legality reasons
+
 
+
* defeating P2P tracking
+
  
  
Line 292: Line 288:
  
 
Downsides:
 
Downsides:
* slower. How much varies, and many uses are not heavy enough for you to notice this limit
+
* slower. How much varies, and many uses are not heavy enough for you to notice this slowdown
  
 
* may give a false sense of security  
 
* may give a false sense of security  
 
:: most people don't realize what it ''doesn't'' protect. Basically, see all of the 'Neither' section below
 
:: most people don't realize what it ''doesn't'' protect. Basically, see all of the 'Neither' section below
  
* the VPN servers you use may be logging a ''bit'' more than nothing (to stay legal)
+
* the VPN servers you use may be logging a ''bit'' more than nothing (to stay legal wherever they are located)
 
:: generally short-term logs for a mix of reasons, because applicable law requires it, or because the company can evade a lot of liability if they do.  
 
:: generally short-term logs for a mix of reasons, because applicable law requires it, or because the company can evade a lot of liability if they do.  
 
:: Meaning that if a government actively has a warrant to request who the other side of a specific VPN IP is at a specific time, they will probably get it - if requested within reasonable time.
 
:: Meaning that if a government actively has a warrant to request who the other side of a specific VPN IP is at a specific time, they will probably get it - if requested within reasonable time.
Line 306: Line 302:
 
What you may think it does, but doesn't:
 
What you may think it does, but doesn't:
 
* "VPN makes your internet connection faster"
 
* "VPN makes your internet connection faster"
:: No. Also,that's vague. See the next two points.
+
:: No. Also, that's vague. See the next two points.
  
 
* "VPN makes your latency lower"
 
* "VPN makes your latency lower"
 
:: It can't. ''The very nature of what it does'' is an extra step in routing: via the VPN servers
 
:: It can't. ''The very nature of what it does'' is an extra step in routing: via the VPN servers
 
:: it may not add much at all. And if it adds very little, the tradeoff of what it gives you may be well worth it, but it ''doesn't'' reduce it.
 
:: it may not add much at all. And if it adds very little, the tradeoff of what it gives you may be well worth it, but it ''doesn't'' reduce it.
:: if a test somehow shows this, that test is extremely forced in a way we can, and must, get technical about.
+
:: if a test somehow shows lower latency, that test is extremely forced in a way we must get technical about.
  
 
* "VPNs make for faster download speeds"
 
* "VPNs make for faster download speeds"
 
:: Generally not.
 
:: Generally not.
 
:: may have slight negative effect, depending on the case, but generally not much.
 
:: may have slight negative effect, depending on the case, but generally not much.
:: the only reason it would be positive is that someone is specifically slowing that download
+
:: the only reason it would be positive is that someone is specifically slowing that download, and now cannot
::: e.g. your ISP, based on type of download
+
::: if so, yeah, a VPN would be a good stopgap - while you take country-wide legal action to what is probably illegal for your ISP to do, or that you ''want'' to make a big fuss about making illegal.  
:::: in which case yeah, a VPN would be a good stopgap - while you take country-wide legal action to what is probably illegal for your ISP to do, or that you ''want'' to make a big fuss about making illegal.  
+
 
  
 +
* "It makes you anonymous, protecting your identity or privacy"
 +
: to who? The sites you visit and log in to with your personal information? Not so much.
 +
: Even when you don't log in, sites can use other tracking methods. They are more statistical and less certain, but do more than you may think, and VPNs do very little againt them
 +
: not least of which that there are many other ways you reveal yourself, knowingly or unknowingly
 +
: it's potentially ''dangerous'' to think yourself more anonymous than you are.
  
* it may help you be more anonymous, but is absolutely no guarantee, for multiple reasons
 
  
* it doesn't protect your identity or privacy, not in any absolutely meanings of those terms anyway
+
* "Protects you from hackers, scammers, phishers"
:: sure, your your ISP doesn't know anymore, but the endpoint, the sites you connect to, do when the first thing you'll do at most websites is log in and tell them exactly who you are
+
: there are a few specific attacks it protects against
:: particularly if you use a web browser. Even when you don't log in, sites can use other tracking methods. They are more statistical and less certain, but do more than you may think
+
: and many more that it has no effect on at all
 +
: Note that any attacks that rely more on human mistake, not technical weakness, ''cannot'' have a technical solution.
  
* does not protect you from hackers, scammers, phishers -- basically at all
 
:: There's a few specific things it protects against, sure.
 
:: but ''many more'' it has no effect on.  Note that most of that list relies more on human mistake, not technical weakness, so ''cannot'' have a technical solution.
 
  
 
* you've not removed the point of possible corruptibility, you've ''moved'' it
 
* you've not removed the point of possible corruptibility, you've ''moved'' it

Revision as of 22:29, 27 June 2022

Security related stuff.

Practical


Theory / unsorted



how to do a login system badly
how to do encryption badly
encrypted connections
data-at-rest encryption

Is it important to use antivirus/malware protection?

Is it important to encrypt my laptop or phone?

Is it important to encrypt my PC?

Is it important to use a password manager?

Is it important to use a VPN?

Is it important to use secure mail?

So these messenging apps are the end-all then?