Difference between revisions of "Security notes - security for the everyday person"

From Helpful
Jump to: navigation, search
m (Is it important to use a VPN?)
m (Is it important to use a VPN?)
Line 349: Line 349:
 
:: In most other places this is still illegal - with some exceptions, like government forcing ISPs to ban specific sites (happens in a few places, mostly for P2P, and fairly ineffective).
 
:: In most other places this is still illegal - with some exceptions, like government forcing ISPs to ban specific sites (happens in a few places, mostly for P2P, and fairly ineffective).
  
* "VPN masks your identity", "evades tracking", "you leave no trail" (Anonimizing)
+
* "VPN masks your identity", "evades tracking", "you leave no trail" (anonimizing)
 
:: Depends on who you're scared of.  
 
:: Depends on who you're scared of.  
 
::: If you think your ISP spies on you
 
::: If you think your ISP spies on you
Line 357: Line 357:
 
::: If you think sites track you
 
::: If you think sites track you
 
:::: doesn't apply if you log into sites.  Example: If you use a VPN to log into facebook, they know exactly who you are. They can't tell where you are by IP, but they can ask your browser.
 
:::: doesn't apply if you log into sites.  Example: If you use a VPN to log into facebook, they know exactly who you are. They can't tell where you are by IP, but they can ask your browser.
:::: doesn't necessarily if you don't log in either. Browser fingerprinting has existed since forever. VPN (or HTTPS) doesn't help, because it only applies to the communication, not to what the agent does with it. It's not immediately obvious what actual identity it's tied to, but there are often indirect tells. It ''sort of'' helps, but not when someone has specific interest in you.
+
:::: doesn't necessarily matter if you ''don't'' log in either - browser fingerprinting has existed since forever. VPN (or HTTPS) doesn't help, because it doesn't change what the endpoints say to each other, only who can listen on inbetween. Sure, even if you recognize a returning browser it's still not immediately obvious what actual identity it's tied to, but there are often indirect tells. It ''sort of'' helps, but ''not'' when someone has specific interest in you.
 
::: Use around devices/apps (like phones, skype) that are a little more blabby/leaky around the edges than necessary, giving hints of who and where you are. VPN helps here.
 
::: Use around devices/apps (like phones, skype) that are a little more blabby/leaky around the edges than necessary, giving hints of who and where you are. VPN helps here.
 
::: If you're talking P2P, know that there are companies that do purpose-built tracking - because there's so much of it and lessening (scaring and/or sueing you makes sense) makes it cheaper to run the network.
 
::: If you're talking P2P, know that there are companies that do purpose-built tracking - because there's so much of it and lessening (scaring and/or sueing you makes sense) makes it cheaper to run the network.
Line 364: Line 364:
  
 
* "lower latency"
 
* "lower latency"
: in general, it can only increase your latency, because you are introducing a routing step
+
: you are adding a routing step, and the first step(s) do not change, so it can only increase your latency
: ''if'' your ISP is doing content based throttling, you should get more predictable, and possibly lower average ping for the services it is throttling
+
: some VPN services add more than others that increases it less, but generally there's little difference
: you can choose a VPN service that increases it less, but generally there's little difference
+
: they only way it can be better is ''if'' your ISP is actively doing content-specific throttling. It might still not be lower, but it might be more predictable. For the services/content it is throttlling.
  
 +
 +
* "But they have my IP"
 +
: Yeah. So?
 +
: It's just a number. The worst you can do with it is guess where you live, to within maybe kilometers. Your phone is an order better at that job, and does it actively and quietly, and somehow you don't mind that. Seems to me that neither matters, or both.
  
  

Revision as of 20:25, 29 September 2022

Security related stuff.

Practical


Theory / unsorted



how to do a login system badly
how to do encryption badly
encrypted connections
data-at-rest encryption

Is it important to use antivirus/malware protection?

Is it important to encrypt my laptop or phone?

Is it important to encrypt my PC?

Is it important to use a password manager?

Is it important to use a VPN?

Is it important to use secure mail?

So these messenging apps are the end-all then?