Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
BCM
Member Login

Posted: 1/10/2021 11:39:30 PM EST
With the current political climate, it's not outside the realm of possibility that digital security will be extremely important for conservatives and gun owners in the not-too-distant future.

There are a lot of people on Arfcom with piss poor security habits. I was thinking there are also enough people here with expertise in computers and security that a pretty effective guide could be created, so fellow Arfcommers can step up their game.

I'm thinking topics like password selection and management, multi-factor authentication, disk encryption, tightening up Windows telemetry, alternate operating systems, virtual machines, VPNs, TOR, backups, secure communication (e-mail, end-to-end encrypted text, encrypted voice), browser selection and extensions, cell phone security, etc. might be useful to a lot of people.

Is anybody interested in helping out with something like this?

@subnet
@bcauz3y
Link Posted: 1/11/2021 12:09:17 AM EST
[Last Edit: 1/11/2021 12:11:48 AM EST by WhyTanFox]
https://tozny.com/blog/data-privacy-activists/


Link left cold.

also,

https://duckduckgo.com/?q=disable+referrer

maybe add "+{name of browser you use}" at the end.

ETA I usually shit on VPNs for general web browsing, but they are a Very Good Thing if you regularly use public wifi... but that's kind of like saying "always wear a condom when fucking whores".
Link Posted: 1/11/2021 1:07:41 AM EST
Run Pi-hole on your local network. Much easier to block a lot of Microsoft, Amazon and Google telemetry at this level.
Link Posted: 1/11/2021 5:05:45 AM EST
[Last Edit: 1/11/2021 5:13:27 AM EST by the-fly]
OP, your suggestion is excellent, but...

It would take a fairly large book to do this topic justice.  The topics you'd need to explain are quite technical, and there's a lot of them.  My experience is that the vast majority of people do not want to take the time and effort to be safe and secure with digital technology, its easier for them to be a button pusher and treat it all as magic.  Here's just a few of the topics you'd need to cover.

Basic digital communications theory.  What digital data is, how its measured (bits, bytes, etc), and how it gets moved around and stored.
Basic theory of how a modern computing device works (be it a laptop, cell phone, or desktop computer).  Emphasis on how these devices can be used against you.
How the internet works, covering TCP/IP, DNS, and how ISP's route traffic.  Heavy emphasis on how network owners can monitor you.
VPN's, theory and practice.  Going into depth on what they can and can't do for you in terms of privacy
Encryption ciphers - the basics on how they work, and what they can and can't do
Wireless networks and ham radio (Wifi, Cellular, and general RF security topics)
Web Sites, Web Browsers, how they interact, and how you can be tracked (cookies, HTTPS, etc).  
NSA's mass surveillance - History of, Snowden's leaks, and what they can do for sure, what they might be able to do, and what they probably can't do
Data Mining - how small bits of information from different sources can be combined to get a detailed picture of you and your activities online.
Social Media - the incredible dangers of it from a privacy point of view.
Email, how it works, how to do it securely
SMS, a gold mine for the Telco's and Feds to use against you.


I'm sure there's a LOT more that I'm over looking.

Link Posted: 1/11/2021 11:23:11 AM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By the-fly:
OP, your suggestion is excellent, but...

It would take a fairly large book to do this topic justice.  The topics you'd need to explain are quite technical, and there's a lot of them.  My experience is that the vast majority of people do not want to take the time and effort to be safe and secure with digital technology, its easier for them to be a button pusher and treat it all as magic.  Here's just a few of the topics you'd need to cover.

Basic digital communications theory.  What digital data is, how its measured (bits, bytes, etc), and how it gets moved around and stored.
Basic theory of how a modern computing device works (be it a laptop, cell phone, or desktop computer).  Emphasis on how these devices can be used against you.
How the internet works, covering TCP/IP, DNS, and how ISP's route traffic.  Heavy emphasis on how network owners can monitor you.
VPN's, theory and practice.  Going into depth on what they can and can't do for you in terms of privacy
Encryption ciphers - the basics on how they work, and what they can and can't do
Wireless networks and ham radio (Wifi, Cellular, and general RF security topics)
Web Sites, Web Browsers, how they interact, and how you can be tracked (cookies, HTTPS, etc).  
NSA's mass surveillance - History of, Snowden's leaks, and what they can do for sure, what they might be able to do, and what they probably can't do
Data Mining - how small bits of information from different sources can be combined to get a detailed picture of you and your activities online.
Social Media - the incredible dangers of it from a privacy point of view.
Email, how it works, how to do it securely
SMS, a gold mine for the Telco's and Feds to use against you.


I'm sure there's a LOT more that I'm over looking.

View Quote


This is exactly why I think having an Arfcom-built best practices guide is a good idea. I think a guide that is somewhere between the Inside Baseball stuff you're discussing and the typical GD "disable SSID broadcast" idiocy would be a really good thing to shoot for. To translate it into gun terms, a lot of Arfcommers are at the "TV and movies" level of proper gun handling, while what you're thinking is the "hand loading rounds to get an additional 0.25 MOA for the High Power competition" level. I'm thinking something more along the lines of taking a new gun owner to the range and teaching them enough so they won't kill themselves or somebody else when they head to the range themselves on a Sunday afternoon.

I don't need to know the details of the NSA mass surveillance programs to know if I'm going to a protest that I should leave my phone at home. I don't need to know the specifics of SMS technology to know that if I'm going to text anything sensitive, I should use Signal or Wickr. I'm not a computer guy by training; my degree is in economics. But in econ, we use models to simplify a lot of details that don't necessarily matter to the issue at hand. I'm envisioning a kind of "digital security model" that we could use to gloss over a lot of the details to get to a set of workable, day-to-day practices that would vastly increase a lot of users' security.

The benefit to having it done by Arfcommers for Arfcommers is that it could take into account a more nuanced threat model than a lot of the guides that are already available. And, it would have the benefit of being somewhat more trustworthy, since it's coming from Arfcommers.
Link Posted: 1/11/2021 11:50:09 AM EST
Forgot about Pi Hole, been on my to-do list for a couple years. I need to get off my ass and get it fired up....
Link Posted: 1/11/2021 12:07:33 PM EST
I have started taking notes about a number of topics that might improve the sorry state of the communication and computer awareness of ARF with the intention of creating threads on topics to collect information in a digestible form.

Anyone wanting to get started can start really reading the topics as they come up naturally here.  If you have to, take notes, start a file with links, etc.  Every computer knowledgeable person will have a different opinion about what is important, and how hard things are to do. Keep that in mind. There are no "right" answers to a lot of it but having enough context to make your own choices is really important.  DO NOT SPEND MONEY until you have gotten an idea about things. It really bothers me when people say "I bought Norton" and they think it fixed something. More than likely, they are worse off and got scammed out of money. You can make significant real world improvement to your security situation without spending a dime.

Realistically though, it's tons and tons of time learning, reading, and experimenting with things.
Link Posted: 1/11/2021 10:27:53 PM EST
[Last Edit: 1/11/2021 10:31:26 PM EST by CAM_PIN]
Even though I suspect that this is intended for a lefty audience, EFF has a guide that could be used

EFF Surveillance self defense
Link Posted: 1/12/2021 1:40:38 AM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By RR_Broccoli:
I have started taking notes about a number of topics that might improve the sorry state of the communication and computer awareness of ARF with the intention of creating threads on topics to collect information in a digestible form.

Anyone wanting to get started can start really reading the topics as they come up naturally here.  If you have to, take notes, start a file with links, etc.  Every computer knowledgeable person will have a different opinion about what is important, and how hard things are to do. Keep that in mind. There are no "right" answers to a lot of it but having enough context to make your own choices is really important.  DO NOT SPEND MONEY until you have gotten an idea about things. It really bothers me when people say "I bought Norton" and they think it fixed something. More than likely, they are worse off and got scammed out of money. You can make significant real world improvement to your security situation without spending a dime.

Realistically though, it's tons and tons of time learning, reading, and experimenting with things.
View Quote


I agree, but at the same time I think there are a lot of things that most people would agree are good steps to take, which the average Arfcommer might not be doing. Creating complex passwords and not reusing them, making sure you don't have a bunch of shady Chinese IoT devices on your main network, using Signal or Wickr instead of SMS, enabling full disk encryption on their computers and phones, using good 2FA where it's possible...things like that are relatively simple for the average user to implement, provide significant security improvements as opposed to not using them, and typically don't create a ton of drawbacks. And people can realize benefits from this without understanding the details behind end-to-end encryption or the specifics of how a shady Chinese smart coffee maker introduces vulnerabilities to their network.
Link Posted: 1/12/2021 7:34:05 AM EST
I agree with OP. I think there is potential for something valuable to a lot of members who aren't interested in, for example, the difference between AES and Twofish, but want to encrypt their data.

It wouldn't be hard to write a guide that just sums up what the best option is if you want to secure X, with limitations Y. Most users here probably aren't going to want to switch to Qubes or run their own email server. But I think a lot of people would use Veracrypt to encrypt their entire Windows PC, use Signal to encrypt their messages (in transit), use Tails to browse securely. These solutions aren't perfect security, but as long as people understand the limitations, it is a big improvement.

We are all pulled in a lot of different directions these days. We've got full time jobs and responsibilities, and many of us want to train, shoot, workout, and coordinate on top of that. Not everyone has the time to dedicate to get deep into tech stuff, and the reality is that a surface-level understanding of these issues can sometimes do more harm than good. I'd be happy to help write something useful to members here if anyone would like to do so.
Link Posted: 1/12/2021 7:39:31 AM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By CAM_PIN:
Even though I suspect that this is intended for a lefty audience, EFF has a guide that could be used

EFF Surveillance self defense
View Quote

What I linked to was intended for a progressive audience; EFF is non-partisan, their cause is freedom first and foremost.
Link Posted: 1/12/2021 7:48:40 AM EST

Read/podcast:

https://inteltechniques.com/


Top Top