Here are a few suggestions on good practices while using computers daily life. In this guide we mention a few major habits or tools., and then we also provide links to documents to learn more about those habits or tools.
You should read the previous chapter first, and then only start reading this chapter.
But, always remember, no technology can help mitigate risks from user errors. So, think before you click any link or execute any random command.
Keep your machine updated¶
Always keep all the software updated. There are always new security updates available, and we should install them as soon as possible. This is true not only for desktop computers and laptops, but, also for mobile phones and any other modern smart home internet connected things.
If you do not update your computer regularly an attacker can find out the vulnerabilities in older version of the software or in the older version of the operating system you are running and attack your computer. Remember your threat model, think about what all things can go wrong if someone gets access your computer because of older vulnerable software.
Use strong and unique passwords¶
We should always use unique passwords in different places. Otherwise, if someone can get hold of one of your passwords, they can break into other sites/places with the same password. We suggest using diceware to generate all of your passwords. To learn more, please read this blog post.
Use password managers¶
Do not keep the computer unlocked¶
If you are not in front of the computer, then always remember to lock the screen. Do not keep the computer unlocked, let it be inside your house, or in your hostel, or in anywhere else. This is again an habit, and it takes time to make this habit. Having the computer always password protected will make sure that any person can not directly access your computer even if you are not front of the computer for few minutes.
The following is an incident where a child typed things in to the Twitter account of the US Strategic Command.
Cover up your webcam¶
Over the last few years it became very well known that certain surveillance focused agencies and criminals can access webcams and record without the knowledge of the user. Covering up your laptop webcam will protect you at one level against these criminal activities. Here is story which talks about how the FBI director also puts up a tape on his laptop’s webcam.
Take regular backups¶
One should always backup their computer, and if possible more than one backup copy. For example, you should at least backup your ssh keys, gpg keys, and all other important configuration files in more than one encrypted usb drives.
Learn how to encrypt your USB drives below
Enable 2 factor authentication (2FA)¶
Enable 2 factor authentication for all the websites or applications (if they support 2FA). This will provide a second layer of security incase someone finds your password.
If possible also stay away from SMS/text based 2 factor authentication. Instead, use the mobile applications like FreeOTP, Google Authenticator, Authy. These generates time based tokens which can be used as 2FA.
To learn more, read the guide on 2FA.
To know more which all sites provides 2 factor authentication, visit https://twofactorauth.org.
Encrypt all USB drives¶
While installing Linux on your system, you can encrypt the entire drive. This will help in the event your laptop is stolen or taken away by someone. This also means that it is a good practice to keep your laptop in shutdown state when it is not being used. This would mean that to boot the system, one will have to provide the encryption password.
- For mac follow this guide.
The same goes for all USB devices you use. We have much bigger chance to misplace or forget about small USB devices. How to encrypt USB devices using LUKS has all the details you need to know to encrypt or decrypt any USB device.
Once again this is linked to your threat model, if you share or copy any kind of sensitive documents (or example personal photos, or bank documents, or vital other documents), having them in an encrypted device will help in case the drive gets lost, or stolen.
Do not download and install random software from internet¶
Do not download software from any random or unknown site and install them on your computer. They may have malware or virus in them, which can attack not only your computer, but also all the computers in the network. The same goes about any software which needs to execute some random shell script from the internet.
On the other hand, one should always check different applications installed in a computer, and remove the applications which we are not using regularly. This will reduce the attack surface.
Do not plug random USB devices into your computer¶
If you ever find any unknown USB device in the parking lot, or on footpath, or in college, do not plug that into your computer. This is one easiest way people spread malware and systems get compromised. The same goes for [any USB device handed over in a conference](https://www.bbc.com/news/technology-43128073) or by booths at the street side.
Use the following browser plugins for better privacy¶
Install the above mentioned plugins in your favorite browser. They are available for both Firefox and Google Chrome browsers.
Use Tor for almost everything¶
Start using Tor browser for daily life. Read the previous chapter on Tor Project to know more. You may want to split your browsing between different browsers. For example, you can use one of the browsers (Firefox or Google Chrome) for your email and github accounts, one for all banking purpose. And then use Tor for the rest.
If you start using Tor Browser for social media sites like Facebook or Twitter, or reading different news websites, it will be difficult for anyone to track your browsing history. Tor Project published a blog post explaining this in details.
Your local ISP will know that you are using Tor, but, they will not have any clue about what all sites you are visiting. Visit the EFF site to understand who all can see which part while you are using Tor.
One strategy can be using more than one browser, say using Google Chrome for your gmail or youtube accounts, and then use Firefox for banking and other important tasks. Then you can move all of your other browsing in the Tor Browser.
About communication tools on phone¶
Do not use Telegram or even have it installed on your phone. You can use Signal for any kind end-to-end encrypted communication from your phone (it is available for your Linux desktop too). Martin again wrote another amazing guide for Signal.
Also always rememeber that end-to-end encryption does not mean no one can ever read your messages, the other person can loose the phone or someone may steal your phone. Some times some friend may just want to check those amazing photos on your phone, and then click on the Signal app and read all the messages there.
(Original work: https://www.xkcd.com/538/ )
Do not install random certificate on the browser¶
Do not trust any random certificate from internet. Only trust the certificates come as bundled with the browser. For example, in this tweet one government agency asked people to install a certificate from Root Certifying Authority of India. But, the same is already blacklisted for issuing fake certificates.
Talks from around the world¶
Below are a few talks on OPSEC from different conferences around the world.