Here are a few suggestions on good practices while using computers daily life. In this guide we mentioned a few major habits or tools., and then we also provide links to documents to learn more about those habits or tools.
You should read the previous chapter first, and then only start reading this chapter.
Use strong and unique passwords¶
We should use unique passwords in different places. Otherwise, if someone can get hold of one of your password, they can break into other sites/places with the same password. We suggest using diceware to generate all of your passwords. To learn more, please read this blog post.
Use password managers¶
Do not keep the computer unlocked¶
If you are not in front of the computer, then always lock the screen. Do not keep the computer unlocked, let it be inside your house, or in your hostel, or in anywhere else. This is again an habit, and it takes time to make this habit. Having the computer always password protected will make sure that any person can not directly access your computer even if you are not front of the computer for few minutes.
Cover up your webcam¶
Over the last few years it became very well known that big agencies and criminals can access people’s webcams and record without anyone knowing. Covering up your laptop webcam will protect you at one level against these criminal activities. Here is story which talks about how the FBI director also puts up a tape on his laptop’s webcam.
Keep your machine updated¶
Always keep all the software updated. There are always new security updates available, and we should install them as soon as possible. This is true not only for normal computers, but, also for mobile phones and any other modern smart home internet things.
If you don’t update your computer regularly, or else an attacker can find out the vulnerabilities in older version of the software or in the older version of the operating system you are running and attack your computer. Remember your threat model, think about what all things can go wrong if someone gets access your computer because of older vulnerable software.
Take regular backups¶
One should always backup their computer, and if possible more than one backup copy. For example, you should at least backup your ssh keys, gpg keys, and all other important configs in couple of encrypted usb drives.
Learn how to encrypt your USB drives below
Enable 2 factor authentication¶
Enable 2 factor authentication in all the websites or applications (if they allow it). This will provide a second layer of security incase someone finds your password.
If possible also stay away from SMS based 2 factor authentication. Instead, use the mobile applications like FreeOTP, Google Authenticator, Authy. These generates time based tokens which can be used as 2FA.
To know more which all sites provides 2 factor authentication, visit https://twofactorauth.org.
Encrypt all USB drives¶
While installing Linux in your system, you can encrypt the whole drive. This will help in case your laptop is stolen or taken away by someone. This also means try to keep your laptop in shutdown state most of the time, so that to boot the system, one will have to provide the encryption password.
The same goes to the all USB devices you use. We have much bigger chance to misplace or forget about small USB devices. How to encrypt USB devices using LUKS has all the details you need to know to encrypt or decrypt any USB device.
Once again this is tied to your threat model, if you share or copy any kind of sensitive documents (or example personal photos, or bank documents, or vital other documents), having them in an encrypted device will help in case the drive gets lost, or stolen.
Do not download and install random software from internet¶
Do not download software from any random site and install them on your computer. They may have malware or virus in them, which can attack not only your computer, but also all the computers in the network. The same goes about any software which says to execute some random shell script from internet.
On the other hand, one should always check different applications installed in a computer, and remove the applications which we are not using regularly. This will reduce the attack surface.
Do not plug random USB devices into your computer¶
If you ever find any random USB device in the parking lot, or on footpath, or in college, do not plug that into your computer. This is one easiest way people spread malware and systems get compromised. The same goes for [any USB device handed over in a conference](https://www.bbc.com/news/technology-43128073) or by booths at the street side.
Use the following browser plugins for better privacy¶
Install the above mentioned plugins in your favorite browser. They are available for both Firefox and Google Chrome browsers.
Use Tor for almost everything¶
Start using Tor browser for daily life. Read the previous chapter on Tor Project to know more. You may want to split your browsing between different browsers. For example, you can use one of the browsers (Firefox or Google Chrome) for your email and github accounts, one for all banking purpose. And then use Tor for the rest.
If you start using Tor Browser for social media sites like Facebook or Twitter, or reading different news websites, it will be difficult for anyone to track your browsing history. Tor Project published a blog post explaining this in details.
Your local ISP will know that you are using Tor, but, they will not have any clue about what all sites you are visiting. Visit the EFF site to understand who all can see which part while you are using Tor.
One strategy can be using more than one browser, say using Google Chrome for your gmail or youtube accounts, and then use Firefox for banking and other important tasks. Then you can move all of your other browsing in the Tor Browser.
About communication tools on phone¶
Do not use Telegram or even have it installed on your phone. You can use Signal for any kind end-to-end encrypted communication from your phone (it is available for your Linux desktop too). Martin again wrote another amazing guide for Signal.
Also always rememeber that end-to-end encryption does not mean no one can ever read your messages, the other person can loose the phone or someone may steal your phone. Some times some friend may just want to check those amazing photos on your phone, and then click on the Signal app and read all the messages there.
(Original work: https://www.xkcd.com/538/ )
Do not install random certificate on the browser¶
Do not trust any random certificate from internet. Only trust the certificates come as bundled with the browser. For example, in this tweet one government agency asked people to install a certificate from Root Certifying Authority of India. But, the same is already blacklisted for issuing fake certificates.
Talks from around the world¶
Below are a few talks on OPSEC from different conferences around the world.