grugq/free security advice.md

## free security advice.md

      
    Raw
  

              free security advice.md
            
          
    Simple Security Guidelines

Using an iDevice? (Best option)


Use an iPod or an iPad without a SIM card
Use an iPhone
Do not jailbreak
Always upgrade to new iOS versions
Use Brave browser

Need Secure chat?


Use Signal (iOS + Android)
Use Wire (iOS + Android)
Avoid desktop versions

Optional: use an iPad [Pro] with a smart keyboard

register Signal w/ a phone (burner, anonymous SIM, etc)
register Wire w/ an email address (ProtonMail is free)


Use Conversations w/ OMEMO (Android, unfortunately the only implementation of OMEMO for general use right now)
Use Coy.im on desktops
Do not use: Telegram, LINE, Kaokao, WeChat, Viber, Hangouts, etc.
WhatsApp, Facebook Messenger (Private chat), are acceptible (high security, high surveillance)

Using Android?


Do not root your device
Do not enable Developer Mode
Use a Nexus or Pixel (gets latest patches w/o carrier/vendor barrier)

Run the latest version, always
Optional: run CopperheadOS


Optional: use a flagship Samsung (or Nokia) purchased direct, not through a telco

These devices tend to get timely security updates


Don't have a Nexus or Pixel? Install LineageOS (official builds only)

Run the latest version, always


Use Brave browser

Using a ChromeBook?


Do not enable developer mode
Use Termux for a console environment

Using Windows?


Use 10 or 8.1, nothing earlier.
Use EMET

Using Office?


Do not enable macros. Ever.
Find and disable Flash

Using macOS?


Install patches and updates immediately
Enable the firewall

Disable "signed apps"
Enable "block inbound"
Optional: enable "stealth"


Install Objective-see tools

Do Not Disturb
BlockBlock
KnockKnock
RandsomWhere
Oversight


All:


Enable full disk encryption (FDE)

Use a special encrypted vault for sensitive files

VeraCrypt cross platform
CryFS (Linux, sorta macOS)
Encrypted disk image (macOS)


Require a password to unlock
Apply patches
Use backups. Secure your backups, they contain your secrets.

Use a password manager!


Use KeePass, free, cross platform, but clunky UI/UX
Use 1Password, not free, iOS/macOS, good UI/UX
Never use a cloud based password manager
Never enable integration between your browser and password manager

2FA


Enable two factor authentication whenever possible

OTPauth iOS/macOS only
Authy
FIDO (YubiKeys)
Duo
SMS (last resort, but better than nothing)


Web Browser


Use Chrome
Use Edge
Do not use Safari
Do not use IE
Do not use Firefox, yet (until they enable sandbox by default)

Use an ad blocker


Install uBlock Origin


Install HTTPS Everywhere


Install uBlock Origin Extra


Optional: Install Privacy Badger


Disable Flash (on Chrome you can still right click to play)


Use a VPN


(Self hosted option: algo) - Best
ProtonVPN offers free VPN service - Ok
CryptoStorm has a privacy preserving business model - OK
Use WireGuard, self hosted, still new but very promising - Good
Use Freedome (iOS, Android, macOS), not free, trivial to use - OK