Skip to content

Instantly share code, notes, and snippets.

@grugq
Last active June 25, 2024 22:51
Show Gist options
  • Save grugq/353b6fc9b094d5700c70 to your computer and use it in GitHub Desktop.
Save grugq/353b6fc9b094d5700c70 to your computer and use it in GitHub Desktop.

Simple Security Guidelines

Using an iDevice? (Best option)

  • Use an iPod or an iPad without a SIM card
  • Use an iPhone
  • Do not jailbreak
  • Always upgrade to new iOS versions
  • Use Brave browser

Need Secure chat?

  • Use Signal (iOS + Android)
  • Use Wire (iOS + Android)
  • Avoid desktop versions
    • Optional: use an iPad [Pro] with a smart keyboard
      • register Signal w/ a phone (burner, anonymous SIM, etc)
      • register Wire w/ an email address (ProtonMail is free)
  • Use Conversations w/ OMEMO (Android, unfortunately the only implementation of OMEMO for general use right now)
  • Use Coy.im on desktops
  • Do not use: Telegram, LINE, Kaokao, WeChat, Viber, Hangouts, etc.
  • WhatsApp, Facebook Messenger (Private chat), are acceptible (high security, high surveillance)

Using Android?

  • Do not root your device
  • Do not enable Developer Mode
  • Use a Nexus or Pixel (gets latest patches w/o carrier/vendor barrier)
    • Run the latest version, always
    • Optional: run CopperheadOS
  • Optional: use a flagship Samsung (or Nokia) purchased direct, not through a telco
    • These devices tend to get timely security updates
  • Don't have a Nexus or Pixel? Install LineageOS (official builds only)
    • Run the latest version, always
  • Use Brave browser

Using a ChromeBook?

  • Do not enable developer mode
  • Use Termux for a console environment

Using Windows?

  • Use 10 or 8.1, nothing earlier.
  • Use EMET

Using Office?

  • Do not enable macros. Ever.
  • Find and disable Flash

Using macOS?

  • Install patches and updates immediately
  • Enable the firewall
    • Disable "signed apps"
    • Enable "block inbound"
    • Optional: enable "stealth"
  • Install Objective-see tools
    • Do Not Disturb
    • BlockBlock
    • KnockKnock
    • RandsomWhere
    • Oversight

All:

  • Enable full disk encryption (FDE)
    • Use a special encrypted vault for sensitive files
      • VeraCrypt cross platform
      • CryFS (Linux, sorta macOS)
      • Encrypted disk image (macOS)
  • Require a password to unlock
  • Apply patches
  • Use backups. Secure your backups, they contain your secrets.

Use a password manager!

  • Use KeePass, free, cross platform, but clunky UI/UX
  • Use 1Password, not free, iOS/macOS, good UI/UX
  • Never use a cloud based password manager
  • Never enable integration between your browser and password manager

2FA

  • Enable two factor authentication whenever possible
    • OTPauth iOS/macOS only
    • Authy
    • FIDO (YubiKeys)
    • Duo
    • SMS (last resort, but better than nothing)

Web Browser

  • Use Chrome
  • Use Edge
  • Do not use Safari
  • Do not use IE
  • Do not use Firefox, yet (until they enable sandbox by default)

Use an ad blocker

  • Install uBlock Origin

  • Install HTTPS Everywhere

  • Install uBlock Origin Extra

  • Optional: Install Privacy Badger

  • Disable Flash (on Chrome you can still right click to play)

Use a VPN

  • (Self hosted option: algo) - Best
  • ProtonVPN offers free VPN service - Ok
  • CryptoStorm has a privacy preserving business model - OK
  • Use WireGuard, self hosted, still new but very promising - Good
  • Use Freedome (iOS, Android, macOS), not free, trivial to use - OK
@PowerPress
Copy link

CopperheadOS developer has left that company and the most secure android ROM now is GrapheneOS by same developer. Seems to mainly support Google Pixels but massive security improvements.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment