Deleted

[yazher]

Deleted, we have a good guide than this one. please remove this mods.

[Bitcoin_Arena]

3. Use https:// for Safe Surfing!

The URL’s which start with https:// rather than http:// indicates the authenticity. So, make sure the website you’re visiting has the URL starting with HTTPS ‘hyper-text transfer protocol secured’. It adds up an extra layer of security and prevents cybercriminals to attack your personal data.

A reputable addon like HTTPS Everywhere can be quite resourceful in this case

Also, another important point you missed out is to avoid downloading and installing random software and addons without doing some background checks.
If the addon/software is brand new, hosted on a third party website, has fake reviews, has very few reviews and downloads etc do not download and install.

"Prevention is better than cure"

[o_e_l_e_o]

A reputable addon like HTTPS Everywhere can be quite resourceful in this case

HTTPS Everywhere should be a must-have for everyone. Download links can be found on the Electronic Frontier Foundation website here: https://www.eff.org/https-everywhere. If you are interested in security and privacy in general, then check out some of the other tools and add-ons on their website, particularly Privacy Badger.

There are many other great browser add-ons which will achieve some of the other things on OP's list. There are various cookie auto-deleters which you can customize to let you stay logged in to your favorite websites, whilst simultaneously nuking any tracking or privacy invading cookies. Ad blocking and javascript blocking is a must.

[Pmalek]

But don't rely on the HTTPS and the green lock too much. If I remember correctly the well known bitcointalk phishing site .to (I will not post the link here) is also a HTTPS but if you enter your login details there you are likely to get your account stolen.

[mk4]

But don't rely on the HTTPS and the green lock too much. If I remember correctly the well known bitcointalk phishing site .to (I will not post the link here) is also a HTTPS but if you enter your login details there you are likely to get your account stolen.

^This. https helps a lot for privacy and security, but take note that it literally doesn't cost anything to have a website with https. You can easily get a free SSL certificate on sites like letsencrypt and cloudflare. Not because a website has https it doesn't mean that the website owner can't have malicious intents.

[Bitcoin_Arena]

Of course HTTPS Everywhere won't help one if they visit a phishing website and lately most phishing websites run using secure certificates but in instances when one visits a website that is not secure. HTTPS everywhere will try to avoid a scenario where a user's unencrypted data gets leaked in case there is a security attack on the website at a given time due to the weak security protocol on the website.

It's never a guard against phishing.

[50 Cent]

2. Keep your Anti-Virus Version Upgraded!

never use anti-virus on my linux. i dont know it safe or not.
i have old pc 1 ram only when use that get lag for surfing

[whotookmycrypto]

Also, get a browser that guards against IDN Homograph attacks. Certainly not a new thing but am sure it still pops up around the internet.

What is it?

To illustrate, click this link (totally safe): https://www.xn--80ak6aa92e.com/

For browsers that have not been patched eg. Firefox, this would show. Take note of what appears in the address bar:


For browsers that have been patched eg. Chrome this would show. Once again, take note of what appears in the address bar. Also note the presence of the lock and the HTTPS once again reminding us that their presence do not indicate a safe website.


How does this happen?

This can happen where a scammer uses "unicode characters that look the same as the appropriate ASCII characters for the site impersonated".

What to do?

Get a browser that guards against it like Chrome. Honestly think it is very easy to fall for this. For example, if a scammer masks the scam link behind a URL shortener like bitly, upon clicking it users would be directed almost immediately to the scam website which shows Apple.com without even having the opportunity to see that ugly looking link with dashes and numbers that could have alerted them that something was wrong.

Source 1: https://www.xudongz.com/blog/2017/idn-phishing/
Source 2: https://9to5mac.com/2017/04/20/how-to-spot-a-phishing-attempt-fake-apple-site/

[logfiles]

2. Keep your Anti-Virus Version Upgraded!

never use anti-virus on my linux. i dont know it safe or not.
i have old pc 1 ram only when use that get lag for surfing

Using Linux doesnot mean that you will never get attacked one day. No system is safe from hackers.
It's just probably because Windows is a high priority for the hackers since it has so many users in it compared to other operating systems.
So it's better you have an AV in there.

[Theb]

I think that you have mentioned a lot of things about on the protection of their data and passwords but you only have provided them with only one solution with regards to their browsing habits. Looking for https certified websites as of the present isn't an enough thing to guarantee that you are on a safe website now since website owners can esily obtain it now. Before entering even anything and that includes your credit card numbers you must observe safety features such as “safe” certificate badges from known anti-virus softwares such as McAfee and Norton to see if the website is clean from any kind of trackers and can be trusted with your information.

[Artemis3]

"Tips for a Secured Net Surfing and Hacking Prevention (Guide)"

• Use Tails OS.

It happens to implement all those suggestions already:

• all software is configured to connect to the Internet through Tor
• if an application tries to connect to the Internet directly, the connection is automatically blocked for security.
• Encrypt your USB sticks or external hard-disks using LUKS, the Linux standard for disk-encryption.
• Automatically use HTTPS to encrypt all your communications to a number of major websites using HTTPS Everywhere, a Firefox extension developed by the Electronic Frontier Foundation.
• Encrypt and sign your emails and documents using the de facto standard OpenPGP either from Tails email client, text editor or file browser.
• Protect your instant messaging conversations using OTR, a cryptographic tool that provides encryption, authentication and deniability.
• Securely delete your files and clean your diskspace using Nautilus Wipe

If you have ever used the Tor Browser, you already know it won't let unknown scripts or keep cookies or history stored among other things...

Because everything is using Tor, you can use it from a public computer or wifi just fine. Just keep it ready in your usb thumb-drive and boot from it when the need comes.

never use anti-virus on my linux. i dont know it safe or not.
i have old pc 1 ram only when use that get lag for surfing

Using Linux doesnot mean that you will never get attacked one day. No system is safe from hackers.
It's just probably because Windows is a high priority for the hackers since it has so many users in it compared to other operating systems.
So it's better you have an AV in there.

The same thing you could say to someone who never bothers to lock the front door of his home, or in the case of windows, not bothering with doors in the first place... Of course the thief is at fault, but he will go to the "easy" prey first, if only for speed. That should give you a hint.

[o_e_l_e_o]

It's never a guard against phishing.

Exactly. Using HTTPS isn't a defense against phishing because it's not meant to be.

-snip-

Firefox does indeed guard against this kind of attack, and has done for many versions now. You must be using a very outdated version. Recommend that anybody use Chrome is poor advice - it is a terrible browser for all things privacy and security related.

[whotookmycrypto]

Firefox does indeed guard against this kind of attack, and has done for many versions now. You must be using a very outdated version.

Downloaded the latest Firefox version on their website to produce the screenshots in the post above. Are you sure about that?

Here is a screenshot of the version that was used.

Recommend that anybody use Chrome is poor advice - it is a terrible browser for all things privacy and security related.

Yes, Chrome isn't best for privacy/security but with users can download relevant add-ons eg. duckduckgo, privacy badger.

[o_e_l_e_o]

Downloaded the latest Firefox version on their website to produce the screenshots in the post above. Are you sure about that?

How strange. On my same version of Firefox, it shows up as "https://www.xn--80ak6aa92e.com/".

Wikipedia states that his has been a feature of Firefox since version 22. You can see the relevant bug report here, which confirms it was solved in Mozilla 22, which was around 6-7 years ago.

Is it possible you (or perhaps a browser add-on) modified your Firefox to turn this feature off, for some reason? You can check by opening a new tab, typing "about:config" (without quotes) in the URL bar, and then searching for "network.IDN_show_punycode". This should be set to "true".

[whotookmycrypto]

How strange. On my same version of Firefox, it shows up as "https://www.xn--80ak6aa92e.com/".

Wikipedia states that his has been a feature of Firefox since version 22. You can see the relevant bug report here, which confirms it was solved in Mozilla 22, which was around 6-7 years ago.

Have you (or perhaps a browser add-on) modified your Firefox to turn this feature off, for some reason? You can check by opening a new tab, typing "about:config" (without quotes) in the URL bar, and then searching for "network.IDN_show_punycode". This should be set to "true".

Thanks for the reply o_e_l_e_o. Never used Firefox for regular browsing just downloaded it for the purpose of testing the link. Tried what you said, it was set to "false" as a default option. After turning it to "true" then it shows up as "https://www.xn--80ak6aa92e.com/". Good stuff.

Would you happen to know of other manual tweeks that are required to make Firefox safer? Such as the one you mentioned. Would like to read more about it. Thanks.

[joniboini]

Using Linux doesnot mean that you will never get attacked one day. No system is safe from hackers.
It's just probably because Windows is a high priority for the hackers since it has so many users in it compared to other operating systems.

Hacking Linux with virus or something similar might a bit harder as some of the programs might need some library that is not available on the victim computer. On top of that, the majority of users don't love Linux as it requires some 'more advanced tech' knowledge compared to Windows where you can use simple click to do this and that.
Brave is also a good alternative for web browser.

[Siren]

I think this thread in which tackles about phishing scam sites can also help

https://bitcointalk.org/index.php?topic=4264404.0

And also this one whos about Scam websites though the threads aren’t active these days but still there are some posts than considered helpful

https://bitcointalk.org/index.php?topic=4456502.0

To OP thanks for this interesting and helpful topic Bookmarked now so i can share also in future

[bob123]

Generally, these tips are good, but there are still some things which need some improvement / are not completely correct.

For a smart approach, Keep a Capital Letter, a small letter, a special character, and a numeric value in your password.

You don't need a complex password, if it is long enough.

Anti-Viruses are crucial to keep your Computer System Safe & Secured.

This is true, but only for windows and android / iOS.
I wouldn't call it crucial for MacOS / Linux.

So, make sure the website you’re visiting has the URL starting with HTTPS ‘hyper-text transfer protocol secured’. It adds up an extra layer of security and prevents cybercriminals to attack your personal data.

HTTPS alone doesn't secure you too much.
You need to make sure that you are on the correct site (and theoretically that the certificate has been signed by the correct CA if the website owner doesn't use certificate pinning (to be on the very safe side)).

A small typo can lead you to a website which looks like the original one and is using HTTPS. But i'd call that the fault of the user.

But yes.. HTTPS over HTTP. Always.

While we click on any link, it takes time to load and during those seconds, the server requests generate small text files and codes that get saved in the PC as cookies. These files contain complete information about the things that you’ve performed during Internet Surfing.

The hackers can easily find out the data which you have received and sent while using those browsers. So, it would be wise to keep your history data and cookies information clean.

To be more precise:
The server 'sends the cookie' to the client (Set-Cookie header in the HTTP response).
And the cookie doesn't contain any information about what you have done. It is simply an identifier (which can be used to track you across several site (by the site admins) / replace login information).

The only way a hacker can read the data you are receiving / sending to / from your browser is when you either don't use HTTPS or your browser / computer is compromised.
In the second case, deleting cookies / history doesn't help you. It only helps you if your computer gets compromised afterwards. In this case the attacker won't be able to reconstruct what you did in the past, but will still be able to read your future traffic.

Public Computers & Wi-Fi are the easiest ways for hackers to get into your private lives and destroy it.
If you need to share any confidential information over the Internet, then avoid using Public Computers and WiFi at that time. Such precious information can be stolen by the Hackers and you may suffer great loose.

Computers of which you don't control the hardware are always risky.
But using an open Wifi is absolutely fine if you encrypt and route your whole traffic via a trustworthy server (e.g. a small VPN server at your home).

[o_e_l_e_o]

Thanks for the reply o_e_l_e_o. Never used Firefox for regular browsing just downloaded it for the purpose of testing the link. Tried what you said, it was set to "false" as a default option. After turning it to "true" then it shows up as "https://www.xn--80ak6aa92e.com/". Good stuff.

It seems you are right. Looking in to a bit more, it seems that this is defaulted to "false", and now needs to be set to "true" for it to take effect. I have no idea why or when Firefox made this change, but it seems rather backwards to me.

Would you happen to know of other manual tweeks that are required to make Firefox safer? Such as the one you mentioned. Would like to read more about it. Thanks.

Disclaimer: Do your own research. Don't just go tinkering about in your browser based on the word of an anonymous internet user without understanding what you are doing. Some of these changes could affect or even break the functionality of add-ons or websites that you use. In this case, you can always revert your changes, but I cannot be held responsible for any consequences.

Code:

privacy.firstparty.isolate

Set to "true". This isolates any identifying browser information to the first party domain, so as to prevent tracking across multiple domains.

Code:

privacy.trackingprotection.enabled

Set to "true". Built in tracking protection.

Code:

privacy.resistFingerprinting

Set to "true". Tries to prevent identifying browser information being accessed.

Code:

privacy.trackingprotection.fingerprinting.enabled

Set to "true". Same as previous.

Code:

privacy.trackingprotection.cryptomining.enabled

Set to "true". Self explanatory. Prevent crypto mining websites.

Code:

network.http.referer.trimmingPolicy

Code:

network.http.referer.XOriginPolicy

Code:

network.http.referer.XOriginTrimmingPolicy

Set all of these to "2". These have the combined effect of cutting down what is included in the "Referer header", which lets websites see which other sites you just visited and were linked/redirected from. Anti-tracking measure.

Code:

network.cookie.cookieBehavior

Set to "1". This will only accept cookies from the first party site, and block any third party cookies.

Code:

dom.battery.enabled

Set to "false". Prevents websites seeing your battery status/charge.

Code:

dom.event.clipboardevents.enabled

Set to "false". Prevents websites seeing what you copy from their site to your clipboard.

Code:

geo.enabled

Set to "false". Prevents geolocation.

Code:

webgl.disabled

Set to "true". WebGL is a JavaScript application, and like all things Java, a security risk.

Code:

media.navigator.enabled

Set to "false". Prevents websites accessing your microphone or camera.

Code:

media.peerconnection.enabled

Set to "false". Allows for voice and video communications through your browser, but will leak your real IP address, even if behind a VPN.

[whotookmycrypto]

snip

Thanks alot for the reply. Just wondering, where to read up about these things? When you said DYOR, which sources do you commonly refer too? Thanks.