Bitcoin Forum
October 07, 2024, 10:38:12 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: [Guide] Protect your Crypto: Security tips for your home computer & network  (Read 504 times)
aundroid (OP)
Legendary
*
Offline Offline

Activity: 1232
Merit: 1247



View Profile
September 13, 2019, 06:28:24 PM
 #1

The idea was to write a short guide to help you make your home computers more secure.
It's definitely a step in the right direction to protect your network/pc/wallets from unauthorized access. Smiley



OVERVIEW (clickable)





WLAN NETWORK

Starting with the (for me) most important part, because at the same time also the most critical one.


- Disable WPS

Basically there are two different possibilities how to establish a connection via WPS.

PIN:

To establish a connection you have to enter an 8-digit PIN.
The router does not check the 8-digit PIN all at once, instead it will check the first four digits and then the last four.

Reaver, for example, offers a very simple way to launch a brute force attack on the WPS pin.

Attention: The WPS Pin function is enabled by default on many Router models.

Push- Button:
This is a much safer version, as a physical button on the router has to be pressed and the connection can only be established for a matter of minutes.


- Change Wifi Password and Admin Password

A Netgear router default (WiFi) password is composed as follows:

adjective + noun + 3 digits

Shouldn't be too difficult to fnd using a Dictionary + Hashcat with GPU. Wink
You can find an overview of WiFi password standards on the following website: https://forums.hak5.org/topic/39403-table-of-wifi-password-standards/

Please also change the default admin password as soon as possible!
If you cannot memorize your default password, you can find it for example here: https://default-password.info/


- Do NOT(!) hide your network

The SSID (the name) of your network is sent as a broadcast to be detected by other devices.

Suppressing the SSID broadcast is NOT a security feature!

What happens if you disable the SSID Broadcast:
Now the clients have to actively search for the trusted networks by sending a broadcast of the trusted SSID.
Attackers can now use this SSID information to impersonate the client as a trusted AP.

Even Windows board tools are able to display the hidden networks (wlan show networks mode=bssid).
The SSID itself is relatively easy to find out with Kali Linux and airmon-ng.


- Only use WPA or WPA2 (Important!!)


- Do NOT filter MAC addresses (optional)

Filtering MAC addresses is generally NOT considered a security feature and is more of a network administration feature.
All an attacker needs to do is monitor the traffic and examine a data packet.

However, this filter offers no disadvantage in terms of safety and can therefore still be configured at will.



PASSWORDS

- Use an offline password manager

Please do not use any browser extensions!

My recommendation: KeePass

Hint: KeePass can also be used in combination with a yubikey.

Here is the official tutorial: https://www.yubico.com/why-yubico/for-individuals/password-managers/keepass/?s=


2 FACTOR AUTHENTICATION

In addition to passwords it is recommended to activate 2FA (wherever possible).

The Google Authenticator is probably the most popular tool available.

My recommendation: Authy

Authy provides the ability to backup all Authenticator accounts and grant access to multiple devices.
The backup is stored encrypted in the cloud.
Anyone who has ever migrated their Google Authenticator to a new smartphone will probably appreciate the advantage provided by this solution.  Wink

However, the backup function does not have to be activated here.
(Everyone has to decide for themselves if they would like to use the backup function.)

Hardware authentication via FidoU2F is even more secure!
My recommendation: Buy a yubikey!

How this works with a ledger you can read in another thread of mine:
[Howto] Use Ledger Nano as Security Key


MAIL ADRESS

- Is your mail address part of a data leak?

Simply navigate to https://haveibeenpwned.com/, enter your e-mail address and click on the "pwned?" button on the right.
It will automatically check if the email address and associated accounts are compromised.


- Choose the right provider

My recommendation: ProtonMail


- Phishing Mails

These mails are used by malicious actors to steal personal data or money.

Here are some common methods:

- You have won
You are the winner of a contest, lottery or similar, in order to receive the amount should first pay a fee or accrued taxes.

- Mails asking you to reset your password

- Sextortion SCAM
Here the perpetrator claims to be in possession of a webcam record of you visiting a porn site.
Often there is also a password attached that has been linked to your email address in the past.
This is mostly from a data leak. (please refer to: Is your mail address part of a data leak?)

Hint: Generally use a separate password for each service and use a password manager.


USE VPN

For additional protection, it is recommended to use a VPN service that does not log private data.
This is especially recommended if you are not in your own home network.

My recommendation: AirVPN (native client also for LINUX!!) or NordVPN

►►►     MY TOPICS     ◄◄◄
➤ Blockchain Basics - FAQ DE    ➤ [Guide] Protect your Crypto: Security tips for your home computer & network DE | EN    ➤ Crypto SCAM - HowTo protect yourself EN    ➤ [CHECKLISTE] zur Bewertung von ICOs  DE
➤ [Overview] Exchanges, IEOs and their ROIs DE | EN   ➤ [Howto] Use Ledger Nano as Security Key DE | EN    ➤ [OVERVIEW] Recommended Crypto Telegram Bots  DE | EN    ➤ [Overview] GUI Miner DE | EN
➤ Activity, Merit und Ranganforderungen im Forum DE    ➤ Alternativen zu Piggy's Notification Bot DE    ➤ [Howto] Give Bitcoin as a gift  DE | EN
dkbit98
Legendary
*
Offline Offline

Activity: 2380
Merit: 7470



View Profile WWW
September 13, 2019, 08:25:43 PM
 #2

Nice guide with good information.
I would suggest few more email providers like Tutanova or Mailfence.
They are encrypted and safer than Google or Yahoo mail.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Bountyhonter
Member
**
Offline Offline

Activity: 406
Merit: 10


View Profile WWW
September 13, 2019, 09:45:18 PM
 #3

Thanks for the advice, i don't connect to any public WiFi because i don't trust them and i will suggest that people should avoid public WiFi if not necessary.

▂▂▂▂▂▂▂▂▂▂▂▂▂▃▅▆█ L E A D █▆▅▃▂▂▂▂▂▂▂▂▂▂▂▂
World's Simplest and Safest Decentralized Cryptocurrency Wallet!
▬▬▬▬▬▬▬ • STORE • SEND • SPEND • SWAP • STAKE • ▬▬▬▬▬▬
aundroid (OP)
Legendary
*
Offline Offline

Activity: 1232
Merit: 1247



View Profile
September 14, 2019, 08:06:58 AM
 #4

Nice guide with good information.
I would suggest few more email providers like Tutanova or Mailfence.
They are encrypted and safer than Google or Yahoo mail.

Thanks for the input.
I will definitely take a look at the two providers mentioned.

I've been using Protonmail for several years, so I never looked for an alternative. Tutanova looks definitely very interesting at first sight.

►►►     MY TOPICS     ◄◄◄
➤ Blockchain Basics - FAQ DE    ➤ [Guide] Protect your Crypto: Security tips for your home computer & network DE | EN    ➤ Crypto SCAM - HowTo protect yourself EN    ➤ [CHECKLISTE] zur Bewertung von ICOs  DE
➤ [Overview] Exchanges, IEOs and their ROIs DE | EN   ➤ [Howto] Use Ledger Nano as Security Key DE | EN    ➤ [OVERVIEW] Recommended Crypto Telegram Bots  DE | EN    ➤ [Overview] GUI Miner DE | EN
➤ Activity, Merit und Ranganforderungen im Forum DE    ➤ Alternativen zu Piggy's Notification Bot DE    ➤ [Howto] Give Bitcoin as a gift  DE | EN
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18710


View Profile
September 14, 2019, 08:44:30 AM
 #5

If you are running a desktop computer rather than a laptop, then for max security you can just go old school and connect to your router with an ethernet cable and disable the WiFi altogether. Some routers will also let you disable admin access over WiFi and require a physical connection to gain admin access. Definitely make sure you have turned off remote access.

AndOTP is also good for 2FA.

VPNs are becoming more and more necessary for all internet users, given the amount of spying and surveillance undertaken by ISPs, governments, and other interested parties. I would never dream of connecting to a public WiFi with a VPN, even for the most cursory of internet use. You would be allowing all your data to be intercepted without too much hassle. Even with a VPN, I still wouldn't be using public WiFis for anything sensitive.
Alluro
Member
**
Offline Offline

Activity: 742
Merit: 19


View Profile
September 14, 2019, 09:33:42 AM
 #6

Nice guide mate. I would like to add another thing to the post. It's a virus guard. You have to add a good virus guard to the computer and keep update it every day. The next thing is you have to update your operating system too. It will help to protect your computer from unwanted things and keep your computer fresh and clean.
Lucius
Legendary
*
Offline Offline

Activity: 3388
Merit: 6098


Crypto Swap Exchange🈺


View Profile WWW
September 14, 2019, 11:02:28 AM
Merited by vapourminer (1)
 #7

I shall only refer to the part of wlan (wi-fi) network because there is one more important thing which is very important. No matter what type of protection you use (WPA2), with strong password (64 characters max), and fact that WPS is disabled, your modem / router may still be hacked.

Back in 2017 it was discovered that there was a security weaknesses / exploit in WPA2, and since all modems / routers use it they became vulnerable to this attack. In other words, it was possible to hack any wireless network with "key reinstallation attacks" (KRACK).

Only way to prevent this attack is to update firmware all of devices who communicate wirelessly and using WPA protocol. Since this is discovered 2 years ago, a good part of the devices is received security patches until today, but be sure to check your devices and contact your ISP about this issue.

More info : https://www.krackattacks.com/

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
tbct_mt2
Hero Member
*****
Offline Offline

Activity: 2422
Merit: 846



View Profile
September 14, 2019, 01:05:49 PM
 #8

For the Passwords section, please consider to add this topic, that is helpful and deserves your consideration.
[GUIDE] How to Create a Strong/Secure Password

 
 RAZED  
███████▄▄▄████▄▄▄▄
████▄███████████████
██▄██████▀▀████▀▀█████▄
████
██████████████
▄████████▄████████████▄
████████▀███████████▄
██████████████▐█▄█▀████████
▀████████████▌▐█▀██████████
▀███████████▌▀████████████
█████████▄▄▄
█████▄▄██████
████████████████████████
█████▀█████████████████▀
██████████████
▄▄███████▄▄
▄███████████████
▄███████████████████▄
█████████████████████▄
▄███████████████████████▄
████████████████████████
█████████████████████████
██████████████████████
▀█████
█████████████████▀
▀█
████████████████████▀
▀█████
█████████████
▀███████████████▀
█████████
 
RAZED ORIGINALS
SLOTS & LIVE CASINO
SPORTSBOOK
|
 NO 
KYC
 
 RAZE THE LIMITS   PLAY NOW 
prix
Hero Member
*****
Offline Offline

Activity: 750
Merit: 511


View Profile
September 15, 2019, 01:40:41 AM
Last edit: September 15, 2019, 02:15:57 AM by prix
 #9

I would never dream of connecting to a public WiFi with a VPN, even for the most cursory of internet use. You would be allowing all your data to be intercepted without too much hassle. Even with a VPN, I still wouldn't be using public WiFis for anything sensitive.

Can you tell us in more detail what is the danger of using public Wi-Fi with VPN? Or give any links?

- Phishing Mails
These mails are used by malicious actors to steal personal data or money.
Here are some common methods:
- You have won
- Mails asking you to reset your password
- Sextortion SCAM

Most of the phishing emails which I receive that a payment has arrived in my account and I must urgently withdraw it otherwise something will be blocked/lost there.

For additional protection, it is recommended to use a VPN service that does not log private data.
This is especially recommended if you are not in your own home network.

My recommendation: AirVPN (native client also for LINUX!!) or NordVPN

I prefer to have my own vpn server (I am using openvpn). Some providers offer VPS for few euros per month.
Sometimes there are discounts.


And I recommend set DNS manually on the computer, this will save you from replacing DNS on the router.
And you can use Google DNS instead of ISP's DNS.

https://www.ixiacom.com/company/blog/paypal-netflix-gmail-and-uber-users-among-targets-new-wave-dns-hijacking-attacks
PrimeNumber7
Copper Member
Legendary
*
Offline Offline

Activity: 1652
Merit: 1901

Amazon Prime Member #7


View Profile
September 15, 2019, 06:51:38 AM
 #10


For additional protection, it is recommended to use a VPN service that does not log private data.
This is especially recommended if you are not in your own home network.

My recommendation: AirVPN (native client also for LINUX!!) or NordVPN

I prefer to have my own vpn server (I am using openvpn). Some providers offer VPS for few euros per month.
Sometimes there are discounts.

This is beneficial if you are using a public WiFi or an internet connection belonging to a third party. This will not provide the additional privacy that most VPNs provide because you will be the only one using that IP address. This will probably not increase security if you are accessing a website from home via a 'private' VPN, although it would prevent any website from knowing if you are at home or away. If you are using a public WiFi, this will prevent the WiFi host from impersonating any website you try to access, and will prevent the WiFi host from knowing what websites you are accessing.
aundroid (OP)
Legendary
*
Offline Offline

Activity: 1232
Merit: 1247



View Profile
September 15, 2019, 09:03:54 AM
 #11


I prefer to have my own vpn server (I am using openvpn). Some providers offer VPS for few euros per month.
Sometimes there are discounts.

As PrimeNumber7 rightly said, with a private VPN you are using a static IP address, which makes everything very easy to trace.

Moreover, I would never consider a VPS as actually secure. The provider has access to the hardware, the logs, etc.

By the way, for 3-4€/month you can also use a service like AirVPN.

And I recommend set DNS manually on the computer, this will save you from replacing DNS on the router.
And you can use Google DNS instead of ISP's DNS.

https://www.ixiacom.com/company/blog/paypal-netflix-gmail-and-uber-users-among-targets-new-wave-dns-hijacking-attacks

Well, if you don't have a problem with Google collecting data, you can use their DNS.
But maybe you should consider an alternative like https://www.opennic.org/

►►►     MY TOPICS     ◄◄◄
➤ Blockchain Basics - FAQ DE    ➤ [Guide] Protect your Crypto: Security tips for your home computer & network DE | EN    ➤ Crypto SCAM - HowTo protect yourself EN    ➤ [CHECKLISTE] zur Bewertung von ICOs  DE
➤ [Overview] Exchanges, IEOs and their ROIs DE | EN   ➤ [Howto] Use Ledger Nano as Security Key DE | EN    ➤ [OVERVIEW] Recommended Crypto Telegram Bots  DE | EN    ➤ [Overview] GUI Miner DE | EN
➤ Activity, Merit und Ranganforderungen im Forum DE    ➤ Alternativen zu Piggy's Notification Bot DE    ➤ [Howto] Give Bitcoin as a gift  DE | EN
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18710


View Profile
September 15, 2019, 10:28:03 AM
 #12

Can you tell us in more detail what is the danger of using public Wi-Fi with VPN? Or give any links?
You can find plenty of info by simply searching "public wifi security" or "public wifi vpn" or something similar.

Connecting to a public WiFi puts you at risk of all your data being read by whoever owns the WiFi hotspot, or even other uses who are connected to it. Man in the middle attacks which can redirect you to fake sites which are indistinguishable from the real thing, and steal any information you enter, including username and passwords. WiFi networks can also be used to spread malware to devices which connect to them.

https://security.stackexchange.com/a/189022
https://www.techradar.com/uk/news/public-wi-fi-and-why-you-need-a-vpn

At the very least, if you are going to be using a public WiFi then you should be using a VPN, security add ons such as HTTPS everywhere, and a strong firewall and anti-virus/anti-malware program, but you can never be completely safe on a public WiFi. I would never enter any personal details or log on to any site via public WiFi. If you are on the move and you need internet access, use your mobile data.
hatshepsut93
Legendary
*
Offline Offline

Activity: 3038
Merit: 2160


View Profile
September 15, 2019, 05:56:27 PM
 #13

My number one tip when it comes to security is to never download any crap software. You want to pirate a game? Get dedicated PC for that. You want to pirate Photoshop? Learn how to use GIMP instead. Need to get some reader? Instead of clicking the first link on google, carefully check what site is official, and preferably download from github. When I was younger, my computer was infected all the time, because I didn't follow any of those rules, luckily for me I didn't have anything too sensitive, but a lot of people who use crypto still do this, and then ask people why their coins were stolen.
ABCbits
Legendary
*
Offline Offline

Activity: 3024
Merit: 7928


Crypto Swap Exchange


View Profile
September 15, 2019, 05:56:43 PM
Merited by vapourminer (1)
 #14

KeePass is good password manager, but personally i'd prefer KeePassXC if you're linux or mac users.

For additional protection, it is recommended to use a VPN service that does not log private data.

It's not something that VPN provider could prove, few VPN provider which claim don't log customer data has been proven otherwise when they have legal problem.

My number one tip when it comes to security is to never download any crap software. You want to pirate a game? Get dedicated PC for that. You want to pirate Photoshop? Learn how to use GIMP instead. Need to get some reader? Instead of clicking the first link on google, carefully check what site is official, and preferably download from github. When I was younger, my computer was infected all the time, because I didn't follow any of those rules, luckily for me I didn't have anything too sensitive, but a lot of people who use crypto still do this, and then ask people why their coins were stolen.

VM/Sandbox also works for those who only have 1 device, but it doesn't apply for video games (or any GPU-dependent application)

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Harlot
Hero Member
*****
Offline Offline

Activity: 1806
Merit: 672


View Profile
September 15, 2019, 06:18:37 PM
 #15

Malware protection is really important when it comes to protecting your home pcs especially the ones containing your cryptocurrencies so you should include it in your guide. I know a lot of guys already loss their cryptocurrencies because of malwares and trackers and its not a joke on installing a few softwares like malwarebytes to get ahead of them. One way to avoid malware is not to download the things that suddenly pops out on websites you just visited and also do no go to websites that have suspicious links. Other than that USBs are also one of the main culprits so if you want to plug a USB drive in your computer than you must scan it first before trying to copy files from it.
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18710


View Profile
September 15, 2019, 06:24:27 PM
 #16

KeePass is good password manager, but personally i'd prefer KeePassXC if you're linux or mac users.
I've heard the name KeePassXC a couple of times, but never really looked in to it much. As someone who is using KeePassX without any issues or problems, what does XC offer that X doesn't?

It's not something that VPN provider could prove, few VPN provider which claim don't log customer data has been proven otherwise when they have legal problem.
This is the biggest risk with using a VPN. Several providers say they don't keep logs when they do, or are vague about the type of logs they keep, and some even sell client data to third parties. There have been a handful of VPNs which have been subpoenaed or similar and have had to prove in court that they do not keep logs. Whilst past cases like these don't guarantee the VPN provider still isn't keeping logs, it can be a good indication of which providers you should be considering. And of course, any discussion about choosing a VPN provider would not be complete with a link to this site: https://thatoneprivacysite.net/
ABCbits
Legendary
*
Offline Offline

Activity: 3024
Merit: 7928


Crypto Swap Exchange


View Profile
September 15, 2019, 06:34:22 PM
Merited by o_e_l_e_o (1), aundroid (1)
 #17

KeePass is good password manager, but personally i'd prefer KeePassXC if you're linux or mac users.
I've heard the name KeePassXC a couple of times, but never really looked in to it much. As someone who is using KeePassX without any issues or problems, what does XC offer that X doesn't?

Quote from another posts

If you use Linux or Mac OS, you definitely should choose KeePassXC over KeePass.

Or KeePassX (linux)  Smiley

The reason i recommend KeePassXC over KeePassX because :
1. KeePassX hasn't been updated since Sep 4, 2016 according to https://github.com/keepassx/keepassx/releases & https://www.keepassx.org/news
2. KeePassXC latest release is Jun 11, 2019 - 22:00 CEST according to https://keepassxc.org/blog/
3. KeePassXC have some difference, see https://superuser.com/a/879013

I'm sure you prefer not to use outdated software Smiley



--snip--
And of course, any discussion about choosing a VPN provider would not be complete with a link to this site: https://thatoneprivacysite.net/

And few filters already filters out most VPN Tongue

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
prix
Hero Member
*****
Offline Offline

Activity: 750
Merit: 511


View Profile
September 16, 2019, 01:43:43 AM
Last edit: September 16, 2019, 02:03:29 AM by prix
 #18

This is beneficial if you are using a public WiFi or an internet connection belonging to a third party. This will not provide the additional privacy that most VPNs provide because you will be the only one using that IP address. This will probably not increase security if you are accessing a website from home via a 'private' VPN, although it would prevent any website from knowing if you are at home or away. If you are using a public WiFi, this will prevent the WiFi host from impersonating any website you try to access, and will prevent the WiFi host from knowing what websites you are accessing.
Yes, this is a reasonable remark. But I am more afraid of unnecessary third-party applications/extensions on my computer and collecting logs about all my visits by VPN provider than the fact that someone will collect information at my one address.

And modern systems make a very accurate browser fingerprint. Are you sure that you cannot be precisely identified by it as well as me by one ip?

The provider has access to the hardware, the logs, etc.
Yes, I understand it. I trust my VPS provider more than third-party VPN services. It's individual and there is no perfect solution.

Connecting to a public WiFi puts you at risk of all your data being read by whoever owns the WiFi hotspot, or even other uses who are connected to it. Man in the middle attacks which can redirect you to fake sites which are indistinguishable from the real thing, and steal any information you enter, including username and passwords. WiFi networks can also be used to spread malware to devices which connect to them.

https://security.stackexchange.com/a/189022
https://www.techradar.com/uk/news/public-wi-fi-and-why-you-need-a-vpn

Ok, I forgot the possibility of direct port access with public Wi-Fi.
The use of a firewall and filtering all unnecessary services is required. But this is required in any case, because due to errors in the firmware routers often hack.
Yes, this is an argument. But the other problems that you indicated are solved by connecting to VPN and traffic encryption.
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18710


View Profile
September 16, 2019, 08:00:53 AM
Merited by vapourminer (1)
 #19

But I am more afraid of unnecessary third-party applications/extensions on my computer and collecting logs about all my visits by VPN provider than the fact that someone will collect information at my one address.
Most ISPs keep a log of everything that you do online, and many will happily hand that over to your government with no resistance when requested to do so. This is known to be happening in many Western countries. I would much rather trust a VPN provider who has previously been taken to court to prove they don't keep logs than I would trust my ISP who have to do what the government tells them or be shut down.

And modern systems make a very accurate browser fingerprint. Are you sure that you cannot be precisely identified by it as well as me by one ip?
This is a concern, especially for users who use a number of specific privacy related add ons and tweaks which make their browser much more unique than most users. There are steps you can take to mitigate this. Disabling JavaScript, Flash, and WebGL is a good start. Use a user agent spoofer. Keep your screen size and resolution as generic as possible. You could also consider using Tor, or run a completely uncustomized as-generic-as-possible browser on a virtual machine.
prix
Hero Member
*****
Offline Offline

Activity: 750
Merit: 511


View Profile
September 16, 2019, 12:06:49 PM
Merited by vapourminer (1)
 #20

But I am more afraid of unnecessary third-party applications/extensions on my computer and collecting logs about all my visits by VPN provider than the fact that someone will collect information at my one address.
Most ISPs keep a log of everything that you do online, and many will happily hand that over to your government with no resistance when requested to do so. This is known to be happening in many Western countries. I would much rather trust a VPN provider who has previously been taken to court to prove they don't keep logs than I would trust my ISP who have to do what the government tells them or be shut down.

We discussed public VPN versus private VPN before. In either case, the provider cannot track anything except for connections to VPN. There is no question of trusting the ISP.

This is a concern, especially for users who use a number of specific privacy related add ons and tweaks which make their browser much more unique than most users. There are steps you can take to mitigate this. Disabling JavaScript, Flash, and WebGL is a good start. Use a user agent spoofer. Keep your screen size and resolution as generic as possible. You could also consider using Tor, or run a completely uncustomized as-generic-as-possible browser on a virtual machine.

It is not as simple as it seems. If you disable the javascript, then you will not be able to use modern sites. This is only a temporary measure when you really need to hide. Plus turning off the javascript will stand out from other users. It is not yet known which is better. Smiley
I disable javascript, cookies, I don't have java, flash or other specific plugins.
So there are no info about fonts, canvas, resolution, audio formats, webgl and etc without javascript and anyway amiunique.org reports that I have almost unique fingerprint.
Maybe "completely uncustomized as-generic-as-possible browser" may help to merge with the crowd, but you need to configure it or find one ready and test it. The main thing is that the crowd should not be too small with that set at spy site.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!