Laptop and Smartphone Security and Privacy

UPDATED: September 27, 2015

There is no single solution for keeping yourself safe online. Digital security isn’t about which tools you use; rather, it’s about understanding the threats you face and how you can counter those threats. To become more secure, you must determine what you need to protect, and whom you need to protect it from. Threats can change depending on where you’re located, what you’re doing, and whom you’re working with.

At the September 2015 General Meeting SPAUG hosted a CryptoParty. Rhona Mahony and Daniel Roesler  talked about risks to security and privacy that people face from government agents, their ISP, their telephone company, and other business people.

For an introduction to the topic go to the Surveillance Self-Defense project of the Electronic Frontier Foundation.

Rhona and Daniel discussed the use of several helpful tools, such as

  • HTTPS Everywhereor Privacy Badger  HTTPS Everywhere is a free and open source web browser extension for Google Chrome, Mozilla Firefox and Opera.  Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by using clever technology to rewrite requests to these sites to HTTPS.  It automatically makes websites use the more secure HTTPS connection instead of HTTP, if they support it.  
  • Signal and TextSecure for encrypted texting (smartphone)
    Signal is a free and open-source encrypted voice calling and instant messaging application for iOS. It uses advanced end-to-end encryption protocols to secure all communications to other Signal users. Signal can be used to send and receive encrypted instant messages, group messages, attachments and media messages. TextSecure is an advanced end-to-end encryption protocol as well as a free and open-source encrypted instant messaging application for Android which uses that protocol.
  • Tor, the anonymous browser (laptop).
    Tor is free software for enabling anonymous communication. The name is an acronym derived from the original software project name The Onion Router. Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than six thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis.
    and
  • A password manager such as KeePass, Last Pass or 1Password to facilitate the use of strong passwords.
    Safe practices on the internet require that you use multiple long and strong passwords which are hard to break and also hard to remember. Password vaults allow you to generate strong passwords and store them in an encrypted file under a single master password. They also allow you to store other sensitive information.

rhona-mahony-webRhona keeps bees, has twins in high school, lives on the Stanford campus, and enjoys teaching CryptoParties.  She likes Linux, sawdust toilets, blogging, and backpacking.

Leave a Reply

Your email address will not be published. Required fields are marked *