antiaall3s, 14 days ago to opsec

Communication habits among leftist #activists that i no longer understand:

Why still use twitter, instagram, facebook to promote stuff? Steal your data, you are their product.
Use the Fediverse instead. (Blsky no better)

Why still use telegram, whatsapp to chat, organise? Encryption iffy, cannot be trusted.
Use @signalapp instead.

Why still use GoogleDocs to collaborate on texts, documents? Steal your data, track you.
Use @cryptpad instead.

We have the tools for better #OpSec.

xyhhx, 21 days ago to opsec

re: my recent boost (linked below)

mics (machine identification code) are nearly invisible marks most printers add to anything they print, as a means of tracking where each peice of printed material was printed from - down to the exact printer. not model, the individual printer

it's allegedly to curb counterfeit money, but obviously it can be used to connect material you print for, say, activism or political stuff down to the exact printer you used. if you're going to bureau en gros to print, or if you used a printer you bought, it can be traced to you

the @eff has some material that tried to identify printers that do or do not use mics, but it's no longer maintained:

https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots

makeuseof.com has another informative article on the subject including possible mitigations:

https://www.makeuseof.com/machine-identification-codes-printer-privacy-risk/

some mitigations they suggest include:

• https://h-node.org/printers/catalogue/en
  a list of printers that work with free software (which wont add the mics)

• https://github.com/dfd-tud/deda
  a tool to anonymize the tracking codes produced by your printer

these are both only useful to technically savvy people i think tho

anyway stay vigilant gang

#opsec #privacy #activism

https://infosec.exchange/@jxhn/112400527690021252

MagicLike, 21 days ago to hosting

I got a DM about how to host a Website as anonymous as possible, especially viewed from the outside with as little attack surface as possible. I already threw a bunch of my ideas in the room, but maybe you can think of something I haven't thought of...
Please just answer to this post if something crosses your mind from security over hoster to the website itself, I will link it to the person.

:boost_requested:

@askfedi

#AskFedi #FollowerPower #Hosting #Privacy #InfoSec #OpSec #Security

endareth, 24 days ago to apple

Reminder that everyone with an #iCloud account should enable Advanced Data Protection to ensure all your data stays encrypted: https://support.apple.com/en-au/guide/iphone/iph584ea27f5/ios
#Apple #InfoSec #OpSec

ianonymous3000, 27 days ago to privacy

🚨 Attention iOS & iPadOS users! 🚨

I've just updated my ultimate hardening guide, and I need your help to make it even better! 🙏

Check it out here: https://github.com/iAnonymous3000/iOS-Hardening-Guide

Please let me know:
✅ Is it easy to follow?
✅ Any areas need more detail?
✅ Suggestions for improvement?
✅ Most helpful tips?

Show your support by starring the repo! ⭐️

#privacy #opsec #cybersecurityawareness #hardeningguide #ios #ipados

outlyer, 27 days ago to opsec Catalan

Així que Espanya va enviar una de les seves ordres xusques a Suïssa (d'aquelles que anomenen terroristes a Tsunami –LOL), Suïssa va requerir a #ProtonMail i això va acabar descobrint la identitat d'una persona (a través del seu mail de recuperacio i un requeriment a Apple), i en la seva detenció.

Aneu amb compte i no doneu per fet que un servei segur/encriptat us converteix en anònims.

(Notícia de fa mínim dos setmanes que pel que sigui no m'havia arribat fins avui)

#opsec

nikita, 28 days ago to opsec German

#opsec
Are #Proton privacy and the #Signal messaging app still secure

Every year this gets called into question, yet rarely is the full story ever told. In this video, Josh explains what's really happening with these privacy and security apps as well as how it affects YOU directly.

#𝚘𝚙𝚜𝚎𝚌, 𝚛𝚎𝚜𝚙. 𝚍𝚊𝚜 𝚐𝚊𝚗𝚣𝚎 𝙳𝚛𝚞𝚖𝚖𝚑𝚎𝚛𝚞𝚖 𝚒𝚜𝚝 𝚖𝚒𝚗𝚍. 𝚜𝚘 𝚠𝚒𝚌𝚑𝚝𝚒𝚐 𝚠𝚒𝚎 𝙰𝚙𝚙𝚜 & 𝙲𝚘.

https://invidious.fdn.fr/watch?v=9ZLMDMk5rzk

Tutanota, 28 days ago to opsec

Are you a journalist, activist or whistleblower in need of an anonymous email account that doesn't require a personally identifiable recovery email address or phone number?

Tuta has you covered. 👉 https://tuta.com/blog/anonymous-email

This is anonymity done right. 😎
#anonymous #opsec #privacy #encryption

JenMorency, 1 month ago to opsec

#Opsec Matters: #Encrypted services #Apple, #Proton and #Wire helped #Spanish police identify #activist https://techcrunch.com/2024/05/08/encrypted-services-apple-proton-and-wire-helped-spanish-police-identify-activist/ "The legal requests sent to Wire, Proton & Apple are related to a case where Spanish authorities believe that a pseudonymous member of the #Catalan pro-independence movement Tsunami Democratic was helping the group plan some kind of actions or demonstrations at the time when King Felipe VI was planning to visit the region in 2020." They were ID'ed thru recovery e-mails.

ianonymous3000, 1 month ago to Cybersecurity

📚 Just completed the 'Basics of Personal Threat Modeling' course by @privacyguides 🛡️

Threat modeling is crucial because it helps identify and prioritize the most probable security and privacy risks. It enables focused resource allocation, tailored defenses, and heightened awareness.

Check it out: https://learn.privacyguides.org

#Cybersecurity #Privacy #ThreatModeling #cybersecurityawareness #opsec

image/png

arcadetoken, 1 month ago to Cybersecurity

Please be super careful using public wi-fi, even with a VPN. Zero day in existence for over 20 YEARS was announced impacting VPN use with regards to rogue or compromised DHCP servers on the LAN, which allows redirection of VPN traffic. If you can avoid public network use (i.e. using a cell service/hotspot instead of a public wifi network in a cafe, store, etc.), just avoid it. https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/?comments=1&comments-page=1

#cybersecurity #vpn #opsec

datenwolf, 1 month ago to opsec

Some people should not be allowed anywhere near networked computers. Just participated in some EU research project kick-off meeting…

> We have a 250TB storage system for our data with "RAID-6 backup".

> You can reach it under hʇʇp://foobar‍.‍fnord‍.‍fail (it's a HTTP 301 redirect to some IP in a university's address range; no TLS; plaintext HTTP).

Ã̵͔̏̐͗̍a̸͍̅̑̔̚a̶͔̲͛̔̄͘r̸̠̙̻͚̾̑͂r̴̭̞̫̜̍̇g̵̘͚͙̫̊̿͠g̸̢͍̣̗͊̒̏̓̕ǵ̶͍̠͔̲̟̔̎͌̓h̶͔͈̜̦̋ḩ̴̱͆͠ḣ̴͉h̶̞̺̟͂̈́̀ ← my headspace

#itsec #opsec

froyed, 1 month ago to security

Proton have a _ service:
email
VPN
calendar
cloud storage
password manager

They should do a 2FA service like Authy next.

#security #privacy #crypto #monero #password #breach #tips #cybersecurity #infosec #opsec #data #bitcoin #news #cryptonews #cryptocurrency #2fa #tech #authy #proton

froyed, 1 month ago to security

Many video game anti-cheats act essentially like malware.

This is because they are given Kernal level permissions which allows the software to monitor the system.

Many popular online games use anti-cheat. Be aware.

#security #privacy #crypto #monero #password #breach #tips #cybersecurity #infosec #opsec #data #bitcoin #news #cryptonews #cryptocurrency #2fa #gaming #tech

wagesj45, 2 months ago to Meme

I HATE PASSKEYS! I DON'T WANT TO "UPGRADE" TO PASSKEYS!

#meme #security #opsec #devops #fuckoff