A Noob's Guide to (Online) Security

Resources Community Tutorials
#3

6 posts were merged out for being off-topic

#4

Well that depends massively. I personally have a modified router with custom firmware. I then use OpenVPN to route all my traffic through a custom (open source) VPN hosted on one of my servers.

3 Likes
#5

That’s hardly the only use of a VPN. A VPN will encrypt you traffic which protects you from your ISP tracking you as well as network administrators tracking you. They can still see the sites you visit but not the content of them.

It can also be used to bypass network blocks like a school, etc. That’s not to mention just hiding your IP from websites who might save it.

2 Likes
#6

Goo job with this post! It gives security levels for all types of people, which is cool! I’ll make sure to share it with friends!

1 Like
#7

Regarding account security itself, I just generate 4 passwords every week and use 2FA only on my phone with mobile data. Most of this goes into levels of extreme paranoia, but still a good thing to know.

Getting rid of cloud is generally a worse idea regarding security. Data-loss is just as big of an issue as theft. Unless you have a reliable RAID 6 setup with each disk powered by its own grid and an anti-surge protection, it is almost impossible to be 100% protected against data-loss. I lost 3 disks in my RAID 5 during a thunderstorm (stupid me forgot to unplug) and the 4th was half-fried. It is much better to buy a premium subscription for enterprise level cloud.

1 Like
#8

One could say this post was slightly overkill :stuck_out_tongue:

Complete legend for this line! ^

Definitely found it interesting your recommended a password manager, as one of my primary concerns is if my Mac was stolen, knowing my OS password would give you access to my entire keychain.

1 Like
#9

Yep! This post is probably an overkill for most people, but I just want it out there to the public, so that it gets known at least :wink:

The entire purpose of this post is for people to see how secure you can become, and why it’s so important (and mainly what you can do). Using a password manager is a huge step for most people as they probably have been using one password for multiple accounts, which isn’t a recommended security practice. Any steps you take to increase your security matter!

And I also definitely recommend that you get started with a password manager, as it simplifies pretty much everything. There are some cons to use it (i.e all passwords in one place), but one can argue that the benefits outweigh them.

5 Likes
#10

Pro Tip: If you don’t have the money for a Faraday bag, you could also turn off your phone when you aren’t using it. This makes your phone impossible to hack during the duration that it is turned off (that is until Apple’s hardware backdoor is activated by a malicious actor/government or they send someone to steal your phone/your body).

If you want to increase laptop physical security (ie; usb blocker, kensington lock, privacy filter) you could also use a deadman’s switch. Essentially, you have some type of USB plugged into your laptop that is attached to your wrist/neck with a chain. That way, if someone tries to steal your laptop, a program on your laptop would automatically turn off the computer and wipe the entire drive. Furthermore, if security is required at the highest degree, you could perform full disk erasure via physical methods (thermite, explosives, etc) though I would not recommend this unless you have been authorized by an appropriate government body. They could also circumvent this by spraying your laptop with liquid nitrogen and extracting the RAM from the computer before the MOSFET capacitors fully discharge.

8 Likes
#11

Depending on your intended use, you may be subject to government intervention with the self-hosting of a Virtual Private Network (VPN). Commonly practiced in the United States of America (USA) a “pen trap” is used to monitor telephone or network-related traffic, this practice is similar to a subpoena. If you are not in the USA, a similar policy may be practiced by your government, even if your intention is not felonious. Though your private information is encrypted, tracking (locating) you is still possible.

2 Likes
#12

I mean I understand that security is a big feature but again you shouldn’t be worried if you are not browsing through suspicious websites or just clicking random links that you have found or someone has sent to you. If you have 2FA active then you should not be worried as long you haven’t used your Roblox credentials at random computers or suspicious websites. The use of a VPN is great for privacy and encryption but I guarantee you it’s not the best use, especially using public free VPNs.

In general, keeping your credentials away from false websites should keep your account safe. if you use a password manager then you should be protected but if you haven’t it’s a great solution to protect you from overused credentials from similar accounts.

Iphones are not a solution to keep a system protected that is completely false information. If you think using SMS to keep your account protected then you are completely wrong! Besides social media has nothing to do with hacking accounts, social media is great to collect information from communities and etc.

-BTW GREAT ARTICLE! :upside_down_face:

1 Like
#13

This is awesome! I’m super paranoid all the time so it’s good to know there are others out there like me. and now some hacker is going to take this information and use it to exploit me :joy:

2 Likes
#14

Password managers are a godsend. 20-64 character long unique passwords and I don’t have to remember a thing. They’re not particularly expensive either for a subscription, and in any case they will save you days of your life in the long run (plus give you much improved security).

Plus, 1Password let’s me know when my data or password has been leaked due to some crappy company’s negligence (thanks Facebook)

2 Likes
#15

This is not at all what I expected from an article titled “security” on a Roblox forum, but I enjoyed it. I like how you even went into physical security with locks and backpacks. Thanks for the resource!

2 Likes
#16

Overall, nice thread and a great introduction to online security!

This is not necessary as you think now-a-days. Sure, wind-back time a few years ago when most websites weren’t secured and you would, but virtually all websites now-a-days encrypt your information so that your connections are secure. VPNs do have legitimate uses; circumventing geoblocking, obfuscating traffic, bypassing content filtering, etc. These are great, and sometimes essential, for people living in countries where goverments suppress and punish certain beliefs… the majority of us in the western world though? These aren’t essential. You might as well save that £10/month and donate it to a charity - it will have a much better use.

Tom Scott sums it up wonderfully in one of his latest videos:

https://www.reddit.com/r/videos/comments/doawcl/this_video_is_sponsored_by_vpn_tom_scott_on/

For debit cards, you can add ‘daily caps’ (£50 limit a day for example), so even if you card is stolen or goes missing, you can cancel it right away without the worry of your entire account disappearing. Online transfers have also become a lot more secure recently; you can set caps on spending which require 2FA to process large amounts.

3 Likes
#17

The amount of random stuff I download…

1 Like
#18

:clap: Nice article :clap:

I would like to contribute two things to your guide… Browsers & Search Engines. As similarily stated above, some of these browsers and search engines will expose your data to big companies while surfing, just like Facebook and Google.

Browsers

Choosing the right browser will benefit you on one of these things: privacy, security, or stability. Some of the browsers that I am (or you are) familiar with are:

  • Chrome
  • Firefox
  • Safari
  • Opera
  • IE
  • Edge
  • Tor

Chrome is too much of a privacy/stability hog. Firefox only blocks trackers by default. Tor is outrageously slow, only for anonymity. I did like Opera once because of their “free VPN” however it is broken, then I got too bored to use Opera afterward. I don’t like Edge & Safari. Internet Explorer… does anybody use that anymore?

There is one browser that I did not include in my list is Brave. In my opinion, Brave is more secure than any other browser. Brave is built from the Chromium source. You can watch what Brave is here

Why Brave is different (and better) than Firefox and Chrome

  1. Brave blocks ads, trackers, third-party cookies, and upgrades to HTTPS by default

  2. Brave lets you get rewarded by watching privacy-respecting ads. You can opt-in/opt-out at any time. You can also be part of a Brave creator too! These rewards allow you to tip any verified Brave creator, like me.

  3. Brave lets you download Chrome extensions (obviously). Here are some of my favorites (all of them are open source):
    Privacy Redirect (Invidious, a Youtube private front end, is the icing on the cake!)
    Stylus (NOT TO BE CONFUSED WITH STYLISH AS THAT STEALS YOUR BROWSING HISTORY DATA)
    SponsorBlock (works with any Invidious instance too, not just Youtube!)
    Buster (works only on reCAPTCHA, just one click, that’s it)

  4. Brave is on a “mission to fix the internet”

  5. Brave tries to rip out as much Google as possible.

  6. Brave has built-in Tor browsing. It doesn’t have many features as the original.

  7. Brave is fully compatible with YubiKeys.

  8. Although Brave is technically built from Chromium, Chromium is not the same as Chrome though.

  9. InterPlanetary File System (IPFS) is integrated into Brave, this is great for bypassing censorship in your country!

  10. Want to know what’s happening today around the world? Brave Today has got you covered.

Don’t believe me that Brave is faster than Firefox? Brave has run a test performance on GC, Brave themselves, and Firefox. Watch it here

Fun fact about Brave: The person who made the browser, Brendan Eich, also co-founded Mozilla and made THE JavaScript language.

Honorable Mentions:

  1. Vivaldi: Created by the co-creator of Opera. open source, SUPER customizable UI, not fast on blocking ads and trackers as Brave does

  2. Ungoogled Chromium: An incredibly locked-down tight version of Chromium, a 100% de-googled browser, it’s not easy to install extensions and not so easy to update like the other Chromium-based browsers

Search Engines

There are search engines that invade privacy, such as Google (mostly Google), Bing, and Yahoo. And some search engines are safer to use. Three of the safest search engines I know are DuckDuckGo, Qwant, and StartPage. I like DuckDuckGo more than Qwant and StartPage.

Why choose DuckDuckGo than Google?

  1. DDG can save time. You can use this feature called !bangs. !Bangs are a shortcut for searches, like “!robloxg big paintball”. You can learn more about !bangs by simply searching “!bangs” by setting DDG as your default search engine.

  2. When Google got caught changing up searches, most primarily on politics, more people switched to DDG. For the first time ever, DDG had reached over 100 MILLION searches in a SINGLE DAY! BIG NOTE: I will NEVER be into politics.

  3. As you may know by searching already, DDG has a search filter. There is an all safe version here if you don’t feel comfortable with the search filter in the original DDG engine.

  4. They have a Tor circuit of DDG.

  5. It’s highly customizable. You can give DDG a super dark theme. You can sync themes across other devices too by bookmarking the link that’s given to you.

  6. DDG doesn’t care what you search up. Google, on the other hand, does.

  7. DDG has more features that Google doesn’t have, like a “youtube cheat sheet” or “qr a qr code generator exists on DDG”.

Conclusion

In conclusion, if you want faster, safer, more secure browsing, use Brave + DDG or Qwant. Qwant is more for users that live in Europe.

If you thought that I would say use Firefox, it ain’t safe anymore due to backdoor telemetry. Yes, that’s a thing. I would also give this article a good read on why Mozilla can’t be trusted, written by Mozilla themselves (AS I SAID: I will NEVER be into politics).

Edit 1/27/2021: Browser Honorable Mentions, more reasons why I like Brave and changed a reason, new reason why Mozilla is a traitor in conclusion, changed all Youtube links to an Invidious instance

8 Likes
#19

First and foremost, fantastic post.

While this post definitely helps to show how the reader can be more aware, it forget’s one rather important thing. Software, like all code, can always be compromised. It’s a matter of when or how an attacker can gain access to your system, your files or your code. While better security techniques can help stop an attacker, it’s more-so postponing or mitigating the eventual intended outcome. Just something to think about.

1 Like
#20

Another fact about Brave is that it is open source. Here is the Github Page. I never knew Brave existed until now. I got to try it out right now.

2 Likes
#21

Yep, it is open source. I wish I know how to edit the source code so I can make Brave for 32-bit Linux builds.

#22

@1TheNoobestNoob, hey!

I’m wondering if I should use BitLocker on drive c or not, would it slow down my computer?

1 Like