Pages:
Author

Topic: [Guide] Protect your Crypto: Security tips for your home computer & network (Read 518 times)

legendary
Activity: 1232
Merit: 1255
Time to bump before the thread disappears into oblivion.  Cheesy
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
That is one tradeoff of using a VPN instead of using a VPS as a 'private' VPN. You can't really know for sure if a VPN provider is keeping logs.

In some cases, you can be reasonably sure. Twice now, Private Internet Access has been subpoenaed for subscriber information in major criminal cases. In both cases, they were unable to provide any data that could link online crimes with a user's identity.

That's why when someone asks for a VPN recommendation, I always recommend PIA.
That is good to know about PIA/Private Internet Access. I will have to keep this in mind in the future.
legendary
Activity: 1666
Merit: 1196
STOP SNITCHIN'
That is one tradeoff of using a VPN instead of using a VPS as a 'private' VPN. You can't really know for sure if a VPN provider is keeping logs.

In some cases, you can be reasonably sure. Twice now, Private Internet Access has been subpoenaed for subscriber information in major criminal cases. In both cases, they were unable to provide any data that could link online crimes with a user's identity.

That's why when someone asks for a VPN recommendation, I always recommend PIA.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
This is beneficial if you are using a public WiFi or an internet connection belonging to a third party. This will not provide the additional privacy that most VPNs provide because you will be the only one using that IP address. This will probably not increase security if you are accessing a website from home via a 'private' VPN, although it would prevent any website from knowing if you are at home or away. If you are using a public WiFi, this will prevent the WiFi host from impersonating any website you try to access, and will prevent the WiFi host from knowing what websites you are accessing.
Yes, this is a reasonable remark. But I am more afraid of unnecessary third-party applications/extensions on my computer and collecting logs about all my visits by VPN provider than the fact that someone will collect information at my one address.
That is one tradeoff of using a VPN instead of using a VPS as a 'private' VPN. You can't really know for sure if a VPN provider is keeping logs.

You don't need any third party application to use a VPN, as you can use an open source application whose code you can inspect to connect to a VPN server. Although if you do this, you may lose some features that many VPN providers offer such as checking the current performance of many of their servers at once and connecting to a specific server accordingly.

Using a VPS as a 'private VPN' may be a good way to achieve "regulatory arbitrage" if you are in an oppressive country and your VPS is located in a country with more protections against searches by government.
And modern systems make a very accurate browser fingerprint. Are you sure that you cannot be precisely identified by it as well as me by one ip?

I am not sure I understand what you are asking here. If you are accessing a website from a specific IP address, and are the only person accessing the website from that IP address, the website will know you are the same person.
legendary
Activity: 1232
Merit: 1255
For the Passwords section, please consider to add this topic, that is helpful and deserves your consideration.
[GUIDE] How to Create a Strong/Secure Password

The best way is to simply use the Keepass password generator and use a unique password for each service. Then you don't need any instructions on how to create a strong password.

KeePass is good password manager, but personally i'd prefer KeePassXC if you're linux or mac users.

If you are a Windows user, I would simply stick with the original Keepass.
To my knowledge the original is also the only one that supports plugins. (like OTP, QRCodeGenerator, Word Sequencer or stuff like that)
Here are all available plugins listed by the way: https://keepass.info/plugins.html

If you don't use Windows or several different operating systems KeepassXC should be preferred.

But using a Yubikey you can't mix Keepass and KeepassXC cause both use different encryption methods. (according to: https://keepassxc.org/docs/#faq-yubikey-incompatible)
legendary
Activity: 2268
Merit: 18771
Maybe "completely uncustomized as-generic-as-possible browser" may help to merge with the crowd, but you need to configure it or find one ready and test it.
The most commonly used desktop web browser is Chrome, by a long shot, with somewhere around 65-70% of market share. Firefox comes a distant second at 8-10%, and everything else on single figure percentages. If you wanted to find the biggest crowd to try to blend in with, then these numbers suggest you should just be picking the latest version of Chrome, and not downloading any add ons or tweaking any settings. Sure, while doing so may mean you don't have a unique fingerprint and you can "blend in", there is a much bigger problem being that if you use "out-of-the-box" Chrome, then you are being bombarded with tracking cookies and scripts, as well as Google keeping a log of absolutely everything that you do.

There is of course another way to approach this issue, and that is to use different browsers, or different but separate instances of the same browser. One for personal emails, social media, general internet surfing. One for work. One for crypto. It's impossible to track your fingerprint from Facebook to a crypto exchange if you use different browsers for each. Bonus points for running one of the browsers from a VM and using a different VPN server.
hero member
Activity: 750
Merit: 511
But I am more afraid of unnecessary third-party applications/extensions on my computer and collecting logs about all my visits by VPN provider than the fact that someone will collect information at my one address.
Most ISPs keep a log of everything that you do online, and many will happily hand that over to your government with no resistance when requested to do so. This is known to be happening in many Western countries. I would much rather trust a VPN provider who has previously been taken to court to prove they don't keep logs than I would trust my ISP who have to do what the government tells them or be shut down.

We discussed public VPN versus private VPN before. In either case, the provider cannot track anything except for connections to VPN. There is no question of trusting the ISP.

This is a concern, especially for users who use a number of specific privacy related add ons and tweaks which make their browser much more unique than most users. There are steps you can take to mitigate this. Disabling JavaScript, Flash, and WebGL is a good start. Use a user agent spoofer. Keep your screen size and resolution as generic as possible. You could also consider using Tor, or run a completely uncustomized as-generic-as-possible browser on a virtual machine.

It is not as simple as it seems. If you disable the javascript, then you will not be able to use modern sites. This is only a temporary measure when you really need to hide. Plus turning off the javascript will stand out from other users. It is not yet known which is better. Smiley
I disable javascript, cookies, I don't have java, flash or other specific plugins.
So there are no info about fonts, canvas, resolution, audio formats, webgl and etc without javascript and anyway amiunique.org reports that I have almost unique fingerprint.
Maybe "completely uncustomized as-generic-as-possible browser" may help to merge with the crowd, but you need to configure it or find one ready and test it. The main thing is that the crowd should not be too small with that set at spy site.
legendary
Activity: 2268
Merit: 18771
But I am more afraid of unnecessary third-party applications/extensions on my computer and collecting logs about all my visits by VPN provider than the fact that someone will collect information at my one address.
Most ISPs keep a log of everything that you do online, and many will happily hand that over to your government with no resistance when requested to do so. This is known to be happening in many Western countries. I would much rather trust a VPN provider who has previously been taken to court to prove they don't keep logs than I would trust my ISP who have to do what the government tells them or be shut down.

And modern systems make a very accurate browser fingerprint. Are you sure that you cannot be precisely identified by it as well as me by one ip?
This is a concern, especially for users who use a number of specific privacy related add ons and tweaks which make their browser much more unique than most users. There are steps you can take to mitigate this. Disabling JavaScript, Flash, and WebGL is a good start. Use a user agent spoofer. Keep your screen size and resolution as generic as possible. You could also consider using Tor, or run a completely uncustomized as-generic-as-possible browser on a virtual machine.
hero member
Activity: 750
Merit: 511
This is beneficial if you are using a public WiFi or an internet connection belonging to a third party. This will not provide the additional privacy that most VPNs provide because you will be the only one using that IP address. This will probably not increase security if you are accessing a website from home via a 'private' VPN, although it would prevent any website from knowing if you are at home or away. If you are using a public WiFi, this will prevent the WiFi host from impersonating any website you try to access, and will prevent the WiFi host from knowing what websites you are accessing.
Yes, this is a reasonable remark. But I am more afraid of unnecessary third-party applications/extensions on my computer and collecting logs about all my visits by VPN provider than the fact that someone will collect information at my one address.

And modern systems make a very accurate browser fingerprint. Are you sure that you cannot be precisely identified by it as well as me by one ip?

The provider has access to the hardware, the logs, etc.
Yes, I understand it. I trust my VPS provider more than third-party VPN services. It's individual and there is no perfect solution.

Connecting to a public WiFi puts you at risk of all your data being read by whoever owns the WiFi hotspot, or even other uses who are connected to it. Man in the middle attacks which can redirect you to fake sites which are indistinguishable from the real thing, and steal any information you enter, including username and passwords. WiFi networks can also be used to spread malware to devices which connect to them.

https://security.stackexchange.com/a/189022
https://www.techradar.com/uk/news/public-wi-fi-and-why-you-need-a-vpn

Ok, I forgot the possibility of direct port access with public Wi-Fi.
The use of a firewall and filtering all unnecessary services is required. But this is required in any case, because due to errors in the firmware routers often hack.
Yes, this is an argument. But the other problems that you indicated are solved by connecting to VPN and traffic encryption.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
KeePass is good password manager, but personally i'd prefer KeePassXC if you're linux or mac users.
I've heard the name KeePassXC a couple of times, but never really looked in to it much. As someone who is using KeePassX without any issues or problems, what does XC offer that X doesn't?

Quote from another posts

If you use Linux or Mac OS, you definitely should choose KeePassXC over KeePass.

Or KeePassX (linux)  Smiley

The reason i recommend KeePassXC over KeePassX because :
1. KeePassX hasn't been updated since Sep 4, 2016 according to https://github.com/keepassx/keepassx/releases & https://www.keepassx.org/news
2. KeePassXC latest release is Jun 11, 2019 - 22:00 CEST according to https://keepassxc.org/blog/
3. KeePassXC have some difference, see https://superuser.com/a/879013

I'm sure you prefer not to use outdated software Smiley



--snip--
And of course, any discussion about choosing a VPN provider would not be complete with a link to this site: https://thatoneprivacysite.net/

And few filters already filters out most VPN Tongue
legendary
Activity: 2268
Merit: 18771
KeePass is good password manager, but personally i'd prefer KeePassXC if you're linux or mac users.
I've heard the name KeePassXC a couple of times, but never really looked in to it much. As someone who is using KeePassX without any issues or problems, what does XC offer that X doesn't?

It's not something that VPN provider could prove, few VPN provider which claim don't log customer data has been proven otherwise when they have legal problem.
This is the biggest risk with using a VPN. Several providers say they don't keep logs when they do, or are vague about the type of logs they keep, and some even sell client data to third parties. There have been a handful of VPNs which have been subpoenaed or similar and have had to prove in court that they do not keep logs. Whilst past cases like these don't guarantee the VPN provider still isn't keeping logs, it can be a good indication of which providers you should be considering. And of course, any discussion about choosing a VPN provider would not be complete with a link to this site: https://thatoneprivacysite.net/
hero member
Activity: 1806
Merit: 672
Malware protection is really important when it comes to protecting your home pcs especially the ones containing your cryptocurrencies so you should include it in your guide. I know a lot of guys already loss their cryptocurrencies because of malwares and trackers and its not a joke on installing a few softwares like malwarebytes to get ahead of them. One way to avoid malware is not to download the things that suddenly pops out on websites you just visited and also do no go to websites that have suspicious links. Other than that USBs are also one of the main culprits so if you want to plug a USB drive in your computer than you must scan it first before trying to copy files from it.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
KeePass is good password manager, but personally i'd prefer KeePassXC if you're linux or mac users.

For additional protection, it is recommended to use a VPN service that does not log private data.

It's not something that VPN provider could prove, few VPN provider which claim don't log customer data has been proven otherwise when they have legal problem.

My number one tip when it comes to security is to never download any crap software. You want to pirate a game? Get dedicated PC for that. You want to pirate Photoshop? Learn how to use GIMP instead. Need to get some reader? Instead of clicking the first link on google, carefully check what site is official, and preferably download from github. When I was younger, my computer was infected all the time, because I didn't follow any of those rules, luckily for me I didn't have anything too sensitive, but a lot of people who use crypto still do this, and then ask people why their coins were stolen.

VM/Sandbox also works for those who only have 1 device, but it doesn't apply for video games (or any GPU-dependent application)
legendary
Activity: 3038
Merit: 2162
My number one tip when it comes to security is to never download any crap software. You want to pirate a game? Get dedicated PC for that. You want to pirate Photoshop? Learn how to use GIMP instead. Need to get some reader? Instead of clicking the first link on google, carefully check what site is official, and preferably download from github. When I was younger, my computer was infected all the time, because I didn't follow any of those rules, luckily for me I didn't have anything too sensitive, but a lot of people who use crypto still do this, and then ask people why their coins were stolen.
legendary
Activity: 2268
Merit: 18771
Can you tell us in more detail what is the danger of using public Wi-Fi with VPN? Or give any links?
You can find plenty of info by simply searching "public wifi security" or "public wifi vpn" or something similar.

Connecting to a public WiFi puts you at risk of all your data being read by whoever owns the WiFi hotspot, or even other uses who are connected to it. Man in the middle attacks which can redirect you to fake sites which are indistinguishable from the real thing, and steal any information you enter, including username and passwords. WiFi networks can also be used to spread malware to devices which connect to them.

https://security.stackexchange.com/a/189022
https://www.techradar.com/uk/news/public-wi-fi-and-why-you-need-a-vpn

At the very least, if you are going to be using a public WiFi then you should be using a VPN, security add ons such as HTTPS everywhere, and a strong firewall and anti-virus/anti-malware program, but you can never be completely safe on a public WiFi. I would never enter any personal details or log on to any site via public WiFi. If you are on the move and you need internet access, use your mobile data.
legendary
Activity: 1232
Merit: 1255

I prefer to have my own vpn server (I am using openvpn). Some providers offer VPS for few euros per month.
Sometimes there are discounts.

As PrimeNumber7 rightly said, with a private VPN you are using a static IP address, which makes everything very easy to trace.

Moreover, I would never consider a VPS as actually secure. The provider has access to the hardware, the logs, etc.

By the way, for 3-4€/month you can also use a service like AirVPN.

And I recommend set DNS manually on the computer, this will save you from replacing DNS on the router.
And you can use Google DNS instead of ISP's DNS.

https://www.ixiacom.com/company/blog/paypal-netflix-gmail-and-uber-users-among-targets-new-wave-dns-hijacking-attacks

Well, if you don't have a problem with Google collecting data, you can use their DNS.
But maybe you should consider an alternative like https://www.opennic.org/
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7

For additional protection, it is recommended to use a VPN service that does not log private data.
This is especially recommended if you are not in your own home network.

My recommendation: AirVPN (native client also for LINUX!!) or NordVPN

I prefer to have my own vpn server (I am using openvpn). Some providers offer VPS for few euros per month.
Sometimes there are discounts.

This is beneficial if you are using a public WiFi or an internet connection belonging to a third party. This will not provide the additional privacy that most VPNs provide because you will be the only one using that IP address. This will probably not increase security if you are accessing a website from home via a 'private' VPN, although it would prevent any website from knowing if you are at home or away. If you are using a public WiFi, this will prevent the WiFi host from impersonating any website you try to access, and will prevent the WiFi host from knowing what websites you are accessing.
hero member
Activity: 750
Merit: 511
I would never dream of connecting to a public WiFi with a VPN, even for the most cursory of internet use. You would be allowing all your data to be intercepted without too much hassle. Even with a VPN, I still wouldn't be using public WiFis for anything sensitive.

Can you tell us in more detail what is the danger of using public Wi-Fi with VPN? Or give any links?

- Phishing Mails
These mails are used by malicious actors to steal personal data or money.
Here are some common methods:
- You have won
- Mails asking you to reset your password
- Sextortion SCAM

Most of the phishing emails which I receive that a payment has arrived in my account and I must urgently withdraw it otherwise something will be blocked/lost there.

For additional protection, it is recommended to use a VPN service that does not log private data.
This is especially recommended if you are not in your own home network.

My recommendation: AirVPN (native client also for LINUX!!) or NordVPN

I prefer to have my own vpn server (I am using openvpn). Some providers offer VPS for few euros per month.
Sometimes there are discounts.


And I recommend set DNS manually on the computer, this will save you from replacing DNS on the router.
And you can use Google DNS instead of ISP's DNS.

https://www.ixiacom.com/company/blog/paypal-netflix-gmail-and-uber-users-among-targets-new-wave-dns-hijacking-attacks
hero member
Activity: 2366
Merit: 838
For the Passwords section, please consider to add this topic, that is helpful and deserves your consideration.
[GUIDE] How to Create a Strong/Secure Password
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
I shall only refer to the part of wlan (wi-fi) network because there is one more important thing which is very important. No matter what type of protection you use (WPA2), with strong password (64 characters max), and fact that WPS is disabled, your modem / router may still be hacked.

Back in 2017 it was discovered that there was a security weaknesses / exploit in WPA2, and since all modems / routers use it they became vulnerable to this attack. In other words, it was possible to hack any wireless network with "key reinstallation attacks" (KRACK).

Only way to prevent this attack is to update firmware all of devices who communicate wirelessly and using WPA protocol. Since this is discovered 2 years ago, a good part of the devices is received security patches until today, but be sure to check your devices and contact your ISP about this issue.

More info : https://www.krackattacks.com/
Pages:
Jump to: