Author

Topic: [Guide] Protect your Crypto: Security tips for your home computer & network (Read 512 times)

legendary
Activity: 1232
Merit: 1255
Time to bump before the thread disappears into oblivion.  Cheesy
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
That is one tradeoff of using a VPN instead of using a VPS as a 'private' VPN. You can't really know for sure if a VPN provider is keeping logs.

In some cases, you can be reasonably sure. Twice now, Private Internet Access has been subpoenaed for subscriber information in major criminal cases. In both cases, they were unable to provide any data that could link online crimes with a user's identity.

That's why when someone asks for a VPN recommendation, I always recommend PIA.
That is good to know about PIA/Private Internet Access. I will have to keep this in mind in the future.
legendary
Activity: 1666
Merit: 1196
STOP SNITCHIN'
That is one tradeoff of using a VPN instead of using a VPS as a 'private' VPN. You can't really know for sure if a VPN provider is keeping logs.

In some cases, you can be reasonably sure. Twice now, Private Internet Access has been subpoenaed for subscriber information in major criminal cases. In both cases, they were unable to provide any data that could link online crimes with a user's identity.

That's why when someone asks for a VPN recommendation, I always recommend PIA.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
This is beneficial if you are using a public WiFi or an internet connection belonging to a third party. This will not provide the additional privacy that most VPNs provide because you will be the only one using that IP address. This will probably not increase security if you are accessing a website from home via a 'private' VPN, although it would prevent any website from knowing if you are at home or away. If you are using a public WiFi, this will prevent the WiFi host from impersonating any website you try to access, and will prevent the WiFi host from knowing what websites you are accessing.
Yes, this is a reasonable remark. But I am more afraid of unnecessary third-party applications/extensions on my computer and collecting logs about all my visits by VPN provider than the fact that someone will collect information at my one address.
That is one tradeoff of using a VPN instead of using a VPS as a 'private' VPN. You can't really know for sure if a VPN provider is keeping logs.

You don't need any third party application to use a VPN, as you can use an open source application whose code you can inspect to connect to a VPN server. Although if you do this, you may lose some features that many VPN providers offer such as checking the current performance of many of their servers at once and connecting to a specific server accordingly.

Using a VPS as a 'private VPN' may be a good way to achieve "regulatory arbitrage" if you are in an oppressive country and your VPS is located in a country with more protections against searches by government.
And modern systems make a very accurate browser fingerprint. Are you sure that you cannot be precisely identified by it as well as me by one ip?

I am not sure I understand what you are asking here. If you are accessing a website from a specific IP address, and are the only person accessing the website from that IP address, the website will know you are the same person.
legendary
Activity: 1232
Merit: 1255
For the Passwords section, please consider to add this topic, that is helpful and deserves your consideration.
[GUIDE] How to Create a Strong/Secure Password

The best way is to simply use the Keepass password generator and use a unique password for each service. Then you don't need any instructions on how to create a strong password.

KeePass is good password manager, but personally i'd prefer KeePassXC if you're linux or mac users.

If you are a Windows user, I would simply stick with the original Keepass.
To my knowledge the original is also the only one that supports plugins. (like OTP, QRCodeGenerator, Word Sequencer or stuff like that)
Here are all available plugins listed by the way: https://keepass.info/plugins.html

If you don't use Windows or several different operating systems KeepassXC should be preferred.

But using a Yubikey you can't mix Keepass and KeepassXC cause both use different encryption methods. (according to: https://keepassxc.org/docs/#faq-yubikey-incompatible)
legendary
Activity: 2268
Merit: 18748
Maybe "completely uncustomized as-generic-as-possible browser" may help to merge with the crowd, but you need to configure it or find one ready and test it.
The most commonly used desktop web browser is Chrome, by a long shot, with somewhere around 65-70% of market share. Firefox comes a distant second at 8-10%, and everything else on single figure percentages. If you wanted to find the biggest crowd to try to blend in with, then these numbers suggest you should just be picking the latest version of Chrome, and not downloading any add ons or tweaking any settings. Sure, while doing so may mean you don't have a unique fingerprint and you can "blend in", there is a much bigger problem being that if you use "out-of-the-box" Chrome, then you are being bombarded with tracking cookies and scripts, as well as Google keeping a log of absolutely everything that you do.

There is of course another way to approach this issue, and that is to use different browsers, or different but separate instances of the same browser. One for personal emails, social media, general internet surfing. One for work. One for crypto. It's impossible to track your fingerprint from Facebook to a crypto exchange if you use different browsers for each. Bonus points for running one of the browsers from a VM and using a different VPN server.
hero member
Activity: 750
Merit: 511
But I am more afraid of unnecessary third-party applications/extensions on my computer and collecting logs about all my visits by VPN provider than the fact that someone will collect information at my one address.
Most ISPs keep a log of everything that you do online, and many will happily hand that over to your government with no resistance when requested to do so. This is known to be happening in many Western countries. I would much rather trust a VPN provider who has previously been taken to court to prove they don't keep logs than I would trust my ISP who have to do what the government tells them or be shut down.

We discussed public VPN versus private VPN before. In either case, the provider cannot track anything except for connections to VPN. There is no question of trusting the ISP.

This is a concern, especially for users who use a number of specific privacy related add ons and tweaks which make their browser much more unique than most users. There are steps you can take to mitigate this. Disabling JavaScript, Flash, and WebGL is a good start. Use a user agent spoofer. Keep your screen size and resolution as generic as possible. You could also consider using Tor, or run a completely uncustomized as-generic-as-possible browser on a virtual machine.

It is not as simple as it seems. If you disable the javascript, then you will not be able to use modern sites. This is only a temporary measure when you really need to hide. Plus turning off the javascript will stand out from other users. It is not yet known which is better. Smiley
I disable javascript, cookies, I don't have java, flash or other specific plugins.
So there are no info about fonts, canvas, resolution, audio formats, webgl and etc without javascript and anyway amiunique.org reports that I have almost unique fingerprint.
Maybe "completely uncustomized as-generic-as-possible browser" may help to merge with the crowd, but you need to configure it or find one ready and test it. The main thing is that the crowd should not be too small with that set at spy site.
legendary
Activity: 2268
Merit: 18748
But I am more afraid of unnecessary third-party applications/extensions on my computer and collecting logs about all my visits by VPN provider than the fact that someone will collect information at my one address.
Most ISPs keep a log of everything that you do online, and many will happily hand that over to your government with no resistance when requested to do so. This is known to be happening in many Western countries. I would much rather trust a VPN provider who has previously been taken to court to prove they don't keep logs than I would trust my ISP who have to do what the government tells them or be shut down.

And modern systems make a very accurate browser fingerprint. Are you sure that you cannot be precisely identified by it as well as me by one ip?
This is a concern, especially for users who use a number of specific privacy related add ons and tweaks which make their browser much more unique than most users. There are steps you can take to mitigate this. Disabling JavaScript, Flash, and WebGL is a good start. Use a user agent spoofer. Keep your screen size and resolution as generic as possible. You could also consider using Tor, or run a completely uncustomized as-generic-as-possible browser on a virtual machine.
hero member
Activity: 750
Merit: 511
This is beneficial if you are using a public WiFi or an internet connection belonging to a third party. This will not provide the additional privacy that most VPNs provide because you will be the only one using that IP address. This will probably not increase security if you are accessing a website from home via a 'private' VPN, although it would prevent any website from knowing if you are at home or away. If you are using a public WiFi, this will prevent the WiFi host from impersonating any website you try to access, and will prevent the WiFi host from knowing what websites you are accessing.
Yes, this is a reasonable remark. But I am more afraid of unnecessary third-party applications/extensions on my computer and collecting logs about all my visits by VPN provider than the fact that someone will collect information at my one address.

And modern systems make a very accurate browser fingerprint. Are you sure that you cannot be precisely identified by it as well as me by one ip?

The provider has access to the hardware, the logs, etc.
Yes, I understand it. I trust my VPS provider more than third-party VPN services. It's individual and there is no perfect solution.

Connecting to a public WiFi puts you at risk of all your data being read by whoever owns the WiFi hotspot, or even other uses who are connected to it. Man in the middle attacks which can redirect you to fake sites which are indistinguishable from the real thing, and steal any information you enter, including username and passwords. WiFi networks can also be used to spread malware to devices which connect to them.

https://security.stackexchange.com/a/189022
https://www.techradar.com/uk/news/public-wi-fi-and-why-you-need-a-vpn

Ok, I forgot the possibility of direct port access with public Wi-Fi.
The use of a firewall and filtering all unnecessary services is required. But this is required in any case, because due to errors in the firmware routers often hack.
Yes, this is an argument. But the other problems that you indicated are solved by connecting to VPN and traffic encryption.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
KeePass is good password manager, but personally i'd prefer KeePassXC if you're linux or mac users.
I've heard the name KeePassXC a couple of times, but never really looked in to it much. As someone who is using KeePassX without any issues or problems, what does XC offer that X doesn't?

Quote from another posts

If you use Linux or Mac OS, you definitely should choose KeePassXC over KeePass.

Or KeePassX (linux)  Smiley

The reason i recommend KeePassXC over KeePassX because :
1. KeePassX hasn't been updated since Sep 4, 2016 according to https://github.com/keepassx/keepassx/releases & https://www.keepassx.org/news
2. KeePassXC latest release is Jun 11, 2019 - 22:00 CEST according to https://keepassxc.org/blog/
3. KeePassXC have some difference, see https://superuser.com/a/879013

I'm sure you prefer not to use outdated software Smiley



--snip--
And of course, any discussion about choosing a VPN provider would not be complete with a link to this site: https://thatoneprivacysite.net/

And few filters already filters out most VPN Tongue
legendary
Activity: 2268
Merit: 18748
KeePass is good password manager, but personally i'd prefer KeePassXC if you're linux or mac users.
I've heard the name KeePassXC a couple of times, but never really looked in to it much. As someone who is using KeePassX without any issues or problems, what does XC offer that X doesn't?

It's not something that VPN provider could prove, few VPN provider which claim don't log customer data has been proven otherwise when they have legal problem.
This is the biggest risk with using a VPN. Several providers say they don't keep logs when they do, or are vague about the type of logs they keep, and some even sell client data to third parties. There have been a handful of VPNs which have been subpoenaed or similar and have had to prove in court that they do not keep logs. Whilst past cases like these don't guarantee the VPN provider still isn't keeping logs, it can be a good indication of which providers you should be considering. And of course, any discussion about choosing a VPN provider would not be complete with a link to this site: https://thatoneprivacysite.net/
hero member
Activity: 1806
Merit: 672
Malware protection is really important when it comes to protecting your home pcs especially the ones containing your cryptocurrencies so you should include it in your guide. I know a lot of guys already loss their cryptocurrencies because of malwares and trackers and its not a joke on installing a few softwares like malwarebytes to get ahead of them. One way to avoid malware is not to download the things that suddenly pops out on websites you just visited and also do no go to websites that have suspicious links. Other than that USBs are also one of the main culprits so if you want to plug a USB drive in your computer than you must scan it first before trying to copy files from it.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
KeePass is good password manager, but personally i'd prefer KeePassXC if you're linux or mac users.

For additional protection, it is recommended to use a VPN service that does not log private data.

It's not something that VPN provider could prove, few VPN provider which claim don't log customer data has been proven otherwise when they have legal problem.

My number one tip when it comes to security is to never download any crap software. You want to pirate a game? Get dedicated PC for that. You want to pirate Photoshop? Learn how to use GIMP instead. Need to get some reader? Instead of clicking the first link on google, carefully check what site is official, and preferably download from github. When I was younger, my computer was infected all the time, because I didn't follow any of those rules, luckily for me I didn't have anything too sensitive, but a lot of people who use crypto still do this, and then ask people why their coins were stolen.

VM/Sandbox also works for those who only have 1 device, but it doesn't apply for video games (or any GPU-dependent application)
legendary
Activity: 3024
Merit: 2148
My number one tip when it comes to security is to never download any crap software. You want to pirate a game? Get dedicated PC for that. You want to pirate Photoshop? Learn how to use GIMP instead. Need to get some reader? Instead of clicking the first link on google, carefully check what site is official, and preferably download from github. When I was younger, my computer was infected all the time, because I didn't follow any of those rules, luckily for me I didn't have anything too sensitive, but a lot of people who use crypto still do this, and then ask people why their coins were stolen.
legendary
Activity: 2268
Merit: 18748
Can you tell us in more detail what is the danger of using public Wi-Fi with VPN? Or give any links?
You can find plenty of info by simply searching "public wifi security" or "public wifi vpn" or something similar.

Connecting to a public WiFi puts you at risk of all your data being read by whoever owns the WiFi hotspot, or even other uses who are connected to it. Man in the middle attacks which can redirect you to fake sites which are indistinguishable from the real thing, and steal any information you enter, including username and passwords. WiFi networks can also be used to spread malware to devices which connect to them.

https://security.stackexchange.com/a/189022
https://www.techradar.com/uk/news/public-wi-fi-and-why-you-need-a-vpn

At the very least, if you are going to be using a public WiFi then you should be using a VPN, security add ons such as HTTPS everywhere, and a strong firewall and anti-virus/anti-malware program, but you can never be completely safe on a public WiFi. I would never enter any personal details or log on to any site via public WiFi. If you are on the move and you need internet access, use your mobile data.
legendary
Activity: 1232
Merit: 1255

I prefer to have my own vpn server (I am using openvpn). Some providers offer VPS for few euros per month.
Sometimes there are discounts.

As PrimeNumber7 rightly said, with a private VPN you are using a static IP address, which makes everything very easy to trace.

Moreover, I would never consider a VPS as actually secure. The provider has access to the hardware, the logs, etc.

By the way, for 3-4€/month you can also use a service like AirVPN.

And I recommend set DNS manually on the computer, this will save you from replacing DNS on the router.
And you can use Google DNS instead of ISP's DNS.

https://www.ixiacom.com/company/blog/paypal-netflix-gmail-and-uber-users-among-targets-new-wave-dns-hijacking-attacks

Well, if you don't have a problem with Google collecting data, you can use their DNS.
But maybe you should consider an alternative like https://www.opennic.org/
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7

For additional protection, it is recommended to use a VPN service that does not log private data.
This is especially recommended if you are not in your own home network.

My recommendation: AirVPN (native client also for LINUX!!) or NordVPN

I prefer to have my own vpn server (I am using openvpn). Some providers offer VPS for few euros per month.
Sometimes there are discounts.

This is beneficial if you are using a public WiFi or an internet connection belonging to a third party. This will not provide the additional privacy that most VPNs provide because you will be the only one using that IP address. This will probably not increase security if you are accessing a website from home via a 'private' VPN, although it would prevent any website from knowing if you are at home or away. If you are using a public WiFi, this will prevent the WiFi host from impersonating any website you try to access, and will prevent the WiFi host from knowing what websites you are accessing.
hero member
Activity: 750
Merit: 511
I would never dream of connecting to a public WiFi with a VPN, even for the most cursory of internet use. You would be allowing all your data to be intercepted without too much hassle. Even with a VPN, I still wouldn't be using public WiFis for anything sensitive.

Can you tell us in more detail what is the danger of using public Wi-Fi with VPN? Or give any links?

- Phishing Mails
These mails are used by malicious actors to steal personal data or money.
Here are some common methods:
- You have won
- Mails asking you to reset your password
- Sextortion SCAM

Most of the phishing emails which I receive that a payment has arrived in my account and I must urgently withdraw it otherwise something will be blocked/lost there.

For additional protection, it is recommended to use a VPN service that does not log private data.
This is especially recommended if you are not in your own home network.

My recommendation: AirVPN (native client also for LINUX!!) or NordVPN

I prefer to have my own vpn server (I am using openvpn). Some providers offer VPS for few euros per month.
Sometimes there are discounts.


And I recommend set DNS manually on the computer, this will save you from replacing DNS on the router.
And you can use Google DNS instead of ISP's DNS.

https://www.ixiacom.com/company/blog/paypal-netflix-gmail-and-uber-users-among-targets-new-wave-dns-hijacking-attacks
hero member
Activity: 2366
Merit: 838
For the Passwords section, please consider to add this topic, that is helpful and deserves your consideration.
[GUIDE] How to Create a Strong/Secure Password
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
I shall only refer to the part of wlan (wi-fi) network because there is one more important thing which is very important. No matter what type of protection you use (WPA2), with strong password (64 characters max), and fact that WPS is disabled, your modem / router may still be hacked.

Back in 2017 it was discovered that there was a security weaknesses / exploit in WPA2, and since all modems / routers use it they became vulnerable to this attack. In other words, it was possible to hack any wireless network with "key reinstallation attacks" (KRACK).

Only way to prevent this attack is to update firmware all of devices who communicate wirelessly and using WPA protocol. Since this is discovered 2 years ago, a good part of the devices is received security patches until today, but be sure to check your devices and contact your ISP about this issue.

More info : https://www.krackattacks.com/
member
Activity: 742
Merit: 19
Nice guide mate. I would like to add another thing to the post. It's a virus guard. You have to add a good virus guard to the computer and keep update it every day. The next thing is you have to update your operating system too. It will help to protect your computer from unwanted things and keep your computer fresh and clean.
legendary
Activity: 2268
Merit: 18748
If you are running a desktop computer rather than a laptop, then for max security you can just go old school and connect to your router with an ethernet cable and disable the WiFi altogether. Some routers will also let you disable admin access over WiFi and require a physical connection to gain admin access. Definitely make sure you have turned off remote access.

AndOTP is also good for 2FA.

VPNs are becoming more and more necessary for all internet users, given the amount of spying and surveillance undertaken by ISPs, governments, and other interested parties. I would never dream of connecting to a public WiFi with a VPN, even for the most cursory of internet use. You would be allowing all your data to be intercepted without too much hassle. Even with a VPN, I still wouldn't be using public WiFis for anything sensitive.
legendary
Activity: 1232
Merit: 1255
Nice guide with good information.
I would suggest few more email providers like Tutanova or Mailfence.
They are encrypted and safer than Google or Yahoo mail.

Thanks for the input.
I will definitely take a look at the two providers mentioned.

I've been using Protonmail for several years, so I never looked for an alternative. Tutanova looks definitely very interesting at first sight.
member
Activity: 406
Merit: 10
Thanks for the advice, i don't connect to any public WiFi because i don't trust them and i will suggest that people should avoid public WiFi if not necessary.
legendary
Activity: 2212
Merit: 7064
Nice guide with good information.
I would suggest few more email providers like Tutanova or Mailfence.
They are encrypted and safer than Google or Yahoo mail.
legendary
Activity: 1232
Merit: 1255
The idea was to write a short guide to help you make your home computers more secure.
It's definitely a step in the right direction to protect your network/pc/wallets from unauthorized access. Smiley



OVERVIEW (clickable)





WLAN NETWORK

Starting with the (for me) most important part, because at the same time also the most critical one.


- Disable WPS

Basically there are two different possibilities how to establish a connection via WPS.

PIN:

To establish a connection you have to enter an 8-digit PIN.
The router does not check the 8-digit PIN all at once, instead it will check the first four digits and then the last four.

Reaver, for example, offers a very simple way to launch a brute force attack on the WPS pin.

Attention: The WPS Pin function is enabled by default on many Router models.

Push- Button:
This is a much safer version, as a physical button on the router has to be pressed and the connection can only be established for a matter of minutes.


- Change Wifi Password and Admin Password

A Netgear router default (WiFi) password is composed as follows:

adjective + noun + 3 digits

Shouldn't be too difficult to fnd using a Dictionary + Hashcat with GPU. Wink
You can find an overview of WiFi password standards on the following website: https://forums.hak5.org/topic/39403-table-of-wifi-password-standards/

Please also change the default admin password as soon as possible!
If you cannot memorize your default password, you can find it for example here: https://default-password.info/


- Do NOT(!) hide your network

The SSID (the name) of your network is sent as a broadcast to be detected by other devices.

Suppressing the SSID broadcast is NOT a security feature!

What happens if you disable the SSID Broadcast:
Now the clients have to actively search for the trusted networks by sending a broadcast of the trusted SSID.
Attackers can now use this SSID information to impersonate the client as a trusted AP.

Even Windows board tools are able to display the hidden networks (wlan show networks mode=bssid).
The SSID itself is relatively easy to find out with Kali Linux and airmon-ng.


- Only use WPA or WPA2 (Important!!)


- Do NOT filter MAC addresses (optional)

Filtering MAC addresses is generally NOT considered a security feature and is more of a network administration feature.
All an attacker needs to do is monitor the traffic and examine a data packet.

However, this filter offers no disadvantage in terms of safety and can therefore still be configured at will.



PASSWORDS

- Use an offline password manager

Please do not use any browser extensions!

My recommendation: KeePass

Hint: KeePass can also be used in combination with a yubikey.

Here is the official tutorial: https://www.yubico.com/why-yubico/for-individuals/password-managers/keepass/?s=


2 FACTOR AUTHENTICATION

In addition to passwords it is recommended to activate 2FA (wherever possible).

The Google Authenticator is probably the most popular tool available.

My recommendation: Authy

Authy provides the ability to backup all Authenticator accounts and grant access to multiple devices.
The backup is stored encrypted in the cloud.
Anyone who has ever migrated their Google Authenticator to a new smartphone will probably appreciate the advantage provided by this solution.  Wink

However, the backup function does not have to be activated here.
(Everyone has to decide for themselves if they would like to use the backup function.)

Hardware authentication via FidoU2F is even more secure!
My recommendation: Buy a yubikey!

How this works with a ledger you can read in another thread of mine:
[Howto] Use Ledger Nano as Security Key


MAIL ADRESS

- Is your mail address part of a data leak?

Simply navigate to https://haveibeenpwned.com/, enter your e-mail address and click on the "pwned?" button on the right.
It will automatically check if the email address and associated accounts are compromised.


- Choose the right provider

My recommendation: ProtonMail


- Phishing Mails

These mails are used by malicious actors to steal personal data or money.

Here are some common methods:

- You have won
You are the winner of a contest, lottery or similar, in order to receive the amount should first pay a fee or accrued taxes.

- Mails asking you to reset your password

- Sextortion SCAM
Here the perpetrator claims to be in possession of a webcam record of you visiting a porn site.
Often there is also a password attached that has been linked to your email address in the past.
This is mostly from a data leak. (please refer to: Is your mail address part of a data leak?)

Hint: Generally use a separate password for each service and use a password manager.


USE VPN

For additional protection, it is recommended to use a VPN service that does not log private data.
This is especially recommended if you are not in your own home network.

My recommendation: AirVPN (native client also for LINUX!!) or NordVPN
Jump to: