General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsDo you have a VPN? A PGP key? 2 factor authentication?
If you don't even know what those words mean, then my friend, allow me to introduce you to the Electronic Freedom Foundation's Security Starter Pack.
A VPN is a virtual private network. It masks your IP address (how your computer tells all of the other computers "Hi, I'm here!" and helps prevent location services from being used against you. VPN services are pretty cheap, $5-10 a month. You're looking for services like Cloak, NordVPN, VPN Unlimited, or ZenVPN. You can usually get a deal at the BoingBoing.net store.
A PGP key is an open-source encryption protocol. You make a public key, that you give to anyone, and a private key, that you never reveal to anyone. Encryption can be a pain in the butt, but if we're all encrypting, it makes those trying to decrypt work exponentially harder to get Aunt Lucy's Cauliflower Au Gratin recipe, or those baby pics of your friend's kid... and helps mask the more critical encrypted messages in the traffic. Here's an easy tutorial: https://www.deepdotweb.com/2013/11/11/pgp-tutorial-for-newbs-gpg4win/
Two factor authentication is how we keep accounts and devices more secure. Two factor depends on you having a thing you have, and thing you know -- like a password and a key. You can set this up on all mail systems and a lot of other systems. Here's Apple's tutorial https://support.apple.com/en-us/HT204915 and Google's https://www.google.com/landing/2step/
Why this matters: Digital communication is how we're talking to each other. We have to protect it as much as possible. That starts with getting everyone up to speed on the basics of personal security. These services are becoming more required and less optional every day. Start with 2 factor if you're completely new to this, but start somewhere.
drray23
(7,587 posts)Im using tails, booting from a usb stick whenever i want privacy. I run thor in it, have anonymous email accounts. I sign my stuff with pgp.
bathroommonkey76
(3,827 posts)I've noticed some sites won't work on TOR--
Other questions I have:
Is TOR better than the paid VPNs that you posted?
Are there free VPNs that work on WIN 10?
VPNs slow down a person's Internet connection, right? (I've noticed this using TOR)
politicat
(9,808 posts)It's adding more layers of bounce and that's never a bad thing -- it just may slow things down. TOR is a re-router -- it sends your traffic through multiple, random relays before it arrives at its destination. A VPN does know your IP address, which is why it's a good idea to use a VPN based in another country, one with strong privacy laws. Most VPN companies do not log any traffic.
The two downsides of TOR is it's slower, and right now there is an NSA backdoor. It doesn't seem to be in use, but it's there.
I would personally be suspicious of any free VPN on the same premise of being suspicious of any free internet service -- if you're not the customer, you're the product. Running a VPN has gotten a lot cheaper, but there are still costs. So the question is, how is the company paying its bills? Figure out what they're selling and what information they're collecting, and decide for yourself if that's worth paying.
I don't notice a significant loss of speed with VPN. Spouse games; we have those machines hardwired (ethernet) and we get Ethernet/DSL (rather than wifi) speeds with the VPN running. The only things that I find unbearably slow are gifs posted here, at DU, in the lounge, and I have no idea why they're slow here. I don't have that problem anywhere else, so I assume it's a DU issue. Just keeps me out of the Lounge.
suegeo
(2,571 posts)Asking for a friend.
dixiegrrrrl
(60,010 posts)called PIA...it's 6.00 a month. A bit slow but not a problem, we can even stream stuff ok.
Read up on VPNs and pick one that promises no record keeping.
EFF has a list of good ones
so does Torrent Freak.
I use it more in the sense of FU to TPTB. Old habit of mine.
bathroommonkey76
(3,827 posts)In my 10 years of using torrents I've never used a VPN-- I honestly don't think my ISP cares b/c I've never gotten any notices from them. Streaming sites are a better way around torrents these days-- But I do use torrents every now and then along with PLEX on my Roku-- Doing this gives me a better movie/TV show experience. lol
physioex
(6,890 posts)I use a service called Last Pass which has that option. What happens if my phone fails or get lost?
politicat
(9,808 posts)Here's a GREAT walk through on the basics: http://lifehacker.com/what-do-i-do-if-i-use-two-factor-authentication-and-los-1668727532
Having your single use codes in a secure place helps a lot. You can even put them in a safe deposit box or save them to a text file that you store on a USB drive/memory card that you never, ever use for anything else. But if in spite of all best efforts everything goes sideways and you don't have backups... you make a call and it takes a few days to work it out with your provider.
You know your issues better than I do, so you can make this cost-benefit better than I can:
-- how often do you lose phones? (For me, I've never lost one, never had one stolen.)
-- How often do your phones get irreparably borked? (For me, that happened once on a Nokia smartphone, once on an Android phone, never on my iphones.)
-- How often do yours go for the final swim?
-- How's your backup strategy?
If you can answer those questions with very rarely or never, then you're better off with two factor than without it. If you answer often or all the time to those, then we might be looking at bigger issues than security, and perhaps you're a good candidate for a nothing but burners strategy.
NoGoodNamesLeft
(2,056 posts)If you have it and your phone gets lost or stolen and you don't have any other devices you are screwed.
politicat
(9,808 posts)Losing devices always sucks. Two factor only adds one more layer of complexity to an already complex and frustrating experience.
NoGoodNamesLeft
(2,056 posts)Last edited Wed Feb 1, 2017, 07:45 PM - Edit history (1)
I actually do tech support for iOS devices. Over and over again I see people lose all access to their Apple IDs because they can't retrieve the code sent to their device that they NEED in order to utilize Find my iPhone, sign into their account on a replacement device or reset their password.
Knowing what I know...I will NEVER use two factor authentication even though I own 5 Apple devices.
That article also only applies to Google...I'm talking about Apple Two Factor Authentication on your Apple ID.
politicat
(9,808 posts)You're making that decision for you. You also have a sample population that is entirely made up of people who have had issues. It's like me going to a cancer center and asking who ate broccoli in their lives, and drawing the conclusion that cancer and broccoli are correlated.
There are many worse things than having to deal with 2 factor after a loss or breakage. Like a stolen identity. 2 weeks of fighting with google or apple, vs 5 years of fighting with credit agencies and 7 years of IRS scrutiny? Your choice.
NoGoodNamesLeft
(2,056 posts)Are either caused by or complicated by Two Factor Authentication. The problem is that it's too easy to enable without knowing what you are turning on or understanding how it works. If you lose access to your account with Two Factor Authentication there is NOTHING Apple can do to get you back into the account. Had too many people with photos of relatives that passed away saved on iCloud who forever lost access to their account and those photos. I would never, ever use it...especially without reading up on it and making sure to completely understand how it works.
politicat
(9,808 posts)And I'm going to stop responding to you after this. Your experiences are not universal.
Yes, any lock of any sort complicates a situation. That doesn't mean it's not a good idea to have a handle lock and a deadbolt on your front door, even if it means taking an extra second to get out of the house in case of fire. There are far more drunks trying to get into the wrong house than there are housefires. And yes, there are people who should not be using a specific type of lock and often use it anyway, and have to resort to whatever is equivalent to bolt cutters, hacksaws and drills and boroscopes. Thus do tech support people and locksmiths stay gainfully employed.
I agree that I would like to put every single person through a computers 101 class, required when they buy their first product more complicated than a transistor radio and with an annual refresher. Just for selfish reasons -- I am sick of being family tech support. But that's not going to happen. Does that mean people shouldn't have access to communications products, and shouldn't be able to use them safely? NO. Does it mean people like you and me get to do more complicated tech support? Yes.
Dude, you're getting paid to do it. Yeah, it's the same thing over and over again, so you're getting good at it. That feedback improves the process, and dealing with inadvertent locks is getting easier than it used to be.
So... it's a lock. It's a second lock. It's a second lock that protects against a very specific and far too common threat, and it's a lock that may stay locked unintentionally. Is it perfect? Nope. Neither are U locks or deadbolts. Doesn't mean I'm taking my deadbolt off or leaving my U at home.
In all of security, there is a balance between convenience and security.
NoGoodNamesLeft
(2,056 posts)They first read up on exactly how it works and what the risks are because I prefer not to have to tell people, "I'm sorry, but those photos of your recently deceased mother/father/sibling/child/dog can never be retrieved because you aren't able to get the Authentication code that is being sent to the phone you lost/got stolen/dropped into the toilet/ran over with your car...etc"
It really sucks when you have to tell people that you can't help them. With Apple the whole purpose of Two Factor Authentication is to take all account security access out of Apple's hands and with the customer. This works fine for the more tech saavy users. However, those customers who need technical help for most things really should not use this feature with their Apple devices. I'm not sure how Google works...I can only speak about Apple. I advise my family members to use a passcode, touch ID and always have Find my iPhone/Activation Lock on and have a very, very strong password. You can lock your iPhone remotely from icloud.com so that no one can ever access it again anyhow. If you use that you really don't need the two factor authentication.
TygrBright
(20,733 posts)bathroommonkey76
(3,827 posts)TygrBright
(20,733 posts)bathroommonkey76
(3,827 posts)There are 7 others in the Windows Store to choose from.
Sorry, You'll probably have to upgrade to Win 10.
Did you ever get a free upgrade notice from Microsoft? Win 10 is much better than 7.
TygrBright
(20,733 posts)politicat
(9,808 posts)Here's the lifehacker article: http://lifehacker.com/authy-brings-two-factor-authentication-to-your-pc-no-n-1569284437
Here's the product -- https://www.authy.com/product/
No phone needed.
TygrBright
(20,733 posts)discntnt_irny_srcsm
(18,470 posts)hunter
(38,264 posts)It's handy to use in places where wifi connections are open and insecure.
I don't block ads on sites I care about, but most of those sites don't have terribly intrusive advertising either.
Personally I'm paranoid about a lot of stuff, but I don't lock my car because I hate getting my windows broken. It doesn't matter how I lock down my home, it's protected by Doug. Beware of Doug.
And then there's Spot under the staircase who's best left sleeping.
.
And the ants... God no, you don't want to mess with the ants.
I have a great distaste for spy-vs-spy stuff. I might have made a good living with it, a nice secure government job, but I'm pacifist, I don't do that sort of thing, and I don't do oaths either. I will keep or reveal secrets as my own conscience demands which is not something they want to hear when they are checking you out for security clearances.
I'd never trust my life to any kind of computer security. It's possible every modern computer has a keylogger built into it, just sleeping until some unknown signal awakens it. Computers hardware and software is so complex now that no individual person, not even a small well funded team, can know what's going on in there. Modern computers are nothing like my old Atari 800 that held few mysteries. One person could understand most of it. Even heavily protected software was soon cracked.
As for the internet, we still supposedly live in a free nation and I'm not going to be quiet about my political beliefs. I'm not bothered by DU's lack of encryption.
Yes, the primary reason to use encryption, and the only good reason I can think of, is that it makes the job of the spies more difficult. It makes an "important" encrypted message harder to find amidst all the trivial encrypted traffic. But that works both ways. Encryption is used by the good guys as well as the bad.
bathroommonkey76
(3,827 posts)I might give it a try.
Thanks.
politicat
(9,808 posts)Here's my context: I work with HIPPA protected files. I have to keep them secure. That means I need to step up my security game. My spouse works with another form of protected personal information. For the security of other people, we have a baseline that is higher than the average user. I'm not suggesting anyone who doesn't need it come to our level. I'm just suggesting a baseline that is more secure than full open.
I do understand exactly what's going on in my Mac and in my Linux boxes. Yeah, the OSes are huge, and I wouldn't want to hand-code them or spaghetti it, but the code is there, it's readable, and it functions on the same basic principles that have governed every machine I've owned since my TI94A.
Encryption does make a spy's job harder, and just on that, it's a net benefit to humanity. But there are a lot of people who do have reasons to feel threatened on a small scale basis. Two years ago, thousands of women spent months dealing with a small group of asshats who insisted on publishing their personal information and then making death threats and in a few cases, trying to fulfill the threats. That was G_*m*_r_-G-t-, and the fact that I not only disemvowelled the word, but salted it tells you how persistent those wastes of molecules are. And those shitstains on the toilet of humanity are the core of the Neo-fascists we're now calling alt-right. There are more than a few ex-spouses and ex romantic partners who make it their business to screw up the leaving partner's life. There are parents who cyberstalk and harass their children for being LGBTQ, or parents who would if their child's status was known.
Being open about one's name -- which I note neither of us are doing here -- is a point of privilege. It means we're mostly secure and not threatened. That's not universal.
hunter
(38,264 posts)And both depend entirely upon the software packages their corporate businesses subscribe to.
I'm not entirely anonymous here on DU. My name is Hunter, for what it's worth. (No, not the DailyKos Hunter.) A few people here on DU know who I am and where I live. A few people have seen naked pics. A few people have seen me naked in person.
Mostly when I'm being obtuse about my identity it's because I'm seeking plausible deniability should anyone ask family or friends if I'm that guy.
I've burnt most "real world" bridges long ago. However rational or irrational I am here on DU, then why yes, that was me locked up in the psych ward last year. It's not the kind of thing you'd put on a résumé, but a diligent employer would find it, especially in the fields that best match my natural talents.
Ian Murdock's death scared the shit out of me. It was small part of the downward spiral that got me locked up.
I have a long ago ex-girlfriend who scares the shit out of me too. She once sold my code. She once handcuffed a pimp to a urinal and beat the crap out of him as I was outside the door claiming "rough sex" to guys who had to pee really bad. She's wealthy now, I'm not. Whenever we've crossed paths since, we've pretend not to know one another. Would she handcuff me to a urinal and beat the crap of me if I crossed her? Probably not. That's what her bad-ass lawyers are for. I broke up with her by jumping out of her moving car on a street in Berkeley. PTSD street. She put all my stuff in a cardboard box and sent it to me General Delivery without a note. I'd retreated to living in my broken car.
Beyond my unfortunate personal history it still appears the dragon is real and I'm it's chattel.
Sure I can read the source code. It's the shit built into the hardware that scares the me most these days.
I'd like to live in a world of universal transparency, but it still eludes me.
bathroommonkey76
(3,827 posts)This article says it's a not a real vpn.
https://www.helpnetsecurity.com/2016/04/22/opera-browser-vpn-proxy/
hunter
(38,264 posts)Yes, If you venture out into protocols beyond http, then you'll need something more.
For example, I mostly use torrents to download various Linux distributions. I also use secure ftp connections.
My email is web based.
If somebody doesn't want me to download their music or movies, then I don't download their music or movies. That's their loss, not mine. There's plenty of people who want me to see their stuff, and there's stuff I'm willing to pay for.
The Opera VPN seems perfectly adequate for open wifi sites in coffee places and such, and for frustrating web sites that want to know who and where you are without your permission.
ffr
(22,647 posts)It's purpose is to tunnel from one location to another, encrypting information between a host and your machine. That's it. That's all.
It's primary use in name is Point To Point Tunneling Protocol (PPTP), making your remote machine local to some other network, thus Virtual Private Network: your machine is local to the VPN host's network and your operating system will use two IP addresses to accomplish that communication.
Now, the communication beyond that host to other Internet addresses would still be dependent on that outside host, so DU for instance would be unencrypted HTTP. Again, tunneling and encryption is dependent upon destination. DU is over HTTP not HTTPS, so the VPN host cannot force that. Your host's only responsibility is for encrypting communication from your device and the VPN host.
The masking portion they talk about is for giving the appearance that whatever Internet activity you are doing is sourced back to them, not you. You're IP is masked, but all your activity is absolutely logged on their system. It has to be in order for your requested traffic to be destined back to your machine and decrypted on the fly. It's only anonymous to everyone but your VPN host.
Also, the encryption encapsulation of Internet packets, your browser activity for instance, causes about twice the Internet bandwidth overhead as none encrypted packets, so all your VPN activity's performance is about cut in half. This would basically be true of other encrypting technologies as well. The VPN would also have added Internet latency for traffic to always be routed through some other third party's physical geographical location, to and from, instead of simply following the Internet's quickest route to and from you and some Internet site. Thus, downloads will take noticeably longer and the overall experience will feel somewhat sluggish compared to what most of you would be accustomed to.
And some sites might be aware of your VPN host's WAN address and deny your requested Internet activity. I think this would be site dependent.
As handy and cool as it might seem to perform such activity using someone else's IP address, I would not recommend any of you do your online banking through a third party VPN service, such as these. It's always safer to use HTTPS directly to and from those sites using a machine you trust as being virus and malware free.
I just don't want people to think it's a free lunch with no downsides.
EvolveOrConvolve
(6,452 posts)the government shuts down the infrastructure needed to move all that data around. Imagine an executive order decreeing that the military, universities, non-profits, and corporations turn control of their backbone infrastructure over to a newly created Ministry of Information.
It's chilling, and several months ago I would have called it patently absurd. Trump has made it clear, though, that anything is possible, no matter how bat-shit insane it might be.
ffr
(22,647 posts)Cutting off their noses, despite their face.
Bernardo de La Paz
(48,788 posts)The basic mantra is "A file doesn't really exist for you until it is in three copies and two places".
I have my main drives in my computer with source files, music, documents, and photos on a couple of drives. (First copy)
I have a 3 TB removable hard drive that I back up everything onto. (Second copy)
Once every month or two, I take the drive out and to the bank where I swap it with an identical model in the safe deposit box. (Third copy, offsite)
I take that drive home and immediately back up onto it.
Unfortunate incident to motivate you: Francis Ford Coppola (the director) was backing up his work carefully at his studio office in Argentina. Unfortunately when thieves stole his computer they also stole his backup. It contained 15 years of work on it, including the script for his next film. He had no offsite backup.
Best_man23
(4,890 posts)Learning curve for both, but they are very secure and leave little to no trail.