Modern technology has given those in power new abilities to eavesdrop and collect data on innocent people. Surveillance Self-Defense is EFF’s guide to defending yourself and your friends from surveillance by using secure technology and developing careful practices. As an entry level Security Plan at Connect 2u2 Technologies we are employing Website Auditing combined with Domain ID Protection and adding SSL Security, Connection Encryption, VPN and Personal Surveillance Security Plans in Advanced Security Plans.
Threat Modelling Assessment
There is no single solution for keeping yourself safe online. Digital security isn’t about which tools you use; rather, it’s about understanding the threats you face and how you can counter those threats. To become more secure, you must determine what you need to protect, and whom you need to protect it from. Threats can change depending on where you’re located, what you’re doing, and whom you’re working with. Therefore, in order to determine what solutions will be best for you, you should conduct a threat modeling assessment.
Connect Threat Modelling Assessment Plans Include:
- Website Audit (Initial web asset audition)
- Domain ID Protection (Initial Domain ID Protection)
- SSL Certification and Connection Encryption (Free SSL Certification with every Hosting plan)
- CodeGuard Website Backups (Scheduled backup solution for your online asset)
- SiteLock Security Monitoring (360 degree website security auditing)
Personal Security Starter Plan (Free)
Surveillance impacts all of us, no matter where we live or what we do. While some of us might be directly affected, others may simply want to know what measures they can take to protect their communications and data from spying. This introductory playlist will help you discover how to assess your personal risk, protect your most cherished communications and information, and start thinking about incorporating privacy-enhancing tools into your daily routine.
Choosing Your Tools (Free)
All digital tools, whether they are hardware or software, should be secure. That is, they should protect you from surveillance, and stop your device from being controlled by others. Sadly, this is currently not the case. For many digital activities, you may end up needing dedicated programs or equipment intended to provide specific security features. Examples we use in this guide include software that allows you to encrypt your messages or files, like PGP.
But given the large number of companies and websites offering secure programs or hardware, how do you choose the one that’s right for you?
Security is a Process, not a Purchase
The first thing to remember before changing the software you use or buying new tools is that no tool is going to give you absolute protection from surveillance in all circumstances. Using encryption software will generally make it harder for others to read your communications or rummage through your computer’s files. But attacks on your digital security will always seek out the weakest element of your security practices. When you use a new secure tool, you should think about how using it might affect other ways someone could target you. For example, if you decide to use a secure texting program to talk to a contact because you know that your phone might be compromised, might the fact that you’re using this program at all give an adversary a clue that you are talking about private information?
Secondly, remember your threat model. You don’t need to buy some expensive encrypted phone system that claims to be “NSA-proof” if your biggest threatis physical surveillance from a private investigator with no access to internet surveillance tools. Alternatively, if you are facing a government that regularly jails dissidents because they use encryption tools, it may make sense to use simpler tricks—like a set of pre-arranged codes—rather than risk leaving evidence that you use encryption software on your laptop.
Given all that, here are some questions you can ask about a tool before downloading, purchasing, or using it.
How to: Use KeePassX
KeePassX is a password safe—a program you can use to store all your passwords for various websites and services. A password safe is a great tool because it allows you to use different difficult-to-guess passwords for all your services, without needing to remember them. Instead, you only need to remember one master password that allows you to decrypt a database of all your passwords. Password safes are convenient and allow you to organize all of your passwords in one location.
* It should be noted that using a password safe creates a single point of failure and establishes an obvious target for bad actors or adversaries. Research has suggested that many commonly used passwords safes have vulnerabilities, so use caution when determining whether or not this is the right tool for you.
KeePassX works with files called password databases, which are exactly what they sound like—files that store a database of all your passwords. These databases are encrypted when they’re stored on your computer’s hard disk, so if your computer is off and someone steals it they won’t be able to read your passwords.
Password databases can be encrypted via three methods: using a master password, using a keyfile, or both.
Check: How Transparent is it?
Even though digital security seems to be mostly about keeping secrets, there’s a strong belief among security researchers that openness and transparency leads to more secure tools.
Much of the software used and recommended by the digital security community is free and open source, which is to say that the code that defines how it works is publicly available for others to examine, modify, and share. By being transparent about how their program works, the creators of these tools invite others to look for security flaws, and help improve the program.
Open software provides the opportunity for better security but does not guarantee it. The open source advantage relies in part on a community of technologists actually checking the code, which for small projects (and even for popular, complex ones) may be hard to achieve. When you’re considering using a tool, see if its source code is available, and whether the code has an independent security audit to confirm the quality of its security. At the very least, software or hardware should have a detailed technical explanation of how it functions, for other experts to inspect.
Recalls and Online Criticism
Of course, companies selling products and enthusiasts advertising their latest software can be misled, be misleading, or even outright lie. A product that was originally secure might be discovered to have terrible flaws in the future. Make sure you stay well-informed on the latest news about the tools that you use.
Connect 2u2 Security Plans
All encompassing solutions, smart & simple website security.