Skip to content

adrw // Andrew Alexander

Online Security & Privacy 101

Tech1 min read

In the wake of years of hacking revelations of massive companies and individuals alike, some have tuned out of the conversation unsure whether they could ever have the technical know-how to protect themselves online.

That hesitation and humility is good.

In security, the concept of a "threat model" is the goals/non-goals of what and who you are protecting against. For example, a bank will have a "threat model" that tries to protect against petty and armed robbery but not one that tries to protect against military invasion or bandits armed with tanks and bombs. The "threat model" lets you articulate what goals you aim to protect against, and what non-goals you explicitly are going to declare are out of scope and for your purposes impossible to protect against.

For more on threat models, see Technopedia or an example threat model from Protonmail secure email.

Personally, my "threat model" does not include extremely competent black hat or nation state hackers. I recognize that even if I make every effort, as a competent software engineer, to secure my personal computer and online identity, my efforts are no match for attackers with immensely more expertise, funding, resources, and knowledge or creation of hidden backdoors.

Yet, I do have in my "threat model" many attack vectors from more basic petty hackers, phishers, and social engineering hackers. The practical steps below can thwart their approaches which are successful on most of the unsuspecting public.

Rough Notes

Here are some rough notes that I'm going to polish up into a proper post sooner or later!

https://www.insauga.com/a-new-and-terrifying-scam-can-steal-your-phone-number-and-clear-your-bank-accounts-in-mississauga

You might want to be sitting down to watch this one, hacking starts at 2:10 https://www.youtube.com/watch?v=F78UdORll-Q

I think the bit at the end was pretty good about how it's not something you can really protect yourself fully from but you can not "walk down dark alleys" to some extent. Switching from SMS 2 factor to one-time-password codes using Lastpass / 1Password, not clicking suspicious links, not running untrusted software etc, asking for second opinion when something looks out of place, changing your backup questions "What's your mother's maiden name" to have answers that are random passwords and save those in Lastpass/1Password, are all ways that can help

Protonmail internet privacy tips: https://protonmail.com/blog/internet-privacy/

PrivacyTools software reqs: https://www.privacytools.io/

© 2020 by adrw // Andrew Alexander. All rights reserved.
Theme by LekoArts