Privacy and security general thread

If I needed to do a school homework I could gather data much easier than posting on the fucking Sup Forums.

>>If no VPN, would you use a public wi-fi network?
>Yes but I would refrain from logging into anything. I would also watch if HTTPS is on.

If https is on, is there any danger in logging into websites?

>How important documents are on your computer? How do you store them?
Important to me but worthless to most other people. The ones that are relevant to others are encrypted.
>Do you use cryptocurrencies? How do you store them?
No.
>Do you use Google services?
Yes. Android phone too.
>Do you sometimes use work accounts (like email) for private purposes?
No.
>Do you educate your family/friends about good security practices? How do you communicate?
Yes, not sure how to explain
>Do you perform regular backups?
Yes.
>Do you make regular updates?
Yeah if linux, no if I'm using my pirate windows.
>Do you use an antivirus, firewall, etc?
Firewall. No antivirus.
>Did phishing attacks ever to you?
Yes and I've never been stupid to get rekt.
>Were you ever a target of a personalized attack?
No.
>Would you accept a FB friend request from a person you're not certain you've met?
Yeah, most people I have in FB I've never met because I have aspergers and social phobia.
>Do you have anything to hide?
Not sure what you're asking there.

Someone can perform a MITM attack and set up their own SSL certificate to ensure that you see the green lock.
tripwire.com/state-of-security/latest-security-news/fake-ssl-certificates-prime-for-mitm-attack-threats/

And of course it is easy to set up a hotspot that tries to enforce normal HTTP connection. Or you wouldn't notice when the green lock was gone. Therefore it is good to use HTTPS Everywhere plugin.

99% of the time you're fine. HTTPS by design is pretty damn full-proof as far as protocols go. However, you might want to keep a loose eye out out for SSL root certificates. Seldomly you'll here stories of hax0rs taking advantage of some exploit and compromising a Certificate Authority (CA)... or finding some way to visually trick you, phishing shit, and making the security software/systems you have built-in under-the-hood pretty much useless in protecting you..Niggers be having free reign to root with their fancy-shmancy spoofing and shit.

Try to take mental note and recognize visual trust marks associated with SSL certificates in the SSL lock icon / trusted green bar if you're visiting shady sites.
>btw, take what I say with a grain of salt, I'm not all that versed in this area

this rarely happens though because it's pretty difficult to pull off. people with the skillset and knowledge on how to do this probably won't be wasting their time on some unpopular shitty site full of nobodies. correct me if I'm wrong.

>Do you always use a VPN/tor when watching pornography and other compromising material?
Of course.

>Do you encrypt your hdd, phone? If not, in case your phone is stolen - do you see a possibility of blackmail?
I keep anything worth protecting on USB drives that I keep in my safe hidden in my house.

>If your best friend wrote to you on facebook messenger asking you to quickly borrow a sum of money while providing a viable explanation - would you consider calling him to confirm his identity first? Answer honestly.
As if I would ever lend ANYONE money without meeting up with them in person and having them sign an agreement to pay me back 125% within a year.

I don't understand the whole 'VPN makes my traffic private' crowd.

You do understand VPN only makes your exit hole via a different IP, but that in of itself doesn't protect you against tracking or silver bullet you against monitoring.

Lets not pretend those "VPN companies" wouldn't give you up at the drop of a hat. Or even worse they aren't already compromised by government, or sitting on the lap of corporate influence.

Fuck off pajeet

Well a VPN certainly does make your traffic private. Not from your VPN provider, no, but from your ISP it sure does. And your ISP is probably the more dangerous adversary. A lot of them (e.g., Verizon, Comcast, AT&T) have a long record of malicious behavior and collaboration with three-letter agencies. In burgerland you may not have a choice of ISP at all. Even if you do, it's a hassle to switch.

Now trust just gets transferred from your ISP to your VPN provider when you use a VPN. The VPN provider pwns you just as much as your ISP does. But one, you have a much larger choice of providers, two it's easier to switch providers, and three they actually market themselves based on privacy. Their incentives are much more closely aligned with yours, compared to an ISP. For instance PIA got a surge of customer interest after they got subpoenaed and filed a response indicating that they didn't hold most of the requested data and therefore couldn't provide it.

This is how a lot of security technology can be useless from the mathematical "pure" viewpoint that you're taking, but very useful and effective in practice.

What's the worst they could do to me if they knew I like loli and mild femdom and a few other /d/ fetishes.

So ... you'd trust an upstart to be safer from any government/rogue/corp entity, versus a multi-billion dollar company with an army of lawyers and actual security team?

Not to mention there are many ways for an ISP to mess with your traffic, if they really wanted to, VPN or not -- IE: MiTM, comes to mind.

>trying to probe information out of privacy conscious Sup Forums users
nice try NSA nigger

also the vpn provider may not be within the jurisdiction of the most likely agency to spy on you (your federal police).

OP here. If you think you are worthy of NSA's attention then I'm happy for you.
The important thing is the choice of your VPN provider. Things to look for:
>Recommended on Tor CC/fraud/hack communities. It is important to look for opinions of known users who for example have high vendor trust levels on AlphaBay.
>Country. Preferably Russia.
>Owner of the company. Do research
It is possible to set up your on VPN on a cheap VPS. Preferably hosted in Russia if you don't mind speed loss. And use two VPNs. Or four - google: elite quad vpn.

Anyway VPN doesn't protect you enough and it is much better to use it along with your neighbors wi-fi. 5km away neighbor. That's what you have directional antennas for. Or pringles cans if you liked Mr. Robot show. Remember to change the Mac Address and dispose of your network card after each porn session.

>So ... you'd trust an upstart to be safer from any government/rogue/corp entity, versus a multi-billion dollar company with an army of lawyers and actual security team?
Well those lawyers and shit are only useful if they're deployed to defend me from my adversary. Do you trust a large ISP to do that, in the face of government demands for access to do dragnet surveillance? I don't. Any large business is more likely to keep quiet and comply rather than kick up a fuss and fight it. Because from their perspective, what will fighting the government on my behalf gain them? Will it get them new customers? positive press? Minimal, if any. The C-suite might well be populated by execs who don't give half a shit about Orwellian surveillance, so long as they're making good profits.

What if my adversary is advertising companies and data brokers? Here the ISP's financial interest runs directly counter to mine. They have a financial incentive to sell me out. Verizon already did this, they'd MitM unencrypted traffic to put in tracking headers, so they could sell your browsing history. You think the security team is going to get to overrule the marketing and sales department? No, the cost centers never get to overrule the profit centers. Think the lawyers are gonna say "No, you can't do this?" No, they'll be working on a way to make sure it can legally be done.

Also what said. Working across national boundaries creates jurisdictional headaches for them. That costs time and money, and if you're running a surveillance operation you want to collect the most traffic at the least cost.

>Not to mention there are many ways for an ISP to mess with your traffic, if they really wanted to, VPN or not -- IE: MiTM, comes to mind.
HTTPS or OpenVPN (which are both just TLS) will fail the connection. If you can connect to your VPN at all your ISP isn't MittMing you.

>Do you always use a VPN / tor when watching pornography
I only stream porn from my own server using tls
>Do you encrypt your hdd, phone?
Yes
>If your best friend wrote to you on facebook messenger
Don't have a facebook. Can't happen.
>asking you to quickly borrow a sum of money
I'm gonna have a lot of questions and terms, and that would require a face to face meeting or at least a phone call.

>Do you live in a country that repsects your privacy?
No
>If no VPN, would you use a public wi-fi network?
for normal shit like looking at the news, sure
>Would you use proprietary software like an OS/Browser knowing that it contains a backdoor?
No
>Do you use a password manager? What is your approach to passwords?
I use pass, the local gpg encrypted password store
>Do you care about big companies collecting your data for marketing purposes? Why/why not?
Yes. It feels like a violation of my personal privacy
>How important documents are on your computer? How do you store them?
How many? Not a lot. Just in the documents folder.
>Do you use cryptocurrencies? How do you store them?
No
>Do you use Google services?
I use gmail for getting emails from services and Android on my phone.
>Do you sometimes use work accounts (like email) for private purposes?
No
>Do you educate your family/friends about good security practices? How do you communicate?
No. SMS and phone calls.
>Do you perform regular backups?
Hourly
>Do you make regular updates?
Yes
>Do you use an antivirus, firewall, etc?
I don't use windows.
>Did phishing attacks ever to you?
What?
>Were you ever a target of a personalized attack?
No
>Would you accept a FB friend request from a person you're not certain you've met?
Don't have a facebook. No if I did.
>Do you have anything to hide?
Can't think of anything, but probably.

>Do you always use a VPN / tor when watching pornography and other compromising material?
yes
>Do you encrypt your hdd, phone? If not, in case your phone is stolen - do you see a possibility of blackmail?
both
>If your best friend wrote to you on facebook messenger asking you to quickly borrow a sum of money while providing a viable explanation - would you consider calling him to confirm his identity first? Answer honestly.
don't have facebook messenger but would send money immediately
>>Do you live in a country that repsects your privacy?
another country claims the land where I live and I don't recognize the countries land claims and they dont recognize mine
>>If no VPN, would you use a public wi-fi network?
sure, i trust myself and my os not to violate security
>>Would you use proprietary software like an OS/Browser knowing that it contains a backdoor?
no
>>Do you use a password manager? What is your approach to passwords?
no, kept in a text file with most secure password possible
>>Do you care about big companies collecting your data for marketing purposes? Why/why not?
yes but if they provide me a service and it is on the contract than its okay, just not preferable
>>How important documents are on your computer? How do you store them?
very, LUKS + ZFS
>>Do you use cryptocurrencies? How do you store them?
yes, offline wallet and online wallet depending

cont
>>Do you use Google services?
occasionally
>>Do you sometimes use work accounts (like email) for private purposes?
never
>>Do you educate your family/friends about good security practices? How do you communicate?
yes, email+pgp, xmpp+otr/omemo or i drop them
>>Do you perform regular backups?
yes
>>Do you make regular updates?
yes
>>Do you use an antivirus, firewall, etc?
iptables + router firewall
>>Did phishing attacks ever to you?
i receive email spam like everyone else but no
>>Were you ever a target of a personalized attack?
no
>>Would you accept a FB friend request from a person you're not certain you've met?
not on fb but probably
>>Do you have anything to hide?
i would hide everything online and in the real world if i could

>HAH HAH, why do you like hairy pussies, user?! Are you some kind of a creep?! You freak!
Said no one ever.

tell me one time anyone has been blackmailed based on their internet history

>Do you always use a VPN / tor when watching pornography and other compromising material?
no, idgaf

>Do you encrypt your hdd, phone? If not, in case your phone is stolen - do you see a possibility of blackmail?
used to, but it's pointless and idgaf because I dont do illegal shit
>If your best friend wrote to you on facebook messenger asking you to quickly borrow a sum of money while providing a viable explanation - would you consider calling him to confirm his identity first? Answer honestly.
yes
>>Do you live in a country that repsects your privacy?
Yes, germany
>>If no VPN, would you use a public wi-fi network?
yes, why not?
>>Would you use proprietary software like an OS/Browser knowing that it contains a backdoor?
sure, if the benefits outweigh the drawbacks
>>Do you use a password manager? What is your approach to passwords?
Paper + Pen. Diff PW for every site
>>Do you care about big companies collecting your data for marketing purposes? Why/why not?
I block them with hosts list in my router
>>How important documents are on your computer? How do you store them?
scan and print them out as copy. keep backup on separate hdd
>>Do you use cryptocurrencies? How do you store them?
no, they are speculative bullshit
>>Do you use Google services?
yup
>>Do you sometimes use work accounts (like email) for private purposes?
I'm NEET
>>Do you educate your family/friends about good security practices? How do you communicate?
sometimes. email
>>Do you perform regular backups?
nope
>>Do you make regular updates?
yes
>>Do you use an antivirus, firewall, etc?
win defender, win firewall
>>Did phishing attacks ever to you?
nope
>>Were you ever a target of a personalized attack?
nope
>>Would you accept a FB friend request from a person you're not certain you've met?
sure
>>Do you have anything to hide?
no, I believe in post-privacy

the EFF has a curated list somewhere, why dont you try searching you useless sack of shit faggot

only kooks and pedos are concerned about MUH SECURITY desu

I really don't know much about how certificates are handled, should probably read up some about it.
Thanks for answering

Nice data collection, Ekansovi is collecting this poll too

>cant prove shit
pointless fearmongering

I'm self employed in a medium that doesn't rely on customer service directly through consumers or suppliers and I don't watch any illegal porn (the nastiest thing would be golden showers or ass to mouth), so I can't be shamed with threats of blackmail either

Someone hack my computer now!

>Do you live in a country that repsects your privacy?
HAHAHAHAHAHA

>If no VPN, would you use a public wi-fi network?
Rarely, and usually when I am on my work laptop.

>Would you use proprietary software like an OS/Browser knowing that it contains a backdoor?
Everything has a backdoor these days. There really is no escape from it.

>Do you use a password manager? What is your approach to passwords?

Nope, and never will. I have 4-5 different passwords that I circulate and change every few years or if a breach was found with someone I use.

>Do you care about big companies collecting your data for marketing purposes? Why/why not?

I do, but there is little I can do to change that short of blocking shit.

>How important documents are on your computer? How do you store them?

I have multiple drives for different purposes, as well as multiple back-up sources.

>Do you use cryptocurrencies? How do you store them?

Nope, and never will.

>Do you use Google services?

Sometimes, and I know they are data collecting whores.

>Do you sometimes use work accounts (like email) for private purposes?

Never. Strictly business. Dumbest thing you can do.

>Do you educate your family/friends about good security practices? How do you communicate?

All the time. I'll usually inform them when it is a good time to change passwords, what to stay away from on the net, etc.

>Do you perform regular backups?
Every now and then. Not a frequent thing.

>Do you make regular updates?
No, but I am also careful about what I view. I am also suspicious of updates and usually wait to hear about any complications or shit Microsoft tries to sneak in it (on top of them breaking shit on occasion).

>Do you use an antivirus, firewall, etc?
Yes.
>Did phishing attacks ever to you?
No.
>Were you ever a target of a personalized attack?
No.

>Anything to hide.
No.

>Do you use a password manager? What is your approach to passwords?
my info was leaked out before in breaches and somebody who was obsessed with me took advantage of it, so i changed all of my passwords on the most important services, and got rid of the "1234" type of deal. yes, i use a password manager.

use complex passwords, the ones that are the hardest to remember are the better

>Do you educate your family/friends about good security practices? How do you communicate?
i never really cared to do such a thing, since my family are technology illiterate, and i don't have much friends to talk to about

>Were you ever a target of a personalized attack?
yeah, like i said, some guy who was obsessed with me wanted to get into a old iCloud account and i would assume he took advantage of the breaches way back when i was still using the simple passwords

>Do you use Google services?
yes, only YouTube and g-mail, but even then i don't use the g-mail as much.

>Do you live in a country that repsects your privacy?
No, but there is nothing I can do about that
>If no VPN, would you use a public wi-fi network?
Not ever.
>Would you use proprietary software like an OS/Browser knowing that it contains a backdoor?
No, and this is often the largest benefit to open sores for me
>Do you use a password manager? What is your approach to passwords?
I wrote my own password manager. It automatically encrypts strings using PGP
>Do you care about big companies collecting your data for marketing purposes? Why/why not?
Of course I do, I loathe advertising when they aren't trying to guess what I like
>How important documents are on your computer? How do you store them?
Encrypted using AES-256
>Do you use cryptocurrencies? How do you store them?
No cryptocurrency, I don't make any sensitive purchases
>Do you use Google services?
No
>Do you sometimes use work accounts (like email) for private purposes?
No, I have my own SMTP server
>Do you educate your family/friends about good security practices? How do you communicate?
No one I know would understand, or they would say they have nothing to hide.
>Do you perform regular backups?
Yes
>Do you make regular updates?
Yes, but I always read changelogs at the least, and I'll read snippets of actual commits if I'm paranoid
>Do you use an antivirus, firewall, etc?
Basic web blocking for trackers, cookies, Javascript and flash
>Did phishing attacks ever to you?
I haven't succumbed to a phishing attack, but Nigerian princes keep sending me emails
>Were you ever a target of a personalized attack?
No
>Would you accept a FB friend request from a person you're not certain you've met?
Don't use FB
>Do you have anything to hide?
No, but I like to have some semblance of self in a world that's increasingly becoming communal like never before.

>Do you live in a country that repsects your privacy?
Nope
>If no VPN, would you use a public wi-fi network?
Yes, with a burner.
>Would you use proprietary software like an OS/Browser knowing that it contains a backdoor?
Yes, with a burner.
>Do you use a password manager? What is your approach to passwords?
Physical notebook.
>Do you care about big companies collecting your data for marketing purposes? Why/why not?
Yes. Consumers should disclose data themselves. Cut out the middleman.
>How important documents are on your computer? How do you store them?
Important documents end their ingest in cold storage.
>Do you use cryptocurrencies? How do you store them?
Paper wallet.
>Do you use Google services?
Yes. On a burner.
>Do you sometimes use work accounts (like email) for private purposes?
Email is compartmentalized by necessity.
>Do you educate your family/friends about good security practices? How do you communicate?
Yes. I fearmonger.
>Do you perform regular backups?
Offsite every 90 days. Hot every 5 days.
>Do you make regular updates?
Yes.
>Do you use an antivirus, firewall, etc?
No.
>Did phishing attacks ever to you?
Seen plenty. Never took the bait
>Were you ever a target of a personalized attack?
Plenty of APTs but none had any unusual personalization.
>Would you accept a FB friend request from a person you're not certain you've met?
If their references check out.
>Do you have anything to hide?
No, except when I do.

If you care about security, support NetRunner, the security oriented web browser

>Do you always use a VPN / tor when watching pornography and other compromising material?
Never
>Do you encrypt your hdd, phone? If not, in case your phone is stolen - do you see a possibility of blackmail?
No, i try to leave as little of personal info as possible, for example all of my contacts have normal names, no contacts named mom, dad etc. I also have no pictures of myself or my family on my phone.
>If your best friend wrote to you on facebook messenger asking you to quickly borrow a sum of money while providing a viable explanation - would you consider calling him to confirm his identity first? Answer honestly.
No, i would only do that if he told me personally or by a phone call, reminder that i would know his voice and speech mannerisms so i ruling out a social hack.
>Do you live in a country that respects your privacy?
Yes, we have personal data protection and privacy protection ensured by federal law.
>If no VPN, would you use a public wi-fi network?
No
>Would you use proprietary software like an OS/Browser knowing that it contains a backdoor?
Only if really needed. I know Windows has backdoors but i still use it cause muh games. Otherwise i would use a linux distro.
>Do you use a password manager? What is your approach to passwords?
No. I use variations of the same password that are different enough and i try to use double verification if possible.
>Do you care about big companies collecting your data for marketing purposes? Why/why not?
I do.I find it very annoying and intrusive when i see something i just searched on ads on social network and the like. I feel like our privacy should not be tempered with for the favor of marketing and profit.
>How important documents are on your computer? How do you store them?
I don't have any important documents on my pc.
>Do you use cryptocurrencies? How do you store them?
Nope.
>Do you use Google services?
Unfortunately, yes.
>Do you sometimes use work accounts (like email) for private purposes?
No

Cont.
>Do you educate your family/friends about good security practices? How do you communicate?
I tried but they really don't care.
>Do you perform regular backups?
Yes
>Do you make regular updates?
No. I was using W10 unupdated from before cortana but i thought it would be better to update to be safe from wannacry.
>Do you use an antivirus, firewall, etc?
Only firewall.
>Did phishing attacks ever to you?
No
>Were you ever a target of a personalized attack?
Nope.
>Would you accept a FB friend request from a person you're not certain you've met?
No.
>Do you have anything to hide?
Not, but i still value privacy.

>Your PORN PREFERENCES may be USED AGAINST YOU
yeah? maybe if you watch loli or rape something

>Do you live in a country that repsects your privacy?
abso-fucking-lutely, in my country my ISP can't be bothered to keep logs or trace anybody, let alone the government, we have no cyber laws, i could post CP and cops wouldn't bat an eye.
>If no VPN, would you use a public wi-fi network?
nono
>Would you use proprietary software like an OS/Browser knowing that it contains a backdoor?
nono
>Do you use a password manager?
nono
What is your approach to passwords?
randomly generated passwords and i memorize them all
>Do you care about big companies collecting your data for marketing purposes? Why/why not?
yes
>How important documents are on your computer? How do you store them?
pretty important, well, for me
>Do you use cryptocurrencies? How do you store them?
no, cryptocurrencies are useless outside buying drugs on the deep web
>Do you use Google services?
nah, fuck google with a rusty spoon
>Do you sometimes use work accounts (like email) for private purposes?
nono
>Do you educate your family/friends about good security practices? How do you communicate?
yes and they keep deflecting or pull the "i dont really care" move
>Do you perform regular backups?
all my important files are backed up and they don't change, no need to back up again, don't give a shit about the rest
>Do you make regular updates?
fuck windows update
>Do you use an antivirus, firewall, etc?
microsoft security essentials and common sense 2017
>Did phishing attacks ever to you?
nono
>Were you ever a target of a personalized attack?
nono
>Would you accept a FB friend request from a person you're not certain you've met?
i don't use FB
>Do you have anything to hide?
nothing.

>YOUR PORN PREFERENCES CAN BE USED AGAINST YOU

unless you watch literal CP how can they be against you??

>Tfw can't use Linux as default because you need windows programs

porn preferences used against me.

sign me up, latex, bondage, and femdom
NSA get to work.

If anyone finds out how much I love midget porn I'm done for.

There's lots of stuff that's perfectly *legal*, but that's frowned upon.

Say you work at a modern, progressive San Francisco tech company and it comes to light that you watch raceplay shit with dudes in Nazi uniforms smacking around black girls and calling them niggers and shit. They're over 18. It's consensual, the pron company has all the releases and shit on file. But suddenly there's a twitter lynch mob after you pressuring your company to have a zero-tolerance policy against that and fire you. (Think back to that shitshow with Mozilla)

Or what if it hasn't come to light but someone with records of your browsing history knows it. What if your manager knows, and tells you to accept lower pay and longer hours or he'll make a public show of "discovering" this and firing you for it, not only losing your job but making other employers not want to touch you? What if some anonymous blackmailer demands three buttcoins or he'll mail your pornhub traffic to said manager? What if you were trying to get a job with a European company? That porn is legal here, but in Germany it's hate speech and Nazi propaganda that can land you in jail.

Plus wouldn't you rather live in a world where the porn you watch, whether vanilla or extreme, isn't something anyone ever gets to know unless YOU specifically choose to tell them? Wouldn't you sleep better at night knowing you had that control?