black.png

COLLECTION OF SECURITY & PRIVACY TIPS


TIPS FOR SURVIVING

+

Do not bring RFID credit cards or passports on site without using a faraday cage. Find us at a faraday workstation at rOOtz.

Be careful with your keycard, it can be copied upon touch. Keep it deep in your wallet or in a faraday cage.

Make sure your wifi, bluetooth and geolocation are off. Do not use ANY wifi networks in Vegas. Use a cellular connection, mifi, not wifi.

If you must check email, make sure you are using SSL and not sending your password in the clear.

Cover front facing cameras with electrical tape.

Do not connect to phone chargers, except your own, including in the airports.

Screen Shot 2017-04-13 at 3.48.53 PM.png

THE NOT-CRAZY-PERSON’S GUIDE TO ONLINE PRIVACY

Bloomberg BusinessWeek

 By Jordan Robertson

BEWARE PUBLIC WI-FI

Before you’re even online, your laptop is talking to the Wi-Fi network, and that dialogue is vulnerable to attack, says Nico Sell, co-founder of encrypted-message app Wickr. That goes for encrypted sites, too: Just because you see “https” in a web page address bar doesn’t mean you’re safe. Yong-Gon Chon, chief executive officer of consulting firm Cyber Risk Management, says using public Wi-Fi is “like your computer having a one-night stand—you don’t know what you’re going to walk away with.”

TRY TWO-FACTOR AUTHENTICATION

“Factor” No. 1 is your normal password. No. 2 is a one-time code that’s texted to you. All major internet-based services—e.g.,Google (google.com/landing/2step), Twitter (support.twitter.com), and Facebook (facebook.com/help)—offer this feature. It’s the most basic step you can take to protect yourself.

MESSAGE ON AN END-TO-END ENCRYPTION APP

Many messaging apps provide end-to-end encryption, so anyone intercepting traffic (including the app’s maker) sees or hears only gibberish.

TAPE OVER YOUR WEBCAM

Security experts have long urged potential targets to do this to prevent adversaries from secretly recording every move and sound.

GO ALL CASH

Bank and credit card statements provide a vivid record of spending and travel habits; retailers send price, location, and time information to financial institutions. The good news is debit and credit transactions are processed so quickly that stores don’t share more than they have to. They jealously guard the more granular information they collect—specifically, the products you buy—in the hope of monetizing it someday. So at some point in the future, those statements will be even more vivid.

FLY LIKE A SECURITY PRO

The best way to ensure that your luggage isn’t tampered with might be to pack a gun in it, says a security expert who goes by the name Deviant Ollam. He explains how a quirk in air-travel regulations requires that when you fly with a firearm, it must be checked in a bag that no one else can access. This differs from regular luggage, which must use Transportation Security Administration-compliant locks that agents can open. Ollam says he declares the gun at check-in and shows it isn’t loaded; rarely, he adds, does anyone inspect it or the other contents of his luggage—and when they do, he’s present, which is the point.

black.png

6 TIPS TO KEEPING YOUR ONLINE IDENTIFY SAFE

The Daily Dot

By Rebecca Hiscott

SPREAD MISINFORMATION

Social networking sites, like Facebook, often won’t let you join without revealing your birth date. But who says you have to share your real birthday? That information anchors almost all of your most sensitive data—your bank records and credit history, even your social security number. But chances are you’ve given out that information to a host of websites, from social networks to online retailers, without a second thought.

“If I know your birth date and your birth location, I have a 90 percent chance of being able to steal your financial information,” said Sell. “Here’s what you can do instead: Put misinformation out there, like the wrong birth date, the wrong birth place. I do searches on random things when I’m bored. You’re trying to feed [Google] a bunch of misinformation so it doesn’t have an accurate description of you.” More here.

To avoid attack, Sell said, “you need to be tougher to get than everyone else.”

 

THINK ABOUT WHAT DATA YOU’RE GIVING OUT, AND TO WHOM

By the same token, why should you have to share personal information like your birth date with every website you log onto? Does the New York Times really need to know your home address just because you’ve signed up for a digital subscription? More here.

Simply keeping in mind that most of these sites don’t need your data—and have no right to ask you for it—will make you more privacy-conscious in the future, and will remind you to opt out of providing personal information whenever possible, Sell said.

 

KILL GEOLOCATION

Apps like Twitter and Instagram give you the option of tagging your posts with a precise location; some, like Foursquare, are entirely built around the feature. Most even make geotagging the default, so that you’re forced to dig through the app’s settings to opt out. And, every time an app updates, the settings may revert to the default. More here.

 

COVER YOUR CAMERAS

Whenever she’s speaking at a security event, or just talking up Wickr on the street, Sell hands out small vinyl stickers and tells people to run home and cover their front-facing cameras. “Last year, we taught the kids [at r00tz] how to turn on the inner-facing camera on your smart TV,” said Sell. “It’s an easy hack that people all over the world use to blackmail people. It’s not even illegal, depending on where they come from.”

Any camera that looks into your home, whether it’s from your smartphone, your laptop, or your television set, can easily be activated by a hacker and used to pull details from your personal life, track your daily movements and online habits, or blackmail you with a lurid photograph. More here.

 

READ THOSE RIDICULOUSLY LONG PRIVACY AGREEMENTS

Facebook’s latest experiment in emotional manipulation is a reminder that those privacy policies you mindlessly accept—which Sell thinks should be termed “ownership policies,” in the name of transparency—contain some pretty wacky built-in clauses, like, say, implicitly consenting to participate in behavioral studies. When you accept one of these policies, “you’re agreeing to a free, worldwide, transferable license for eternity, for everything you put into that service,” she said.

That’s incredibly invasive, and it’s also the norm—so the only way to be aware of is to read all hundred-plus pages of an app’s privacy policy. More here.

 

DON’T TRUST FITBIT (OR ANY OTHER APP, FOR THAT MATTER)

Most fledgling apps haven’t taken the time to identify and plug security holes, as evidenced by the recent Yo hack. “These are startups with a small budget,” said Sell. “They’re going for Minimum Viable Product,” pushing out the app’s core functions as quickly as possible, with little time for extensive testing and development, “and they’re collecting lots of information on us. All the health apps and health devices out there, they really scare me.”

It goes back to thinking about who really needs your data, and why. Are the enhanced analytic features of FitBit really better than an old-fashioned pedometer, once you take into account the amount of hackable data the fitness tracker is collecting? More here.

Gray.png

HOW TO COMMUNICATE PRIVATELY & SECURELY

With more internet platforms and mobile apps collecting information on our every move and thought, privacy is becoming harder and harder to achieve. Our strong belief is that privacy is a human right, not a luxury.

No security is 100% perfect, but using Wickr with these privacy and security tips puts you ahead of most.

PRIVATE COMMUNICATION

For any personal communication — whether text or intimate photos and videos — use Wickr or apps that you trust cannot see or keep your data. Set the destruction time to minimal. More here.

 

SOCIAL SHARING

When posting or consuming information on social media, assume that the information about you will stay online forever and will not belong to you.

Try to avoid posting personal information about yourself whenever possible. Knowing your full name, birth date and your birth location can be enough to steal your identity or “social-engineer” you. Most websites don’t need your data and have no right to ask you for it. More here.

 

CONNECTING TO THE INTERNET

If you can avoid it, do not use public Wi-Fi. Use MiFi instead (a wireless router that acts as a mobile hotspot). More here.

 

PHONE SECURITY

Set a pin or passcode on your phone — this is your first line of defense. More here.

 

MOBILE APPS

Unless absolutely necessary, refrain from giving an app permission to know your location, access your photos, contacts, mic, etc. If you need to use the apps that require various permissions, turn their access off when not in use. More here.

 

TIPS TO AVOID TRACKING WHEN NOT IN USE

Turn off Wi-Fi and Bluetooth. It is possible to exploit these features to access your device and obtain information about you like the list of Wi-Fi networks you ever connected to. More here.