Cyber sec thread. For all online leftist activity, we're going to need to be careful in the coming years. From everything to protests, to strikes, to insurrection.
Post OpSec, networking, hacking etc.
Cyber Sec General
REMINDER:
Install Linux
Use Firefox
Use uBlock Origin and/or uMatrix
Use a VPN – preferably non-14-eyes
^ If you do not do all of the above as a bare minimum, you are a hazard to yourself and your comrades.
half of these are outdated or just plain dumb.
Use Iridium instead.
Which is why you should post relevant ones, instead of just posting unproductive crit.
If people followed some of these guides, they would literally end up harming their security. For instance, all of the firefox extensions in that one pic are outdated or now spyware. One of the other pics will give people the delusion they can make Windows secure. It is absolutely valid for me to criticize these without offering an alternative list.
Could you explain which guides specifically are wrong?
Encourages Windows use
Most of those are outdated/untrustworthy. uMatrix and uBlock Origin are the current gold standard. Flash is now disabled by default.
Half of the other guides aren't even really about security.
Why?
Also what email is best? I use Protonmail, I heard about Riseup email which is run by anarchists, but apparently you have to make a request to get an email.
unironically cock.li, however stuff like github doesnt accept it
...
proton is a honeypot
just get email service from somewhere in russia/china/vietnam/other non-14-eyes country. yes it will spy on you, but not for the USG.
Bumping because you dumbasses are still posting from incognito mode
I'm still trying to set up my gentoo install.
Lmao I’ve accepted that it’s already too late for most of the online left.
security is about mitigation and threat models. it is not too late.
lol we can commit assault with a deadly weapon on livestream and get a little community service. What exactly am I hiding from on the internet?
you all know about google dorking right? finding stuff that's supposed to be hidden using a search engine. wanna see if we can find some confidential government shit?
Search Google for:
site:gov filetype:pdf
And then add to those by mixing & matching the following terms
"not for public"
"highly confidential"
"do not disclose"
"do not distribute"
"proprietary and confidential"
"internal use only"
"classified"
"for official use only"
and any other similar ones you can think of.
Post links to the best stuff you find here. Best I've found is a FCC memo to the DOJ from last year labeled "HIGHLY CONFIDENTIAL - NOT FOR PUBLIC INSPECTION".
Link here: licensing.fcc.gov
It should require you to login but apparently they fucked that part up.
also sometimes you might want to do "[organization you're interested in] internal use only" such as "NASA internal use only"
How about a browser that's not an anti-user piece of shit, such as Pale Moon?
...
What are you referring to here?
no about config switch to turn off jewgle shit
My reasons for opposing WebP are that it's a stupid format that doesn't know what it wants to be and consequently excels at nothing, but what is your issue with it exactly? My understanding is that it's a fully open standard like WebM, so what's the harm in your browser supporting it? I oppose developer support on grounds that it's a non-ideal progression upon animated GIF and causes unnecessarily browser library additions, but those reasons aren't enough to convince me to move to a far less functional browser like Firefox with even more anti-user controls or even worse WebKit-based piece of shit. I doubt those are your reasons, what are they?
Most of you need to accept the possibly that you're not qualified to assess security of software, or even understand the threat model.
Since /g/ Zig Forums HN, and all of reddit, are fully taken over by cargo cult brainlets these days, people just shout memes until a consensus is reached. That consensus may have no bearing on reality.
That FTP guide seems overcomplicated in the wrong ways (install *ubuntu and then uninstall a bunch of shit instead of just picking an appropriate distro to begin with) while ignoring some of the frustrations people will usually encounter setting up SSH. An important point overlooked by that image that should be stressed more is that FTP is today a highly insecure protocol and shouldn't be used outside isolated local networks. Digital Ocean gets a lot of deserved flak for retarded guides sometimes, but their sftp guide is nice:
digitalocean.com
Similar to yours, it's a garbage format based on vpx but when you use a browser without support for it you get fallback png/jpeg images. I prefer mp4 over webm too so I get hardware acceleration and can avoid the buggy smeared mess that is vp8/9/10. They are open more in the sense of being free to use, development is completely under googles control.
Ah, you mean how sites like Wikia do browser engine checks to serve up this rancid crap every time I casually click on an image and just want to save the PNG? That is pretty annoying, I'll concede that.
I'm in my about:config right now, are you saying that altering image.http.accept and image.webp.enabled doesn't work for you?
It didn't when I last used pale meme but firefox had not support for it then, the furry had gone out of his way to integrate it and offered no option to turn it off. In practice the http accept is probably going to work most of the time, but if a server ignores it and support is not disabled it will silently fail to block it.
I love webp.
Its lossless mode literally destroys zopflipng in all real world images I throw at it.
Supported in edgeHTML, gecko, webkit, blink, and GIMP.
AV1 won't have a true lossless mode, so webp might be the best lossless compression we ever get.
Flif is better.
WebP is trash tier for animation because it uses video format compression techniques instead of delta-frame compression. It can't even compete against animated GIF file size in a lot of instances, let alone APNG.
bump
Flif will never be supported by anything, ever.
I know that hating on webp is the politically correct opinion, that's why I posted it.
No, sucking off everything google does is the politically correct opinion. I bet you are using chrome.
>>>/reddit/
I've been using firefox since before it was called firefox.
There's no way you're that angry at an image format. The bit-stream is frozen. It's never going to change, so the fact that it was made by google is irrelevant.
Let me tell you what you're angry at. You're angry because you're fucked. You're impotent. Nothing you do as a consumer can change that.
You don't know enough about technology to even assess whether you have achieved security or not. You can't read the browsers source code. What little you know you learned from Zig Forums infographics and youtube videos.
And none of that even matters, because knowledge is no longer enough to protect you from surveillance capitalism. It doesn't fucking matter which browser you use, what email provider you pick, or even if you run your own. You are fucked whatever you do.
Swallow these blackpills little zoom. It is over.
(I like webp by the way. Good format for some but not all use cases)
Nice projection. This is "just go live in the woods" tier. For every use case of webp there are superior options, many if them older than it. webp was just heavily pushed complete with a propaganda campaign that made hackernews like you raid bugzilla as unpaid corporate guerillas.
But if I can't hide, why not act so they couldn't understand my motives? 🤔
Name the superior options for putting these on the web
1. Lossless images
2. Lossy with transparency
It's understandle to grasp for conspiracy theories. These corporations really do exist to influence our behavior. It's just you've chosen to focus on an irrelevant detail, in this case an image format. I know your type.
Sounds reasonable. It's good to block all ads, tracking, and obfucate on principle. Reject DRM, reject app stores.
However, struggling against corporate power as an individual is very limited. It has done literally nothing to stem the tide.
It's braindamage to even pursue these minimal savings when websites send you megabytes of obfuscated javascript and css so you can run programs 10x as slowly as native ones. The only reason you use it because your lord google has decided that only their own pet project is allowed on the chrome application platform.
Or worse, you can't even read a text without js.
So am I on a list now because I post here from my phone?
ON MY TO BE BANNED LIST
I thought we already established that I use firefox, but whatever.
I also thought you didn't like the "just go live in the woods" line of thinking. Except that's where we are. You have to avoid the publishers who push megabytes of tracking scripts.
Which is all of them. Every single news site, every blog (all hosted on medium now for fuck knows what reason), the whole of reddit, all social media platforms. It's all fucked.
But I still don't give a shit an image format.
honestly the combination of letters just really upsets me, like webm or any webX thing
Anyone who sends sensitive data from not only their phone, but also leftypol deserves to be watched.
Thing is google and facebook shouldn't exist.
Either from a liberal perspective because they're monopolies that are blocking alternatives from ever starting up,
or better from a leftwing perspective because HOLY SHIT NUKE THESE CAPITALIST NIGHTMARES.
That doesn't mean everything they do is bad, or they don't have great engineers working inside them.
When users become aware of the extent of corporate surveillance it's natural to want to do "something". But very hard to know what that something is.
Example: Facebook sucks. So build an alternative to facebook right?
Not necessarily. What if the facebook style social network is inherently a tool of capital. Then you're just copying a feature set without even understanding why. Silicon valley is stuffed with these developers totally lacking class consciousness.
You can't just write an app to escape corporate power, nor can you escape as an individual by choosing the right software.
Meanwhile everything is becoming buzzfeed tier, so maybe there's nothing left to browse. Certainly feels like it.
...
Do you think I like wouldn't be able to get a security clearance now since ive been posting here from my unsecured phone? It's not like I'm planning anything lmao just participating in leftist discourse
WebM has its place (it competes with MP4 which is proprietary), WebP on the other hand is unnecessary monopolistic Google bullshit.
It's not proprietary in any meaningful sense. Google just does not want to pay royalties, there are free players/encoders and you can just ignore patents. Even then webm is just a gimped fork of MKV.