slides.com/cypurr/relaxrebootrecover/
cypurr.nyc
cypurr@protonmail.com
Recover
Reboot
Relax
- Introduction
- Rules n’ Such
- Current Events
- Your Digital Shadow
- Best Practices
- Mini Workshops
- Backup Backup!
- Data Detox
- Thank You/Resources
Outline:
- We are…
- The Cypurr Collective
- In bk/nyc
- Cat enthusiasts
- Tech unenthusiasts
- Coming from a queer/feminist/anti-capitalist lens
- Members of the Electronic Frontier Alliance
- Here to learn from you as well
Who are we?
- You're welcome to pass on intro Qs!
- Name
- Pronouns (she/her,he/him, they/them, etc)
- What brings you here today?
Who are you?
-
Keep it constructive!
-
Share the space!
-
Stack! Raise your hand, we'll queue speakers
-
-
Photo/Video- Ask for approval!
-
Identify yourself if you are a...
-
reporter, researcher, or law enforcement
-
Ground Rules
-
Saf(er) Space
-
We DO NOT tolerate demeaning/harmful language or behavior
-
Don't pressure or question someone discussing their experience/threat model/situation
-
Consent: Ask before helping someone out! From unsolicited advice to grabbing someones phone.
-
Current Events
Any Predictions for the 20s?
https://myshadow.org/
Digital Shadow
myshadow.org/tracking-data-traces
Digital Shadow
- What sort of information is collected?
- By whom?
- What is the impact of your shadow?
Dubious Consent
(fb)
myshadow.org/tracking-data-traces
Trace your shadow
1) Make a list of usernames and accounts
2) In a private/incognito browser, search each account
3) What can you find out about yourself?
"Best" Practices
- Inspired by CryptoHarlem Presentation (@geminiimatt)
- Best = Best for you
- Quick recommendations that should work for most NYers
- Focus today is on "fresh start" over "recover"
~New Laptop~
Easy: Try Stethoscope
- Checkup on default settings
- ragtag.org/stethoscope
Hard: Wipe the OS
- Ensures less bloat and best settings
- Reinstalling windows
- Trying Linux
Antivirus
No
Antivirus software
- tracks/sells your data
- can create problems to sell fixes
- Are equivalent to defaults (e.g. Windows Defender)
Instead
Keep good backups (workshop)
Safe browsing (trusted sites, avoid email attachments)
Be ready to reset
New Phone
(who dis?)
Somewhat hard: Go through all the settings!
New Apps?
Easy: F-Droid, prism-break.org
Secure texts and calls?
Easy: Install Signal
Secure video conferencing?
Fairly Easy: Jitsi Meet
Safe SIM
Hard: Never use your SIM phone #
- Google Voice or Burner instead
New Email
Easy:
- Encryption only works (by default) within the services
- Both support PGP
- PM is more popular
Encrypting files
With Online services:
Locally
(e.g. a flash drive):
Sending files
OnionShare
(encrypt first)
or
Firefox Send
(under 2.5gb)
New Browser
Or
With
cookies autodelete
New Collaboration
New Passwords
Use a a manager!
Key to good passwords is length and complexity
For your brain, use *passphrases*
6+ random words
2FA gives your a new second p/w with every login, use an authenticator app or yubikey!
New Passwordsx2
2FA gives your a new second p/w for your most important accounts
Authenticator app
Or
Yubikey!
FreeOTP
Mini Workshops
Backup! Backup!
2. Data detox
data
Backing up
Threat #1: You
Defend yourself from yourself: maintain good backup practices
Common Examples:
- Saving a file while you are working on it
- Saving copies for different versions
- realFINAL-FINALcopy(2).docx
- Saving to external HDD or Flash
- Printing a copy
- Emailing to self
- Uploading Dropbox/Gdrive/
OneDrive for Business
Backup Strategies: Crunch v. Maintenance
Designing a backup strategy
- Prioritize/Threat Model: What do you need?
- Standardize: Find a naming/saving style that works
- eg. Title_2018-11-12.doc
- eg. Embrace the desktop clutter
- Minimum of "3 - 2 -1 Backup"
- 3 copies of a file
- 2 forms of storage
- 1 off-site location
- Automate as much as possible
$ bash
Levels of backup
- File/Folder auto-backup
- On a PC:
- Duplicati
- rsync/borg
- On a Network:
- Syncthing
- Across the web:
- Duplicati
- rClone/Cryptomator
- IFTTT
- NextCloud
- On a PC:
Online storage
Public or Private?
Continue to edit?
Continue to edit?
Know your Rights
- Access
- Passwords are protected by 5th amendment
- biometrics (i.e. fingerprint) are NOT.
- Forced access: 0days, GrayKey, etc
- 4th amendment, but not on the border
- Border includes 100 mi from international airport
- Collaboration
- Tools like TOR now = probable cause
- Subpoena-proof Standard
- Includes Signal Messenger, Private Internet Access VPN
-
CyPurr Collective- cypurr.nyc and cypurr@protonmail.com
-
NYC CryptoParty and Meetup.com for other events
- Tactical Tech Collective- tacticaltech.org
- EFF- Surveillance Self Defense (ssd.eff.org) Security Edu Companion (sec.eff.org)
-
Freedom of the Press Foundation (Freedom.press)
- Tool Recommendations
- privacytools.io
- prism-break.org
- Self defense- Pop Gym (@popgymbk)
Resources
Upcoming
- Open Meeting Tuesday! Jan 7, 6pm
- Movie Night! Jan 9, 7pm
- securiTEA time Jan 15st, 1pm
- Here again every first sunday
- Find more on Facebook/Twitter/cypurr.nyc
Thank You!
Relax Reboot Recover v2
By cypurr
Relax Reboot Recover v2
- 164