slides.com/cypurr/relaxrebootrecover/

cypurr.nyc

cypurr@protonmail.com

Recover

Reboot

Relax

  • Introduction
  • Rules n’ Such
  • Current Events
  • Your Digital Shadow
  • Best Practices
  • Mini Workshops
    • Backup Backup!
    • Data Detox
  • Thank You/Resources

Outline:

  • We are…
    • The Cypurr Collective
    • In bk/nyc
    • Cat enthusiasts
    • Tech unenthusiasts
    • Coming from a queer/feminist/anti-capitalist lens
    • Members of the Electronic Frontier Alliance
    • Here to learn from you as well

Who are we?

  • You're welcome to pass on intro Qs!
    • Name
    • Pronouns (she/her,he/him, they/them, etc)
    • What brings you here today?

Who are you?

  • Keep it constructive!

  • Share the space!

    • Stack!  Raise your hand, we'll queue speakers

  • Photo/Video- Ask for approval!

  • Identify yourself if you are a...

    • reporter, researcher, or law enforcement

Ground Rules

  • Saf(er) Space

    • We DO NOT tolerate demeaning/harmful language or behavior

    • Don't pressure or question someone discussing their experience/threat model/situation

    • Consent: Ask before helping someone out! From unsolicited advice to grabbing someones phone.

Current Events

Any Predictions for the 20s?

https://myshadow.org/

Digital Shadow

myshadow.org/tracking-data-traces

Digital Shadow

  • What sort of information is collected?
  • By whom?
  • What is the impact of your shadow?

Dubious Consent

(fb)

myshadow.org/tracking-data-traces

Trace your shadow

1) Make a list of usernames and accounts

2) In a private/incognito browser, search each account

3) What can you find out about yourself?

"Best" Practices

  • Inspired by CryptoHarlem Presentation (@geminiimatt)
  • Best =  Best for you
  • Quick recommendations that should work for most NYers
  • Focus today is on "fresh start" over "recover"

~New Laptop~

Easy: Try Stethoscope

  • Checkup on default settings
  • ragtag.org/stethoscope

Hard: Wipe the OS

  • Ensures less bloat and best settings
    • Reinstalling windows
    • Trying Linux

Antivirus

No

Antivirus software

  • tracks/sells your data
  • can create problems to sell fixes
  • Are equivalent to defaults (e.g. Windows Defender)

Instead

Keep good backups (workshop)

Safe browsing (trusted sites, avoid email attachments)

Be ready to reset

New Phone

(who dis?)

 

Somewhat hard: Go through all the settings!

New Apps?

Easy: F-Droid, prism-break.org

 

Secure texts and calls?

Easy: Install Signal

 

Secure video conferencing?

Fairly Easy: Jitsi Meet

 

Safe SIM

Hard: Never use your SIM phone #

  • Google Voice or Burner instead

New Email

Easy:

  • Encryption only works (by default) within the services
  • Both support PGP
  • PM is more popular

Encrypting files

With Online services:

 

 

Locally

 

(e.g. a flash drive):

Sending files

OnionShare

(encrypt first)

 

or

 

Firefox Send

(under 2.5gb)

New Browser

Or

With

cookies autodelete

New Collaboration

New Passwords

 Use a a manager!

 

Key to good passwords is length and complexity

 

For your brain, use *passphrases*

6+ random words

2FA gives your a new second p/w with every login, use an authenticator app or yubikey!

New Passwordsx2

2FA gives your a new second p/w for your most important accounts

 

Authenticator app

Or

Yubikey!

FreeOTP

Mini Workshops

Backup! Backup!

2. Data detox

 data

Backing up

Threat #1: You

Defend yourself from yourself: maintain good backup practices

Common Examples:

  • Saving a file while you are working on it
  • Saving copies for different versions
    • realFINAL-FINALcopy(2).docx
  • Saving to external HDD or Flash
  • Printing a copy
  • Emailing to self
  • Uploading Dropbox/Gdrive/OneDrive for Business

Backup Strategies: Crunch v. Maintenance

Designing a backup strategy

  1. Prioritize/Threat Model: What do you need?
  2. Standardize: Find a naming/saving style that works
    • eg. Title_2018-11-12.doc
    • eg. Embrace the desktop clutter
  3. Minimum of "3 - 2 -1 Backup"
    • 3 copies of a file
    • 2 forms of storage
    • 1 off-site location
  4. Automate as much as possible

$ bash

Levels of backup

  • File/Folder auto-backup
    • On a PC:
      • Duplicati
      • rsync/borg
    • On a Network:
      • Syncthing
    • Across the web:
      • Duplicati
      • rClone/Cryptomator
      • IFTTT
      • NextCloud

Online storage

Public or Private?

Continue to edit?

Continue to edit?

Know your Rights

  • Access
    • Passwords are protected by 5th amendment
    • biometrics (i.e. fingerprint) are NOT.
    • Forced access: 0days, GrayKey, etc
    • 4th amendment, but not on the border
      • Border includes 100 mi from international airport
  • Collaboration
    • Tools like TOR now = probable cause
  • Subpoena-proof Standard
    • Includes Signal Messenger, Private Internet Access VPN
  • CyPurr Collective- cypurr.nyc and cypurr@protonmail.com

  • NYC CryptoParty and Meetup.com for other events

  • Tactical Tech Collective- tacticaltech.org
  • EFF- Surveillance Self Defense (ssd.eff.org) Security Edu Companion (sec.eff.org)
  • Freedom of the Press Foundation (Freedom.press)

  • Tool Recommendations
    • privacytools.io
    • prism-break.org
  • Self defense- Pop Gym (@popgymbk)

Resources

Upcoming

  • Open Meeting Tuesday! Jan 7, 6pm
  • Movie Night! Jan 9, 7pm
  • securiTEA time Jan 15st, 1pm
  • Here again every first sunday
  • Find more on Facebook/Twitter/cypurr.nyc

Thank You!

Made with Slides.com