Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Security training: Individuals versus Random Assholes
|Random Assholes||Assholes with Resources||The State|
|Defenders||Individuals||Individuals vs Random Assholes||Individuals vs Assholes with Resources||Individuals vs The State|
|Organizers and Journalists||Organizers & Journalists vs Random Assholes||Organizers & Journalists vs Assholes with Resources||Organizers & Journalists vs The State|
|Targeted Activists||Targeted Activists vs Random Assholes||Targeted Activists vs Assholes with Resources||Targeted Activists vs The State|
Individuals versus Random Assholes
There are no prerequisites. The material presented on this page is relevant to every persona and every risk level. These practices therefore represent a minimum level of best-practice and are foundational to every other risk assessment presented in this framework.
- Scrub personal data and opt-out from "Data broker/vendor" sites such as Spokeo/PeopleSearch/Pipl.com, etc.
- Don't check in to places on Facebook/Foursquare/Yelp/etc publicly
- turn off location services (GPS) on your phone when you don't need it (also saves battery!)
- Turn off location tagging for your smartphone camera
- Audit/improve your social network privacy settings
- Verify friend requests with actual friends: When you get a Friend request from someone you don't know, but have mutual friends in common, send your mutual friend a private message asking for info about who the supposed person who may have sent the friend request actually is; avoids friending malicious/fake accounts.
- turn off "auto-pay" (and use Password Manager fill-in instead)
- Remove "saved fingers" (fingerprint scans) from your smartphone's memory, i.e., use a PIN or passphrase, or if you do choose to use a fingerprint, use only one or two finger's prints. (The more fingers you add, the easier it is for someone who is not you to use their fingerprint to open your device.)
- Use a password manager (and all that that entails!)
- Use strong passwords. Most password managers will help you generate these, and the main thing is that they should be long. If it's a password you will sometimes have to type in (i.e. your password manager cannot fill it in for you on a particular machine), use a long passphrase with words, words will be easier for you to type than a bunch of random characters.
- Generate random passphrases for your "password reset questions". Don't answer such questions honestly, because basic facts like where you went to school or your spouse's name can generally be found on social networks and data brokers.