Write stuff here....
- dgsskemyt
- The Great Dictator is a really good movie
- gyration each sick shop car
- zvRNt&>X
- 987654321
Explanation: A good password shoudl actually be a passphrase made up of at least 3 random words, not connected to yourself or to your work.
- Your private messages in Facebook Messenger
- The list of people you text in WhatsApp
- The phone number you use in WhatsApp
- The brand of your smartphone or computer
- All the above
- Not sure
Explanation: Facebook doesn't offer an end-to-end encrypted service and can possibly access the content and the metadata associated with your account.
- The content of your emails
- The list of people you have ever emailed
- The brand of your smartphone or computer
- Your Google password
- All the above
- Not sure
Explanation: Google doesn't offer an end-to-end encrypted service either and can possibly access the content and the metadata associated with your account.
- The content of your emails
- The date and time-stamp of your emails
- The subject line of your emails
- Not sure
Explanation: Email encryption (using PGP or asymetrical encryption) usually only encrypts the content of your email -- sometimes also the subject line of your message. Anything else is visible to all the intermediaries between your machine and that of your recipient: namely internet sevice provider(s) and governments.
- Gmail
- Yahoo
- Tutanota
- Outlook
- Protonmail
- Not sure
Explanation: In this list only Tutanota and Protonmail are blind to the content of your emails when you use their services.
- https://www.dropbox.login.com/
- https://www.dorpbox.com/login
- https://login.dropbox.com/
- http://www.dropbox.com/login
- Not sure
Explanation: Check that the spelling of the URL is correct: the real name of the website you are visiting always sits right before the Top Level Domain (.com, .nl, .biz, etc.), whcih, itself, must be located right before the first forward slash (/). Check then that the login URL starts with an HTTPS which signals that your connection tot he website is secure (i.e. encrypted).
- It hides your location
- It prevents your browser from saving your browsing history
- It prevents websites from leaving cookies in your browser
- It hides your identity from internet service providers
- It hides your identity from the websites you visit
- Not sure
You are at the airport. You need to send a confidential report to a colleague before you board a plane. The report contains information that could put people in danger. Is it safe to use the airport wifi?
- Yes, if it uses a password
- Yes, if I am in a country with strong privacy laws
- Yes, if I use a good anti-virus
- Yes, if I use a form of encryption (VPN, PGP encryption, Signal, Protonmail, etc.)
- I do not know
Explanation: Encryption is the only sure way to prevent people sitting in the middle (between your machine and the website you visit or the person you communicate with) from listening in. Luckily there are incresingly user-friendly encryption tools at out disposal. Our favorites are Signal, the Tor Browser, use of a VPN such as the ones provided by Greenhost.nl or the use of Protonmail -- or a combination of all the above.
- Only the recipient can open your email
- Only the recipient can read the subject line and timestamp of your email
- It's OK to share your private key
- It's OK to share your public key
- It's OK to share your fingerprint and key ID
- Not sure
Explanation: PGP encryption is a solid encryption method though not the easiest to come by. It ensures that only the intended recipient can read and open your emails. Be aware that some information is not protected with PGP encryption and might be visible to intermediaries such as the subject line of your email, the timestamp, your email address and that of the recipient, the model of yoru machine, or even the operating system you are using. Never share your private key with anyone. You can freely share your public key (Note: fingerprint and key ID and synonymous of public key)
- An anti-virus program
- A computer program that uses the private servers of a host company to carry and protect my online activity
- A network of volunteer computers that help hide my online tracks to hide my identity and activity
- I do not know / I am not sure
Explanation: Learn more about VPN use here.
- An anti-virus program
- A computer program that uses the private servers of a host company to carry and protect my online activity
- A browser that uses a network of volunteer computers to help hide my online tracks
- I do not know / I am not sure
Explanation: Learn more about the Tor browser here.
- Using a VPN
- Using Tor
- Turning off GPS
- Turning off WiFi
- Turning off WiFi and GPS
- Turning off data, WiFi and GPS
- Turning off data, WiFi, GPS and Bluetooth (Airplane mode)
Explanation: Be mindful of the fact that, despite the best of precautions and with the use of a VPN or Tor, the location of mobile devices remains almost impossible to hide: as soon as they connect to the internet (whether via wifi or data) they do leave traces of their presence! The only sure way is to turn on airplane mode or -if you think you might be targeted by government -grade malware- to turn the device's power off completely.
What preemptive measures could protect your data if your phone is lost or stolen (if only temporarily)?
- The screen is locked with a 4 digit pin code, a password or fingerprint
- You can track your phone using apps such as Prey or Find-My-Device
- You can remotely review and if necessary revoke app permissions
- Not sure
- Your computer's disk is fully encrypted
- You use commercial cloud backup services such as Dropbox and OneCloud
- You carefully browser the internet using Incognito (Private) mode
- You use end-to-end encrypted services such as Signal and Protonmail
- You use strong passwords coupled with 2-Factor authentication
Explanation: Encryption, whether of data in transit (VPN, end-to-end encryption with Signal, PGP email encryption) or of data at rest (full disk encryption) is the best protection even against the most sophisticated adversaries.
- You should use it on at least 3 of your most important accounts
- You should save it in a Word document and hide it with your important files
- It should be enough to protect against malware and phishing attacks
- It is best to store it using a password manager
- It's OK to keep a copy or a hint in a safe place (wallet, safe, with a parent, etc.)
- Turn your computer off and on again
- Keep a record of the incident
- Change your passwords immediately
- Take the machine offline
- Alert your colleagues and contacts
Explanation: More on how to recognize and deal with a malware attack.
- The use of strong passwords
- The use of 2-Factor authentication
- The use of strong anti-virus software
- The checking of a URL or a file with VirusTotal.com
- The checking of the spelling of a URL
- The updating of the operating system
- The use of a VPN
Explanation: Phishing attacks try to circumvent your first line of defence, namely your passwords and encryption you might be using such as VPN. The attacker wants you to let them in. Your best defense is you pair of eyes (spell check URLs and email addresses) and whatever antivirus/antimalware you have in your machine.
You receive an alert email from "google.clientsupport.com/alerts" saying “Your account has been compromised, change your password now”. What should you do?
- Click and change your password immediately
- Report the sender to Google
- Go to security.google.com and check your account activity
- Go to security.google.com and activate 2-Step Verification
Explanation: This is not a legitimate Google address. A legitimate name should stand right before ".com". Learn more on how to spot a fake URL.