[實用文] 教您點先可以保障私隱、網絡安全 (簡易版)

再簡化咗好多，有唔明嘅地方歡迎隨時問我

希望大家可以幫我推到上熱門同埋send去tg group (我冇用tg)

希望有熱心手足可以將內容製成文宣，教銀髮族點保障自己 (唔駛credit我)

樓主建議最低消費:
(1) 用Tor Browser 同埋 Firefox上網 記得睇安全使用建議
https://www.torproject.org/download/
iOS: https://onionbrowser.com/
https://www.mozilla.org/en-US/firefox/78.2.0/releasenotes/

(2) 用Signal 取代 WhatsApp (Telegram唔係加密通訊)
https://signal.org/download/

(3) 用兩步驟驗證 (唔好用SMS驗證)
Android: andOTP – https://f-droid.org/packages/org.shadowice.flocke.andotp;
iOS: FreeOTP https://freeotp.github.io/

(4) 用25個字或以上既密碼，切忌重用或者用一啲可以人哋可以估到嘅嘢; 絕對唔好用指紋/瞳孔解鎖，用KeepassXC儲存密碼
https://keepassxc.org/download/
https://play.google.com/store/apps/details?id=keepass2android.keepass2android
https://itunes.apple.com/us/app/strongbox-password-safe/id897283731

(5) 所有裝置都要用full disk encryption (記得睇安全使用建議)
https://www.veracrypt.fr/en/Downloads.html

(6) 用Standard Notes取代 Google Docs
https://standardnotes.org/

(7) 用 ProtonMail/Tutanota 取代Gmail
https://protonmail.com/
https://www.tutanota.com

(8) Send相/video前移除metadata
Android: https://play.google.com/store/apps/details?id=com.jarsilio.android.scrambledeggsif
iOS: https://apps.apple.com/us/app/viewexif/id945320815

(9) 用OnionShare share文件 (幾大都得)
https://onionshare.org/

安全啲:
(1)-(9)做晒
(10) 盡量避免用public / shared WiFi
(11) 盡量避免用closed source software，尤其係嗰啲天氣app / 電筒app

待續
幫手推

推

再推

再三推

(12) 如果一定要用 closed source software，用Virtual Machine isolate佢:
https://program-think.blogspot.com/2012/10/system-vm-0.html

最安全嘅方法係喺電腦嗰度用 VMWare VirtualBox整個Virtual Machine, 再喺VM裏面裝嗰啲垃圾software, 用VPN/Tor

譬如Zoom嚟講: https://assets.privacytools.io/aragon-drop/zoom_tutorial.pdf

VM 應該定期做snapshot，經常回退(rollback)去到安全版本，咁可以刪除任何病毒 (https://program-think.blogspot.com/2019/01/Security-Guide-for-Political-Activists.html)

至於部電腦，建議轉用Linux Mint，非常易用，性能唔錯，部電腦就唔好裝啲咩software，定期更新
https://program-think.blogspot.com/2015/12/system-vm-7.html

如果你想嘅話，可以慢慢學下點用Terminal，再去試下Devuan / Alpine Linux，最後可以用Qubes OS
https://program-think.blogspot.com/2016/12/howto-prevent-hacker-attack-8.html

(13) Software有網頁版就用網頁版, 避免用 app，但如果一定要用app嘅話可以考慮:
13.1 唔用app個陣熄哂所有permissions，
13.2 限制Battery usage in background,
13.3 禁止 Data usage in background,

(14) 每次download 嘢都應該check checksum 同埋PGP Signature，呢度有教
https://keepassxc.org/verifying-signatures
https://www.qubes-os.org/security/verifying-signatures/


最安全:
(15) 自己host NextCloud 取代Google Drive / iCloud

(16) 淨係用Monero / Bitcoin over Tor (https://blog.torproject.org/protecting-financial-privacy) / Cash

(17) 行街用Faraday Bag / 錫紙包住電話/電腦(應該係包層保鮮紙再包錫紙)

(18) 提防網絡吊魚(phishing)/social engineering
可以睇住先: https://program-think.blogspot.com/2009/05/social-engineering-0-overview.html#index

(19) 用Briar 取代 Bridgefy
Briar (Secure Messaging) - https://f-droid.org/packages/org.briarproject.briar.android

(20) 係VM裡面再用Docker (container) 同埋 Dangerzone (將PDF，文件或相轉換為安全的PDF)

https://github.com/firstlookmedia/dangerzone/wiki/Installing-Dangerzone

(21) VM扮正常OS: https://www.youtube.com/watch?v=6TM45vNI4Qc

待續

(22) 用Android burner phone, burner SIM (唔好插入第二部機，用現金買)，唔好去到屋企附近先關機

有d電話有hardware kill switch，可以直頭disconnect個modem (例如 Purism嘅Librem 5)

Download:
22.1 Auditor (如果不幸被捕，可以事後用嚟睇返電話有冇被狗裝咗間諜軟件)- https://play.google.com/store/apps/details?id=app.attestation.auditor

22.2 Haven (Protect personal spaces and possessions without compromising privacy) - https://f-droid.org/packages/org.havenapp.main

22.3 ProofMode (Turn your photos and videos into secure, signed visual evidence) - https://f-droid.org/packages/org.witness.proofmode

22.4 Shelter https://play.google.com/store/apps/details?id=net.typeblog.shelter&hl=en_US

22.5 PanicTrigger (Helps you and others in case of an emergency) - https://f-droid.org/packages/at.tacticaldevc.panictrigger

22.6 上面建議過嘅app

有興趣可以睇下:
反恐逃生密技

Electronic Frontier Foundation (電子前線基金會) Surveillance Self-Defense: https://ssd.eff.org/

編程隨想的博客: 大陸反賊反共11年 https://program-think.blogspot.com/2020/01/11-years-blogging.html#head-9; https://zh.wikipedia.org/zh-hk/%E7%BC%96%E7%A8%8B%E9%9A%8F%E6%83%B3%E7%9A%84%E5%8D%9A%E5%AE%A2

好快

狙擊你

Android:
1. 盡量disable Google Play Store 等, log out Google Account

2. Download F-Droid, 有好多 open source apps (https://privacytools.io 介紹好多open source software)

3. Download Aurora Store, 可以比你匿名download apps from Google Play Store (唔駛login)

4. 如果Facebook, YouTube, Telegram 等太難用網頁版，可以考慮轉用Frost for Facebook, Newpipe, Telegram FOSS, F-Droid 嗰度先有;

5. 最好就disable system apps, Google Play Services

6. 用Orbot 禁止啲app上網，可以上網嘅就會經Tor:
喺 Tor-Enabled Apps 裏面, 只選擇需要上網嘅app；係Orbot裡面將VPN Mode 開啟; 再㩒個洋蔥(綠色就開咗);

去Orbot settings開啟 Start Orbot on Boot, Always-On Notifications, Allow Background Starts, Isolate destination addresses

去電話 Settings開啟 VPN always-on 和 Block connections without VPN，不過咁會令WhatsApp/Signal 打電話嘅功能運作唔到, 所以可以用 Shelter 整個 work profile，放啲app入去，因為 blocking 唔包括 work profile，譬如可以有兩個Signal，用太空卡嗰個就唔好放喺work profile

7.

Researchers found over 1325 apps from the Google Play store that would take personal data from sources like Wi-Fi connections and metadata stored in photos, working around the permissions system.

Researchers found that Shutterfly, a photo-editing app, had been gathering GPS coordinates from photos and sending that data to its own servers, even when users declined to give the app permission to access location data.

Some apps were relying on other apps to gather phone identifiers like your IMEI number by reading the SD card. This includes apps like Baidu's Hong Kong Disneyland park app, researchers said.

Other apps were gathering location data by connecting to your Wi-Fi network and figuring out the router's MAC address.

- https://www.usenix.org/conference/usenixsecurity19/technical-sessions

所以大家要小心流氓app，如果係要用大劣app都係喺電腦度用VirtualBox整個Virtual Machine, 再喺VM 裏面裝 Anbox (係個Android模擬器黎), 咁就可以用Android Debug Bridge (adb) 裝呢啲app (放心啦呢度有教: https://docs.anbox.io/userguide/install.html)

可以試下係電話搵下支那app留低嘅file, 最好就reset Advertising ID, 但佢都已經偷咗您既IMEI, MAC address 㗎啦（可以uniquely identify你）

有用post
幫手推推

iOS:
1. 用Onion Browser https://onionbrowser.com/
2. 睇呢個，跟住做：https://www.youtube.com/watch?v=d2bJVKcIEg0
3. 高危手足就唔好用Airdrop:

A long-term device tracking attack which works in spite of MAC randomization, and may reveal personal information such as the name of the device owner (over 75% of experiment cases).

This information, researchers argued, is more than enough to create profiles and track users. Combined with data from online advertisers and analytics providers, it could be used to link devices to their real owners.

The research team worried that Airdrop-based tracking technology could be deployed in retail stores or public spaces and track users' movement through an area.

The research team said they notified Apple of all the vulnerabilities they found, between August and December 2018, but a patch cannot be expected soon as "the security and privacy vulnerabilities require the redesign of some of their services," researchers said.

一名25歲女公務員涉嫌今年4月起在網上討論區、社交平台及iPhone的Airdrop功能，多次煽動他人參與未經批准集結，揚言用開山刀殺警、用車撞警員，以及殺害休班警。

4.

2019: 黃之鋒指他在 8 月 30 日被捕及起訴時使用的 iPhone XR 被警方撿取作證物，而被捕期間從未向警方提供手機密碼，警方亦從來沒有向他索取密碼。惟在昨日（18日）黃昏，距離開庭前約 20 小時前，他收到控方提供的證據列表，其中包括 4 份「黃之鋒手機訊息交流記錄」，2 份是 WhatsApp 對話，2 份是 Telegram 對話。而他指，截至開庭聆訊前，從沒有收到控方通知或警方查閱手機內容的手令。

從控方提交的證據可觀察到，警方甚至能得知個別訊息是從軟件的手機版本或電腦版本發出，並非一般用戶介面可以做到。

MacOS:
1. 用Tails https://tails.boum.org/
2. 呢度有教: https://www.youtube.com/watch?v=uJBgb8XJoA8

多謝你ching

好有心 幫推
資安好重要

完全推唔到

原來巴打都有喺編程隨想道學嘢㗎？識貨
btw其實firefox我建議用ESR版，而且最好係自己整user.js去enable/disable所有功能，以求最大安全同私隱
重有就係linux嘅firefox個沙盒做得好差，建議用apparmor開

vm嘅話最好係用whonix，佢係玩雙vm，一個做tor gateway，另一個做workstation，所有嘢都係經tor再出，而且佢入面做咗好多安全修改，連斯諾登都係用佢配qubesos用

重有如果要down嘢嘅話，優先揀免安裝版，比起安裝版更難控制到你部腦
電話嘅話一定係pixel加grapheneOS
普通android上網就去f-droid道down Bromite，佢自帶ad-blocker同可以畀你set privateDNS

係呀
大家小心
會整合您既comment，再pin
其實仲有好多文，有講ESR版，不過要週圍叫人幫我推/pin po

巴打你用緊咩os？linux定win？
有冇諗住轉用qubesos？我有諗過但驚部腦唔support