OnePhoenix

joined 7 months ago
[–] OnePhoenix@lemmy.world 1 points 5 months ago (1 children)

I've heard of these but haven't given them a long look. What is it about mullvad or librewolf that people prefer over Firefox?

[–] OnePhoenix@lemmy.world 1 points 5 months ago (3 children)

Thanks. I currently use hardened Firefox (Arkenfox) and yes I do use unlock.

 

Newb question: what does it really mean when I click "Reject Nonessential Cookies"? Am I really being any more private by rejecting these? Just feels greasy like it's a workaround for websites to get my information anyway? Should I navigate away from any sites that suggest this cookie configuration?

[–] OnePhoenix@lemmy.world 23 points 5 months ago (1 children)

If you don't think Mozilla cares about your privacy anymore, yet you use Qwant, you're probably not going to want to hear that the two partnered up last month.

I've been using Startpage with positive results.

There's also hardened Firefox solutions.

I second Proton... I love 'em. I use them for email and VPN. I always have a hard time putting all my eggs in one basket though, and try to avoid using any one ecosystem for all my organization. For example, I use an offline app for my calendar, and a self-hosted home solution for file management.

Great to see another person giving the one finger salute to big tech. Not sure about your ideas on Apple respecting your privacy though - they haven't given me that impression but maybe I'm misinformed.

[–] OnePhoenix@lemmy.world 1 points 5 months ago

After your post I did some digging and indeed it does appear as though Parrot OS can be installed through UTM. Thanks for the heads up!

[–] OnePhoenix@lemmy.world 5 points 5 months ago (1 children)

Is SELinux enabled by default in Fedora? I've tried researching it but everyone seems to be wanting to do the opposite and disable SELinux (presumably because it restricts ease-of-use)?

[–] OnePhoenix@lemmy.world 4 points 5 months ago (2 children)

I've looked at this and would love to but as is my (limited) understanding, Qubes is next to (if not entirely) impossible to implement on Mac M1

[–] OnePhoenix@lemmy.world 2 points 5 months ago (1 children)

Thank you. Again, excuse my ignorance but, I don't see Parrot on the UTM list... Can Parrot be loaded on top of one of those OS's? Or are you suggesting Parrot in general, regardless of UTM's capabilities?

10
Which OS/Distro? (lemmy.world)
submitted 5 months ago* (last edited 5 months ago) by OnePhoenix@lemmy.world to c/cybersecurity@sh.itjust.works
 

I'm new to the cyber-security/privacy space. I am interested in teaching myself about it, as well as dabbling in OSINT and general linux-type-stuff too. ATM this is all a hobby so while it is not crucial to have everything air-tight, I would like to do my best to follow best practices.

That being said, I am currently using a Mac M1 so my VM capabilities are (AFAIK) limited to the OS's provided by the UTM virtual machine software. For those who are unaware, the OS's they provide can be found here:

https://mac.getutm.app/gallery/

From a security/privacy perspective, which of these OS's would you consider to be the most secure or, able to be the most secure with configuration? At first glance and with my limited knowledge, I want to say Kali, but I feel this may be cliché as it's what your stereotypical-hacker-type would use.

Any guidance would be appreciated.

N.B., ease of use/convenience is not a top priority for me, as I'm using this as a learning experience and I'm open to trying different things and making mistakes along the way.

Thanks!

***EDIT: Thank you to all who provided information. I learned a lot. I've decided to try a few different distros that work with UTM namely, Parrot OS (both home and security editions for different purposes), as well as Kali and Debian.

[–] OnePhoenix@lemmy.world 9 points 6 months ago (1 children)

Valid point. I do prefer the UI with Proton, I find it nicer to click through. Also, Tuta usually makes you wait 2-3 days before you can use it - not a big deal really, unless you're trying to sign up for something new.

[–] OnePhoenix@lemmy.world 16 points 6 months ago (8 children)

I don't know if what I do is the right way around this but, as stated Proton will reject disposable verification emails and you cannot use another proton account to verify a new one.

My workaround for this is to verify proton with a Tutanota account which is also created with as little to no identifiable information as possible.

TLDR: Proton accepts Tuta emails for verification and Tuta emails can be created anonymously.

[–] OnePhoenix@lemmy.world 1 points 6 months ago (1 children)

You say you use ProtonPass with a free Proton account? Do you know if they have a limit for creating these new emails? I've seen ProtonPass advertised but I just assumed it was a premium feature. When I say its tedious, its because when I create new ProtonMail accounts you first have to verify it with another non-Proton account which I find a bit annoying as I dont use services like Gmail etc , but more importantly, Proton has been blocking signups on newly created emails (if you just created the email and then use it to verify a service sign up it gets blocked).

[–] OnePhoenix@lemmy.world 10 points 6 months ago (2 children)

Perhaps I haven't used it to its full capacity but, I have a free proton account and I still have access to simple login

 

I used to use Protonmail, however the verification steps become tedious when creating unique emails for sign ups. I've switched to Tutanota despite it contravening their one account policy. What do you all use for one off emails (for sign ups etc )? Or do you prefer one of those 10 minute email sites?

[–] OnePhoenix@lemmy.world 1 points 6 months ago (1 children)

Thanks for the info. You'll have to forgive my ignorance as I'm not super well-versed but, I was of the impression that alias software like anon and simple login were more for avoiding spam and unwanted emails from sign ups. Is it also effective as a security tool?

 

Does it make sense to have separate emails for each individual financial account (banking, credit cards) or is that overkill? I'm just thinking that if a hacker got access to one email they'd have all account information?

 

I use GrapheneOS ony phone and a Mac with the security options as optimized as possible. For most of my emailing etc, I use Tuta and Proton. There are instances however, where having a Google account is beneficial (some apps for example won't download from Aurora store in anonymous mode).

Is it advisable/possible to create a dummy Google account with minimal ID/credentials? And if so, what are some best practices for doing so?

Or, do I resign myself to the fact that with more control over my data, I have to sacrifice more?

 

I feel like this may be a bit of a counterintuitive question considering Graphene's privacy features but, is there a way to remote erase or find my phone with GrapheneOS in the event the phone is lost?

 

I'm currently running Grapheme OS on a pixel. One thing that I've had trouble finding is a secure video chat option. I'm assuming that its because such a thing in a secure environment is hard to come by / impossible.

The only options I've found are things where you must self host like element etc. Is this the only way?

I realize there may be nuanced answers to this question that I may be overlooking as I'm still relatively new to online security/privacy so I apologize in advance if this is a moot question.

view more: next ›