search

qut-dmrc / encrypt_all_the_things

Workshop on Security and Privacy for researchers by @brendam and @flxvctr
https://qut-dmrc.github.io/encrypt_all_the_things
Other
2 stars 1 forks source link

Suggestions for slides #5

Open Conan1989 opened 7 years ago

Conan1989 commented 7 years ago

Hi, Thanks for presenting tonight.

Had some thoughts on minor tweaks to the presentation.

Password Managers

https://qut-dmrc.github.io/encrypt_all_the_things/#/2/4

KeePassX is no longer developed. Suggest KeePass for Windows, or KeePassXC instead.Is in active development, has Windows, Mac, and Linux support https://github.com/keepassxreboot/keepassxc

Caution against "cloud" based password mangers. 1Password, LastPass, etc Online = attack surface. Their commercial interest my at times be at odds with your security interest. Password DB in file sync would be advised.

MFA

https://qut-dmrc.github.io/encrypt_all_the_things/#/2/9 Suggest including: KeePass has OTP support via plugin KeePassXC has OTP support naively

VPNs

https://qut-dmrc.github.io/encrypt_all_the_things/#/3/4 suggest including a link to this. Not just for what to choose from, but some of the factors at play. https://thatoneprivacysite.net/vpn-section/

Backups

https://qut-dmrc.github.io/encrypt_all_the_things/#/4/3 3 2 1 rule: 3 copies, 2 locations, 1 offline

Cloud storage

https://qut-dmrc.github.io/encrypt_all_the_things/#/4/1 Self hosted / peer-to-peer DropBox alternative. https://syncthing.net

Addendum

probably worth a mention of installing an Ad Blocker in your browser https://github.com/gorhill/uBlock

and Firefox Focus for mobiles

FlxVctr commented 7 years ago

@Conan1989 Thanks! Agree with most of the suggested changes, and some of the tools might be a thing for the resources section. Will try to implement it before our next workshop in two weeks.

FlxVctr commented 7 years ago

@Conan1989 Also feel free to make a PR. It's all simple markdown in encrypt_all_the_things_slides/index.md

FlxVctr commented 7 years ago

@brendam I've included three of the suggestions for now, keepassxc, thatoneprivacysite, and the 3,2,1 backup rule in PR #6.

Regarding the OTP plugins I'd say that I would rather recommend solutions that work on mobile devices.

The suggestion for cloud storage looks interesting, but pragmatically I think it's more realistic to get people to encrypt the files they have already stored in a cloud provider of their choice. Also we would have to test this tool for a while to be able to recommend it.

Browser plugins for privacy, especially also stuff like Cookie AutoDelete (https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/) would be a whole new chapter. Important, but too big for now. Definitely next iteration.

Please append changes and merge into master and gh-pages or assign back to me to review.