BY Wang Yishi
I wrote an article before, sharing some tips on protecting your personal privacy.
As time goes by, new attack methods emerge one after another, especially in the Crypto industry, where a little carelessness can lead to bankruptcy.
In fact, there is no silver bullet that can resist all attacks. The key is to build your own "defense system", that is, you should think about your
Who might attack?
What do they want to gain from it?
What methods will they use
Also, assuming the attack has already occurred, can you afford the losses? If not, how should you diversify the risks?
Most attacks are "indiscriminate". Hackers cast a wide net and those who are willing to take the bait will be caught. In this case, you just need to take normal precautions.
There are also very targeted attacks. Through various means (dark web transaction KYC information and e-commerce records), hackers can easily obtain your home and company addresses to further commit crimes. To prevent such attacks, more careful strategies must be adopted.
Only when the "defense system" is well built can you remain calm when encountering problems and minimize core risks.
Here are some of the defenses I use:
1) Use a privacy-preserving search engine
The benefits of switching from Google Search to DuckDuckGo or Startpage are obvious because they:
Remove your IP address from communications
Stay anonymous while browsing web content
Prevent third-party advertising systems from tracking your personal information
Prevent profiles from being built based on your personal web activity
The only time I go back to Google is when I can’t find what I’m looking for.
2) Encrypt your data
If you can’t live without online storage such as iCloud, Google Drive, and DropBox, then you should be prepared that your data will be hacked one day. Although large companies will invest a lot of budget in encryption and data security, you still cannot deny:
As long as the data is still on the other party's server, it is effectively out of your control.
Most cloud storage providers only encrypt data during transmission, or they keep the keys for decryption themselves. These keys can be stolen, copied, or misused. So be careful and encrypt your data with an open source, free tool like Cryptomator.
This way, even if the cloud storage service provider is hacked, your data will most likely be safe.
3) Input method
I have said before that it is best not to use any third-party input methods, but only use the one that comes with the system.
Now I want to add an option, that is "rat pipe", which has many advantages:
Excellent performance and low resource consumption
The page rarely freezes when typing the first word
Fully open source, no backdoor, no content upload
Traditional Chinese characters are powerful
High degree of customization
I am currently using the placeless double-pinyin configuration, which I think is pretty good. If you are a double-pinyin user, you can try its configuration.
4) Only visit HTTPS websites
Install the HTTPS-EVERYWHERE plugin.
It automatically activates HTTPS encryption protection for all known supported parts of the website, preventing your interaction with the website from being eavesdropped or tampered with.
When visiting a website, if it is transmitted in plain text, there will be a clear reminder.
5) Open suspicious attachments using Google Drive
You often receive various emails with attachments. Although email service providers will pre-scan and block suspicious content, many attachments are cleverly disguised and downloading them locally is risky.
In this case, I recommend previewing directly on the web page or saving it in a temporary Google Drive folder for preview, which can effectively isolate the virus.
6) Niche platforms can significantly increase the possibility of fighting viruses and Trojans
Think about this question: If you were a hacker and were planning to develop a virus (Trojan) to make a profit, which platform would you choose to target?
It is obviously a platform with a larger user base.
The following platforms have a smaller user base than Windows.
While they are not significantly more secure than Windows, they pose far fewer risks.
macOS
ChromeOS
Ubuntu
Fedora
Debian
Other Linux distributions
7) Be careful when writing security questions
"What's the name of your university?"
"Who is your girlfriend?"
"What's your favorite band?"
…
Don’t fill in your real information honestly, because your information is archived on a large number of social platforms and can be easily stolen by social engineers, which will give hackers an opportunity to take advantage of you.
Instead, it's much safer to use random passwords generated by your password manager as answers to these security questions.
8) Do not log into your core account on temporary devices
Core accounts refer to your main accounts such as Google, Apple, etc., which are bound to a bunch of devices, credit cards, passwords, etc.
For convenience, Internet companies usually store Session Cookies locally in your browser. Once this Cookie is stolen, hackers can even bypass the platform's 2FA and other verifications. In this case, 2FA is useless.
9) Always confirm twice
Memory is unreliable
Check the wallet address completely, don’t just check the first/last few digits
Last year, I logged into an exchange that I rarely use to clean up some broken coins.
When I was withdrawing money, I saw a few familiar addresses in the address book, but I couldn’t remember when they were created.
Because it was only a few tenths of a bitcoin, I transferred it directly, but afterwards I couldn't find the private key corresponding to that address.
I feel a little regretful. If I had confirmed it one more time, I wouldn't have made such a low-level mistake.
10) Clear all disk data before selling second-hand equipment
Two tools are recommended:
Darik’s Boot and Nuke
Permanent Eraser
The former can completely empty the hard drive.
The latter can replace the "Secure Empty Trash" operation, which can overwrite the file storage space 35 times each time, making it basically difficult to recover.
11) Download the wallet only from the official website
Recently, I have encountered many users downloading wallets that have been "repackaged" by hackers. Android is the hardest hit area because many wallets provide APK installation methods, making it difficult to distinguish between the real and the fake.
I recommend that before downloading any wallet, you check the product’s official website first. If not, the trust chain on Twitter can also help you confirm the authenticity of the official website.
Do not click on unknown links, and do not directly download the installation packages from these links.
Secondly, for open source projects, it is safer to download from the Release of the official open source Github repository, check the Commit, and proofread the signature. This basically guarantees that the installation package you download is the code corresponding to the current repository, which is very safe.
12) Identifying fake contracts
Confirm the authenticity of the currency contract from at least two sources. Both Rainbow and OneKey have a mechanism for multiple verifications from multiple Tokenlists.
Twitter follower counts are not reliable. Followers and trust chains are more practical. Be wary of fake accounts. Contract addresses found from CGK and CMC are usually more reliable.
13) Use a fully open source hardware wallet
The best hardware wallets are Ledger, OneKey and Trezor
Among them, OneKey and Trezor are completely open source
If you want to use it with your phone and it's open source, then OneKey
The team received $20 million in investment from Coinbase and other institutions
All codes are open sourced on Github, so you don't have to worry about backdoors
The number of supported chains is very fast, with 2-3 new public chains added every month, the most comprehensive
Just a few hundred yuan, very cost-effective, purchase link.
14) Use more secure operating systems and devices
Purism was founded by Todd Weaver in 2014. The main reason for him to create Purism was to remove Intel's Management Engine from laptops. The Electronic Frontier Foundation (EFF), Libreboot developer and security expert Damien Zammit has accused critics: "ME has backdoors and privacy issues."
Because the ME has access to memory and full access to the TCP/IP stack, it can independently send and receive network packets and bypass firewalls.
The benefits of Purism are clear:
Camera, WiFi, Bluetooth, cellular network, etc. all have independent hardware switches and can be completely turned off when needed.
PureOS is simple and easy to use (it is a free Linux distribution based on Debian)
Intel ME disabled
In short, if you want to try out Linux and want a computer that works right out of the box, give Purism a try.
A cheaper way is to run Whonix (with VituralBox) on your current computer.
Whonix is also a Linux system that focuses on privacy and security. It is completely free and open source, and has several advantages:
Has been running stably for 10 years
Hide your IP address
Hide user identity
No information is recorded
anti-virus
If you are interested, you can try it.
There are other defense measures that I will not go into detail about. I hope everyone can protect their privacy and security.