A Simple Security Guide for Avoiding Online Attacks

Today, the most appreciated themes on Bitcoin forums are the security related ones. Many people write their thoughts about how to protect private data from government, hackers and, sometimes business competitors. Let’s discover what can you do to prevent different bad people from stealing your personal data or bitcoins.

Also read: ItBit and TradeBlock: Blockchains and Big Data

3 Layers of Personal Security

keyboard-142332_1280 It isn’t so dangerous to visit the internet these days, but users still risk losing valuable assets each time the browse. Internet security includes three major levels:

Physical: how well-protected are your computer hardware and accessories?
Software: how much encryption do you use, how good is your antivirus, which OS do you have installed?
Online: which sites do you visit? What online services do you use? What data do you leave there?

Let’s examine your “Internet Visiting System” and discover if it has any security holes.

Physical Level of Security

On this level, we will check if we have everything needed for physical safety. Here is a standard list of what you should and shouldn’t do or have near your home PC:

A USB flash drive with a minimum of 4 Gb of memory
An installation image of any Linux distribution (and another one with any Windows distribution) on a USB flash drive or a CD
If you have a printer, make sure it’s not connected to the Internet, has password protection, and can’t store and resend your documents after printing
Use your WiFi spot, don’t trust your neighbors or public hotspots
Notebook cameras and standard webcams should be covered when not in use
Don’t underestimate the Kensington lock — especially when in a company office
Never work near windows in positions where your monitor(s) can be seen from outside. Also try to avoid bringing any unnecessary attention from your friends and neighbors to what you do with your PC.
If you have a large or secret business, don’t invite suspicious guests in a room with your computer
Don’t use somebody else’s USB flash drives with your PC
When you buy new things like larges TVs or news computers, make sure no one sees the boxes from them; hide them somewhere or destroy them before disposal.

USB flash drives are important for storing valuable data, including bitcoin wallets, files containing books, music, or films created by you, your company’s secret documents, and off-the-book accounting.

Installation images are valuable while reinstalling or fixing systems and managing files and partitions on your hard drives. Learn how to use programs like Gparted because they might be useful someday. Also, it’s better to use Linux systems instead of Windows, details about why can be found below.

Software Level of Security

Software integrity is key to your computer’s security. Don’t let someone else rule your machine.

PGP encryption

privacy-policy-445157_1920 It’s a big laugh to watch politicians talking on TV about scary terrorists using PGP encryption. When they do so, all they are really saying is that people can use PGP to have full control over what they post on the web. But the funniest thing is that many normal people use it in real life for pretty peaceful purposes.

Encryption can save your life some day, and this is not a joke. While using encryption, you can protect your emails from being read and your files from being stolen. To protect your e-mail, learn to use PGP on your system; this won’t take more that 1 to 2 hours or days, depending on your level of knowledge. Here are some tips on using encryption in various ways to help you get the hang of it faster.

Windows

You can learn how to set up and use encryption on your Windows PC in this EFF article.

Also, you may want to try TrueCrypt 7.1a. This version is the last 100% safe iteration of TrueCrypt; the project itself is closed, and version 7.2 only deals with decrypting old files. Although the official site says the software has security issues, independent auditors say the code works perfectly.

Linux

Use your pre-installed GnuPG module through console commands or Kleopatra interface (native in Linux Mint KDE editions). You also can use a Geany text editor for programmers to write and encrypt, decrypt, and sign letters by accessing encryption in “GeanyPG” under the ”Tools” menu. Before using GeanyPG, you must set your encryption correctly.

To set up your PG encryption in ordinary e-mail account, please read this EFF article.

Mac

You can use this EFF article.

Mobile OS

Any mobile smartphone has security problems that may cause you to lose all your coins. For example, this Android security issue made all the wallets generated by Android wallet apps vulnerable to theft. Also, read this CNN article to learn how hackers can break into your mobile phone with a single SMS, or turn on your camera without you noticing.

You cant set everything to work in a safe, encrypted way. When encryption isn’t possible, just be careful with what you install on your phone. Try not to install suspicious software, or apps from sites you can’t trust. Additionally, change your phone’s passwords at least once a month.

OTR Encryption for Chatting

If you wish to use encrypted chat, then XMPP technology might be the best choice for you. Try installing Psi+ client or Pidgin and use OTR plug-ins. Check here for more info.

Antivirus

Any computer user should use antivirus. Take note of the most lightweight and fast firewall, like COMODO or Outpost (you can choose any firewall you like), and combine it with light antivirus software. You can also use complex solutions like Dr.Web Security Space. Keep in mind though, that using antivirus does not mean you have 100% protection. Antivirus will guard your PC from a wide range of viruses from the Internet, but its still just a program and can have issues.

Online Level of Security

security-265130_1920 Firewalls are a good method of online security for Windows users. Linux users also can find one or two firewalls in the Program Manager. But what else should you do to strengthen your online presence?

Passwords

Passwords should be in the forefront of your online security plan. Here are some basic tips for password security:

Make sure you don’t use simple passwords on user profiles. Even setting a middle-strength password can prevent many hackers from stealing your personal data
Dedicate a special partition on your hard drive (remember Gparted?) to store your valuable data and encrypt it (remember TrueCrypt?).
Important rule: don’t ever take any screenshots or photos with seed keys or any other private information! These pictures can be stolen in 1 to 2 mins!

Invent the Password Creating Algorithm

If you have many accounts on many sites, you need to invent an easy way to manage your the passwords. Of course, there are tons of extensions and apps for browsers that allow users to store their passwords, but these services get hacked from time to time. So, it’s better to use your brain for storing passwords by and invent your own “Password Creating Algorithm.”

The Password Creating Algorithm is a logical method of mentally generating passwords in a quick and secured way. One way of doing this is by making a password that describes a website’s notable features like logo, colors and slogans. Also remember to alternate between upper and lower case, a well as adding numbers and symbols.

Another way to create secure passwords is by taking a set of numbers and mixing it with words written backwards. If you speak English in addition to your native language, you can also write words of your native tongue with the English alphabet. If you have a 2-language keyboard, you have almost unlimited possibilities.

Turn Your Browser Into a Fortress

browser-773215_1280 The best choice for safe web browsing is TOR; Firefox with extensions is also a great option. If you’re a fan of a very fast browsing, you also can equip your Opera browser with some useful security extensions.

These extensions are important because they allow you to have control over what happens to your browser when you visit a website. Most sites use cookies, and while they usually do benign things like storing session data, your shopping cart contents, and theme settings, they can also be used to collect your private data or track your activity across the web.

Here are some good extensions to help with browser privacy in Firefox (Opera usually has analogs):

AdBlock Plus: This tool cuts out online ads. You can use its menu to choose what kind of ads you would like to block.
SelfDestructingCookies: This tool makes all your unnecessary, long-living cookies to self-destruct after closing that site’s tab.
Ghostery: Become invisible on the web!
NoScript: A brilliant extension that blocks all the scripts on a page. You can manage the tool’s restriction policy on its menu. Only allow the scripts that are used by the site you are actually visiting, and avoid those provided by third-parties like Facebook, vkontakte and Yahoo.
Zen Mate: The easiest way to use a light proxy to avoid local web restrictions (like in China or Russia).

Don’t Rely on HTTPS/SSL

HTTPS isn’t 100% secure, you can read why the details in this article. The only way to surf in full anonymity is to install TOR and buy a good VPN service. A list of trustworthy VPN providers can be seen here.

Run Your Bitcoin Wallet Through the TOR Network

Tor_logo1 Simply open Network settings of your favorite wallet and set:

Proxy: SOCKS4 or SOCKS5 (preferred),
IP Proxy: 127.0.0.1 (or ”localhost”)
Port: 9150

That’s it! Your Bitcoin wallet will now only work if the Tor Network is available. Don’t forget to turn it on before running the wallet.

Don’t Underestimate Hackers with Social Super-Powers

Hackers could get information about you and your tight wallet from anywhere in the web. Don’t trust people on the web and don’t share any unnecessary info about your crypto-assets via social networks, chats, polls and web forms. Everything is transparent on the web; if you post a picture there, you might as well put it on every large billboard on the planet. It’s easy to track someone’s digital activity, even without being a secret agent.

Don’t Rely Solely on 2FA Apps

Two-factor-authentication is fine, but don’t forget to cover your associated e-mail with a strong password. Otherwise, a hacker can break your e-mail and fool the support desk of 2FA service you use. If a hacker controls your e-mail, he essentially controls your online identity. By simply writing to the support department of a certain site or service, a hacker can convince company staff that he or she is you. If successful, the hacker can change your phone number to his own, and your e-mail too.

Use Unhackable E-Mail Services with PGP Encryption

ball-958950_1920 Regular e-mail is also vulnerable to inner intervention. Employees of your email service’s host company can access your account. However, most of the time companies use this ability to analyze keywords within your e-mails and drop some related ads on your mailbox page — annoying, but not dangerous.

If you’re tired of ”context ads” and corporate rats lurking in the backyard of your virtual post office, use free and encrypted e-mail services like ProtonMail or Tutanota. There is no such thing as a 100% secured system, but those guys are mad about hardcore e-mail encryption. While using services like these, with a support of the inner encryption, you can be confident about your privacy. Even if a ProtonMail or Tutanota worker tries to steal your e-mails, he will only get an unreadable encrypted text. The architecture of this kind of services leaves you without many shiny features available in ordinary mail services, but this is necessary to provide you with a fully encrypted e-mailing mechanism. If you feel you need a good privacy solution for your company or personal use, consider having an e-mail on these two leading platforms.

Have any questions or suggestions about online privacy? Let us know in the comments below!

Images courtesy of

The tips in this article are not necessarily endorsed by Bitcoin.com. Use at your own risk.

Share this story:

Maxim Chesnokov

Maxim is a news journalist from Eastern Europe who works exclusively with Bitcoin.com. He identifies Bitcoin as ''the only hope'' for eliminating the centralized power of global criminals. He listens well to Andreas Antonopoulos' speeches and wants to become The Disruptor of everything centralized.

comments powered by Disqus.

In Case You Missed It

How the IRS Audits Cryptocurrency Tax Returns - Filing Expert Shares Example, Insights on AML Focus

Tax season is one of the most dreaded times of the year for many, and when the added confusion of filing crypto returns is thrown into to the mix, things can get even stickier. News.Bitcoin.com recently talked with Clinton Donnelly ... read more.

Bitcoin Halving Will Drop Inflation Rate Lower Than Central Banks' 2% Target Reference

When Satoshi Nakamoto invented Bitcoin, the creator designed the protocol to be an inflationary currency, one that is predictable as bitcoin’s inflation always decreases every four years. Today, 77 days before the reward halving, BTC’s inflation rate is around 3.6% ... read more.

US Develops Cryptocurrency Intelligence Program Targeting P2P Sites, Forums, Darknet Markets

The U.S. Department of Homeland Security has revealed a cryptocurrency intelligence program aimed at identifying unlicensed crypto businesses using P2P sites, online forums, and darknet markets. These areas have consistently presented "a significant challenge to law enforcement" and the Financial ... read more.

How to Anonymously Buy Bitcoin Online and in Person

Buying bitcoin is a bit like buying contraception: it’s a basic human right, you should be entitled to do so privately, and it’s nobody’s business what you plan to do with it. Whether you’re buying bitcoin to set aside for ... read more.

Bitcoin History Part 24: Celebrating the First Halving in 2012

As the third Bitcoin halvening approaches, a handful of OGs will wistfully recall the first such event, which occurred in November 2012. Back then, following the completion of block 210,000, the mining reward halved from 50 to 25 BTC. To ... read more.

How to Hide Your Bitcoin - Opsec, Anonymity, Cold Storage, Brainwallet, Dexes and Non-Custodials

In an era of increasing economic uncertainty, surveillance, specialized cybercrime and hacking, knowing how to hide bitcoin safely has become a paramount concern for crypto holders. Whether it's by way of taking wise opsec measures, utilizing noncustodial tools, leveraging a ... read more.

China Adopts Security Standards for Blockchain Applications in the Financial Sector

Keeping the focus on blockchain development, banking authorities in China have issued a set of rules pertaining to the secure application of crypto-related technologies in the financial sphere. The new standards, the first of this kind, are to guide the ... read more.

The Bull and Bear Case for Investing in the Top 20 Cryptocurrencies

Should you buy bitcoin or bitcoin cash? Does tezos have further room to grow? Is monero a long-term hold? There are no absolute answers to these questions and no crystal ball to determine which crypto will pull a 5x before ... read more.

Raising $100K for Cashfusion’s Security Audit, Bitcoin.com Matches Donations to Improve BCH Privacy

Bitcoin.com is a proponent of privacy and we have been monitoring Bitcoin Cash projects like Cashshuffle and Cashfusion closely. Last March, Cashshuffle was officially released after a security audit from Kudelski Security, and since then millions of dollars worth of ... read more.

Coinbase Wallet Adds Support for Short and 'Human-Friendly' Cryptocurrency Addresses

One of the scariest features of transacting with cryptocurrency, for many new users, is correctly inputting the long hexadecimal addresses involved. Various individual projects and larger collaborations have tried to tackle this anxiety-inducing issue in different ways, so that bitcoin ... read more.

Government to Airdrop $9 Billion in Free Money to 7 Million Hong Kong Residents

The government of Hong Kong has decided to airdrop about $9 billion in free money to an estimated 7 million residents in the troubled Chinese territory. From a global perspective, this can be seen as a desperate move to stimulate ... read more.

Bitmain Unveils 2 Bitcoin Miners With Max Speeds Up to 110TH/s Per Unit

On Thursday, the China-based mining rig manufacturer Bitmain announced the launch of two new Antminer S19 series models that process between 95 to 110 trillion hashes per second (TH/s). The Antminer S19 Pro model with 110TH/s and 29 joules per ... read more.

UK's FCA Suspends Epayments Service - Over £100M Frozen and Alleged Onecoin Connection

Epayments, one of the largest payment providers in the U.K., has halted operations after the Financial Conduct Authority (FCA) suspended the company for “weaknesses” related to its anti-money-laundering (AML) process. Since Epayments shut down on February 11, customers have been ... read more.

Court Rejects Ripple’s Bid to Dismiss Class Action Lawsuit Filed by XRP Investors

A court case that has the future of XRP at stake continues after Ripple’s motion to dismiss it was rejected by a court in California. The plaintiffs claim that the blockchain company sold the coin as an unregistered security and ... read more.

Lebanon Fights for Separation of Money and State as Residents Use Bitcoin to Evade Capital Controls

Mass unrest in Lebanon due to allegations of political corruption and heavy handed capital controls has carried over into the new year, with reports pointing to a notable uptick in bitcoin trading from the embattled nation. As residents seek to ... read more.

Next Step Mobile Surveillance: How You Walk, Your Heartbeat – Why Bitcoin Matters to Combat Government Privacy Invasion

It may sound like something from a dystopian cyberpunk movie, but payment providers could soon be validating transactions by the way users walk, their heartbeat, veins, and more. Mastercard has recently revealed they "have been testing heartbeat, vein technology, and ... read more.

News

A Simple Security Guide for Avoiding Online Attacks

3 Layers of Personal Security

Physical Level of Security