Why should you be using privacy tools in the digital age? (Part 1)
With both governments and corporate entities trampling over the privacy rights of people throughout much of the world, choosing the right privacy tools is now more important than ever.
Let us answer this question by examining a few trends:
βοΈGlobal surveillance
Mass surveillance technology continues to strengthen and expand around the world β particularly in the United States, United Kingdom, Australia, and other Western countries. (See also the Five Eyes, Nine Eyes & 14 Eyes surveillance alliances.) This trend continues on, regardless of which political party is in office.
βοΈISP Spying
Internet providers often record connection times, metadata, and DNS requests, which gives them every website you visit (unless youβre using a good VPN). In many countries, this is not only legal, but required. See for example in the United Kingdom (with the Investigatory Powers Act), United States (Senate Joint Resolution 34), and now also in Australia (mandatory data retention). A VPN is now essential protection against your internet provider if you want to retain a basic level of online privacy.
βοΈCensorship
The internet is also becoming less free due to censorship efforts and content blocking. Whether it is China, Germany, or the United Kingdom, authorities are working hard to censor content online. This is particularly the case in Europe. The UK is now considering 15 year jail sentences for people who view βoffensiveβ websites.
βοΈMalicious ads & tracking
Websites are increasingly hosting invasive advertisements that also function as tracking. Pop-ups and dangerous βclick-baitβ ads can also deliver malware and take your device over for ransom (ransomware). Malicious ads, which are delivered through third party ad networks, can even be hosted on major websites.
β΄οΈWhile the trends are alarming, there are relatively simple solutions to restore both your privacy and security.
But before we begin, one key consideration is your threat model. How much privacy and security do you need given your unique situation and the adversaries you may face?
Many people, such as every day internet surfers, are seeking protection against advanced tracking online through advertising networks as well as a higher level of online anonymity and security. Others, such as investigative journalists working with sensitive information, would likely opt for an even higher level of protection.
#privacy #tools #security #part1 #why
π‘ @cRyPtHoN_INFOSEC_DE
π‘ @cRyPtHoN_INFOSEC_EN
With both governments and corporate entities trampling over the privacy rights of people throughout much of the world, choosing the right privacy tools is now more important than ever.
Let us answer this question by examining a few trends:
βοΈGlobal surveillance
Mass surveillance technology continues to strengthen and expand around the world β particularly in the United States, United Kingdom, Australia, and other Western countries. (See also the Five Eyes, Nine Eyes & 14 Eyes surveillance alliances.) This trend continues on, regardless of which political party is in office.
βοΈISP Spying
Internet providers often record connection times, metadata, and DNS requests, which gives them every website you visit (unless youβre using a good VPN). In many countries, this is not only legal, but required. See for example in the United Kingdom (with the Investigatory Powers Act), United States (Senate Joint Resolution 34), and now also in Australia (mandatory data retention). A VPN is now essential protection against your internet provider if you want to retain a basic level of online privacy.
βοΈCensorship
The internet is also becoming less free due to censorship efforts and content blocking. Whether it is China, Germany, or the United Kingdom, authorities are working hard to censor content online. This is particularly the case in Europe. The UK is now considering 15 year jail sentences for people who view βoffensiveβ websites.
βοΈMalicious ads & tracking
Websites are increasingly hosting invasive advertisements that also function as tracking. Pop-ups and dangerous βclick-baitβ ads can also deliver malware and take your device over for ransom (ransomware). Malicious ads, which are delivered through third party ad networks, can even be hosted on major websites.
β΄οΈWhile the trends are alarming, there are relatively simple solutions to restore both your privacy and security.
But before we begin, one key consideration is your threat model. How much privacy and security do you need given your unique situation and the adversaries you may face?
Many people, such as every day internet surfers, are seeking protection against advanced tracking online through advertising networks as well as a higher level of online anonymity and security. Others, such as investigative journalists working with sensitive information, would likely opt for an even higher level of protection.
Source: https://restoreprivacy.com/privacy-tools/#privacy #tools #security #part1 #why
π‘ @cRyPtHoN_INFOSEC_DE
π‘ @cRyPtHoN_INFOSEC_EN
The Facebook Dilemma
The promise of Facebook was to create a more open and connected world. But from the companyβs failure to protect millions of usersβ data, to the proliferation of βfake newsβ and disinformation, mounting crises have raised the question:
Is Facebook more harmful than helpful? This major, two-night event investigates a series of warnings to Facebook as the company grew from Mark Zuckerbergβs Harvard dorm room to a global empire. With dozens of original interviews and rare footage, The Facebook Dilemma examines the powerful social media platformβs impact on privacy and democracy in the U.S. and around the world.
π¬π§ πΊ The Facebook Dilemma (Part
https://t.me/BlackBox_Archiv/116
π¬π§ πΊ The Facebook Dilemma (Part
https://t.me/BlackBox_Archiv/117
πΊ https://www.pbs.org/wgbh/frontline/film/facebook-dilemma/
#DeleteFacebook #Frontline #Part1 #Part2 #Podcast #Video
π‘ @cRyPtHoN_INFOSEC_DE
π‘ @cRyPtHoN_INFOSEC_EN
The promise of Facebook was to create a more open and connected world. But from the companyβs failure to protect millions of usersβ data, to the proliferation of βfake newsβ and disinformation, mounting crises have raised the question:
Is Facebook more harmful than helpful? This major, two-night event investigates a series of warnings to Facebook as the company grew from Mark Zuckerbergβs Harvard dorm room to a global empire. With dozens of original interviews and rare footage, The Facebook Dilemma examines the powerful social media platformβs impact on privacy and democracy in the U.S. and around the world.
π¬π§ πΊ The Facebook Dilemma (Part
1)https://t.me/BlackBox_Archiv/116
π¬π§ πΊ The Facebook Dilemma (Part
2)https://t.me/BlackBox_Archiv/117
πΊ https://www.pbs.org/wgbh/frontline/film/facebook-dilemma/
Credits: https://www.pbs.org/wgbh/frontline/film/facebook-dilemma/credits/#DeleteFacebook #Frontline #Part1 #Part2 #Podcast #Video
π‘ @cRyPtHoN_INFOSEC_DE
π‘ @cRyPtHoN_INFOSEC_EN
Android without Google: Take back control! (Part 1)
1. android without data octopus
The article series "Your phone your data" from 2014 has played a major role in the success story of this blog. Many thousands of people wanted to learn how to get rid of Google and regain control of their Android device.
After now five years it is time for a new edition of the article series. Much has changed. Partly for the positive, partly also for the negative. Also the article series "Take back control!" requires a lot of patience and the willingness to say goodbye to one's own comfort - and of course also to the indoctrination of the manufacturers.
The ambitious goal of the article series "Take back control!" can be summarized in one sentence: You as a user should regain control over your Android device and your data. Step by step I will lead you towards this goal. Because it must finally be an end to proprietary apps and (Google) services that merely fool us into believing our independence and self-determination over our data.
2nd Google has long been evil
Directly after switching on our android we are asked to create a Google account or to link the already existing one with the device. We are pushed into the cloud and should not worry about our data, but rather trust the providers or Google "blindly". In return, so to speak, we receive a perfectly coordinated eco-system that can hardly be surpassed in terms of simplicity and convenience, but also in terms of perfidy.
Google's strategy of conquering the market with user-friendly products and services has therefore paid off. Success proves them right. But with this success story, the price paid by the actual users must always be borne in mind. They pay and pay with the data they "produce". However, they are not aware of this "paying with data" because they lack the transparency to see what is actually happening "behind their backs" when using smartphones.
Google is like a junkie, constantly on the lookout for new data sources that will allow the already accumulated data treasures to continue to grow. Google wants to know everything. In an interview with James Bennet, supervisory board chairman Eric Schmidt said:
"With your permission you give us more information about you, about your friends, and we can improve the quality of our searches. We don't need you to type at all. We know where you are. We know where you've been. We can more or less know what you're thinking about."
This remark, already made in 2010, is now more relevant than ever. Android and other Google products and services are perfectly interlocking gears that give the user an illusion of control over his data. Google relies on dark patterns or nudging to hide data protection settings, to mislead users or to prevent them from protecting their privacy with misleading formulations.
...(...)...
Regardless of these "restrictions", we want to achieve the following with our project:
β Complete control over your own data
β Independent and self-determined use of the device
β The decoupling from the Google eco-system
β The exit from the advertising machinery of the manufacturers
β Protection against advertising profiling
https://t.me/BlackBox_Archiv/156
#android #NoGoogle #guide #part1 #kuketz
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
1. android without data octopus
The article series "Your phone your data" from 2014 has played a major role in the success story of this blog. Many thousands of people wanted to learn how to get rid of Google and regain control of their Android device.
After now five years it is time for a new edition of the article series. Much has changed. Partly for the positive, partly also for the negative. Also the article series "Take back control!" requires a lot of patience and the willingness to say goodbye to one's own comfort - and of course also to the indoctrination of the manufacturers.
The ambitious goal of the article series "Take back control!" can be summarized in one sentence: You as a user should regain control over your Android device and your data. Step by step I will lead you towards this goal. Because it must finally be an end to proprietary apps and (Google) services that merely fool us into believing our independence and self-determination over our data.
2nd Google has long been evil
Directly after switching on our android we are asked to create a Google account or to link the already existing one with the device. We are pushed into the cloud and should not worry about our data, but rather trust the providers or Google "blindly". In return, so to speak, we receive a perfectly coordinated eco-system that can hardly be surpassed in terms of simplicity and convenience, but also in terms of perfidy.
Google's strategy of conquering the market with user-friendly products and services has therefore paid off. Success proves them right. But with this success story, the price paid by the actual users must always be borne in mind. They pay and pay with the data they "produce". However, they are not aware of this "paying with data" because they lack the transparency to see what is actually happening "behind their backs" when using smartphones.
Google is like a junkie, constantly on the lookout for new data sources that will allow the already accumulated data treasures to continue to grow. Google wants to know everything. In an interview with James Bennet, supervisory board chairman Eric Schmidt said:
"With your permission you give us more information about you, about your friends, and we can improve the quality of our searches. We don't need you to type at all. We know where you are. We know where you've been. We can more or less know what you're thinking about."
This remark, already made in 2010, is now more relevant than ever. Android and other Google products and services are perfectly interlocking gears that give the user an illusion of control over his data. Google relies on dark patterns or nudging to hide data protection settings, to mislead users or to prevent them from protecting their privacy with misleading formulations.
...(...)...
Regardless of these "restrictions", we want to achieve the following with our project:
β Complete control over your own data
β Independent and self-determined use of the device
β The decoupling from the Google eco-system
β The exit from the advertising machinery of the manufacturers
β Protection against advertising profiling
Read the full guideπ¬π§
https://t.me/BlackBox_Archiv/156
German (original)https://www.kuketz-blog.de/android-ohne-google-take-back-control-teil1/
#android #NoGoogle #guide #part1 #kuketz
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
LineageOS - Take back control! Part2
1. release from the embrace
With the article series "Take back control!" you as a user should regain control over your Android device or your data step by step. A first step towards independence is the change of the manufacturer's own Android system. This will not only get rid of the manufacturer's bloatware, like pre-installed apps and services, but will also free us from Google's close embrace.
We manage this liberation with the free Android operating system LineageOS - a modification of Google's Android and the direct successor of the successful CyanogenMod. With such a custom ROM or alternative system we disconnect ourselves from the manufacturer's own Android systems. The use of LineageOS should bring us one step closer to our goal of regaining data dominance on the Android.
Read the full article (part1) in english:
https://t.me/BlackBox_Archiv/156
Read the full article (part2) in english:
https://t.me/BlackBox_Archiv/273
Source and more infos / read in german:
https://www.kuketz-blog.de/android-ohne-google-take-back-control-teil1/
https://www.kuketz-blog.de/lineageos-take-back-control-teil2/
#android #NoGoogle #LineageOS #guide #part1 #part2 #kuketz
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
1. release from the embrace
With the article series "Take back control!" you as a user should regain control over your Android device or your data step by step. A first step towards independence is the change of the manufacturer's own Android system. This will not only get rid of the manufacturer's bloatware, like pre-installed apps and services, but will also free us from Google's close embrace.
We manage this liberation with the free Android operating system LineageOS - a modification of Google's Android and the direct successor of the successful CyanogenMod. With such a custom ROM or alternative system we disconnect ourselves from the manufacturer's own Android systems. The use of LineageOS should bring us one step closer to our goal of regaining data dominance on the Android.
Read the full article (part1) in english:
https://t.me/BlackBox_Archiv/156
Read the full article (part2) in english:
https://t.me/BlackBox_Archiv/273
Source and more infos / read in german:
https://www.kuketz-blog.de/android-ohne-google-take-back-control-teil1/
https://www.kuketz-blog.de/lineageos-take-back-control-teil2/
#android #NoGoogle #LineageOS #guide #part1 #part2 #kuketz
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
AFWall+: Digital Door Controller - Take back control! (Part 4)
1. firewall
In the last part of the article series "Take back control! we got root rights on our Android system with the help of Magisk. This step was necessary because apps like AFWall+ and AdAway require root rights. https://www.kuketz-blog.de/magisk-bei-der-macht-von-root-take-back-control-teil3/
At this point, we should remember that switching to an alternative operating system like LineageOS does not necessarily protect us from the unwanted outflow of sensitive data. Rather, further adjustments are needed so that we can use the Android smartphone "self-determined". An important component of our defense strategy is the use of a firewall to control the Android's data traffic. Originally, firewalls were primarily intended to protect us from "dangers" from outside. However, this primary purpose of firewalls has changed more and more. Firewalls on client systems now increasingly serve to monitor and control outgoing data connections.
Various firewall solutions exist for Android - but only two are worth mentioning: NetGuard and AFWall+. In this article I present the installation and configuration of AFWall+.
2nd AFWall+
AFWall+ is a front-end for the firewall iptables known from the GNU/Linux world. It enables control over which app or system service should have access to the data network via 2G/3G/LTE/5G, roaming, WiFi or VPN. In my opinion it is an essential part of any rooted Android device to control the unwanted outflow of information.
AFWall+ is relatively easy to use in its basic functionality, as long as you have understood the concept of a firewall. It becomes complicated only with special use cases, which are represented by CustomScripts. If you are looking for a user-friendly alternative to AFWall+ or if you cannot / do not want to root your device, you should take a look at NetGuard.
https://www.kuketz-blog.de/afwall-digitaler-tuervorsteher-take-back-control-teil4/
Read the full guides in english:
(Part1: https://t.me/BlackBox_Archiv/156)
(Part2: https://t.me/BlackBox_Archiv/273)
(Part3: https://t.me/BlackBox_Archiv/322)
#android #NoGoogle #guide #part1 #part2 #part4 #AFWall #kuketz
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
1. firewall
In the last part of the article series "Take back control! we got root rights on our Android system with the help of Magisk. This step was necessary because apps like AFWall+ and AdAway require root rights. https://www.kuketz-blog.de/magisk-bei-der-macht-von-root-take-back-control-teil3/
At this point, we should remember that switching to an alternative operating system like LineageOS does not necessarily protect us from the unwanted outflow of sensitive data. Rather, further adjustments are needed so that we can use the Android smartphone "self-determined". An important component of our defense strategy is the use of a firewall to control the Android's data traffic. Originally, firewalls were primarily intended to protect us from "dangers" from outside. However, this primary purpose of firewalls has changed more and more. Firewalls on client systems now increasingly serve to monitor and control outgoing data connections.
Various firewall solutions exist for Android - but only two are worth mentioning: NetGuard and AFWall+. In this article I present the installation and configuration of AFWall+.
2nd AFWall+
AFWall+ is a front-end for the firewall iptables known from the GNU/Linux world. It enables control over which app or system service should have access to the data network via 2G/3G/LTE/5G, roaming, WiFi or VPN. In my opinion it is an essential part of any rooted Android device to control the unwanted outflow of information.
AFWall+ is relatively easy to use in its basic functionality, as long as you have understood the concept of a firewall. It becomes complicated only with special use cases, which are represented by CustomScripts. If you are looking for a user-friendly alternative to AFWall+ or if you cannot / do not want to root your device, you should take a look at NetGuard.
Source and more infos / read in german
https://www.kuketz-blog.de/afwall-digitaler-tuervorsteher-take-back-control-teil4/
Read the full guides in english:
(Part1: https://t.me/BlackBox_Archiv/156)
(Part2: https://t.me/BlackBox_Archiv/273)
(Part3: https://t.me/BlackBox_Archiv/322)
#android #NoGoogle #guide #part1 #part2 #part4 #AFWall #kuketz
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
F-Droid: Free and Open Source Apps - Take back control! (Part 5)
1. app store with class
By installing LineageOS, we have abandoned our proprietary Android systems and taken control of outbound data traffic with AFWall+. But our journey is far from over, because to get rid of Google and to regain control we have to break away from the Google Play Store.
Most apps from the Google Play Store contain an above-average number of tracker and advertising modules. In the foreseeable future, this business model will probably not change because Android is a self-service data store with which (questionable) developers make a lot of money. Indirectly, Google also earns a lot of money - so Android users can wait in vain for an improvement.
In this article I would like to introduce you to the alternatives App-Store F-Droid. F-Droid is a consumer-friendly alternative to Google's Play Store, which only offers "free" and "open source" apps for download. The two properties "free" and "open source" mean basically nothing else than that the app source code can be viewed, used, changed and further developed by anyone. With its strict "Free Open Source Software (FOSS)" concept, F-Droid clearly sets itself apart from the Google Play Store and other comparable stores.
Source (german) and more info:
https://www.kuketz-blog.de/f-droid-freie-und-quelloffene-apps-take-back-control-teil5/
Translation (english):
https://t.me/BlackBox_Archiv/357
#android #NoGoogle #guide #part1 #part2 #part4 #part5 #fdroid #kuketz
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
1. app store with class
By installing LineageOS, we have abandoned our proprietary Android systems and taken control of outbound data traffic with AFWall+. But our journey is far from over, because to get rid of Google and to regain control we have to break away from the Google Play Store.
Most apps from the Google Play Store contain an above-average number of tracker and advertising modules. In the foreseeable future, this business model will probably not change because Android is a self-service data store with which (questionable) developers make a lot of money. Indirectly, Google also earns a lot of money - so Android users can wait in vain for an improvement.
In this article I would like to introduce you to the alternatives App-Store F-Droid. F-Droid is a consumer-friendly alternative to Google's Play Store, which only offers "free" and "open source" apps for download. The two properties "free" and "open source" mean basically nothing else than that the app source code can be viewed, used, changed and further developed by anyone. With its strict "Free Open Source Software (FOSS)" concept, F-Droid clearly sets itself apart from the Google Play Store and other comparable stores.
Source (german) and more info:
https://www.kuketz-blog.de/f-droid-freie-und-quelloffene-apps-take-back-control-teil5/
Translation (english):
https://t.me/BlackBox_Archiv/357
#android #NoGoogle #guide #part1 #part2 #part4 #part5 #fdroid #kuketz
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
AdAway: Advertising and tracking blocker - Take back control! (Part 6)
1. data collection frenzy
In the last part of the article series I introduced you to the F-Droid Store, where you can get free and open source apps that don't track you or display advertisements. A general recommendation of the article series "Take back control! is therefore:
π‘Get apps only from the F-Droid Store.
However, this advice cannot always be put into practice 1:1. Many users are still dependent on apps from the Play Store or cannot find a viable alternative in the F-Droid Store. Unfortunately, apps from the Google Play Store are not exactly known for their data economy - but rather the opposite. Most apps from the Google Play Store contain third-party software components that display advertisements to the user or track his activity every step of the way. As a normal user, however, you don't have any insight into the app or can't "see" from the outside whether this poses a risk to security and privacy.
Since the apps from the Play Store are often accompanied by a "loss of control", I will introduce you to the AdAway app from the F-Droid Store in this article. With this app, the loss of control can be minimized by putting a stop to the delivery of (harmful) advertising and the outflow of personal data to dubious third-party providers.
2nd AdAway
AdAway is an open source advertising and tracking blocker for Android, which was originally developed by Dominik SchΓΌrmann - currently AdAway is developed by Bruce Bujon. Based on filter lists, connections to advertising and tracking networks are redirected to the local device IP address. This redirection prevents the reloading of advertisements or the transmission of (sensitive) data to third parties.
By the way, AdAway cannot be found in the Play Store because Google no longer allows ad blockers - they simply violate Google's business model. Or to put it another way: Google will not tolerate an app that effectively protects your privacy and security by preventing the reloading of (harmful) advertisements and the outflow of personal data.
Source (π©πͺ) and more info:
https://www.kuketz-blog.de/adaway-werbe-und-trackingblocker-take-back-control-teil6/
Read english translation on TG:
https://t.me/BlackBox_Archiv/376
π‘ @NoGoolag π‘ @BlackBox
#android #NoGoogle #guide #part1 #part2 #part4 #part5 #part6 #AdAway #kuketz
1. data collection frenzy
In the last part of the article series I introduced you to the F-Droid Store, where you can get free and open source apps that don't track you or display advertisements. A general recommendation of the article series "Take back control! is therefore:
π‘Get apps only from the F-Droid Store.
However, this advice cannot always be put into practice 1:1. Many users are still dependent on apps from the Play Store or cannot find a viable alternative in the F-Droid Store. Unfortunately, apps from the Google Play Store are not exactly known for their data economy - but rather the opposite. Most apps from the Google Play Store contain third-party software components that display advertisements to the user or track his activity every step of the way. As a normal user, however, you don't have any insight into the app or can't "see" from the outside whether this poses a risk to security and privacy.
Since the apps from the Play Store are often accompanied by a "loss of control", I will introduce you to the AdAway app from the F-Droid Store in this article. With this app, the loss of control can be minimized by putting a stop to the delivery of (harmful) advertising and the outflow of personal data to dubious third-party providers.
2nd AdAway
AdAway is an open source advertising and tracking blocker for Android, which was originally developed by Dominik SchΓΌrmann - currently AdAway is developed by Bruce Bujon. Based on filter lists, connections to advertising and tracking networks are redirected to the local device IP address. This redirection prevents the reloading of advertisements or the transmission of (sensitive) data to third parties.
By the way, AdAway cannot be found in the Play Store because Google no longer allows ad blockers - they simply violate Google's business model. Or to put it another way: Google will not tolerate an app that effectively protects your privacy and security by preventing the reloading of (harmful) advertisements and the outflow of personal data.
Source (π©πͺ) and more info:
https://www.kuketz-blog.de/adaway-werbe-und-trackingblocker-take-back-control-teil6/
Read english translation on TG:
https://t.me/BlackBox_Archiv/376
π‘ @NoGoolag π‘ @BlackBox
#android #NoGoogle #guide #part1 #part2 #part4 #part5 #part6 #AdAway #kuketz
Two keys for all eventualities - Nitrokey (Part1)
1. increased safety requirements
The protection of digital identity is more important today than ever. Stolen online accounts can cause considerable damage if they are stolen and left in the wrong hands. At the same time, the number of data breaches is rising steadily - hardly a week goes by without at least one database of stolen accounts (user name and password) appearing somewhere on the Internet. In the worst case, the provider concerned did not protect the user passwords used or only inadequately protected them with a (cryptographic) hash function that was considered insecure.
Too often secret information falls into the wrong hands and the checking system cannot recognize whether Hildegard MΓΌller is actually Hildegard MΓΌller or whether her account data is being misused by a third party. A remedy against account misuse is to check additional properties or information via two-factor authentication (2FA), which is also controlled by so-called security tokens.
Security tokens or USB security sticks (Security Keys), however, offer other functions in addition to the 2FA that can contribute to increasing (personal) security. Among other things, the private key for e-mail or hard disk encryption can be securely stored on the stick. Such and other application scenarios are presented in the article series "Nitrokey" using the Nitrokey as an example.
2nd Nitrokey
Nitrokey is an open-source USB stick that enables secure encryption and signing of data, among other things. Depending on the Nitrokey version, such a USB stick supports different application scenarios:
ππΌ S/MIME email and disk encryption (X.509, PKCS#11)
ππΌ OpenPGP/GnuPG Email Encryption
ππΌ Login or authentication via two-factor authentication
ππΌ One-Time-Password (English)
ππΌ Universal Second Factor (U2F) via FIDO-Standard
ππΌ Integrated password manager
ππΌ Encrypted storage space on the USB stick (+Hidden Volumes)
ππΌ Possibility to update the firmware
The Nitrokey variants also differed in the supported cryptosystems, key lengths and Co..:
ππΌ RSA key lengths from 1024 - 4096 bits
ππΌ ECC key length from 192 - 521 bit
ππΌ Number of key pairs that can be stored on the stick 3 / 38
ππΌ Elliptical curve algorithms NIST P, Brainpool, Curve25519 and SECG/Koblitz
β οΈ Advice:
Only the Nitrokey Start controls the elliptical curve Curve25519, which is one of the SaveCurves - the only curve where the choice of curve is completely transparent and therefore back doors can practically be excluded.
English translation:
https://t.me/BlackBox_Archiv/404
Source and more info (german):
https://www.kuketz-blog.de/zwei-schluessel-fuer-alle-faelle-nitrokey-teil1/
#Nitrokey #SecurityKeys #usb #guide #kuketz #part1
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
π‘@FLOSSb0xIN
1. increased safety requirements
The protection of digital identity is more important today than ever. Stolen online accounts can cause considerable damage if they are stolen and left in the wrong hands. At the same time, the number of data breaches is rising steadily - hardly a week goes by without at least one database of stolen accounts (user name and password) appearing somewhere on the Internet. In the worst case, the provider concerned did not protect the user passwords used or only inadequately protected them with a (cryptographic) hash function that was considered insecure.
Too often secret information falls into the wrong hands and the checking system cannot recognize whether Hildegard MΓΌller is actually Hildegard MΓΌller or whether her account data is being misused by a third party. A remedy against account misuse is to check additional properties or information via two-factor authentication (2FA), which is also controlled by so-called security tokens.
Security tokens or USB security sticks (Security Keys), however, offer other functions in addition to the 2FA that can contribute to increasing (personal) security. Among other things, the private key for e-mail or hard disk encryption can be securely stored on the stick. Such and other application scenarios are presented in the article series "Nitrokey" using the Nitrokey as an example.
2nd Nitrokey
Nitrokey is an open-source USB stick that enables secure encryption and signing of data, among other things. Depending on the Nitrokey version, such a USB stick supports different application scenarios:
ππΌ S/MIME email and disk encryption (X.509, PKCS#11)
ππΌ OpenPGP/GnuPG Email Encryption
ππΌ Login or authentication via two-factor authentication
ππΌ One-Time-Password (English)
ππΌ Universal Second Factor (U2F) via FIDO-Standard
ππΌ Integrated password manager
ππΌ Encrypted storage space on the USB stick (+Hidden Volumes)
ππΌ Possibility to update the firmware
The Nitrokey variants also differed in the supported cryptosystems, key lengths and Co..:
ππΌ RSA key lengths from 1024 - 4096 bits
ππΌ ECC key length from 192 - 521 bit
ππΌ Number of key pairs that can be stored on the stick 3 / 38
ππΌ Elliptical curve algorithms NIST P, Brainpool, Curve25519 and SECG/Koblitz
β οΈ Advice:
Only the Nitrokey Start controls the elliptical curve Curve25519, which is one of the SaveCurves - the only curve where the choice of curve is completely transparent and therefore back doors can practically be excluded.
English translation:
https://t.me/BlackBox_Archiv/404
Source and more info (german):
https://www.kuketz-blog.de/zwei-schluessel-fuer-alle-faelle-nitrokey-teil1/
#Nitrokey #SecurityKeys #usb #guide #kuketz #part1
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
π‘@FLOSSb0xIN
GnuPG Key Generation and Smartcard Transfer - Nitrokey (Part 1 and 2)
1. key material
Depending on the version, a Nitrokey supports different application scenarios. In this article of the article series "Nitrokey" I describe the commissioning of a Nitrokey under GNU/Linux and the following GnuPG key generation. An (RSA) key pair is a basic requirement for the two application scenarios OpenPGP/GnuPG e-mail encryption and OpenSSH public key authentication.
The procedure described for creating a (RSA) key pair and then transferring it to the smart card of the Nitrokey should also be transferable to other security tokens such as the YubiKey.
Full English translation Nitrokey (part 1):
https://t.me/BlackBox_Archiv/404
Full English translation Nitrokey (part 2):
https://t.me/BlackBox_Archiv/415
Source and more info (German):
Part 1:
https://www.kuketz-blog.de/zwei-schluessel-fuer-alle-faelle-nitrokey-teil1/
Source and more info (German):
Part 2:
https://www.kuketz-blog.de/gnupg-schluesselerstellung-und-smartcard-transfer-nitrokey-teil2/
#Nitrokey #SecurityKeys #usb #guide #kuketz #part1 #part2
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
1. key material
Depending on the version, a Nitrokey supports different application scenarios. In this article of the article series "Nitrokey" I describe the commissioning of a Nitrokey under GNU/Linux and the following GnuPG key generation. An (RSA) key pair is a basic requirement for the two application scenarios OpenPGP/GnuPG e-mail encryption and OpenSSH public key authentication.
The procedure described for creating a (RSA) key pair and then transferring it to the smart card of the Nitrokey should also be transferable to other security tokens such as the YubiKey.
Full English translation Nitrokey (part 1):
https://t.me/BlackBox_Archiv/404
Full English translation Nitrokey (part 2):
https://t.me/BlackBox_Archiv/415
Source and more info (German):
Part 1:
https://www.kuketz-blog.de/zwei-schluessel-fuer-alle-faelle-nitrokey-teil1/
Source and more info (German):
Part 2:
https://www.kuketz-blog.de/gnupg-schluesselerstellung-und-smartcard-transfer-nitrokey-teil2/
#Nitrokey #SecurityKeys #usb #guide #kuketz #part1 #part2
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
Telegram
BlackBox (Security) Archiv
Two keys for all eventualities - Nitrokey (Part1)
1. increased safety requirements
The protection of digital identity is more important today than ever. Stolen online accounts can cause considerable damage if they are stolen and left in the wrong hands.β¦
1. increased safety requirements
The protection of digital identity is more important today than ever. Stolen online accounts can cause considerable damage if they are stolen and left in the wrong hands.β¦
Forwarded from BlackBox (Security) Archiv
Shelter: Isolate Big Brother apps - Take back control! (Part 7)
1. Big Data
The collection, processing and analysis of as much information as possible is Big Dataβs core business. In this non-transparent data processing, which is determined by algorithms, personal rights are hardly taken into consideration. This dilemma becomes particularly clear in the Android world: Apps access personal data uninhibitedly and send it unsolicited to the most diverse protagonists. This is exactly what the article series βTake back control!β wants to protect against.
Another piece of the puzzle to achieve this goal is the App Shelter, which locks selected Android apps in a sandbox, depriving them of access to phone books, calendars, images and other data. Curious apps can thus be denied access to sensitive user data.
π‘ This article is part of a series of articles:
β Android without Google: Take back control! Part 1
β LineageOS - Take back control! Part2
β Magisk: By the power of Root - Take back control! Part 3 (not yet translated)
β AFWall+: Digital Door Controller - Take back control! Part 4
β F-Droid: Free and Open Source Apps - Take back control! Part 5
β AdAway: Advertising and tracking blocker - Take back control! Part 6
β Shelter: Isolate Big Brother apps - Take back control! Part 7
2. Shelter
Shelter is an open source app for Android that can be downloaded from the App-Store F-Droid. Alternatively the app can be downloaded via GitHub or the Google Play Store.
To separate apps, Shelter uses the Android work profiles that Google introduced as early as 2015 to separate private data from business content or apps. The work profile is a specially isolated area in which, for example, data-hungry apps can be stored. In addition to the normal environment in which all apps are normally located, Shelter creates another workspace that is logically separated from the other workspace. From this bunker (Shelter) apps can not access data which are in the normal environment - but all data of apps which are also stored or locked in the Shelter.
ππΌ Read the fully translated guide:
https://rwtxt.lelux.fi/blackbox/shelter-isolate-big-brother-apps-take-back-control-part-7
ππΌ Source π©πͺ:
https://www.kuketz-blog.de/shelter-big-brother-apps-isolieren-take-back-control-teil7/
#android #NoGoogle #guide #part1 #part2 #part4 #part5 #part6 #part7 #kuketz
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
1. Big Data
The collection, processing and analysis of as much information as possible is Big Dataβs core business. In this non-transparent data processing, which is determined by algorithms, personal rights are hardly taken into consideration. This dilemma becomes particularly clear in the Android world: Apps access personal data uninhibitedly and send it unsolicited to the most diverse protagonists. This is exactly what the article series βTake back control!β wants to protect against.
Another piece of the puzzle to achieve this goal is the App Shelter, which locks selected Android apps in a sandbox, depriving them of access to phone books, calendars, images and other data. Curious apps can thus be denied access to sensitive user data.
π‘ This article is part of a series of articles:
β Android without Google: Take back control! Part 1
β LineageOS - Take back control! Part2
β Magisk: By the power of Root - Take back control! Part 3 (not yet translated)
β AFWall+: Digital Door Controller - Take back control! Part 4
β F-Droid: Free and Open Source Apps - Take back control! Part 5
β AdAway: Advertising and tracking blocker - Take back control! Part 6
β Shelter: Isolate Big Brother apps - Take back control! Part 7
2. Shelter
Shelter is an open source app for Android that can be downloaded from the App-Store F-Droid. Alternatively the app can be downloaded via GitHub or the Google Play Store.
To separate apps, Shelter uses the Android work profiles that Google introduced as early as 2015 to separate private data from business content or apps. The work profile is a specially isolated area in which, for example, data-hungry apps can be stored. In addition to the normal environment in which all apps are normally located, Shelter creates another workspace that is logically separated from the other workspace. From this bunker (Shelter) apps can not access data which are in the normal environment - but all data of apps which are also stored or locked in the Shelter.
ππΌ Read the fully translated guide:
https://rwtxt.lelux.fi/blackbox/shelter-isolate-big-brother-apps-take-back-control-part-7
ππΌ Source π©πͺ:
https://www.kuketz-blog.de/shelter-big-brother-apps-isolieren-take-back-control-teil7/
#android #NoGoogle #guide #part1 #part2 #part4 #part5 #part6 #part7 #kuketz
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
Forwarded from BlackBox (Security) Archiv
Web Security and Web Hacking for Beginners
Welcome to the course on βWeb Security and Web Hacking for Beginnersβ. This course is designed for beginners who wants to start their journey in web security and web hacking.
ππΌ Part 1 (Introduction - 4 videos)
ππΌ Part 2 (Deeper understanding of Web Security - 2 videos)
ππΌ Part 3 (Various attacks on Web Security - 9 videos)
ππΌ Part 4 (Conclusion - 1 video)
π‘Each video comes with additional (English) subtitles
This course is basically designed by taking into account that you donβt have idea about web security and you want to learn basic concept and then directly jump into action. Concepts like URL, HTTP, HTTPs etc. are explained to make student comfortable with the concept that we are going to use and then jump directly to action content like SQL injection, XSS, DDoS, etc. We want to make sure that you learn basics at the same time you donβt miss action while learning basics.
#video #tutorial #web #security #hacking #beginners #part1#part2 #part3 #part4
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Welcome to the course on βWeb Security and Web Hacking for Beginnersβ. This course is designed for beginners who wants to start their journey in web security and web hacking.
ππΌ Part 1 (Introduction - 4 videos)
ππΌ Part 2 (Deeper understanding of Web Security - 2 videos)
ππΌ Part 3 (Various attacks on Web Security - 9 videos)
ππΌ Part 4 (Conclusion - 1 video)
π‘Each video comes with additional (English) subtitles
This course is basically designed by taking into account that you donβt have idea about web security and you want to learn basic concept and then directly jump into action. Concepts like URL, HTTP, HTTPs etc. are explained to make student comfortable with the concept that we are going to use and then jump directly to action content like SQL injection, XSS, DDoS, etc. We want to make sure that you learn basics at the same time you donβt miss action while learning basics.
#video #tutorial #web #security #hacking #beginners #part1#part2 #part3 #part4
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag