Différences

Ci-dessous, les différences entre deux révisions de la page.

--- tech:privacy_and_security_online [2024/10/05] – [Choosing a trustworthy provider] Mathieu
+++ tech:privacy_and_security_online [2024/10/05] (Version actuelle) – [Backing Up and Managing Personal Data] Mathieu
@@ Ligne 4: / Ligne 4: @@
 Our lives are increasingly dependent on the internet and the data we associate with our identities. **Many of us still approach this situation naively**, without a clear understanding of what their online identity represents, the data connected to it, or the risks involved.
+<WRAP center round help 60%>
+Une version française de cette page [[tech:vie_privee_et_securite|se trouve ici]]
+</WRAP>
 Use the information found here at your own risk: **my advice and suggestions should never replace your understanding of the issues** and a strategy tailored to your particular situation. I believe them to be relevant, but **applying them without understanding could lead to more insecurity** than anything else.
@@ Ligne 86: / Ligne 91: @@
 ==== TOR network ====
 <wrap danger>zone 3</wrap>
@@ Ligne 92: / Ligne 98: @@
 </WRAP>
-[[https://www.torproject.org/|TOR]], also known as the //onion network//, routes your internet traffic through several servers (or "nodes") before it reaches its final destination. This makes it much more difficult, if not practically impossible, for anyone to identify the source of the traffic. You may have heard of it in the context of the //dark web//, for which TOR is one of the main protocols. The term is clearly intended to demonize anonymous and secure internet usage, but the phenomenon it describes—parts of the internet inaccessible to both private and state surveillance—does indeed exist. {{:tech:tor-logo-2011-flat.svg.png?nolink&200|}}
+[[https://www.torproject.org/|TOR]], also known as the //onion network//, routes your internet traffic through several servers (or "nodes") before it reaches its final destination. This makes it much more difficult, if not practically impossible, for anyone to identify the source of the traffic. You may have heard of it in the context of the //dark web//, for which TOR is one of the main protocols. The term is clearly intended to demonize anonymous and secure internet usage, but the phenomenon it describes—parts of the internet inaccessible to both private and state surveillance—does indeed exist.
+{{ :tech:tor-logo-2011-flat.svg.png?nolink&200|}}
 **This solution is by far the most secure and anonymous for connecting to the internet**. However, it comes with significant constraints:
@@ Ligne 120: / Ligne 128: @@
 If you're looking for an easy replacement for Chrome, Edge, or Safari without worrying about configuration, it's probably the best solution.
-However, there are reasons you might not want to choose Brave, starting with its integration of a cryptocurrency system((which can easily be disabled)). Some users prefer to avoid Chromium-based solutions, so as not to contribute to the near-monopoly of WebKit((the underlying web rendering engine)) on the web, much like the days of Internet Explorer.
+However, there are reasons you might not want to choose Brave, starting with its integration of a cryptocurrency system((which can easily be disabled)). Some users prefer to avoid Chromium-based solutions, so as not to contribute to the near-monopoly of Blink((the underlying web rendering engine)) on the web, much like the days of Internet Explorer.
 ===== Firefox =====
@@ Ligne 128: / Ligne 136: @@
 {{ :tech:firefox_logo_2019.png?nolink&100|}}
-Firefox also has the advantage of promoting web diversity and interoperability, as it is based on a different engine than Chromium/WebKit.
+Firefox also has the advantage of promoting web diversity and interoperability, as it is based on a different engine than Chromium/Blink.
 Its default configuration is insufficient (from an ASP perspective). Here are [[tech:ffconf|some configuration tips]] to optimize your situation, along with a few useful extensions for this purpose.
@@ Ligne 180: / Ligne 188: @@
 </WRAP>
-{{:tech:screenshot_20230620-213126.png?nolink&400 |}}
+{{ :tech:screenshot_20230620-213126.png?nolink&400 |}}
 Once you’ve chosen a password, I suggest testing it on [[https://www.security.org/how-secure-is-my-password/|How secure is my password?]]
+==== Two-Factor Authentication - 2FA ====
+<wrap caution>zone 2</wrap>
+Two-factor authentication((commonly referred to as "2FA", for //Two-Factor Authentication//)) is a technique used to enhance the security of an account. To authenticate, it’s no longer enough to know the account's password, which could be compromised, but you must also **prove possession of a secret**. {{ :tech:google_authenticator_april_2023_.svg.png?nolink&200|}}
+You’ve likely encountered this before, for instance, when websites send you a code via SMS when logging in. This is an extremely effective technique if implemented properly, and **you should enable it whenever possible**.
+There are several implementations of 2FA, and while **all are more secure than single-factor authentication**, they are not equally effective:
+  * **SMS**: Often imposed, especially by banks, this is the weakest form of 2FA. The security and privacy of SMS are a joke, and it’s easy for an attacker to gain access. This method could also cause problems when trying to log in from an area with no cell network or if you lose your phone. It's favored((wrongly, in my opinion)) by institutions because it’s an easily accessible and familiar technology for most people.
+  * **Email**: Working on the same principle as SMS-based 2FA, it's much less popular but significantly more secure.
+  * **TOTP**: You might be familiar with [[https://en.wikipedia.org/wiki/Google_Authenticator|Authenticator]], the app developed by Google((but entirely open-source)), which gives you 6-digit codes for each registered service that change at regular intervals. This implementation, known as **TOTP**((Time-based One-Time Password)), is **much more secure than SMS or email**, while still being fairly widespread. Moreover, you're not required to use Google’s app. Though open-source, it’s not very ergonomic. I recommend [[https://2fas.com/|2FAS]], which is open-source, more user-friendly, and gives you greater control over your secrets.
+  * **Physical keys**: You can also use physical keys with the U2F((Universal 2nd Factor)) or FIDO((Fast IDentity Online)) protocols, such as those sold by [[https://www.yubico.com/|Yubico]]. This is undoubtedly the simplest and most secure method to use, but it's not supported everywhere. Be sure to **have a backup key**, just like with your house keys!
+<WRAP center round info 90%>
+**To summarize:** Use 2FA whenever possible. Prefer physical keys and TOTP where available, but email and SMS are better than nothing.
+</WRAP>
+<WRAP center round tip 90%>
+You can use **a physical key or a TOTP token in Bitwarden**.
+</WRAP>
+====== Communicating ======
+===== Emails =====
+Email is **one of the oldest internet protocols**. As such, it was designed in a completely different context than the one we know today—a world where data theft, identity theft, and spam hardly existed—and is absolutely not built to address these challenges.
+However, **email is at the heart of our digital identity**: we use it to authenticate with banks or governments, receive confidential data, reset passwords... For most people, **a security breach on their primary email is a potential disaster**, putting all important accounts at risk.
+Beyond the security issue, privacy is also crucial with email. Without going as far as this [[https://www.presse-citron.net/ancien-employe-de-yahoo-a-pirate-plus-de-6-000-comptes-chercher-nudes/|grim story of Yahoo Mail technicians accessing intimate photos]], **all the content of your emails is scanned to gather data about you, sell it, target you, and profit from it**.
+There are several ways to protect yourself from this intrusion, such as [[tech:self-hosted_mail-server|self-hosting your email]] or encrypting them systematically (<wrap danger>zone 3+</wrap>), but these are usually cumbersome and difficult to implement.
+==== Secure Providers ====
+<wrap safety>zone 1</wrap>
+A simpler solution is to switch to **a secure email provider that respects your privacy**. These are few in number and often paid, but they make **a significant difference** to your ASP.
+  * {{ :tech:proton.png?nolink&150|}}[[https://proton.me/|Proton Mail]] is a service that automatically encrypts your emails, enabling end-to-end encryption between users of the platform((and with any recipient, as long as they know how to use GPG)), based in Switzerland((which has much more protective privacy laws than the USA)), and does not require personal information to sign up((It's possible to pay anonymously if necessary)). They offer a free plan, likely sufficient for most people, as well as several paid plans, with more storage, the ability to use your own domain name, and other features. It's an **excellent service**, easy to migrate to from another provider, especially //Gmail//, and very simple to use.
+  * [[https://tutanota.com|Tutanota]] is a similar service, also offering a limited free plan. It's slightly more innovative((the encryption used does not rely on GPG and seeks to overcome its limitations)) but also a bit harder to access, making fewer concessions to user-friendliness.
+  * [[https://riseup.net/en|Riseup]] is an activist collective, with anarchist leanings, that provides free, secure communication services for activists (on the left!). It's probably the only free provider robust enough to be recommended here.
+==== Anonymous and Secure Email ====
+<wrap danger>zone 3</wrap>
+Using the providers above places you in an infinitely better situation, from an ASP standpoint, than any mainstream provider, but **this does not guarantee complete anonymity**. For instance, [[https://thehackernews.com/2021/09/protonmail-shares-activists-ip-address.html|Proton was recently in the news for logging the IP address of a French environmental activist at the request of authorities]].
+This doesn’t give authorities access to the content of their emails, but it can still endanger a person or their activities. If you're concerned about this type of anonymity and want **something more absolute** than what the above providers offer by default, here are a few tips:
+  * With the **TOR browser**, connect to [[https://proton.me/tor|Proton Mail's onion service]] and create a free email account. Choose an identifier with no connection to you((for example, a random word and a number between 0001 and 9999: ''glacis9456'')) and a strong password, which will immediately be stored in a password manager,
+  * **Do not reveal** this email’s existence to anyone, let alone its connection to you,
+  * **Never** use this email outside of TOR, and **always** use the onion service to access it,
+  * **Never** use this email for any activity related to you, even remotely.
+Such an email account won't be useful for everyday life, but if you need **a truly secure and anonymous means of communication**, this is probably one of the easiest and most effective methods.
+===== Instant Messaging =====
+The other major axis of online communication is instant messaging: Messenger, WhatsApp, Telegram, Signal, to name the most well-known.
+{{ :tech:signal.png?nolink&150|}}The situation has greatly improved over the past few years in this area, with **end-to-end encryption** being integrated into all major services. However, not all these services are equal: **some collect metadata about you, others retain the encryption keys to your data**, or rely on proprietary software for encryption.
+To keep it simple, as much as possible, **use [[https://signal.org|Signal]]**, the only one of these services that collects no metadata, and relies entirely on open-source software on both the server and client side. The only real issue with Signal is that it requires a phone number to create an account, which excludes true anonymity.
+If you can’t use Signal (for example, if your contacts don’t use it), make sure to enable end-to-end encryption in the settings of your messaging app.
+====== Backing Up and Managing Personal Data ======
+<wrap caution>zone 2</wrap>
+**Backing up your data online**, using services like Google Drive, Dropbox, or OneDrive might seem like a good idea from a security standpoint. These services offer several useful features on top of the security provided by backups.
+However, there are several problems with this approach:
+  * **All your data will be scanned**, indexed, and used to profile you and generate profit,
+  * **A synchronization service is not a backup**, and cannot replace one. If you accidentally delete an important file, it will also be deleted from your online sync. If ransomware encrypts your files to extort money in exchange for the decryption key, this encryption will also be propagated to your online sync.
+That being said, **maintaining an up-to-date backup of your data is crucial for security**, unless you have no important data stored digitally.
+Several approaches can help circumvent these issues:
+  * Making backups on **physical media**, such as external hard drives or USB keys. This is a viable approach, but it becomes quite complex when considering the need for regular backups, stored off-site to protect against risks like theft or fire. **This approach requires a lot of discipline and regular rotation of media**, making it a fragile and difficult strategy to implement.
+  * Using an online service, such as those mentioned above, but **encrypting your data** before uploading it to the service. This is a perfectly viable approach, though somewhat complex. You won’t be able to rely on the built-in sync features of mainstream services, and you’ll lose access to features that require unencrypted files (such as sharing or online editing). If you choose this route, it's better to use a "bucket" service like AWS, which will cost less and be better suited for this use case. I personally use [[https://www.backblaze.com/b2/cloud-storage.html|Backblaze B2]],
+{{ :tech:nextcloud_logo.svg.png?nolink&200 |}}.
+  * <wrap danger>zone 3</wrap> Self-hosting your own data storage, synchronization, sharing, and editing service, using a tool like [[https://nextcloud.com|NextCloud]]. This solution is by far the most complex, but it's also the one that gives you the best of both worlds: complete control over your data security, along with sharing and editing features. However, this route is **far more technically demanding** than the previous two.
+====== Going Further ======
+These general tips cover the essential daily concerns regarding ASP, and applying them will place you in a far better position than you likely are by default.
+However, if these issues are important to you, many other stones deserve to be turned.
+==== A Secure Operating System ====
+The operating systems of our computers and phones can have a major impact on our security and privacy:
+  * **Windows is notoriously insecure**, though the situation has improved considerably. Its code is also almost entirely proprietary, and it spies on you without hesitation. In short, avoid it if you care about these issues,
+  * **Mac OS is relatively secure by default**, and far more so than Windows. However, in terms of privacy, Apple’s practices are just as questionable as those of Microsoft.
+  * <wrap caution>zone 2</wrap> Linux is uncommon on desktop computers, and it has a reputation for being difficult((it’s not really that hard, but it certainly requires learning a new paradigm)). It's open-source, which gives it a structural advantage, but **it’s not particularly secure by default**. However, **it's an excellent starting point** for securing your system and controlling your data, for example by encrypting the entire installation.
+  * <wrap danger>zone 3+</wrap> Some **Linux distributions are specialized in security and anonymity**, such as [[https://tails.boum.org|Tails]] or [[https://www.qubes-os.org/|Qubes OS]], **both extremely secure systems that allow for advanced anonymity**, at the cost of significant constraints.
+  * **On smartphones**, the situation is a bit more complex:
+    * By default, **iOS is more secure than most "stock" Android systems** provided by manufacturers,
+    * "Stock" Android, as distributed by Google on Pixel devices and occasionally by some third-party manufacturers (One+, Oppo, Motorola), is on par with iOS in terms of security, but gives you more freedom to do more,
+    * <wrap danger>zone 3</wrap> There are **third-party Android ROMs** that can be installed on certain devices and are focused on security: **[[https://grapheneos.org/|GrapheneOS]] and [[https://calyxos.org/|CalyxOS]]** are particularly notable. These systems are generally more secure than stock Android, but being small projects, they expose you to delayed updates or the risk of disappearing without notice,
+    * **The cellular network itself is a security flaw**, as it **constantly tracks your location**. This location data is not hard to obtain and is available to anyone for a small price,
+    * <wrap caution>zone 2</wrap> A //dumb phone// protects you from the software profiling of apps and services on your smartphone but does not protect you from being located through the cellular network,
+    * <wrap danger>zone 3+</wrap> If you need an anonymous phone that’s hard to track, you can consider using a **prepaid phone**, keeping the number secret, and using the SIM card only to access the data network. You can then use a **VoIP service** over this data network. Note that you are still fully locatable; this just makes it harder to associate you with your cellular number.
+==== Self-Hosting ====
+<wrap danger>zone 3</wrap>
+To avoid entrusting your data and its security to third parties, **one possible approach is to self-host**((yourself or a trusted third party)) **all the services that handle your data**, from email and backups to streaming movies or music.
+This is an approach that’s **very effective but requires a lot of time and work**. For most people, it’s impractical—too difficult, too time-consuming, and perhaps even too risky, as the security of these systems depends entirely on your own knowledge and diligence.
+If this is a path you want to take, I recommend sharing the efforts with a few friends to distribute the work and responsibilities. You'll learn a lot along the way, but you’ll also likely experience some lonely moments :)
+<WRAP center round alert 90%>
+<wrap danger>zone 3+++</wrap> Do not attempt to [[tech:self-hosted_mail-server|self-host your email]] without solid experience with Linux, hosting other web services, command-line tools, strong programming knowledge, and a tested, proven backup plan.
+This is an especially hostile sector, and any configuration error will be exploited faster than you think, potentially within minutes of your mail server going live. **Likely causing significant damage to both you and third parties**.
+</WRAP>
+==== Everything Else ====
+I’ve tried to cover the main issues of online security and anonymity, but each application and service we use is likely to expose us to new risks.
+Applying these tips should give you a solid foundation and a good sense of online security, enabling you to generalize them to other situations. The core principles remain the same, and similar techniques apply:
+  * Prioritize **open-source software and protocols**,
+  * **Limit the permissions** granted to third parties to the bare minimum necessary,
+  * **Minimize exposure** of your data as much as possible,
+  * Identify your needs, **model the risks** you face,
+  * **Know the limitations** of the security measures you rely on,
+  * **Formalize and systematize** your security practices to minimize human error.
+==== Modeling Risks and Developing Appropriate Strategies ====
+These tips are broad, and you may be wondering what is relevant or not in your situation. I won’t delve deeply into risk modeling here, but here are three profiles to help you identify your position:
+=== General Public ===
+<wrap safety>zone 1</wrap>
+You don’t have anything specific to hide, don’t handle sensitive data, and don’t want to invest a lot of time, effort, or money into these issues. You have no reason to be specifically targeted, either by a government or a private actor. **Your main concern is to avoid overly intrusive profiling and protect yourself from criminal attacks**.
+  * Use a password manager and activate 2FA where available,
+  * Use the Brave browser, or configure Firefox if you prefer to support web diversity,
+  * Move your email to Proton Mail,
+  * Think about a backup system for your data, keeping in mind that backups and syncs are not the same.
+=== Increased Security Needs ===
+<wrap caution>zone 2</wrap>
+You are involved in **activism**, handle **sensitive data**, or for some reason, are at risk of being **targeted by malicious actors**:
+  * In addition to a password manager, ensure you only use services compatible with 2FA and that offer either TOTP or physical keys,
+  * Besides transferring your email to a secure service, learn to use [[https://en.wikipedia.org/wiki/GPG|GPG]] and the concept of asymmetric encryption. Ensure your correspondents also use secure services.
+  * Keep up-to-date, encrypted backups, with at least one stored off-site.
+=== Healthy Paranoia ===
+<wrap danger>zone 3</wrap>
+If you suffer from healthy paranoia, whether justified by your activities or the surveillance you’re under, or simply by your own twisted mind, the tips on this page are, of course, applicable but probably not enough. At a minimum, you should:
+  * **Encrypt all your data**, even locally,
+  * Master GPG, asymmetric encryption, and apply a strict policy of encryption and signature,
+  * Have **an anonymous email** created and accessed exclusively via TOR,
+  * Use **a free operating system**, such as Linux, **and** harden its default security settings with TOR, SELinux, and various [[https://privsec.dev/posts/linux/desktop-linux-hardening/|hardening techniques]],
+  * Consider using **a security and anonymity-focused OS, like [[https://tails.boum.org/|Tails]]**,
+  * Leave or at least severely compartmentalize social networks,
+  * Learn to use **anonymity-oriented cryptocurrency**, like [[https://www.getmonero.org/|Monero]],
+  * Stay actively informed about technologies that keep you secure. If an encryption algorithm or service you use is compromised, you want to know about it before a malicious actor exploits it against you.
+==== Resources ====
+If you're looking for relevant resources on these topics, you can check out:
+  * The [[https://www.eff.org/|Electronic Frontier Foundation]] is probably the most important organization addressing these issues,
+  * They provide several practical tools:
+    * [[https://atlasofsurveillance.org/|Atlas of Surveillance]],
+    * [[https://ssd.eff.org/|Surveillance Self-Defense]],
+    * [[https://coveryourtracks.eff.org/|Cover Your Tracks]],
+  * You can also take a look at [[https://www.techlore.tech/|Techlore]], which aims to document and simplify security and privacy for the general public.
+{{tag>Web Cryptography Security Linux}}