Learn the basics of digital security in order to start using your devices more safely.
Good security decisions can't be made without good information. Your security tradeoffs are only as good as the information you have about the value of your assets, the severity of the threats from different adversaries to those assets, and the risk of those attacks actually happening.
Some of this knowledge you already have: knowledge of your own situation, who might want to target you, and what resources they have. You already have more power than you think!
The old adage that "a chain is only as strong as its weakest link" applies to security too: The system as a whole is only as strong as the weakest component.
For example, the best door lock is of no use if you have cheap window latches. Encrypting your email so it won't get intercepted in transit won't protect the confidentiality of that email if you store an unencrypted copy on your laptop and your laptop is stolen.
That doesn't mean you have to do everything simultaneously, but it does mean that you should spend time thinking about every part of your information and computer use.
It is generally most cost-effective and most important to protect the weakest component of the system in which an asset is used.
Since the weak components are much easier to identify and understand in simple systems, you should strive to reduce the number and complexity of components in your information systems.
A small number of components will also serve to reduce the number of interactions between components, which is another source of complexity, cost, and risk. That also means that the safest solution may be the least technical solution.
Computers may be great for many things, but sometimes the security issues of a simple pen and notepaper can be easier to understand, and therefore easier to manage.
Don't assume that the most expensive security solution is the best; especially if it takes away resources needed elsewhere.
Low-cost measures like shredding trash before leaving it on the curb can give you lots of bang for your security buck.
Computer security advice can end up sounding like you should trust absolutely no one but yourself. In the real world, you almost certainly trust plenty of people with at least some of your information, from your close family or companion to your doctor or lawyer.
What's tricky in the digital space is understanding who you are trusting, and with what. You might deposit a list of passwords with your lawyers: but you should think about what power that might give them—or how easily they might be maliciously attacked.
You might write documents in a cloud service like Dropbox or Microsoft OneDrive that are only for you: but you're also letting Dropbox and Microsoft access them, too.
Online or offline, the fewer people you share a secret with, the better chance you have of keeping it secret.
Set security policies that are reasonable for your lifestyle, for the risks you face, and for the implementation steps you and your colleagues will take.
A perfect security policy on paper won't work if it's too difficult to follow day-to-day.
It is also crucially important to continually re-evaluate your security practices. Just because they were secure last year or last week doesn't mean they're still secure!
Keep checking respected sites advice will be updated to reflect changes in our understanding and the realities of digital security. Security is never a one-off act: it's a process.
To learn the basics of encryption and how it can help protect you and your network, choose the Encryption lesson:
To understand why strong passwords are important and how to create strong passwords, choose the Passwords lesson:
To understand what metadata is and how it can leave you and your network vulnerable, choose the Metadata lesson:
To learn about why secure communication is important and tools you should use to communicate safely, choose the Secure communications lesson:
- Secure communications
What is gitbook used for?
Is it quiz?
- en/topics/understand-2-security/0-getting-started/1-1-intro.md: Getting started with security
- en/topics/tool-4-keepassx/0-getting-started/1-1-intro.md: Using KeepassX to manage passwords security
- en/topics/tool-2-signal/0-getting-started/1-1-intro.md: Learn to use Signal, the encrypted messaging app
- en/topics/tool-9-tor-browser/0-getting-started/1-1-intro.md: Learn to use Tor, the anonymous browser for avoiding surveillance and getting around censorship
- Tactical Technology Collective: Security in a Box
- Electronic Frontier Foundation: Security Self-Defense
- Frontline Defenders: Digital Security & Privacy for Human Rights Defenders