Resources for online safety and security

At minimum, be sure to run an up-to-date operating system, and an up-to-date browser. Keep any other software you use up to date too: as security flaws are found and fixed, you want to be running the fixed version of the software.

A basic rule is to be aware of what you’re doing and be aware of ways in which malicious people could be trying to divert you or subvert your computer.

But be careful not to make your life too inconvenient by being too worried: the greater the threat you think you face, the more sophisticated you’d need to be, so the more likely you’ll slip up. You won’t be happy!

The rest of this advice veers further and further into being too careful…

For example, it’s very difficult to be sure of who has sent an email. So an email which appears legitimate may not be. For this reason, it’s usually not a good idea to believe what you read, if it seems possible that someone might gain by deceiving you. An email apparently from your bank should be viewed with suspicion. An email apparently from a friend is probably OK if it contains innocuous conversation, but if contains a link you should view the link with suspicion - which means, don’t follow it. If an email is persuading you to do something or believe something, be suspicious.

It’s safest to say that email is not secure messaging: apps such as Signal and Telegram are felt to be secure.

To maintain a sophisticated approach to security and anonymity, you will have to work quite hard and accept some inconveniences.

Bear in mind that any network you join might contain malicious devices: so connecting to wifi at a coffee shop is potentially connecting your machine to danger. A practical but fairly extremely approach is always to use a VPN. But slightly less extreme, only use HTTPS websites, where your connection is encrypted.

Bruce Schneier is very good on security from all angles, and his fundamental position is that security is a trade-off: usually security against convenience, sometimes security against freedom. See his website for essays and books:

If you don’t trust the network you have to use, you can use a VPN. But do be sure that it’s a legitimate VPN from a trusted source. VPNs are very commonly subverted by nation states or other malicious actors.

When using a browser, consider using Private Browsing or an Incognito Window to avoid tracking.

When using a computer which you may not trust (because you don’t know its history, or don’t trust the administrators) consider running from a live distribution - which means booting from a USB stick: (a fairly paranoid secure distribution)
or generally

A live distribution is a great way to experiment with Linux, or to use a computer which you don’t trust (or which you can’t log in to) or a computer with a broken or missing disk.