How I learned to "start worrying" and to embrace the illusion of safety.<\/p>\n
Digital security and privacy have become more important than ever. With cyber threats constantly evolving, it is crucial to stay up-to-date with best practices and take proactive measures to protect your online presence. This comprehensive guide covers a wide range of security and privacy recommendations for various platforms and scenarios, aiming to help you fortify your digital life and assets.<\/p>\n
type(uint256).max<\/code>) approval.\n\n- It may waste gas, but it's better than losing funds.<\/li>\n<\/ul>\n<\/li>\n
- Always check the slippage setting before swapping.<\/li>\n
- Review your token approvals regularly: Revoke.cash<\/a>.\n
\n- Before revoking an approval, you should check the original
approve()<\/code> tx is initiated by you.<\/li>\n- Attackers can create a fake ERC-20 token and set allowance for you.<\/li>\n<\/ul>\n<\/li>\n
- Signing could be dangerous.\n
\n- If it's a clear, human-readable message, it's probably safe to sign.<\/li>\n
- If it contains a large amount of data, read carefully before signing.<\/li>\n
- If the message starts with
0x<\/code>, just don't sign.<\/li>\n- Especially, there are "permit<\/a>" signatures.<\/li>\n<\/ul>\n<\/li>\n
- Use browser extensions or wallets that can simulate\/preview transactions.\n
\n- Wallet Guard<\/a><\/li>\n
- Scam Sniffer<\/a><\/li>\n
- Rabby<\/a><\/li>\n<\/ul>\n<\/li>\n
- Learn how to decode a transaction.\n
\n- Search the first 10 characters on Ethereum Signature Database<\/a><\/li>\n
- Simulate the transaction raw data on Tenderly<\/a>.<\/li>\n<\/ul>\n<\/li>\n
- Use Etherscan's Watch List<\/a> to monitor your account activities.\n
\n- Though the notification might be a bit delayed, it's not real-time.<\/li>\n<\/ul>\n<\/li>\n
- Website (domain name or frontend code) can be hacked as well, even if smart contracts are secure.<\/strong><\/li>\n
- Read Blockchain Dark Forest Selfguard Handbook<\/a>.<\/li>\n<\/ul>\n
macOS<\/h2>\n\n- Use an application firewall and network monitor: Little Snitch<\/a>.<\/strong><\/li>\n
- Use an antivirus software: Bitdefender Antivirus<\/a>.<\/strong><\/li>\n
- Turn on Firewall.\n
\nSystem Settings > Network > Firewall > Options > Block all incoming connections<\/code><\/li>\n<\/ul>\n<\/li>\n- Turn on FileVault which provides full disk encryption.\n
\nSystem Settings > Privacy & Security > FileVault<\/code><\/li>\n<\/ul>\n<\/li>\n- Power off your computer when not in use, in order for the disk to be encrypted.<\/li>\n
- Automatically lock your screen when idle.\n
\nSystem Settings > Lock Screen > Require password after screen saver begins or display is turned off<\/code><\/li>\n<\/ul>\n<\/li>\n- Set one of Hot Corners to "Lock Screen" and always trigger it when you're away from the keyboard.\n
\nSystem Settings > Desktop & Dock > Hot Corners<\/code><\/li>\n<\/ul>\n<\/li>\n- Disable AirDrop and Handoff.\n
\nSystem Settings > General > Airdrop & Handoff<\/code><\/li>\n<\/ul>\n<\/li>\n- Exclude sensitive folders from Spotlight.\n
\nSystem Settings > Siri & Spotlight > Spotlight Privacy<\/code><\/li>\n<\/ul>\n<\/li>\n- Don't use any apps that can read your clipboard or what you type.<\/li>\n
- Don't use third-party input tools if possible.<\/li>\n
- Create separate browser profiles for different use cases.<\/strong>\n
\n- One for daily activities.<\/li>\n
- One for financial activities, don't install any extensions other than the password manager.<\/strong><\/li>\n
- Use Incognito mode.<\/li>\n
- Even better: use an isolated computer.<\/li>\n<\/ul>\n<\/li>\n
- The fewer browser extensions installed, the better.\n
\n- Carefully review requested permissions when installing\/upgrading browser extensions.<\/strong><\/li>\n
- Be aware that developers might sell their extension to someone else.<\/li>\n<\/ul>\n<\/li>\n
- Disable Chrome's Preload pages.\n
\nChrome > Settings > Performance > Preload pages<\/code><\/li>\n<\/ul>\n<\/li>\n- Install OS security patches as soon as possible.<\/li>\n
- Use Dangerzone<\/a> if you're working with PDFs.<\/li>\n
- Read macOS Security and Privacy Guide<\/a>.<\/li>\n<\/ul>\n
iOS<\/h2>\n\n- Enable Data Protection (Erase all data after 10 failed passcode attempts).\n
\nSettings > Touch ID & Passcode > Erase Data<\/code><\/li>\n<\/ul>\n<\/li>\n- Change the default PIN of your SIM card.\n
\nSettings > Cellular > SIM PIN > Change PIN<\/code><\/li>\n<\/ul>\n<\/li>\n- Disable Predictive Text.\n
\nSettings > General > Keyboards > Predictive<\/code><\/li>\nSettings > General > Transfer or Reset iPhone > Reset > Reset Keyboard Dictionary<\/code><\/li>\n<\/ul>\n<\/li>\n- Turn off AirDrop.<\/li>\n
- Don't use third-party keyboard apps.\n
\n- These apps will be able to access everything you type: passwords, messages, search terms, etc.<\/li>\n<\/ul>\n<\/li>\n
- Restart your device regularly, ex: once a week.<\/li>\n
- Rapidly press the side button 5 times to enter Emergency SOS mode when needed.\n
\n- Under Emergency SOS mode, your passcode is required to re-enable Touch ID or Face ID.<\/li>\n
- Use it when your device is about to be taken away.<\/li>\n<\/ul>\n<\/li>\n
- Read Telegram & Discord Security Best Practices<\/a>.<\/li>\n
- Read Privacy Guides - iOS Overview<\/a>.<\/li>\n<\/ul>\n
Developer<\/h2>\n\n- Always create API keys with minimum permissions and set a short expiration time if possible.<\/li>\n
- Create distinct API keys for different purposes, services, or machines.\n
\n- Deactivate the API key if you're not using it.<\/li>\n<\/ul>\n<\/li>\n
- Avoid storing credentials in plain text on disk, such as in
.env<\/code> files or ~\/.aws\/credentials<\/code>.\n\n- Instead, store them in 1Password Environments and source them with 1Password CLI<\/a>.<\/li>\n<\/ul>\n<\/li>\n
- If you're unsure, run the program inside a non-root Docker container.<\/li>\n
- The fewer IDE\/editor plugins installed, the better.<\/li>\n
- Be aware of Supply Chain Attack<\/strong>.\n
\n- Run tools like
npm audit<\/code> or pip-audit<\/code> to check.<\/li>\n<\/ul>\n<\/li>\n- Enable security-related features on your GitHub repos.\n
\n- Dependabot<\/a><\/li>\n
- Secret Scanning<\/a><\/li>\n<\/ul>\n<\/li>\n
- Sign your Git commits<\/a>.<\/li>\n<\/ul>\n
Wi-Fi<\/h2>\n\n- Avoid using Wi-Fi routers and IoT devices made in China if possible.\n
\n- Due to documented security vulnerabilities and potential mandatory backdoor requirements.<\/li>\n<\/ul>\n<\/li>\n
- Must change the default username\/password of your devices.<\/li>\n
- Create a dedicated Wi-Fi network (guest network) for IoT devices.<\/li>\n
- Keep your device firmware up-to-date.<\/li>\n
- Use WPA3-Personal if possible.<\/li>\n
- Disable remote access on your router.\n
\n- If you really want to visit your router's management console through the Internet, set IP whitelist at least.<\/li>\n<\/ul>\n<\/li>\n
- Disable WPS (Wi-Fi Protected Setup) which is vulnerable to brute-force attack.<\/li>\n
- Avoid using public Wi-Fi.<\/li>\n<\/ul>\n
Physical<\/h2>\n\n- Be cautious when plugging USB devices into your computer.\n
\n- Don't charge devices from your computer if possible.<\/li>\n<\/ul>\n<\/li>\n
- Be vigilant for key loggers.\n
\n- Bring your own keyboard and USB hub when necessary.<\/li>\n<\/ul>\n<\/li>\n
- Cover your laptop's camera with a sticky note.<\/li>\n
- Use certified and well-protected extension cords.<\/li>\n
- Get fire and earthquake insurance for your house.<\/li>\n
- Shred or redact sensitive documents.\n
\n- Instead of simply disposing of them in the trash.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
Personal<\/h2>\n\n- Never share where you live or post photos that could potentially reveal your location.\n
\n- Like a photo of the view from your window, such data can be exploited via OSINT (Open-Source INTelligence).<\/li>\n
- If you really want to share where you've been (such as during travel), only post them after you're back home.<\/li>\n<\/ul>\n<\/li>\n
- Don't reveal information during "inbound" calls.\n