These are actual security tips posted to these WhatsApp groups TechHelp-Basic and TechHelp-Advanced by me and are captured here in a single place to refer to later if anyone interested to read. I have chosen only the ones that are general that is applicable to most users.
-----------------------
Date: Mar 9, 2023
Group: TechHelp-Advanced
Bloatware in android phone:
I buy only Google Pixel to avoid carrier & phone manufacturer installed, un-removable bloatware but little that I know these fuckers like Verizon, AT&T, Samsung etc. managed to shove their crap on my Pixel phone and I have no clue how they managed to do that. I accidentally discovered some and believe it or not, you can't remove it. Long story short, I wrote a script to disable them from running. Feel free to use this script but you need to have android adb installed on your computer and connect your phone to it w/ USB cable in order for this script to work.
Here is a quiz to see if anyone can answer this question. So you found a strange package called ‘org.thoughtcrime.securesms’ installed in your phone (run my script with ‘-a’ option to list all apps in your phone to see if you have it) do you think it is a malware? 😜
PS: If your phone is not pixel, you may find crap ton of bloatware. If you give me the full list (i.e. run my script '-a' option), I can update the bloatware list in the script so you can remove them. Right now the list I have hardcoded in this script only includes what I found on my pixel.
-----------------------
Date: Feb 23, 2023
Group: TechHelp-Advanced
Incredibly fast (practically no bandwidth loss) VPN from Proton:
Not sure any of you are aware of Proton Mail which is a fully secure email service and has been around for a while. I signed up for their free tier email service w/ 500Mb storage few years ago but never used it since I don’t want to pay for more space because 500Mb not much. Anyways, I know they had VPN for free as well but never tried it until today and blown away from the speed. Granted it is wireguard, a modern successor of VPN but still, literally I get same speed as my service. First, I could not believe and started measuring speed with every speedtest tool that is out there and they all came back more or less same which is same as what I pay for (see screenshot). At this point, there is absolutely no reason to not use them permanently… and its Free!
Head out to https://proton.me and sign-up for free account and you get encrypted mail service and 1 VPN connection free.Wiregaurd is pretty simple to use, all you have to do is install wireguard (https://www.wireguard.com/install/) and get the credentials/keys from ProtonVPN and off you go. The following shows how simple it is to start/stop wireguard on mac; should be similar on winblows.
-----------------------
Date: Feb 20, 2023
Group: TechHelp-Basic
How to protect yourself from card skimmers:
Before I go into explaining how to protect yourself, it is important to understand the various protocols used in POS devices to read your credit/debit cards. There are 4 types --- swipe (magnetic strip), chip (chip in card), tap (RFID) and smartphone (NFC). I won’t go into the details on each of these, but it is sufficient for you to be aware that there are multiple technologies involved in POS transactions. Now, here are different ways to prevent or lower your chances of becoming a victim of card skimming listed in the order of most effective to least effective.
- Use your smartphone to pay (Google Pay, Apple Pay) wherever you can. How to get this setup is outside of the scope but it is very easy. This is the strongest protection you get today, and it is literally impossible for criminals to scam you. Most POS devices accept these today although if you live in US (lagging behind the world) it is not uncommon to see vendors using ancient devices that does not support smartphone pay.
- Use chip+pin if your card and the POS device supports, it is the second-best way. If you live outside of US like Europe, even in India, you are golden because it is the standard for POS devices for many years. Every time I visit my team in Hyderabad, India, I always find myself arguing with waiter at restaurants “hey, I don’t have a pin”. If you live in US, it sucks since chip+pin is not mandated because of corrupt, greedy politicians and lobbyists who are roadblocks for progress.
- Use chip if your card and the POS device supports. Most credit card/banks these days issue cards with chip but unfortunately in the US, they also include the magnetic strip to cover the lazy ass vendors who still use archaic magnetic swipe. This pretty much negates the benefit of chip as scamming devices can still read your magnetic strip. So, if you live in US, what I’d recommend is to damage the magstripe on purpose. Use a sharp knife or steel wool to scratch the magstripe to a point it can’t work. Keep one card with magstripe in case the vendor says, “we don’t have chip reader you have to swipe”. Trust me these guys won’t change unless they are mandated by law to switch to modern POS at state/federal level.
- Use ‘tap’ if the POS device and your card supports it. If you see this symbol ))) on the back of your card, then it is enabled for RFID. Again, US lags on this protocol as well. While this is the most convenient way to make purchase, there is a huge security hole in this method which enables most sophisticated skimming attacks which I won’t go into detail but there are things you can do to avoid them i.e., use an RFID blocker (you can buy them at amazon for $2 a piece) and place it in your wallet/purse along with your credit/debit card equipped with this technology. I use these if you need a recommendation https://link.selvansoft.com/1307688f
- Use check which of course has other problems of its own which is a topic for some other day, but it is definitely better than the last one below.
- Lastly, if none of the above works, you have no choice but to use magstripe/swipe unfortunately. As pointed out earlier by @Sajini on this chat, spend few seconds (you won’t have lot of time and you may annoy other customers in line if you are spending too much time poking around the device) to look for signs of tampering.
Finally, you can and should setup text alerts when your card is charged even $1. Almost all bank/credit card institutions provide the feature to TXT. The only annoying thing is getting TXT for everything you do on your card, but it is better than being a victim.