From 1bfde000c94690273716497a9c95de6a64b740b6 Mon Sep 17 00:00:00 2001 From: Alicia Sykes Date: Tue, 21 Jan 2020 17:04:09 +0000 Subject: [PATCH] DNS and Home assistants - Change your DNS settings to 1.1.1.1 or 9.9.9.9 - Ditch Google Assistant and Alexa. Consider MyCroft --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 98ac3ac..0f81227 100644 --- a/README.md +++ b/README.md @@ -119,6 +119,7 @@ A Virtual Private Network (VPN) protects your IP, and allows you to more securel **Avoid the free router from your ISP** | Optional | Typically they’re manufactured cheaply in bulk in China, and firmware updates which fix crucial security flaws aren’t released regularly. Consider an open source based router, such as [Turris MOX](https://www.turris.cz/en/mox/overview/) **Ideally hide your SSID** | Optional | An SSID (or Service Set Identifier) is simply your network name. If it is not visible, it is much less likely to be targeted. You can usually hide it after logging into your router admin panel, [see here for more details](https://www.lifewire.com/hide-your-wireless-network-from-your-internet-leeching-neighbors-2487655). **Whitelist MAC Addresses** | Optional | As well as a strong password, and hidden SSID, you can whitelist MAC addresses in your router settings, disallowing any unknown devices to immediatley connect to your network, even if they know your credentials. A malicous actor can bipass this, by cloning their address to appear the same as one of your trusted devices, but it will add an extra step for them. +**Secure DNS** | Advanced | Use [DNS-over-HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) which performs DNS resolution via the HTTPS protocol, encrypting data between the you and your DNS resolver. See [CoudFlares 1.1.1.1 Docs](https://1.1.1.1/help) for more details. Don't use Google DNS or other services which collect a lot of data. **Use the Tor Network** | Advanced | VPNs have their weaknesses, since the provider knows your real details, whereas Tor is anonymous. For optimum security, route all your internet traffic through tthe Tor network. On Linux you can use [TorSocks](https://gitweb.torproject.org/torsocks.git) and [Privoxy](https://www.privoxy.org/), for Windows you can use [Whonix](https://www.whonix.org/), and on OSX [follow thsese instructions](https://maymay.net/blog/2013/02/20/howto-use-tor-for-all-network-traffic-by-default-on-mac-os-x/). Finally, you can use [OnionPi](https://learn.adafruit.com/onion-pi/overview) to use Tor for all your connected devices, by [configuring a Raspberry Pi to be a Tor Hotspot](https://lifehacker.com/how-to-anonymize-your-browsing-with-a-tor-powered-raspb-1793869805) **Change your Routers Default IP** | Advanced | Modifying your router admin panels default IP address will makes it more difficult for malicious scripts in your web browser targeting local IP addresses, as well as adding an extra step for local network hackers **Kill unused process and services on your router** | Advanced | Services like Telnet and SSH (Secure Shell) that provide command-line access to devices should never be exposed to the internet and should also be disabled on the local network unless they're actually needed. In general, [any service that’s not used should be disabled](https://www.securityevaluators.com/knowledge/case_studies/routers/soho_service_hacks.php) to reduce attack surface. @@ -188,6 +189,7 @@ The most privacy-respecting option, would be to not use "smart" internet-connect **Protect your Network** | Recommended | On many smart home devices, anybody connected to your home WiFi is able to view device content (such as camera footage, or motion statistics). So ensure that your WiFi and home networks are properly secured with a strong password and up-to-date firmware. (See the [Router Section](#your-router) for more details) **Be weary of wearables** | Optional | Wearable smart devices allow companies to log even more data than ever before, they can track your every move to know exactly where you are and what you are doing at any given time. Again, you as the consumer have no control over what is done with that data. **Don't connect your homes critical infrastructure to the internet** | Optional | While a smart thermostat, burglar alarm, smoke detector and other appliances may seem convenient, they by design can be accessed remotely, meaning a hacker can gain control of your entire home, without even needing to be near by. And by breaching multiple devices, the effects can be very serious. +**Don't use Alexa/ Google Home** | Optional | It is a known fact that voice-activated assistants collect a lot of personal data. Consider switchin to [MyCroft](https://mycroft.ai/) which is an open source alternative, with much better privacy. **Monitor your home network closely** | Optional | Check your local network for suspicious activity. One of the easier methods to do this is with [FingBox](https://amzn.to/38mdw8F), but you can also do it directly [through some routers](https://www.howtogeek.com/222740/how-to-the-monitor-the-bandwidth-and-data-usage-of-individual-devices-on-your-network/). **Denny internet access where possible** | Advanced | If possible deny the device/ app internet access, and use it only on your local network. You can configure a firewall to block certain devices from sending or receiving from the internet. **Assess risks** | Advanced | Assess risks with your audience and data in mind: Be mindful of whose data is being collected, e.g. kids. Manage which devices can opperate when (such as turning cameras off when you are at home, or disabling the internet for certain devices at specific times of day)