I live in an authoritarian country. I have a group of friends & acquaintances from a political organization who have asked me to deliver a presentation on security & privacy (specifically for activists). Although I’m somewhat well-wersed in tech, I’m not so confident and there may be things that I might miss. What are some of the things that are often overlooked and I must mention? Thank you.

  • delirious_owl@discuss.online
    link
    fedilink
    arrow-up
    5
    ·
    edit-2
    4 months ago

    Two factor auth should be a whole section, and tell people not to use SMS. Mention SIM swap attacks and stingray devices

    Tell people setting up 2FA with SMS usually makes their accounts less secure, and only to use TOTP or hardware tokens.

    • EngineerGaming@feddit.nl
      link
      fedilink
      arrow-up
      1
      ·
      4 months ago

      My most important issue is that phone number is a deanon - your main phone number has to be tied to your ID, so the only option would be a longtime rental, which would get expensive, especially if it is one number per each service.

      • delirious_owl@discuss.online
        link
        fedilink
        arrow-up
        2
        ·
        4 months ago

        When I do these trainings I tell them never to enter a phone number into an account because its a huge risk

        Ideally just don’t have a phone number at all