Small IT survival guide

Introduction

Small (or not) guide, tips and good practises to survive in the digital world. This page will be updated regularly.

Internet

Recommended web browser (what is it?):

• Firefox. Open-source and maintained by the non-profit organisation Mozilla. Respectful of user’s privacy as well as open web standards. As a bonus I really like its reader view which displays text content only from websites, thereby removing all that superfluous clutter sadly too common nowadays. My blog’s minimalist theme was greatly inspired by it.

Recommended extensions:

• uBlock Origin, an open-source adblocker, essential nowadays, not to be confused with the myriad of lesser clones;
• Firefox Containers. Enables compartmentalising online accounts in colour-coded tabs. Extremely simple to use. Useful to avoid being tracked, just create a container and assign it a website for it to always open inside. Cookies are then restricted to that container and invisible to the outside. I personally use it for all websites requiring me to log in (for instance Facebook or Google). It’s also useful to interact with multiple accounts at the same time (say two Gmail addresses).

Cookies and private browsing

Most websites use techniques such as cookies to track you and serve targeted advertising. I tend to browse privately by default. In this mode cookies are temporary and discarded when the browser is closed. If I need to keep pages open across multiple sessions and keep them in my history I use normal navigation. Finally for websites where I prefer to stay logged in I use the Firefox Containers extension mentioned above (one container per site).

Beware, none of those techniques are foolproof. User tracking is a constant game of cat and mouse, it could be the topic of an entire article. You can be tracked without ever logging in to a website, simply by looking at the information transmitted by your browser and creating a unique fingerprint (screen dimensions, installed extensions…). Look up “browser fingerprinting” to find out more about this topic.

Passwords

• Minimum 10 or 12 characters long with ideally a few uppercase letters and special characters
• Have a different password for each website or service

A few techniques:

• Method 1: use a password manager such as KeePass. These can generate long random passwords and only require you to remember your master password.
• Method 2: use a single password coupled to a small algorithm that you’ll apply for each site or service. For example append a prefix from the first two letters of the website one step back in the alphabet and a suffix from the same letters one step forward: topSecret007 + gmail = FLtopSecret007HN. For Facebook the password would be EZtopSecret007GB. Your imagination is the limit :)

2FA (2 Factor Authentication)

• Enable wherever possible, particularly on your most sensitive accounts;
• Prefer the QR code scan method which generates a rotating pin (TOTP in technical terms, for Time-based One-Time Password). Helps not to be blocked if you travel and can’t receive an SMS;
• Recommended TOTP apps: Google Authenticator, Authy or Aegis which is open-source and easy to backup.

Installing a new software

To avoid installing a virus or other kinds of malware it is important to always get a new software from a trusted source. Usually its official website or the App Stores from your operating system. Users of Linux (the topic of one of my previous articles) won’t have these kinds of issues.

As to the question of which software to choose amongst several alternatives, it all depends on your priorities: features, price, interoperability? As for myself I have a strong tendency to default to free and open-source ones (a topic I covered in this past article).

Backups (PC)

Nobody is free from getting potentially stolen from, spilled coffee or simply having a hard-drive give up on its life. Best to act now than regret it later.

• Do a regular incremental and encrypted backup. Incremental: after the first big backup the next ones will only record the latest changes. Encrypted: someone getting access to this backup won’t be able to read its content.
• The state of the art consists of having two backups: one at home (for instance on a hard-drive) and one at a different place (for instance in the cloud). But one backup is already a decent start.
• There are many tools and they will depend on your system, preferences and technical skills. I will let you do your own research. For the most curious, know that I use Borg but it’s probably not what you want to use unless you’re familiar with the command line :)
• Always check that the backup is sound: restore a file from time to time just to make sure everything works as expected.

Good security practises

The previous tips should already help you be in good control of your digital life. Here’s some more bits of advice.

• Keep your system and software up to date. New features often come with security patches inside of an update;
• Don’t plug in random USB keys (for instance found on the ground);
• Never write down or share your passwords;
• If you find yourself in a weird or suddenly urgent situation take your time to assess what is happening. A call notifies you of fraudulent transactions in Nigeria? Are you being asked to perform certain actions or relinquish personal information? In doubt best to call back your bank yourself at the contact number that you know to be correct.
• Most scams or password leaks are actually facilitated by users themselves! Always be cautious before sharing private or confidential information. Bogus links in emails or SMS are another classic technique. It is super easy to copy a website’s entire appearance and serve it from a similar or innocent looking URL (google-search.com instead of google.com for example). In doubt always refer to the website or contact that you know to be the official one.

Smartphones (Android)

I own an Android, so I will focus on this type of phone.

• Web browsing: Firefox + the uBlock Origin extension. Same benefits as listed higher up. You can also play YouTube videos with you screen locked.
• Recent Android versions enable you to block authorisations and notifications from single app’s settings. Fairly useful, in general these controls are restricted or incomplete inside the apps themselves.
• Doing regular backups applies here as well. Everything depends on what you want to backup and how. For example my contacts app has an export feature. Keeping photos safe is also a good idea. Personally I export everything I value on my laptop. This way my PC backup also has my phone’s.

Protips

In Firefox you can access bookmarks via custom keywords and even inject parameters. For instance typing y kittens in my address bar does a search on YouTube for kittens. This is powered by the following configuration:

• Keyword: y
• URL: https://www.youtube.com/results?search_query=%s

The %s is replaced by what gets typed after the keyword, in this case kittens. I’ve got a fair amount of shortcuts like this, all you need to do is analyse the URL. Another example I use frequently: enfr something and fren quelque chose to translate to and from English from French, using wordreference.com. Or also wiki something to search on Wikipedia.

Conclusion

Stay curious about your tools’ inner workings. IT is part of our daily life, it is now more important than ever to understand the basics of this world. Who knows, you might even start enjoying it :)

Going further

• ssi.gouv.fr/en/: The ANSSI (French national cybersecurity agency) has got great resources and guides, for private individuals and professionals alike;
• cnil.fr/en: Website of the CNIL (French commission of IT and individual liberties). Good content on the topics of personal data and online privacy (not sure how much of it is available in English though, sorry).