51 Levels of Security

>cock.li
based

How are CUPS, Avahi and systemd harmful to your security?

yeah if your head is a frying pan

shit list, many of those are solely about privacy and privacy has zero to do with security

idk user, it's just a checklist I heard was good

is there a better list you can point me towards?

security is really a personal matter and everyone gas their own threat models. it all comes down to what you or your organisation specifically wants to protect, so there'a no one-size-fits-all checklist for it

everyone has*

i'm a phoneposting scum

Just get off the internet.

>best option is always the most autistic CLI option

>uninstall ssh

CUPS is a large attack surface, avahi broadcasts shit, systemd does both.

It's harmful in the sense that avahi can announce services which allow anyone on the local network to see and use them. This is probably bad for security. If you bring a laptop to my place and you connect it to the local network, wired or wireless, you get to play music on my surround stereo thanks to avahi announcing that a pulseaudio audio server is there. You also get to browse a file-server and put files on it. This IS bad security which is probably why uninstalling avahi and cups (random people can use the printer) is suggested. But on the flipside, it's also very convenient.

Point 16 there doesn't make any sense from a Security perspective, NOT at all. I actually run a YaCy node. I'm among the very few (like a thousand people) in the world who do and I have for a long time. It is a censorship resistant distributed search engine. This is true. But it also, by it's p2p nature, announces every search you do to a bunch of other machines. That's not secure. btw, yacy has had some problems with people setting up "special" nodes that reply to any and all search queries with spam-links. Don't want to bash it too much but it's nowhere near secure - by nature. Not sure you can make something like it "secure".

>use searx
Garbage. Searx and Startpage are memes. Neither give good results, not even Startpage which claims to be a Google proxy.

Factually incorrect, you are just a brainlet who sees the lack of bright colourful buttons, and subconsciously blames the results

>Install 20 different security systems
Sure, the complexity will make you more secure.

each to their own. I've been using searx for a long time and I'm very happy with it. What sites it pulls does vary from public instance to instance so if you don't roll your own you may want to make sure the one you pick is fast and includes the major ones.

Seems like a great way to get on a watchlist. The real security/privacy protocol is:
1. Act like a normie and do whatever stupid shit you want.
2. For anything secret/illegal/???, use a usb with TAILS or some shit on a shitty laptop.

Simplicity and obscurity are better than consuming your life with autistic technicalities that you will never get completely right anyway.

>wants to stay off government watchlists
>uses tor
kek

i save my passwords in plaintext sort of but they cite serial numbers on different objects in my house so it's only at physical risk

Shit guide with no serious threat model.

>they cite serial numbers on different objects in my house
interesting strategy
I assume you're not using objects likely to be stolen if someone breaks in?
or flammable, like the box/package a piece of software came in?

if I was gonna do something like that,
I'd probably prefer to reference a filename
>VID-20150305-WA0003.mp4
store it in numerous ways
(phone, laptop, usb, cloud storage)
if one breaks / updates in a way that breaks the file
it's still secure

IMO this is better,
because you can log into accounts without having to be at your house

i got ur threat model hangin right here

Personally I store my passwords in a plaintext file that I encrypt with GPG.
Whenever I forget one password, I can ssh to it from my computer or smartphone and gpg -d file.txt | less
If you ever wants to get it, you'd have to know my server address, login, password, and the file password that is unique (well, nowadays all my important accounts have a unique password)

>password MUST CHANGE every $arbitrary_time_span

stopped reading there

Either a password is secure, or it isn't. If someone compromises it after one month, changing it after two months won't help shit. If it's secure enough to the point it can't be bruteforced within the next 100 years, then it will stay secure for your your entire life at least.

Is this amateur hour? lmao
inb4 they also recommend VPNs as a cure-all

0

I do it this way:
>when logged into accounts, behave in an employable way, because AI is not very smart and easy to fool if you know how to
>cover all bases and leaks i don't want showing for my private life
best of both worlds senpai