
Show HN: Security Checklist – resources to improve online privacy and security - brianlovin
https://securitycheckli.st/
======
parliament32
Not terrible, but there are a few problems with this list...

1) it advocates for use of "hosted" password managers which are a Bad Idea for
obvious reasons

2) it recommends centralized 2FA using 1password/lastpass... in addition to 1
above, storing your 2FA info together with your password effectively makes 2FA
completely useless

3) it wants you to use 1.1.1.1 for DNS resolution, which is arguably a
terrible idea given Cloudflare's recent shenanigans.. while better than using
your ISP's resolvers, running your own recursive DNS resolver is really the
best "medium effort" option, and it isn't difficult (for the kind of power
users who'd be reading this sort of guide)

That being said, I liked the site layout and collapsing-tickboxes -- they make
the list very usable. I'd love to see this format applied to other lists in
various places, where ticking off an item automatically hides details about
it.

------
hxsvui
"use VPN" is a pretty strange advice if you consider how any shady providers
there are. Switching you phone to 4G-only pretty much gives the same level of
trust in the radio access.

Covering the webcam is just ridiculous. If someone has access to the webcam
without obeying the standard interfaces in your browser and asking for
permission, then the problem is not the webcam picture. Your computer is
controlled by someone else.

Also I have trouble recommencing 2FA. User, password and e-mail access is
considered one factor. Adding another one increases security over that - even
if it's insecure SMS. But it often completely disables fallback
authentication. The advice for 2FA should be: if you need 2FA, add a minimum
of tree factors to allow recovery.

All in all, nice list.

------
tya99
This is one of the reasons I recommend
[https://www.privacytools.io](https://www.privacytools.io)

It's fairly well thought out, and the decisions usually are agreed upon on the
issue tracker
[https://github.com/privacytoolsIO/privacytools.io/issues/](https://github.com/privacytoolsIO/privacytools.io/issues/)
before actually appearing on the page.

I also think it's a lot more 'user digestible' than [https://prism-
break.org](https://prism-break.org) ever was.

