rarenet / dfak Goto Github PK
View Code? Open in Web Editor NEWThe Digital First Aid Kit has moved to Gitlab:
Home Page: https://rarenet.gitlab.io/dfak/
License: Other
The Digital First Aid Kit has moved to Gitlab:
Home Page: https://rarenet.gitlab.io/dfak/
License: Other
Hi @Rafiot
How do you build https://digitaldefenders.org/digitalfirstaid/ and http://digitaldefenders.org/wp-content/uploads/2015/06/Digital-First-Aid-Kit-July-2014.pdf from this repo?
Cheers,
Jun
Cryptocat is recommended in secure communications page This tool has been shut down by its creator. It should be removed.
Please use the new repo for project contributions: https://rarenet.gitlab.io/dfak
(sent in via private email)
- First sentence, "citizen" -> "citizens"
- I think making the point that the time to document contacts at
hosters, service providers, registrars, etc. is before an attack
starts, not after.
- Looking at "change DNS TTL to 1 hour," I think this is something
that could be done now in preparation for an attack. How would be
the best way to get this prep/not-reactive advice out? Perhaps add
a "preparing for attack" section at the top of the DFAK?
- DDoS and site takedowns and defacements don't feel like the same
issue to me and I wouldn't have clicked into DDoS mitigation to
find docs on the latter two. Maybe split this up or rename the
topic?
- This text "It is very important to keep payments for your domain
name in order." is another statement that would be useful in a
"preparing for attack" section.
- For DDos Mitigation services, Con #3 says SSL will be decrypted
briefly, which means that the provider must have a copy of your
SSL private key which is itself a con. That said, this isn't the
case for NSP-type DDoS mitigation services that work at the TCP
level instead.
- The link for "Go straight to the Responding to a Denial of Service
Attack section" takes the reader to the github page, which doesn't
feel intended.
I have added google translated versions of these in gh-pages (pull request coming shortly) in the interim.
Enable users to walk through checking "Add/Remove Programs", MalwareBytes and Spybot (with directive download links) to clean ad-ware style "malware" before continuing to more complex steps (also add questions to guide towards this - new browser "tool bars" and advertisements / "publicity" / pop-ups / pop-unders?)
DNS level -> 8.8.8.8
IP addresses -> VPN
....
to help new contributors re: style, audience, authorship, etc. It could be a section of the README.
on DDP's website there is referenced an arabic translation: https://www.digitaldefenders.org/digitalfirstaid/
however the link is dead: https://mail.hivos.org/owncloud/index.php/s/JsqizRIhECw74gH
worth following up and getting the source and importing it into the new site.
(sent in via private email)
- First sentence, "citizen" -> "citizens"
- Update for Signal
- Is it worth making the distinction between transport and
end-to-end crypto and say that you can use both, e.g. PGP over
gmail/https?
- Also in the overview, is it worth making the distinction that
while email bodies might be encrypted, the source/destination and
subject are unencrypted?
- For this point, which I think is good: "If possible, do not rely
on unknown people you find online" is might be worth adding
"untrusted websites" to avoid googling and finding bad advice.
(sent in via private email)
- First sentence, "citizen" -> "citizens"
- s/ incidences / incidents /
- In "What happened" is it worth trying to assess whether or not the
theft/seizure was targeted?
- I think I would update "Do you have remote access to the device?"
to include "Do you have the ability to remotely wipe the device?"
- In First steps to mitigate, in some cases, it might be appropriate
to notify their contacts of the event. Both so that they can
evaluate meeting requests, emails, etc with extra caution and so
they can assess their risk to loss of control of any
correspondence that may have been on the device.
- If an account already has 2FA turned on with the loss occurs, are
there special steps that need to be taken to remove that device?
- The formatting and text in the resources section needs updating.
(sent in via private email)
- First sentence, "citizen" -> "citizens"
- In "Don't stop there", after reinstalling the OS they really need
to install updates to the OS before doing anything else.
- In "what is next" there looks to be some missing formatting or
text between the title (maybe?) of the step and description.
- ‘Detach from Attachments' seems to be unavailable
at the URL listed. It is now at
https://www.cybersuperhero.net/detach-from-attachments/
(Sent in via private email)
Should we call out cases where an account password is demanded by
authorities?
Recommend a password manager? I think this is useful as an
"inventory" of accounts too, especially when performing proactive
checks of accounts.
The formatting and text in the resources section needs updating.
For this part:
If these steps do not work and your account is being abused,
contact one of the organizations listed above for possible
support in shutting the account down.
It isn't clear what "organizations listed above" means. I
think I would say "contact us using the links in the red box
above" or something like that.
I was reading through Cases.lu's Need Help section and I realized that we have somewhat of an "expert level" index. If there was a list of questions that were written from the perspective of a non-expert person (A rapid response FAQ) that would lead them to the right section it might be an easier entry point for some users.
It might be something to explore during the next time we meet up.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.