the web3 Security Audit
Extreme Measure : Separating everything with already hardened laptops. You can DIY your laptop like that, but it needs tons of time and research, so if you like this stuff, it is always good to know but not recommended for non-tech people.
General Usage Tips : General usage suggestions applied to all computers and operating systems. BUT I will not suggest using Windows. Linux > MacOS > Windows. If you have to use windows, consider using VM or dual boot for your important needs.
Extreme measures
The easiest way to be secure is not to be at any target.
For everyday computer usage, people visit tons of websites and install tons of apps, and with every click, they increase the possibility of being a target. If you click on any phishing link or any decoy website, everything is already done; these security measures are useless.
So the ultimate solution will be a separate computer for trading or banking stuff and not using that computer for personal use.
Here is the list for that:
- Buy insurgo, or System 76 laptop. Btw, insurgo stopped selling hardware, but still can be used as a reference.
- If you don’t want to buy something like that, you can just gather a laptop that you can disable Intel ME. (Lenovo x230 is the best bet) with min 16GB of RAM, and do some research to improve the security and privacy of that laptop.
- Install Qubes OS; if it is a little hard for you, Ubuntu is also a great alternative. For Qubes, check for the recommended computer.
- Create a couple of Qubes like personal, trade, vault:
- These can be seen as different operating systems on your computer which cannot connect.
- On trade Qube, you will only install firefox, and metamask. Mic and Cam will be disconnected, and it will have a connection to the internet. This can go through VPN + Tor network. Or, if you do not want to deal with Catcha stuff, it can be Tor + VPN.
- Vault will be an offline Qube; it will not connect to the internet in any way. It will have Keepassxc in it so that you can store your password or keys for any kind. As it is always offline, you will not need to worry.
- The personal one is for your daily needs; it is better to use the internet with it via VPN as well.
- Use Google Pixel phone with GrapheneOS, it is your best secure and private bet.
General Part
General is for everyone. It is about general computer use to be safe, and a lot of this info can be applied to Metamask usage.
- Disable Bluetooth when you don’t use it.
- Disable Wifi when you don’t use it.
- Use BIOS password.
- Enable Hard Disk encryption.
- Do not click on any link you see on the internet; you can never be sure if the other person or computer is compromised.
- Use 2FA. Preferably hardware one like Yubikey. It is easier to use, faster, and more secure. Just do not forget to have a spare one.
- Using Librewolf is the best bet.
- Use seperate Firefox only for trading, nothing else. So that even when something wrong happens, you won’t be on your main browser.
- Never store your seed phrases backup codes online or even on your computer. Only write them on paper, and store them accordingly.
- If you have to write them on the computer, then transfer your funds to new wallet, and ditch the old one.
- Always use a hardware wallet. This is of course, not the safest, but paper wallets are harder to withdraw.
- Only send what you need to your hot wallet. Always assume it can always be hacked, so do not have more than you can lose on your hot wallet.
- Use secure mail providers like Tuta.
- Your daily and trading browser should be different, and do not install any unnecessary extensions.
- 99% of the hacks happen because of user error, do not forget that.
- If you are using your computer with common sense you don’t need any antivirus, but you can never be sure, Bitdefender and Malwarebytes are there for you.
This guide is still in the making.