Security notes

14 min readMar 4, 2022

These days, when #RussianUkrainanWar is in progress, PLEASE remember about YOUR Internet (Cyber) Security. I prepared a few screenshots, with notes, hints and explanations. I will add more as soon as I find useful for people.

You will find notes about next platforms: Telegram, Viber, Skype, Discord, Instagram, Facebook, Messenger, LinkedIn, Twitter, Google (Chrome, Gmail, YouTube). And also a few notes about MacOS, iOS.

First of all and most important, everywhere, where possible, configure multi factor verification aka MFA (so called two step or 2 step or two factor authentication), so your Social Networks, your Internet accounts be safe. Details on Wikipedia.
In general, it’s BETTER TO AVOID upgrading your Windows OS or MacOS, iOS or Android, any applications from Apple App Store or Google Play or Windows Market (Microsoft Store). It’s safe to skip it for now, in case if any of those services hacked by enemy and injected malware in new updated versions. Please HOLD ON on any upgrades via Internet these days.
Make sure you understand what is required cookies for any internet platform, and what is optional. So when you navigate some sites, either reject cookies or at least accept minimal required cookies. Details on Wikipedia.
If you receive suspicious emails DO NOT CLICK hyperlinks there, and if you know basics in HTML and web development and what is browser “Inspect Element”, then inspect URL, and verify domain via web site — https://www.urlvoid.com/ where you can see some kind “rating” of domain, and decide to believe it or not, to click it or not.

Consider Security and Privacy setup. Disallow all possible things, or at least allow ONLY to your contacts.
Unsync your contacts to not have them on Telegram server (many of them located in Russia).
Make sure you realize that anything you write is encrypted, but in reality all can be hacked, just saying…

Good feature of Telegram is ability to DISABLE downloading images, files, videos. It’s possible, that file can be hacked, with malware, so you better explicitly know if you want to download ot not. At least you could DISABLE downloading from public groups and channels, and remain enabled in private groups. Settings \ Advanced \ “Automatic media download” is for Profile settings, so you can change by yourself.

When you setup password, change to new one, setup MFA, Telegram bot will inform you about details. And it’s OK. But DO CLEAR HISTORY RIGHT AWAY, so that the information NOT HOSTED on Telegram servers (which might be russians)

Check “Also delete for Telegram”, it mean it will delete content for the bot side, so that the information NOT HOSTED on Telegram servers (which might be russians)

Only famous, widely known people who do have 2 other verified Internet profiles from list can have verified badge. Details: https://telegram.org/verify
Make sure you DISALLOW access to Contacts and also DISALLOW access to Location Services, to avoid possible OTHER Telegram users use feature “People Nearby”, so that you would not be listed in someone’s tries look up nearby Telegram users.

btw, on this page, you can verify Telegram bot for the matter if it’s fake, or has been reported as fake — https://dovidka.info/botchecker/

Viber

Enable Auto Spam Check, so that most of spam contacts, chats might have been rejected earlier. But it doesn’t work always.
Enable Screen Lock, especially if you located in the place where lot of people, who might look into your screen where you are away for a few minutes.

Considering the technical risk, of auto downloading files, even images may in theory harm your computer or phone, I suggest to disable auto-download, and then you decide from whom to download files, if you really need it. Also good habit is to disable autoplay of videos, which might be just annoying

Skype

Actually those settings are very similar as for Telegram, so if you already know why and how to do it, you will be able to do in Skype (if you use that software)

DISABLE “Web link previews”, because technically speaking when preview is being done, some scripts can be executed to harm your mobile/computer. When you know source for 100% then you can manually click on link.
DISABLE “Auto-download photos” because NOT always photos can be actually photos — meaning, that if you download file *.JPG or *.PNG it can be inside different file. So you better self decide when to download photos.
DISABLE “Sync contacts”, because if Skype has access to your phone contacts, it will upload list of phone numbers to Skype servers (actually Microsoft cloud servers). And attacker/hacker can “sniff” those transfers and get your contacts phone and then spam them. Anyway it’s better to avoid passing someone’s information via you to some other servers, because it can break GDPR rules, especially if you are in Europe.

Discord

Sure thing, MFA setup. Download backup code and save in safe place.
Also nice feature is scanning your all messages. If you are invited/connected to some server, where lot of UNKNOWN for your people, you better ENABLE scanning for all messages.
Disallow ALL features you don’t need or may NOT need at the moment.
Make sure you don’t have any suspicions connected Apps.

Instagram

Sure thing — enable two-factor authentication
Make sure you checked Security Checkup step.

Allow comments ONLy for people you know.
Allow tag you ONLY by people you know.
But anyway, ENABLE manual approval of tags
Allow mention you ONLY by people you follow.
Allow replying your stories ONLY people you follow.
Allow to add you to groups ONLY by people you follow.

If you publish Instagram stories with potentially sensitive information, and you would like to make sure NO one from enemies sees it, ALWAYS monitor who has seen your story, and if you know that person. Many bots and trolls watch stories just to take their attention, but if it’s enemy they could “steal” your bank information.

In most cases, bots are at the very bottom of people list who have seen your story.
You can either Restrict or Block or even Remove exact user/follower to DISALLOW them to see your post. You can also Hide your story from that person.

Facebook

Remember NOT to save password, and if you log in NOT from your computer to NOT safe browser.
I hope you ALL have MFA enabled.
When you log in NOT FROM YOUR computer, DO NOT SAVE browser.
Make sure your Security and Login settings have MANY ON enabled features.

I would suggest to NOT allow re-sharing your Stories. But if you need your followers to re-share and you sure all your friends are “verified”, then maybe no need to disallow.

To avoid SPAM posts from your friends to your profile, DISABLE (restrict) who can post information on tour profile. My suggestion “Only You”.

Messenger

Disable/Enable all you understand you don’t need.
Turn Off your contacts syncing
If you have it enabled, list of your contacts number synced uploaded to Facebook servers, somewhere. If so, Delete all contacts (it will only delete from Facebook servers. All your contacts in phone will remain)

basic things: MFA enabled, session management.
Make sure you know all your sessions. Sign out from sessions your don’t recognize or they are very old.

Twitter

Also make sure you have MFA enabled, and also configured protection of your tweets.
Go to Settings \ Privacy and safety \ Audience and tagging and make sure to protect your tweets — better be CHECKED and Photo tagging — better be OFF

Go to Settings \ Privacy and safety \ Your tweets and make sure to UNCHECK ability to add location information to your tweets
and REMOVE if any information is there about your tweet(s) location(s).

Google

Chrome users

Google Chrome browser has dedicated Security settings page chrome:/settings/security where you can switch from non protection to enhanced protection:

DO NOT SAVE your password to Chrome or any browser (at least till war end).
DO NOT SAVE any #credentials you use in browser to be later auto filled — login names, usernames, passwords, especially card numbers, CVV codes, etc.
Especial attention, DO NOT SAVE bank card numbers to your browser which has Google account logged in.

Gmail user

When log in DO NOT click checkbox “Don’t ask on this device” (uncheck if checked). Because, IN CASE OF your device LOST, any enemy can use and IMPERSONATE as you.
Make sure you change your password, if you LONG time have NOT changed. Just to refresh, to have latest.
Make sure 2 step verification ENABLED (ON)
Make sure you have recovery phone AND ALSO recovery email. VERY VERY IMPORTANT !!!
Make sure you monitor your devices.
Make sure to REMOVE ACCESS from other applications (it’s good in general, but these days those connections via API might be targeted during hack).
It’s OK to have all your history ENABLED (ON). But at war condition, in case you would like to HIDE your searches, locations, etc. you better DISABLE it (OFF).

YouTube

DO NOT connect ANY apps to your account. And if is there already connected — DISCONNECT. After war you will connect it again.

Mac OS

iCloud, Notes

Setup a password protection for your Notes (unfortunately is configured ONLY for particular note, not for whole folder).
Disc utility. Create folder with files, and then create image with password, and continue there. So that all your private, secure related things will protected by your password.

Details how to do it: https://setapp.com/how-to/password-protect-folder-on-mac

Go to Settings aka “System Preferences” and find menu Sharing, and DISABLE ALL checkboxes there. Especially “Remote Login”, “Remote Management”, “Remote Apple Events”, “Screen Sharing” and “Internet Sharing.”

Enable Firewall — “System Preferences” \ Security & Privacy \ Turn On Firewall

Besides enabling Firewall, you can also additionally DISABLE all possible incoming connections. Source. It’s still there — “System Preferences” \ Security & Privacy \ Firewall options and there tick (enable)“Block all incoming connections” checkbox:

Note.

In this case “green” dot will be changed to “yellow”, meaning Firewall still ENABLED, but with custom disabled features.
In case you experience some issues with Internet or any software you know for sure must have worked, un-tick (disable) that checkbox and try again.
With such setting, AirDrop will NOT work, because it’s “incoming” connection from your iPhone to Mac OS. So make sure you enable it when you need to drop some files.

iOS

In these ONLY days, I STRONGLY RECOMMEND to DISABLED sharing your cell phone contacts with iOS applications. Yes, if you really rely on contacts you may need to enable back. but if you DO NOT, you better disable it.
Make sure you have enabled “Find my iPhone” feature, because in case of lost phone, you could then login to iCloud and find your lost or stolen phone.
Un-tap (to be disabled, off) toggle “Allow Apps to request to Track”

Monobank or Privat24 or Telegram will warn you about sharing contacts, but if you donate to people bank accounts/cards which you don’t have contacts with, you can ignore such messages and continue using main applications.

DISABLE Bluetooth WHEN you DO NOT need it. Yes it’s important technology, but IF YOU have unprotected connection hacker could try to access via Bluetooth your devices.
Good example is also AirDrop, which transfers files via Bluetooth. So if you don’t use AirDrop, DISABLE Bluetooth and disable AirDrop also.
Note. If you ARE under VPN, AirDrop MAY NOT WORK.

There is no significant risk, but I would suggest to at least temporary DISABLE Mac OS Handoff feature (ability to Copy/Paste between computers). System Preferences \ General and there is checkbox at the very bottom “Allow handoff between this Mac and your iCloud devices”. In theory, if you Apple account hacked, and someone would gain access to your iCloud (where you may have Notes, Photos, Files, etc.) then this “handoff” feature would go through POTENTIALLY hacked chanelles. So you better be safe. When you really need it -enable temporary.

MacOS + iOS

If you don’t need, you better disable access to Location Services. Some applications may NOT work, so you decide if you really need it or can wait till war end. on MacOS and iOS Location Services are accessed by different applications and in different modes, so depends of what application you use, trust you to developers or not, you may NOT see exactly which application currently using location. So you better disable it at all.

DISABLE access to Microphone for those applications you definitely don’t need, don’t use these days. Maybe too much, but better be safe. But it’s possible, that all you say, discuss with someone in your apartment, can be used and passed to instagram or TikTok algorithms, and later on used to adjust your search results.