If you’ve never had to worry about infosec (information security) before, this page is for you. First things first: most things we are doing are relatively low-risk and you shouldn’t be too worried about infosec, especially if you are careful. SUCHO offers many ways to help preserve Ukrainian cultural heritage online. Some of the tasks volunteers can do pose very little risk. If you are curating content in the Internet Archive, for example, you have nothing to worry about. The most common activities that require careful actions are the ones that involve links. See below for steps we can take to mitigate the risk.
Please only install apps and plugins for this project linked directly from sucho.org. Googling for some of the tools we reference can lead to things you don’t want on your computer. If you have any questions about the URL to use to install apps and plugins, please ask in the Slack!
Some servers in Eastern Europe are now under coordinated and uncoordinated attack. Many others have been magnets for malware and other nonsense from time immemorial. Anyone working with links, whether it’s Browserstrix or Web Recorder should check those links first.
BEFORE you click on a link, or enter it into your web browser, check the link with Sucuri SiteCheck service first. You can also use any comparable service.
If the security risk for the link you’ve pasted appears to be severe, please update the status in the spreadsheet to “Malware.” As far as we can tell, a
Medium risk shouldn’t pose a threat to you if the security check returns that no
injected spam is detected in the site. If you’re unsure, make a note in the “Comments” field in our spreadsheet and move on to the next item. We can assign other people to run the crawler on dodgier links using stand-alone servers.
When sharing links with others make sure to remove identifying and tracking information as well as all other functionally useless addage from the URL. There are a number of services for doing so. ClearURLs for Chrome and Firefox is one of the more popular ones.
This has not happened yet, but if you are afraid this may have happened to you, the best thing to do at this point is to get anti-virus software. You can try MalwareBytes for example.
You can harden your browser by adding plugins such as PrivacyBadger (Firefox / Chrome), uBlock Origin (Firefox/Chrome), and Malwarebytes (Firefox/Chrome), in addition to tightening up the default security settings or something similar.
Note that some websites may be cranky with you for increasing your default security, particularly if they depend on the kind of cross-site scripting that is the source of many exploits but also many single-sign-on systems. You may need to add some exceptions for sites you explicitly trust, or else turn some things off once you’re back to “regular” browsing, but I don’t recommend adding any security exceptions for the sites we’re navigating here.
No one in our team will ask you for a password, period. The only personal information we ask for is the one in our volunteer form.