100SILEX, de 0 ŕ 100 s: privacy
1522 5 Simple steps to secure TT-RSS reader
secure tt-rss, tt-rss security
5 Simple steps to secure TT-RSS reader
July 27, 2015 by Anand Leave a Comment
Share: share htpcBeginner
We recently presented Tiny Tiny RSS to you as a great alternative to Google reader, which is one more way you can extend the functionality of your home server or your hosting space. Hopefully, you already exported your data from Google Reader. In this post, we will show you how to secure TT-RSS reader to prevent unauthorized access. Tiny Tiny RSS is an open source web-based news feed (RSS/Atom) reader and aggregator, designed to allow you to read news from any location, while feeling as close to a real desktop application as possible. As we previously explained, it makes an ideal candidate to replace Google Reader. While there are services like Feedly and Newsblur grabbing the crowd Google Reader, which some of you may prefer, there are a group of people who would like to run a RSS reader on their own server and keep things private. Assuming that you have already installed Tiny Tiny RSS on your alternative to Google reader or hosting space, we will now show you how to secure TT-RSS reader.
Secure TT-RSS Reader
One of the main reasons to move to an RSS aggregator like TT-RSS is maintaining your privacy. So if you do not secure TT-RSS reader well you are not only making your data available public but also making your system vulnerable to potential attacks. Choosing a strong username and password while setting your TT-RSS is the first basic thing that you can do to secure TT-RSS reader. Listed below are few more ways you can increase TT-RSS readerâ€™s security.
1. Rename TT-RSS Folder
One of the first lines of defense is to not use tt-rss in your URL to access your TT-RSS reader. To do this on your hosting account, use a folder name other than tt-rss while installing TT-RSS. On your Linux home server, edit /etc/tt-rss/apache.conf and change the first /tt-rss to something else. An example is shown below.
TT-RSS Rename URL
TT-RSS Rename URL
After making the change, restart your TT-RSS and Apache to apply the changes:
sudo service tt-rss restart
sudo serivce apache2 reload
Your TT-RSS reader is now available through the new URL (example: http://mydomain.com/myreader) only.
Amazon Kindle Fire HDX
2. Enable SSL
Accessing TT-RSS through http sends all information as unencrypted data. This could mean less privacy due to potential sniffing. The solution is to encrypt the data during transfer, which makes sniffing by hackers harder. To enable and enforce HTTPS access on Linux servers with Apache, install the following run-time libraries:
sudo apt-get install libssl0.9.8 libpam0g openssl
Restart your Apache server as shown above. You should now be able to access your TT-RSS reader with HTTPS. Note that you may have to have a SSL certificate generated. Refer to Apache documentation if you want to generate your own certificate. By default, the system will install self-signed certificates for you. These certificates are likely to raise warnings when you point your browser to the site.
3. Disable Single User Mode
By default the single user mode is already disabled (in /etc/tt-rss/config.php). Enabling single user mode will also disable TT-RSS login system. Therefore, keep the single user mode disabled.
Disable Single User Mode
Disable Single User Mode
A better way to make it a single user system is by limiting the number of registrations to 1 as described below. For whatever reason, you still want to enable single user mode, make sure you implement Apache Authentication method described below.
4. Self Registrations
Self registrations allow a visitor to register themselves, which could reduce TT-RSS security. If your TT-RSS will be for personal use only, then you may want to disable user registration by setting â€śENABLE_REGISTRATIONâ€ť to â€śfalseâ€ť.
TT-RSS Self Registrations
TT-RSS Self Registrations
To further secure TT-RSS Reader, uou may also want to change â€śREG_MAX_USERSâ€ť to â€ś1â€ť to make your account the only account on TT-RSS.
asus n66uASUS RT-N66U Dual-Band Wireless-N900 Gigabit Router
asus n66u reviewsFind out why it is rated the best wireless router in its class.
5. Apache Authentication
Last but not the least, enable Authentication. This is even more important if you have enabled â€śSingle User Modeâ€ť describe above. Every time you access TT-RSS, you will be asked for a username and password as shown in the picture below:
Secure TT-RSS Reader
On your hosting account this equivalent to password protecting a directory, in this case the TT-RSS directory. To do this on your Ubuntu server, you will have to create a .htpasswd file. More information is available in Apache documentation. But the easiest way to achieve this is to use one of the htpasswd generators available online.
After you enter the username and password two code blocks will be generated. Copy the contents of the .htpasswd code block and save it to /etc/apache2/.htpasswd_ttrss. Next, copy the contents of the .htaccess code block and add it to /etc/tt-rss/apache.conf as shown below:
TT-RSS Apache Authentication
TT-RSS Apache Authentication
Save and exit. Restart both TT-RSS and Apache previous shown above. You should be prompted for a password every time you try to access TT-RSS. Some may think that this double authentication method is an extra inconvenience. But I would rather be safe than sorry.
Go ahead, secure Tiny Tiny RSS Reader and enjoy reading articles on your private secure RSS Reader.
813 15 MORE Free Guides That Really Teach You USEFUL Stuff
During 2010, we've written a bunch of new PDF manuals for you, on all kinds of subjects, from Facebook privacy to Dropbox tips. After releasing 15 NEW
507 Designing A Facebook Fan Page: Showcases, Tutorials, Resources - Smashing Magazine
Despite its privacy issues, Facebook clearly has a key role in global Internet activity. It has become a kind of universal social network, being used for both
web design, magazine, html, photoshop, wordpress, wallpaper, icons
451 100 of the Best Privacy Tools and Online Resources | High Speed Internet
The Internet still remains a largely unregulated domain with no enforcement agency with any teeth to protect the privacy of citizens using the World Wide Web.
340 7-things-to-stop-doing-now-on-facebook: Personal Finance News from Yahoo! Finance
Using a Weak Password
Avoid simple names or words you can find in a dictionary, even with numbers tacked on the end. Instead, mix upper- and lower-case letters, numbers, and symbols. A password should have at least eight characters. One good technique is to insert numbers or symbols in the middle of a word, such as this variant on the word "houses": hO27usEs!
Leaving Your Full Birth Date in Your Profile
More from ConsumerReports.org:
â€˘ Millions of Users Exposing Personal Information
â€˘ Tested: 119 Laptops, Desktops, Netbooks and iPad
â€˘ Electronics Reviews
It's an ideal target for identity thieves, who could use it to obtain more information about you and potentially gain access to your bank or credit card account. If you've already entered a birth date, go to your profile page and click on the Info tab, then on Edit Information. Under the Basic Information section, choose to show only the month and day or no birthday at all.
Overlooking Useful Privacy Controls
For almost everything in your Facebook profile, you can limit access to only your friends, friends of friends, or yourself. Restrict access to photos, birth date, religious views, and family information, among other things. You can give only certain people or groups access to items such as photos, or block particular people from seeing them. Consider leaving out contact info, such as phone number and address, since you probably don't want anyone to have access to that information anyway.
Popular Stories on Yahoo!:
â€˘ 20 Best Cities to Ride Out the Recession
â€˘ Wealth Ranking: You're Richer Than You Think
â€˘ 7 Expenses You Can Ditch in Retirement
More from Yahoo! Finance
Posting Your Child's Name in a Caption
Don't use a child's name in photo tags or captions. If someone else does, delete it by clicking on Remove Tag. If your child isn't on Facebook and someone includes his or her name in a caption, ask that person to remove the name.
Mentioning That You'll Be Away From Home
That's like putting a "no one's home" sign on your door. Wait until you get home to tell everyone how awesome your vacation was and be vague about the date of any trip.
Letting Search Engines Find You
To help prevent strangers from accessing your page, go to the Search section of Facebook's privacy controls and select Only Friends for Facebook search results. Be sure the box for public search results isn't checked.
Permitting Youngsters to Use Facebook Unsupervised
Facebook limits its members to ages 13 and over, but children younger than that do use it. If you have a young child or teenager on Facebook, the best way to provide oversight is to become one of their online friends. Use your e-mail address as the contact for their account so that you receive their notifications and monitor their activities. "What they think is nothing can actually be pretty serious," says Charles Pavelites, a supervisory special agent at the Internet Crime Complaint Center. For example, a child who posts the comment "Mom will be home soon, I need to do the dishes" every day at the same time is revealing too much about the parents' regular comings and goings.
329 How To Check and Fix Your Facebook Privacy Settings In Less Than A Minute
Since Facebook launched Open Graph API and brought instant personalization with web-release of Like button, everyone is talking about Facebook user's privacy
facebook privacy settings, check facebook privacy settings, fix facebook privacy, now want to make data public, facebook settings ,facebook,how-to,internet tips
327 ReclaimPrivacy.org | Facebook Privacy Scanner
Keep up with the latest news about privacy policies on Facebook.
The Erosion of Facebook Privacy eff.org
Facebook Privacy Changes eff.org
7 Things to Stop Doing Now on Facebook yahoo.com
Facebook's Gone Rogue wired.com
This website provides an independent and open tool for scanning your Facebook privacy settings. The source code and its development will always remain open and transparent.
Drag this link to your web browser bookmarks bar: Scan for Privacy
Go to your Facebook privacy settings and then click that bookmark once you are on Facebook.
You will see a series of privacy scans that inspect your privacy settings and warn you about settings that might be unexpectedly public.
Follow us on Facebook to hear about the latest updates.
Having trouble? Check our help page for tips and video walkthroughs.
Our mission is to promote privacy awareness on Facebook and elsewhere. Spread awareness to your friends on Facebook by sharing this website with them:
You can follow us on Twitter too!
If you prefer email, you can also sign up for the newsletter to get informed of privacy updates:
Are you a coder? Contribute to the source code and help to keep the privacy scanner up-to-date.
we never see your Facebook data
we never share your personal information
Simple. The scanner operates entirely within your own browser.
Statement of limitation of liability: you use this tool at your own risk, and by using this tool you agree to hold neither ReclaimPrivacy.org (nor its contributors) liable for damage to your Facebook account. However, we do strive to reduce that risk by keeping the source code open and transparent, so that we can identify bugs and quickly fix any functionality.
about the author
298 The Evolution of Privacy on Facebook
Facebook is a great service. I have a profile, and so does nearly everyone I know under the age of 60.
However, Facebook hasn't always managed its users' data well. In the beginning, it restricted the visibility of a user's personal information to just their friends and their "network" (college or school). Over the past couple of years, the default privacy settings for a Facebook user's personal information have become more and more permissive. They've also changed how your personal information is classified several times, sometimes in a manner that has been confusing for their users. This has largely been part of Facebook's effort to correlate, publish, and monetize their social graph: a massive database of entities and links that covers everything from where you live to the movies you like and the people you trust.
This blog post by Kurt Opsahl at the the EFF gives a brief timeline of Facebook's Terms of Service changes through April of 2010. It's a great overview, but I was a little disappointed it wasn't an actual timeline: hence my initial inspiration for this infographic.
280 How-To Permanently Delete Your Facebook Account
278 10 Reasons To Delete Your Facebook Account
Your information is never really private on Facebook.
Online, Facebook, Privacy, Startups, Social Networking
Since its incorporation just over five years ago, Facebook has undergone a remarkable transformation. When it started, it was a private space for communication with a group of your choice. Soon, it transformed into a platform where much of your infor...
101 - 201