Due to persistent abuse from Chinese hosts, they are blocked from connecting. Please utilize a VPN or the TOR network if you wish to use Kinmunity from within China. You will not be able to create an account automatically when browsing this way, but you can contact us to get registered! 

China has been blocked

Due to persistent activity from bots consistent with attempted Distributed of Denial of Service attacks, we have opted to block connections to ikari from Chinese hosts. This means, that the following services will not be available to users of Chinese hosts:

kinmunity.com

wolfhowl.me

As we do not have any registered Chinese users on any of our services, we expect this to have minimal impact. If you wish to access our services from China, you are encouraged to use a VPN or the TOR network. You will not be able to create an account automatically when browsing this way, but you can contact us to get registered! Thank you for understanding.

Staying Safe Online

With all the data breaches in the news lately one thing is clear, staying safe online isn’t easy! It’s probably good practice to assume you will be the subject of a data breach at one point in your life, so how can you stay protected even if the worst happens? This guide was written to help users of Kinmunity stay safe online, but the guide applies to everyone and can be shared and reproduced under a Creative Commons BY-SA licence.

1. Use a different password on every site / app.

This tip is now given out in almost every online security guide I’ve seen, and it’s often the tip that is most ignored by users because it is difficult to do. The more sites and apps you’re on, the more passwords you have to remember, right? Password reuse is AWFUL for security’s sake. Let’s say you use the same password on Kinmunity as another website you use, say an online game. Let’s say you also use that password for your PayPal. The game site gets compromised and your password leaks, guess where else the attackers can login -- your PayPal and Kinmunity accounts. But how can you use a different password everywhere safely? That brings us to the next point...

2. Use a secure password manager.

We at Kinmunity recommend Bitwarden. A password manager allows you to remember one (hopefully secure!) password, which is used to decrypt a database containing your other passwords. Bitwarden allows you to generate a secure and random password for each site or application you use, and then stores it for you so you don’t have to remember it either. It supports syncing across multiple devices, and is open source. If you’re a nerd, even the server is open source so that you know your passwords are secure!

3. Use two-factor authentication where it is available.

Two-factor authentication combines something you know (your password) with something you have (your mobile phone, or hardware security token) before granting access to a service. This makes it much harder for an attacker to gain access to your accounts, even if they have your password. The most secure form of 2FA is the hardware token - we recommend the Yubikey Security Key for this purpose. You can also use your phone to generate time-based tokens - we recommend the Authy App for this!

4. Look before you type.

Never enter your username and password anywhere without verifying that you’re where you are supposed to be. Most modern services use SSL (you’ll notice the lock icon on your browser) - ensure the lock is there. Then, check the URL itself as it appears in the address bar of your browser to ensure you’re on the correct site. https://www.kinmunity.com/login is our site, for example. https://www.kinmunity.com.fr/login, http://kinmunity.com.login.us, and https://login.kinmunity.com.nz aren’t.

5. Change your passwords frequently.

We recommend that you change your passwords on the various sites you are on once every three months. You can use your Password Manager to help you! This helps so that if there is a breach, the time that they can use the passwords they’ve stolen is limited.

6. Never share passwords, for any reason, ever.

That customer service person on the phone does not need your password. Your boss at work does not need your password. Site administrators do not need your password. Your friends and significant other do not need your password. Period. Sharing passwords is a bad habit to get into, and it strongly increases the chance of you getting compromised. You cannot control information and who receives it once you give it to another person -- and it’s all too easy to become a victim of phishing. 

A good example from an administrative side; I do not need somebody’s password to login to their Kinmunity account (nor their 2FA token if they use two-factor). I simply need their permission and I can do it from the admin panel. Most sites and services are setup like this. DO NOT SHARE YOUR PASSWORD.

7. Put security first, your identity depends on it.

No, it really does. Identity theft is the fastest growing crime in America, as I’m sure you’ve heard quoted over and over again by various news stations. A lot of reasons the general public does not implement basic security measures that would strongly reduce the chances of them becoming victims is because it is convenient not to. Reusing the same password over and over is simple, and it means you don’t have to download a password manager and remember a master password, for example. However, it also means that it is convenient and simple for an attacker to steal your identity. Security is a digital lifestyle, and it’s time for a lifestyle change if you’re not living it!

8. Evaluate the sites and services you use.

Do you care about your identity and privacy? Great - the message is sinking in! Unfortunately, many services do not. In 2019, there are still websites and apps that are storing user passwords on their servers in plain text, fully in view to anyone who manages to gain access to that server. If you use a site listed on https://plaintextoffenders.com, you may wish to discontinue its use. Google around about a site for its reputation, and the reputation of those operating it. You might save yourself a headache later if you don’t sign up for that popular virtual pet game being ran by sketchy operators.

9. Protect your devices.

A lot of application developers and service operators DO put a lot of thought in security. This makes it more attractive to malicious actors to create spyware & malware for home computers and mobile phones. Use a reputable anti-virus solution -- Yes, Mac & Linux users, that includes you too! You -CAN- get viruses.

10. Seriously, follow the guide.

Don’t read this guide and follow the three easiest tips to implement. Don’t read this guide and follow all but one tip. Follow each and every one, because the moment you pick and choose what you feel is important, is the moment you open yourself up to needless vulnerability. Kinmunity is one of the most secure communities on the internet, and it didn’t become that from carelessness. The moment you become complacent is the moment you become wide open.

Authorship

This guide was developed by Naia Ōkami. She is a reputable security consultant specializing in offensive operations and penetration testing. The purpose of this guide is to give Kinmunity users simple tips to better help them protect their digital identity, but the majority of the document could apply to all internet users in general. For this reason, it is available under a Creative Commons BY-SA license for all to reproduce and use!