In addition to aforementioned rules about internet and computer security (1, 2, 3, 4) it’s worth mentioning that security measures can create their own vulnerabilities.
That’s true in terms of human systems. For instance, granting high-level powers to system administrators creates risks that they will exploit them deliberately or have their credentials stolen, or simply used after being left unguarded.
It’s can also be true for technical means. For instance, people often misunderstand TOR and believe that it makes everything about their web browsing anonymous. Really, it just routes the traffic several times within an encrypted network to disguise the origin before using an exit node to communicate with the target server, potentially with no encryption. Since people may be more likely to use TOR for sensitive or illicit purposes, those exit nodes are likely a target for both freelancers and governments.
Some recent stories have alleged that the virtual private networks (VPNs) which people use to protect themselves from an untrusted local network can create risks as well:
- National Security Agency warns that VPNs could be vulnerable to cyberattacks
- VPN with ‘strict no-logs policy’ exposed millions of user log files including account passwords
Earlier, people alleged that Facebook was using its Onavo VPN to snoop on users.
Russian Hackers Are Abusing VPNs To Hijack Accounts, US and UK Officials Say – Slashdot
https://tech.slashdot.org/story/21/07/01/2229233/russian-hackers-are-abusing-vpns-to-hijack-accounts-us-and-uk-officials-say