Getting started with privacy tools to secure your online life can be daunting. There is a lot of misinformation out there, a lot of questionable products that unless you are an expert it's difficult to judge the quality of, and then even when you choose an appropriate tool many are difficult to use if you are not a computer professional. This document is a guide for where to start, how to get the most privacy for your efforts, and which products and services deliver on actual privacy and security.
Set up a password manager
You will need to choose one really good password, but that is the only password you'll have to remember. Your password manager stores the rest for you. This means that every site you visit can have a diiferent long, complex password that you don't have to memorize.
It can take some time to set up a password manager and get all the sites you visit into it, but it is well worth it. Once it's set up it's easy to use, and can also be used on your phone.
Install and use Signal
Set up two factor authentication where possible
Change the way you think about email
- Email as a postcard
- Security of your email depends on your recipient's crappy password
- Email lives on someone else's server
- Google must read your gmail to do spam filtering.
Install and use the Tor browser
Some onion sites to try:
- ProPublica http://www.propub3r6espa33w.onion/
- Facebook https://facebookcorewwwi.onion/
- Duck Duck Go http://3g2upl4pq6kufc4m.onion/
Install a tracker-blocking plugin in your non-Tor browser
- Privacy Badger
- Brave Browser
Preventing unintended disclosures of personal information
Change the way you think about the cloud
The cloud is other people's computers
Safer storage and backup alternatives
Threat Modeling 101
Number One Message: Don't stop using technology just because some bad things can happen. A piano could fall from the sky. Mostly it doesn't. Threat modeling can give you a way to get just a little bit safer on the internet, in the ways that matter to you.
What do you have that you want to protect?
- information - no one can access what you have
- integrity of information - no one has changed the information or destroyed it
- integrity of identity - no one is pretending to be you
- location - no one knows where you have been, where you hang out or where you are going
- friends, family and associates - no one can identify who is close to you
- what you communicate
- who you communicate with
- what you are reading or researching
Who do you want to protect it from?
- The government
- Your employer
- Your future employers
- Internet trolls
- Your mom.
How likely is it that they'll target you?
- Will they just stumble on it in the garbage/on facebook (no equivalence implied)
- Are you a member of a group that is likely to be targeted
- Public Figures
- Ethnic or Religious Minorities
- What resources can your adversaries bring to bear?
- Your nosy great uncle
- The NSA
What are the consequences if they are successful?
- Who is harmed and in what way?
- Would it be possible to make up for a loss?
- Even bad publicity is good publicity?
What are you doing well now?
- Don't abandon good processes you already have (Whats App may be just fine for you)
- Look for tweaks to current habits (shredder in front of the recycle bin)
What are the resources you have that you can dedicate to improvements?
- Equipment - a second phone, a cheap laptop
- Attention - making the things you do every day just a little bit harder
- Reduction in connectivity
Threat modeling resources: A First Look At Digital Security from Access Now  Surveillance Self Defense  Futurography February: Cybercrime Self-Defense  Security In A Box  Data Privacy Project for Libraries and Patrons  10 tech issues that will impact social justice in 2017 from Ford Foundation  Media:CryptoParty_-_Threat_Modeling_101_-_for_wiki.pdf