Privacy Tools

From NYC Resistor Wiki
Jump to navigation Jump to search

Getting started with privacy tools to secure your online life can be daunting. There is a lot of misinformation out there, a lot of questionable products that unless you are an expert it's difficult to judge the quality of, and then even when you choose an appropriate tool many are difficult to use if you are not a computer professional. This document is a guide for where to start, how to get the most privacy for your efforts, and which products and services deliver on actual privacy and security.

Level 1[edit]

Set up a password manager[edit]

You will need to choose one really good password, but that is the only password you'll have to remember. Your password manager stores the rest for you. This means that every site you visit can have a diiferent long, complex password that you don't have to memorize.

It can take some time to set up a password manager and get all the sites you visit into it, but it is well worth it. Once it's set up it's easy to use, and can also be used on your phone.

Install and use Signal[edit]

Set up two factor authentication where possible[edit]

Change the way you think about email[edit]

  • Email as a postcard
  • Security of your email depends on your recipient's crappy password
  • Email lives on someone else's server
  • Google must read your gmail to do spam filtering.

Install and use the Tor browser[edit]

Some onion sites to try:

Install a tracker-blocking plugin in your non-Tor browser[edit]

  • Privacy Badger
  • Brave Browser

Level 2[edit]

Preventing unintended disclosures of personal information[edit]

Change the way you think about the cloud[edit]

The cloud is other people's computers

Safer storage and backup alternatives[edit]

Threat Modeling 101[edit]

Number One Message: Don't stop using technology just because some bad things can happen. A piano could fall from the sky. Mostly it doesn't. Threat modeling can give you a way to get just a little bit safer on the internet, in the ways that matter to you.

What do you have that you want to protect?

  • information - no one can access what you have
  • integrity of information - no one has changed the information or destroyed it
  • integrity of identity - no one is pretending to be you
  • location - no one knows where you have been, where you hang out or where you are going
  • friends, family and associates - no one can identify who is close to you
  • what you communicate
  • who you communicate with
  • what you are reading or researching

Who do you want to protect it from?

  • Competitors
  • The government
  • Your employer
  • Your future employers
  • Internet trolls
  • Thieves
  • Your mom.

How likely is it that they'll target you?

  • Will they just stumble on it in the garbage/on facebook (no equivalence implied)
  • Are you a member of a group that is likely to be targeted
    • Women
    • Activists
    • Public Figures
    • Ethnic or Religious Minorities
  • What resources can your adversaries bring to bear?
    • Your nosy great uncle
    • The NSA

What are the consequences if they are successful?

  • Who is harmed and in what way?
  • Would it be possible to make up for a loss?
  • Even bad publicity is good publicity?

What are you doing well now?

  • Don't abandon good processes you already have (Whats App may be just fine for you)
  • Look for tweaks to current habits (shredder in front of the recycle bin)

What are the resources you have that you can dedicate to improvements?

  • Time
  • Education
  • Equipment - a second phone, a cheap laptop
  • Attention - making the things you do every day just a little bit harder
  • Reduction in connectivity

Threat modeling resources: A First Look At Digital Security from Access Now [1] Surveillance Self Defense [2] Futurography February: Cybercrime Self-Defense [3] Security In A Box [4] Data Privacy Project for Libraries and Patrons [5] 10 tech issues that will impact social justice in 2017 from Ford Foundation [6] Media:CryptoParty_-_Threat_Modeling_101_-_for_wiki.pdf

Level 3[edit]

PGP-encrypted email[edit]

Level 4[edit]