Jump to content

Privacy Best Practices (A Discussion)

Recommended Posts

Posted (edited)

Privacy and information security are things I've always taken seriously. My friends have had good natured laughs about this over the years. But I've actually needed to give a few of them crash courses on the subject over the last two weeks. People are beginning to understand why free speech matters. They're also beginning to understand why privacy matters. The citizens of Europe and Scandinavia are now being thrown in jail for liking the "wrong" things on Facebook. Americans are being run out of their jobs and communities for expressing views everyone considered self-evident 15 years ago. Medical doctors are getting deplatformed and de-personed for questioning protocols forced on their patients. The president is having tweets hidden and "fact checked" by Twitter. And Michael Moore (of all people) recently had a documentry pulled from youtube for questioning official narratives on climate change. Is there anybody left, at this point, who can say (with a straight face) "why does privacy matter if you have nothing to hide?"

So let's talk about privacy and information security... I want to share some of the things I've learned over the years (best practices, specific tools, etc). But I also want to be upfront about the fact that I'm not a technical genius, who knows it all. I'll tell you what works for me. It may not work for you. Feel free to pick and choose according to your needs and circumstances. Add your own ideas and practices to this discussion. And correct anything I say that's wrong or in need of improvement. Let's collaborate and improve our understanding of this subject.

Convenience is the price to pay for privacy. Willingness to pay that price is the mindset you need to adopt. This is the most fundamental thing I can say. Many of the best privacy tools are free, open source, well documented and user friendly. They're also moderately slower and occasionally incompatible with some of the things you'll want to do. Do you believe in privacy enough that you're willing to make small sacrifices for it? That's what it really comes down to.

What kind of privacy are we talking about here? Privacy from corporate data mining? Privacy from rogue governments? This actually depends on the specific tools you use, and how well (or poorly) you use them. It's difficult to say with certainty what the capabilities of various organizations are. But there's strong reason to believe modern encryption algorithms (properly implemented) are thoroughly unbreakable with current technology. The efforts of governents around the word to ban apps and programs that make use of these encryption algorithms suggests their efficacy in doing what they're meant to do. But all apps and programs are not created equal. And even the best of them are useless when used poorly.

1) Get the spyware out of your life. People are going to loathe this suggestion. But Google, Apple, Microsoft, Twitter, Facebook, Instagram, Amazon, YouTube etc. are spyware. These companies are not your friends. They make their money by learning everything about you and selling it to anybody who wants to know. I won't dwell too much on this point, becasue it's, ironically, the hardest suggestion I have for most people. Make this decision based on your own level of commitment and specific needs/circumstances.
2) Start using good passwords. A good password has a BARE minimum of 20 characters with upper + lower case letters and special characters included in it.
3) Change the default settings on all your devices and programs. Default settings are the bane of privacy. The first thing you should do, on all your new electronic devices and programs/apps, is go into the "settings" panel, comb through every menu and sub-menu with a fine-toothed comb, and make sure the thing actually works for YOU and not some tech company. The first thing I do with any new phone is spend 30 minutes in my settings turning over every rock that Google and location services are hiding under. It can be a real process...
4) Geat a real email service that respects you. Protonmail is one of the best at the time of this writing.
5) Get a web browser (for your ordinary internet use) that doesn't track you. Firefox is pretty good (with the right settings chosen). Brave is okay as well. The best browser will always change. You need to stay on top of this.
6) Get a default search engine (for your ordinary internet use) that doesn't track you. Duckduckgo and Startpage are two of the best at the time of this writing. The best search engine will always change. You need to stay on top of this.
7) Add browser extensions that amplify the privacy of your browser. The EFF makes two outstanding extensions for firefox. The first is "HTTPS everywhere." The second is "Privacy Badger."
8) Replace your phone's default messaging app with an app that utilizes end-to-end encryption. Signal is one of the best at the time of this writing. Enable password protection and dissapearing messages. And invite as many friends as you can to use it. It's designed for maximum privacy when both parties are using it. It also gives the ability to make encrypted phone calls between users from within the app.
9) Encrypt your phone, chose a strong startup and lockscreen password, and enable the setting to automatically factory-reset after a number of wrong password attempts. Shut your phone down completely when not in use to get on the outside of the encryption.
10) Understand that your phone is ABSOLUTELY and always the weakest link.
11) Get a VPN for your ordinary internet use that doesn't keep logs of user activity. This is only for ordinary internet use. ExpressVPN is one of the best at the time of this writing. Configure it to start by default when your device starts up, and to kill all network connections if disconnected. You can use it on your phone and desktop computer.
12) Consider installing and learning to use one of the major Linux distributions as your Desktop operating system. Ubuntu is a great and user friendly place to jump in. It's easy to install, easy to dual-boot, and easy to use overall.


1) VeraCrypt...(a free open source disk encryption software for Windows, Mac OSX and Linux).
This allows for the whole-disk encryption of a computer's hard drive, encryption of removable media, creation of encrypted file-containers as well as encrypted hidden volumes and operating systems.

2) TAILS (The Amnesic Incognito Live System)
This is a portable operating system that protects your privacy and helps you avoid censorship. All incoming and outgoing connections are forced to go through Tor, and any non-anonymous connections are blocked. The system is designed to be booted as a live DVD or live USB, and will leave no digital footprint on the machine unless explicitly told to do so.

3) Tor (The Onion Router)
A free and open-source software for enabling anonymous communication.

4) PGP, or GPG
A program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.There are different implementations of these programs for different operating systems (some better than others). Do your own research, but start here:

5) Bleachbit
A program that allows you to securely erase data from spinning drives. It's important to understand that this does NOT work on newer, solid-state drives.

The Electronic Frontier Foundation (the whole site). Make a donation. Become a member. Learn about things I havent mentioned and don't know about. I can't tell you how awesome and important they are...

1) I don't know it all (or even most of it).
2) The best programs in the world are useless if used badly. Settings, configuration, password strenth, user-diligence...are always crucial. Do your due diligence to avoid a false sense of security.
3) Privacy is a mindset and lifestyle.
4) The digital/information landscape is continually changing. You have to stay on top of developments as they break (see point 3).

Edited by Thomas.Hill

Share this post

Link to post
Share on other sites

A stack of gold bars!!!!

Someone who obviously knows what he's talking about.

Please -- whoever has the power -- make this man a ... well, some sort of official title -- Security Advisor?


Now ... suggestions:  If you're reasonably web-savvy, and have the time and patience, you'll do this. This means, probably about 1% of this forum.

What we need  is a highly simplified guide to achieving various levels of security, spelled out as simply as possible  (and ideally for all three major OS platforms).

Something which is easy for someone with very little web-experience to follow.


Something like this:


Level I: prevent your emails from being read. Get a ProtonMail account. It's free. Go here: ProtonMail.com    (Nothing is perfect: Quantum computing is going to change everything. But for the moment, this will work). 


Level II: secure your secondary storage (disc drives): etc  [Both encryption and systematic frequent back up onto devices which can be plugged into your computer, written to, and then unplugged.


It would be useful to discuss realistic threats.  Why, for example, would you want to encrypt your email, or secure your hard disc, given, as Mr Hill points out, that there is price in the currency of convenience to pay for doing so? 


Many people seem to think that they will be operating as part of a guerilla war underground, fighting a dictatorial East European style government. Some people seem to believe they already are. And ... Hollywood, where most people get their unconscious background  assumptions about the world , has portrayed the CIA (standing in for NSA/FBI/the Lizard People, etc) as omnipotent.  The reality is far different.


More importantly, the things we email each other about, by and large, are perfectly harmless. If you are emailing someone in order to plan an assassination, to acquire some C4, then, yes go ahead and encrypt your email. You'll almost certainly be caught anyway, and deserve to be.  That is to say, at the moment, government is NOT the enemy of a properly well-regulated (which means, with good internal regulations) militia.


However, there is an enemy which, unlike government observers, is a clear and present danger: 'private' infiltrators from the Left -- either journalists working on a story or a book about the militia (this has already happened) or, more sinister, sophisticated Leftists aiming to 'dox' people by acquiring their real identities, or even wreck the site, and/or wreckmilitia members' hard drives with Trojan Horse type software.


I believe protection against this threat is the top priority, and it doesn't involve any special software, except perhaps a VPN (and, perhaps a ProtonMail account, since the free email providers like Google may well have ideological enemies working for them, with access to personal details for their account holders).   Rather, what's needed for this first level is a change in behavior.


In other words, at the moment, the main enemy is not the government, but 'private' groups and individuals.


However ... I may be wrong about the threat assessment.  I would love to hear @Thomas.Hill's comments on this.  [The OS I'm most fluent in is MSDOS 3.2, so there are a lot of aspects of modern computer usage that I know little about.  In my comments above, I assume people are using a computer with onsite secondary storage ... but what about people who communicate via their iPhone and store their data in the Cloud?  I know nothing about this.)





You can get a lot further in life with a kind word and a gun, than with a kind word alone.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...