For example, change your password regularly, use 2FA.
Security is not equal to privacy. Even if you do use 2FA and change your passwords all the time. You don’t gain any additional privacy.
Changing your google password and adding 2FA to your google account does nothing to make your life more private because google still can read all your emails, and sell your data regardless of 2FA.
The best habits to maintain privacy are to avoid using the services of companies that’s business model is violating your privacy.
Some pro privacy habits might be:
- Avoid any google products or services.
- Avoid and Meta products or services.
- Don’t use any free software or services that are not community run / non profit. They make money from selling your data.
In a positive light these habits might be reflected as:
- Using a google free phone. (i.e. GraphineOS or CalyxOS or /e/OS or even an iPhone as a last resort.)
- Use Lemmy, mastodon and other alternatives to big social media corps.
- Pay for reputable e-mail hosting with a reputable provider, (Ie Microsoft365 Business Account, Tutanota, or Proton Mail) or host your own.
Privacy isn’t all or nothing. Small steps are still improvements. Microsoft respects their business client’s privacy because that is what is demanded and Microsoft makes money by providing B2B services. Apple is in the business of selling expensive hardware and iCloud services so they don’t need to violate your privacy as much. These products while not perfect are leaps and bounds better then using any google or meta product.
Small steps are good steps.
If I had to choose one thing to do I would say to drop any phone that has the play store pre installed.
One addition. People say to use a VPN but I would argue that this is virtually pointless if you continue to use privacy violating services from privacy violating companies.
If your connect to what’s app or Snapchat or gmail over a https collection inside a secure VPN you are still sending them your data. Just with an extra lawyer of encryption. Google doesn’t need your IP if you give them your complete email inbox.
One thing a VPN does is prevent your ISP from selling your browsing data to third parties. If you have Comcast or Xfinity it’s worth it just to deny them even a penny.
This is true, but you also gotta consider most people do browse and go to other websites than just ones they log-in to or social medias. I think using a VPN generally makes it harder for other websites (like news articles as an example) to track you across the web. (For instance, if I visit Website A with unique IP Address Y, and also visit Website B with unique IP Address Y, even without logging in or directly giving them any data, they could correlate those 2 things. That’s where I think a VPN can really help things because it gives you a large pool of users in this case without using your unique IP).
Even besides this, you’re missing another point. I’d argue the largest benefit to VPNs is just preventing your ISP from collecting and selling the websites you visit and metadata around them. That’s a huge and undeniable benefit to using VPNs for privacy if you use a trustworthy and reputable one, just being able to prevent your ISP from seeing what you’re doing, when you’re doing it, etc, which is especially important with how dodgy ISPs are and how most collect and sell user data.
VPN is only about security against folks outside the two endpoints (ISPs, some governments, etc)
Agreed. I’d still recommend a VPN in case your ISP is some sort of big company that sells or sends your traffic to other companies or the gov though, or if you want to torrent in the US, Germany or other countries where the copyright laws are super enforced.
Just make sure you choose a reliable VPN, not some random VPN from youtube. Read articles, reviews, investigate, ask in privacy-focused communities
Security is not equal to privacy, but security is absolutely a means of protecting privacy. They asked how to protect privacy which absolutely is in the realm of security.
You don’t gain additional privacy from using 2FA, but your personal info is less likely to be stolen versus person info protected by less secure authentication methods.
Privacy uses security to protect itself. Security doesn’t increase privacy. It increases privacy protection, which is what they asked about.
Edit: shout out to proton mail though. It has some quirks that might turn off some people (mainly not being readily compatible with IMAP clients without the use of the Proton Bridge. But it’s there for a reason and works. And honestly, most of the other stuff you said is pretty good too. The Microsoft/iPhone stuff is obviously arguable (I fall on your side of it) but in the end the best practices is to limit exposure. The less your data is accessible by others, the better. Using email masks (I use Firefox Relay) to minimize email leaks is another good idea.
deleted by creator
I pepper my randomly generated passwords. For example, imagine you have a random string generated from your password manager. If the password manager’s database is breached or your master password is leaked somehow, the attackers have access to all of your information.
Now think of a word or acronym or something… Something simple (can be simpler than a normal password). When you add a login, save the generated string to the manager but use a combination of the string + unique word for the website login.
Let’s assume CHEESE is my pepper word.
The generated string: hjifd;39Vq$7}
Saved to password manager: hjifd;39Vq$7}
Submitted to website: CHEESEhjifd;39Vq$7}
Now even if the database is leaked my passwords are still mostly useless.
I do something similar (though less secure) for general purpose passwords; I have a couple of common “base” passwords that are decently secure that I commit to memory. Then for each website/service, I pick a pattern based on the name/url (maybe something like the first two and last three characters of the url), and append them to one of my “base” passwords, so each site gets a unique password, but I only have to remember a couple of them + the pattern
Use Linux, a VPN, Firefox with containers and multiple privacy add-ons. I use Veracrypt volumes to store “private” information in the cloud.
Is there a distro you recommend? I’ve toyed around with Tails, but the lack of persistence and forcing all traffic through Tor instead of a VPN (I guess the whole point of Tails) is too inconvenient for daily use.
I recommend Fedora for most people, its what I use. It has a great configuration out of the box for privacy, security, and usability, and is overall a really great option for both beginners and advanced users. Had no issues or complaints with it so far.
You can check out Privacy Guides for some other good options as well and more details, and just generally other recommendations and good resources.
Not to be one of those people, but I use Arch (btw) as a daily driver and I really like it, but also I’m a tinkerer. But TBH even just something Debian with a decent VPN would probably be a lot more private than just regular Windows 11 or whatever IMO.
I’m a tinkerer as well, but I’m at a point in my life where I need to prioritize my tinkering haha. Like buying stir-fry takeout (Windows/MacOS), cooking it by buying a pre-packaged bag (packaged mainstream Linux distro), or starting from scratch, experimenting with literally everything from chopping technique to cooking temp for each ingredient, until you realize you’re missing an ingredient you need, then you have to go back to the store (Arch lol).
I don’t divulge my security practices publicly, online. That would be incredibly dumb.
deleted by creator
Op didn’t ask for security practices.
They did and I’m perfectly prepared to double down.
If I told people I used a password manager, and which one, I give a bad actor a target. I give a social engineer a thread to pull.
If I told people I had a bitcoin at an exchange, secured using a certain method, I’d be painting a target on me.
If I told people about a rock with a key under it, then I’ve given out far too much info. Sure you don’t know where I live, but small pieces of info can add up quickly. It’s flat out dumb telling people the details of your security. What form it takes, and what products or procedures you use. Just telling them what you’re protecting is too much. Don’t. It’s bad security practice. Like it or not, I’m actually trying to be helpful.
Sue people that take pictures of me.
Unlike recording audio without consent (in 2-party consent states), recording images isnt illegal which is kind of strange (the laws don’t keep up with technology).
Im not from usa, anything you record of me, even texts could make you liable for personal rights violations in Germany.
Thats mostly for security but heres a couple: Alias emails, randomly generated usernames, privacy screen protector, instead of phone numbers use something like simplex for people you dont care about, leave big software companies for other privacy respecting ones, switch to graphenos for better control of your mobile device also utilize user profiles, use monero whenever possible (im new to this one), cash everywhere else or a service that offers card masking for questionable online purchases, lastly, this one is a big one but mind your business so you wont stand out.
P.S. you shouldn’t change your passwords regularly. Unless there was a breach or it was compromised through some means, a strong, randomly generated password should last for a couple years plus 2fa and you’re good to go. Assuming IT or your work isnt forcing you that is.
deleted by creator
What shall I use if I don’t use Twitter? I do have the plan though. I hate Elon for changing the logo to just an X.
deleted by creator
I don’t understand how changing your password or using 2FA enhances your privacy? I use a different fake name on each website I register, also use a different mail alias for every website I sign up to.
Why do you think using 2FA doesn’t improve privacy?
Not OP but the reason 2FA does not help is because “hackers” who might be stopped by 2FA are not the people violating your privacy.
It’s the mega corps that you use 2FA to log into that violate your privacy.
This all being said everyone should turn on 2FA for security reasons. Just know that this does not help privacy.
Eh, I would say hackers absolutely do violate your privacy, but simply aren’t the only ones. 2FA only protects against one threat vector, but not another.
True “hackers” do. But the average person’s privacy is violated so frequently and at such depth but companies that the amount of “violation” done by “hackers” rounds to zero.
This being said 2FA is something everyone should use.
Eh, the violation that hackers incur will tend to have a much higher impact (though lower probability) than others like Google though. Someone who has had their identity stolen will likely have more issues with hackers than with Google. You are correct about the breadth of privacy being violated “legally” but it’s only gotten that bad because of how little it affects folks day to day lives to the point they don’t really care (not defending it, just stating the observation). So, yeah, you’re more likely to be violated by Google, but if you’re violated by a malicious actors, it will hurt a lot more.
Both are bad and both need to be protected against. Both will violate your privacy and neither should be ignored.
deleted by creator