Stealing back your privacy — 8 Step Beginners Guide
Below is a quick rationale of why we need to take these steps, followed by the first 8 steps you can take to take your privacy back for good!
TL;DR at the end :)
Why?
Nothing to hide, Nothing to fear.
One of the biggest lies we hear every day: Why should you hide personal information, pictures, messages, thoughts, ideas, unless you have something to hide? I have just finished reading Permanent Record, By Edward Snowden. And I came out thinking (scared) of all my personal information out there, stored somewhere on a company server. Pictures, notes, messages, messages to crushes, and more — possibly unencrypted, open for exploitation, or worse. And with loose laws, government intervention and legislation forcing companies to leave doors open, and data unencrypted — it is not easy to have confidence in any service.
In the wise words of Edward Snowden:
“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”
― Edward Snowden
1. A Quick Checkup
The first step is damage control. One of the best sites to do a damage assessment is Have I Been Pwned. With an email checker, and a password checker in one. When a data breech happens, it is quickly updated on the site and with options to notify you of data breeches with your email, it is worth a checkup now!
You can clearly see who/what/where you have been compromised. Allowing you to take targeted action to change passwords, emails, usernames, etc.
My advice:
- Do a quick check across all your emails.
- Check if your usual password has been seen in a leak here.
- Make a note of the services which have been leaked, especially email services and services with your credit card details.
- Delete your account with these services or prepare to change your email/password on them ASAP.
2. Email
Your email service is a priority for your privacy. If a hacker has access to your email, he can own your life. My email is connected to my: banking, bills, phone, other email recovery, cloud storage, tools, work, etc.
Keeping your email secure is critical, and keeping the information inside your email secure is critical. If i receive an email to my Gmail, Google scans this email, feeding it into an AI engine and using my personal information to build bots, and models to mimic my human behaviors.
Pick an email service that encrypts your email E2E (End to End) and doesn’t read your emails to serve you ads or to improve their neural networks.
My personal favorite. With opensource apps and encryption it’s the best service I’ve used to date. The UI is clean, simple and works. Their iOS and Android apps are great and easy to use.
Privacy at the core of the service, they are trusted by Edward Snowden and many more activists. Their free tier offering is limited but very fair. It only lacks personal domains and the ProtonBridge (App to allow you to use local mail client apps like AppleMail). With 500MB of free storage it will easily store several hundred emails. Plans start at 5 Euro per month and can be bundled with other services (ProtonVPN, and ProtonDrive coming soon!).
Payment options: Cash, Bitcoin, Paypal, Credit Card.
My second favorite service. Not one I pay for, but I am always recommending. At 12 Euro per year, it is more affordable than ProtonMail. With all their apps being open source, I have confidence in their service.
Unsure:
iCloud Mail — Apple have been very forward thinking with their email services, but the recent announcement to not store iCloud Backups unencrypted does not bode well for their policies overall.
Avoid:
Google, Microsoft, Yahoo, Zoho, Yandex, Outlook. — Just no.
Advantages of Private Email Services:
- Emails are not/can’t be read by the service provider as they are encrypted at rest.
- Emails can be sent securely to other private email providers.
- Features that are harder to hack.
Disadvantages of Private Email Services:
- Free tier is limited (usually limited storage space).
- Sometimes less user friendly than other providers (Although ProtonMail is very friendly).
- Sent emails are only encrypted when sent to other private services using PGP Encryption. (e.g Gmail needs a 3rd part add-on to use this.)
3. Password Management/2FA
Password Manager
There is a very clear winner in the password manager category:
Bitwarden is open source, free to use, and best of all, you can host it yourself. If you have a RaspberryPi at home, you can easily setup an instance of Bitwarden and have 100% control over your data/passwords.
Personally I pay the very reasonable $10 per year for the premium version and like to support the developers.
Some of the features of Bitwarden:
- App for everything — Browser, iOS, Android, Linux, Windows, MacOS, Linux, etc.
- Password Autofill
- Password generators
- 2FA built-in
- Sync across devices (Unlimited)
- Password Sharing & Access Control
REMEMBER: PassWORD is ancient history. PassPHRASE is the correct term. Think of a phrase that is unique and only you know.
EXAMPLE: 6s&7M#$#G is easier to crack than horseshavefunnyfacesSOMETIMES!!!, which is actually a great password (DONT USE IT).
Unsure:
The below companies didn’t make the cut because they are not open-source, and some of their ownership structures are shady — i.e owned by a VC or entity that is questionable. They are very good password managers, and some have interesting features, but they would be secondary to Bitwarden.
— 1Password, Lastpass, Dashlane, RoboForm —
2FA
Two-factor authentication goes hand-in-hand with your passwords. If someone gets access to your vault, 2FA can be additional protection. There are many 2FA apps available. Personally I use Authy. It works across platforms (MacOS, Windows, Android, iOS) and can sync accounts easily — meaning if I lose my phone, my 2FA isn’t lost. It’s a 100% free service provided by Twilio as it directly links with their SMS service. Their apps are super clean, easy to use, and the experience across platforms is 10/10/
But choosing Authy means that I am more vulnerable as my 2FA is being held by Authy’s service — a non-open source service and directly tied to a phone number. I am happy with this but I am considering other options.
In the future, I may migrate my 2FA to FreeOTP. An open-source multi-platform (iOS/Android) 2FA App. But this is for another day!! (And the app isnt as pretty!)
4. VPN — What and why?
Tunneling your data through an encrypted service to anonymize and protect your data is easy now. Giving you freedom from hackers on your network or your ISP.
There is a very well recognized resource for VPN comparison. ThatOnePrivacySite takes all the work out of comparing services across multiple categories. With my personal preference being for:
- ExpressVPN — Great speeds, great apps, lots of servers/location, TrustedServer Technology, no logs, BVI Entity, 10/10 support staff, and lots more.
- ProtonVPN — Trusted company, great apps, Secure Core Routing, no logs, Located in privacy focused country, and lots more.
- Private Internet Access (PIA) — Proven track record to defend users legally, lots of servers/locations, great speeds, good for streaming, great apps, no logs, 10/10 support staff, best priced, and lots more.
Honorable Mention — NextDNS
I’ve written about NextDNS before, and it’s a service I use everywhere. Having installed it on my family’s phones to block ads and tracking. It doesn’t change/encrypt your traffic, but instead encrypts and blocks tracking requests made by your device.
5. Cloud Storage
Cloud Storage as a Service
There is a balance when it comes to Cloud Storage. Convenience, features, and price. If you want storage as a service, I recommend Mega.nz.
I have been a customer of Mega since they first opened in 2013. The ervice was build around E2E encryption and they do not lie. They have even open sourced several of their clients.
Although you are giving up control over your data and encryption to a third party (with some questionable history) — they seem to be legit, and their support is 10/10.
Data Encryption — Any Cloud
Taking total control of your encryption is not as hard as it used to be. I have done a comparison of several open-source file encryption platforms.
Cryptomator is what I recommend to everyone - for ease of use, multi-platform apps, and reliability, it just works. It also has direct integration with Dropbox and Google Drive which is nice.
Features/High Points:
- Multi platform apps (iOS, Windows, Android, Linux)
- Easy to use — Simple GUI and apps with basic features
- Able to work with all major cloud storage systems (Google Drive/Dropbox/OneDrive/Box/Etc)
- Free — open source & actively maintained
6. Messaging
Recent news about Jeff Bezos being hacked by a foreign intelligence service, has shed light on how easy it is to use a messaging service to compromise the data on a phone. The report detailed, it only took 1 malicious video file to gain access to Bezos’ phone.
With WhatsApp being the standard for communication globally, we are heavily reliant on Facebook’s use of encryption in their communication. For this reason, I am (trying) to move my messaging to other apps.
Signal, an open source instant communication platform run by a non-profit, and backed by several leaders in the privacy space. With messaging, calling, and media sharing capabilities, it has all the features of WhatsApp with the bonus of having open source audited encryption standards in place. With multi-platform apps.
Notable Platforms:
WhatsApp is a global standard in instant messaging. It won’t be going away, but it should not be 100% trusted. With recent scandals, I am hoping Facebook will begin to work on WhatsApp to build trust again with it’s users.
Telegram, another open source platform that promotes encryption, user privacy, with cool features like message self-destruction.
7. Browser
Chrome & Google cannot be trusted with our privacy and our personal data. Google Chome although being the most widespread browsers available, across both mobile and desktop, is only one of many great browsers.
Firefox, one of the top most popular browsers, puts users at the core of their non-profit business. With highly customizable privacy features and built in anti-fingerprinting and ad-blockers, it is my personal choice when combined with several key plugins: HTTPS Everywhere, Decentraleyes, uBlock Origin, most importantly Firefox Containers (awesome plugin — just try it).
Brave, a new to the scene browser with many cool features built in. Started by ex-Firefox employees, it makes up for some of the features Firefox lacks. Using it’s own crypto-currency to give back to creators, as well as built in ad-blocker, cookie blocker, and anti-fingerprinting features.
No privacy focused list would be complete without Tor. Tor is free and open-source software for enabling anonymous browsing online. By encrypting and layering your traffic through multiple nodes globally, it is the most secure way to browse online. It’s a bit advanced to explain, but if you are in a country with questionable surveillance policies, check it out.
8. Money
When it comes to privacy, there are several ways we can keep our privacy. But convenience is also something to consider. In my country, I can buy milk with Monero (yet).
Cash
The reality is, money is king.
Paying with cash, avoids any tracking. Nobody but you and the cashier knows what you have bought (assuming you don’t use a loyalty card).
Credit cards, loyalty cards, Visa/MasterCard, etc all keep track of your purchase history. Visa & MasterCard are notorious for selling on customer purchase history to data brokers who in turn sell onto companies to be able to target customers directly based on their previous purchases.
TL;DR:
- Check if your data has been leaked here.
- Get yourself a private email address free here.
- Sign up for Bitwarden here, & download and start using Authy here.
- Get yourself a solid VPN here (Paid) or here (Free but slow)
- Start encrypting your data with Cryptomator.
- Download and use Signal instant messenger.
- Start using Firefox and/or Brave.
- Pay with cash!
Notes/Comments
Thank you and please feel free to suggest edits, comments, and more.
