I've worked in the infosec field for some time. I really like it. After reading many books on privacy and data, technical books on computer science, white papers on the subject, and worked in some projects I gotta say that you are right: it is a big issue. And something to freak about.
Let me start by saying that you can't rely only on tools if you want privacy. Tools will give you a degree of privacy, if used correctly, but it is well understood in the field that security is a process and not a few tools here and there. In software, flaws are inevitable, vulnerabilities exist in all programs and new ones are discovered all the time. All. The. Time.
The solution to this problem is to reduce the risk of exposure regardless of the product. Everything we use is built by others, how do we know they are trustworthy? We have to trust someone, right? Trust is a very big word. We don't realise how important it is.
Now, I don't want to over extend my post. We could fill a book on all the moral, ethical, psychological dilemmas on security. It is important to understand, though, that security is a process, not just the use of a tool.
Here are a few practices and tools that I use in a daily basis:
Some recommendations for the most protection you can have?
Hope it helps!
Let me start by saying that you can't rely only on tools if you want privacy. Tools will give you a degree of privacy, if used correctly, but it is well understood in the field that security is a process and not a few tools here and there. In software, flaws are inevitable, vulnerabilities exist in all programs and new ones are discovered all the time. All. The. Time.
The solution to this problem is to reduce the risk of exposure regardless of the product. Everything we use is built by others, how do we know they are trustworthy? We have to trust someone, right? Trust is a very big word. We don't realise how important it is.
Now, I don't want to over extend my post. We could fill a book on all the moral, ethical, psychological dilemmas on security. It is important to understand, though, that security is a process, not just the use of a tool.
Here are a few practices and tools that I use in a daily basis:
- I pay for a VPN monthly. I can recommend you iVPN and Mullvad. I use OpenVPN client.
- I don't have any social network. In those services, you're the product.
- I store my pictures, docs, videos, and more in a Dropox account, but in an encrypted container. I encrypt my data in a container first, and then upload that file. In that way, I have a backup of my data, but it is encrypted with strong algorithms.
- I use a password manager that generates passwords automatically for each new account. I don't even now my password from this forum. I use pwsafe, designed by Bruce Schneier, a famous Cryptologist and Author.
- I browse in Firefox with some configurations and some addons: Privacy Badger, uBlock Origin, HTTPS Everywhere, NoScript, Profile Spoofing. I use it for online purchases, or other sensitive stuff. I use Google chrome for ocassional browsing.
- I use Windows for ocassional browsing and playing games. I use GNU/Linux for everything else that requires other levels of protection, such as online purchases. I fully encrypt my Linux disks.
- For communications I use Whatsapp. I know, I know. I would prefer to use Signal, but my family is far away and they are not tech savvy. Whatsapp implemented end-to-end encryption with the creator of Signal, so I decided to trust them.
- This should be obvious, but I don't send any sensitive and private information through normal channels of communications.
- I do use Gmail, but I also use Tutanota and Protonmail. Email is broken, though. The majority of the protocols on the internet like HTTP, TCP, SMTP were not designed with security in mind. Email it's fundamentally broken. If you want to communicate with other people securely, don't use email, use Signal.
- I own an iOS smartphone. They are a problem from a security stand point, and I know it. I use it as much as a dumbphone as I can. I have the 16GB model, and I always have more than 5gb free. Like you said @Fred Chevry, a dumbphone won't improve security. 2G networks are encrypted but with a very weak algorithm, so they are fundamentally broken. I chose it because I consider iOS more secure than Android.
Some recommendations for the most protection you can have?
- Use a VPN at all times. Don't trust your ISP provider.
- Use Signal, if possible, for instant messaging and calls. Or, Pidgin + OTR.
- Don't use the same laptop for browsing, playing games and make purchases online. Play in a console (DO NOT DOWNLOAD PIRATED GAMES), do ocassional browsing in a computer, and online banking and purchases in another computer used ONLY for that.
- Encrypt your files before uploading them to the cloud.
- Use TOR Browser, if possible, for private browsing.
- Use PGP for emails. This is not bulletproof, but it's the best thing you can do with the broken SMTP protocol.
- Encrypt your disks, and use GNU/Linux (Debian + LUKS). Use Tails or QubesOS in case you really want to be protected.
- Use a password manager encrypted with a strong passphrase. Use pwSafe.
- Use two factor auth in all web apps. If they don't have it, demand it (I recently wrote my bank about this... 2017 and no 2 factor auth, can you believe it?)
- Don't just delete your files, shred them using Bleachbit.
- Encryption is your friend, use it. Use it for communication, for disks, for everything.
- Have common sense. This is probably one of the most important things too... If you see an ad offering a free iphone, please don't click on it. Do not open any files from unknown sources. Don't rely on antivirus only (in fact, I don't even have one).
Hope it helps!
Last edited: