Privacy / Security

Under construction.

Notes about internet privacy and general security, online and on local machines. Admittedly these are two separate topics, but at least in my mind they are related.

Historically, I have had a small, ongoing background interest in computer security, but not too much concern for privacy. Frankly, I never bought into any of the counter-arguments against “I have nothing to hide.” I really don’t feel especially concerned about that aspect of things.

But then I read something that did change my mind. It was a quote from Snowden, “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”

This made a lot of sense to me: I certainly do care about free speech, not because I particularly want to speak out against the government or any of the typical cases where you need First Amendment protections, but I certainly care that those protections are maintained. So, for similar reasons, while I don’t feel an immediate personal need for privacy, I definitely want it to be available because the kinds of situations where it is not available tend to be quite far from optimal.

This is a list of things that have occurred to me, some of which I have experience with to varying degrees. It is ordered by increasing difficulty and personal disruption and paranoia. As I gain experience with these, I will likely write dedicated pages about them. Of course this is far from exhaustive.

One will notice that this list has to do with “desktop” computing specifically; mobile issues are their own barrel of monkeys. Also note that I am terrible at social media and not very present on it at all, but there is a lot of room for precaution in that space as well (that doesn’t really apply to me for the aforementioned reason).

(This is still a work-in-progress; there is more to come.)

  1. browse around
  2. switch to Firefox or Safari (away from Chrome) or maybe even a better privacy-focused browser
  3. install uBlock Origin (available from the normal Firefox and Chrome extensions sources)
  4. switch your default search engine to DuckDuckGo
  5. use a reputable VPN like Nord or ExpressVPN
  6. use Tor (not just for you, but to help those who really need it as well)
  7. stop using Facebook seriously, it really is quite, well, bad
  8. dump gmail and google services (see Dump Google for more details)
  9. use a security/privacy-focused OS like qubes OS

Privacy and security considerations are related, but distinct. However, I tend to think about them together as a kind of “online hygeine.” So here are some things that I am doing or thinking about to try to increase my and my family’s safety online. Of course one can never arrive at the destination and say, “Now I am secure.” It is a continual arms race, methods change, etc. Think of it more as maintaining a garden rather than painting a house.

  1. secure your cell phone account and sim card as much as possible
  2. use different passwords for all sites/accounts (see Passwords for more details)
  3. enable 2-factor authentication everywhere it is supported
  4. prefer app-based (TOTP) 2-factor authentication over SMS/email

There are a few other useful protections that don’t directly have to do with internet/computer security, but are quite useful nonetheless. I would argue that these still fall under the category of “defense in depth” and guarding against social-engineering and other offline components of attacks on personal information.

  1. lock your credit bureau accounts
  2. don’t talk to someone if they call you; call them back
  3. write down your 2fa secrets and/or backup codes
  4. create a personal theat model