22 KiB
Personal Cyber Security | TLDR
Contents
PERSONAL SECURITY CHECKLIST
This checklist of privacy and security tips, is a summarized version of The Complete Personal Security Checklist. It lays out the most essential steps you should take to protect your digital life.
Authentication
- Use a long, strong and unique password for each of your accounts (see HowSecureIsMyPassword.net)
- Use a secure password manager, to encrypt, store and fill credentials, such as BitWarden or KeePass / KeePassXC
- Enable 2-Factor authentication where available, and use an authenticator app or hardware token
- Sign up for breach alerts (with Firefox Monitor or HaveIBeenPwned), and update passwords of compromised accounts
Browsing
- Use a Privacy-Respecting Browser, Brave and Firefox are good options. Set your default search to a non-tracking engine, such as DuckDuckGo
- Do not enter any information on a non-HTTPS website (look for the lock icon), consider using HTTPS-Everywhere to make this easier
- Block invasive 3rd-party trackers and ads using an extension like Privacy Badger or uBlock
- Keep your browser up-to-date, explore the privacy settings and remove unnecessary add-ons/ extensions
- Consider using compartmentalization to separate different areas of your browsing (such as work, social, shopping etc), in order to reduce tracking. This can be done with Firefox Containers, or by using separate browsers or browser profiles
- Don't allow your browser to save your passwords or auto-fill personal details (instead use a password manager, and disable your browsers own auto-fill)
- Clear your cookies, session data and cache regularly. An extension such as Cookie-Auto-Delete can be used to automate this
- Don't sign into your browser, as it can link further data to your identity. If you need to, you can use an open source bookmark sync app
- Consider using Decentraleyes to decrease the number of trackable CDN requests your device makes
- Test your browser using a tool like Panopticlick to ensure there are no major issues. BrowserLeaks and Am I Unique are also useful for exploring what device info you are exposing to websites
- For anonymous browsing use The Tor Browser, and avoid logging into any of your personal accounts
Phone
- Set a device PIN, ideally use a long passcode. If supported, configure fingerprint authentication, but avoid face unlock
- Encrypt your device, in order to keep your data safe from physical access. To enable, for Android:
Settings --> Security --> Encryption
, or for iOS:Settings --> TouchID & Passcode --> Data Protection
- Keep device up-to-date. System updates often contain patches for recently-discovered security vulnerabilities. You should install updates when prompted
- Review application permissions. Don't grant access permissions to apps that do not need it. (For Android, see also Bouncer - an app that allows you to grant temporary permissions)
- Disable connectivity features that aren't being used, and 'forget' WiFi networks that you no longer need
- Disable location tracking. By default, both Android and iOS logs your GPS location history. You can disable this, for Android:
Maps --> Settings --> Location History
, and iOS:Settings --> Privacy --> Location Services --> System Services --> Places
. Be aware that third-party apps may still log your position, and that there are other methods of determining your location other than GPS (Cell tower, WiFi, Bluetooth etc) - Use an application firewall to block internet connectivity for apps that shouldn't need it. Such as NetGuard (Android) or Lockdown (iOS)
- Understand that apps contain trackers that collect, store and sometimes share your data. For Android, you could use Exodus to reveal which trackers your installed apps are using.
It's important to protect your email account, as if a hacker gains access to it they will be able to pose as you, and reset the passwords for your other online accounts. One of the biggest threats to digital security is still phishing, and it can sometimes be incredibly convincing, so remain vigilant, and understand how to spot malicious emails, and avoid publicly sharing your email address
- Use a long, strong and unique password and enable 2FA
- Consider switching to a secure and encrypted mail provider using, such as ProtonMail or Tutanota
- Use email aliasing to protect your real mail address, with a provider such as Anonaddy or SimpleLogin. This allows you to keep your real address private, yet still have all messages land in your primary inbox
- Disable automatic loading of remote content, as it is often used for detailed tracking but can also be malicious
- Using a custom domain, will mean you will not loose access to your email address if your current provider disappears. If you need to back up messages, use a secure IMAP client Thunderbird
Secure Messaging
- Use a secure messaging app that is both fully open source and end-to-end encrypted with perfect forward secrecy (e.g. Signal)
- Ensure that both your device, and that of your recipient(s) is secure (free from malware, encrypted and has a strong password)
- Disable cloud services, such as web app companion or cloud backup feature, both of which increases attack surface
- Strip meta data from media before sharing, as this can lead to unintentionally revealing more data than you intended
- Verify your recipient is who they claim to be, either physically or cryptographically by using an app that offers contact verification
- Avoid SMS, but if you must use it then encrypt your messages, e.g. using the Silence app
- Opt for a stable and actively maintained messaging platform, that is backed by reputable developers and have a transparent revenue model or are able to account for where funding has originated from. It should ideally be based in a friendly jurisdiction and have undergone an independent security audit.
- In some situations, it may be appropriate to use an app that supports disappearing messages, and/ or allows for anonymous sign up (without any PII: phone number, email address etc). A decentralized platform can offer additional security and privacy benefits in some circumstances, as there is no single entity governing it, e.g. Matrix, Session, Tox or Briar
Networking
- Use a reputable VPN to keep your IP protected and reduce the amount of browsing data your ISP can log, but understand their limitations. Good options include ProtonVPN and Mullvad, see thatoneprivacysite.net for detailed comparisons
- Change your routers default password. Anyone connected to your WiFi is able to listen to network traffic, so in order to prevent people you don't know from connecting, use WPA2 and set a strong password.
- Use a secure DNS provider, (such as Cloudflare's 1.1.1.1 to reduce tracking. Ideally configure this on your router, but if that's not possible, then it can be done on each device.
📜 See More: The Complete Personal Security Checklist
OPEN-SOURCE, PRIVACY-FOCUSED SOFTWARE
Switch to alternative open-source, privacy-respecting apps and services, which won't collect your data, track you or show targetted ads.
Security
- Password Managers: BitWarden | 1Password (proprietary) | KeePassXC (offline) | LessPass (stateless)
- 2-Factor Authentication: Aegis (Android) | Authenticator (iOS) | AndOTP (Android)
- File Encryption: VeraCrypt | Cryptomator (for cloud)
- Encrypted Messaging: Signal | KeyBase (for groups/ communities)
- Encrypted Email: ProtonMail | MailFence | Tutanota | (+ also 33Mail | anonaddy for aliasing)
- Private Browsers: Brave Browser | Firefox with some tweaks | Tor
- Non-Tracking Search Engines: DuckDuckGo | StartPage | SearX (self-hosted) | Qwant
- VPN: Mullvad | ProtonVPN | Windscribe | IVPN (better still, use Tor for anonimity). See also VPN Warning Note
- App Firewall: NetGuard (Android) | Lockdown (iOS) | OpenSnitch (Linux) | LuLu (MacOS)
Browser Extensions
Privacy Badger - Blocks trackers. HTTPS Everywhere - Upgrades requests to HTTPS. uBlock Origin - Blocks ads, trackers and malwares. ScriptSafe - Block execution of certain scripts. WebRTC Leak Prevent - Prevents IP leaks. Vanilla Cookie Manager - Auto-removes unwanted cookies. Privacy Essentials - Shows which sites are insecure
Mobile Apps
Exodus - Shows which trackers are on your device. Orbot- System-wide Tor Proxy. Island - Sand-box environment for apps. NetGuard - Controll which apps have network access. Bouncer - Grant temporary permissions. Greenify - Control which apps can run in the background. 1.1.1.1 - Use CloudFlare's DNS over HTTPS. Fing App - Monitor your home WiFi network for intruders
Online Tools
εxodus - Shows which trackers an app has. ';--have i been pwned? - Check if your details have been exposed in a breach. EXIF Remover - Removes meta data from image or file. Redirect Detective - Shows where link redirects to. Virus Total - Scans file or URL for malware. Panopticlick, Browser Leak Test and IP Leak Test - Check for system and browser leaks
Productivity Tools
File Storage: NextCloud. File Sync: Syncthing. File Drop: Firefox Send. Notes: Standard Notes, Cryptee, Joplin. Blogging: Write Freely. Calendar/ Contacts Sync: ETE Sync
📜 See More: Complete List of Privacy-Respecting Sofware
SECURITY HARDWARE
There are also some gadgets that can help improve your physical and digital security.
- Blockers & Shields: PortaPow - USB Data Blocker | Mic Block - Physically disables microphone | Silent-Pocket - Signal-blocking faraday pouches | Lindy - Physical port blockers | RFID Shields | Webcam Covers | Privacy Screen
- Crypto Wallets: Trezor - Hardware wallet | CryptoSteel - Indestructible steel crypto wallet
- FIDO U2F Keys: Solo Key | Nitro Key | Librem Key
- Data Blockers: PortaPow - Blocks data to protect against malware upload attacks, enables FastCharge.
- Hardware-encrypted storage: iStorage- PIN-authenticated 256-bit hardware encrypted storage | Encrypted Drive Enclosure
- Networking: Anonabox - Plug-and-play Tor router | FingBox - Easy home network automated security monitoring
- Paranoid Gadgets! Orwl- Self-destroying PC | Hunter-Cat- Card-skim detector | Adversarial Fashion- Anti-facial-recognition clothing | DSTIKE Deauth Detector - Detect deauth attacks, from Spacehuhn | Reflectacles- Anti-surveillance glasses | Armourcard- Active RFID jamming | Bug-Detector- Check for RF-enabled eavesdropping equipment | Ultrasonic Microphone Jammer - Emits signals that's silent to humans, but interfere with recording equipment.
There's no need to spend money- Most of these products can be made at home with open source software. Here's a list of DIY Security Gadgets.
📜 See More: Privacy and Security Gadgets
Thanks for visiting, hope you found something useful here :) Contributions are welcome, and much appreciated - to propose an edit raise an issue, or open a PR. See: CONTRIBUTING.md
.
Found this helpful? Consider sharing, to help others improve their digital security 😇
Licensed under Creative Commons, CC BY 4.0, © Alicia Sykes 2020