I’m no Steve Wozniak but I carry a healthy distrust of computers. After hearing of the Equifax data breach affecting the privacy of more than 145 million Americans, learning Uber paid and tried to cover up the loss of 57 million driver and passenger records, seeing the impact of the hugely problematic SEC database hack on national stock exchanges and, finally, witnessing the Meltdown and Spectre mass surveillance backdoor I’m really starting to feel the gravity this quote from Woz:
Never trust a computer you can't throw out a window.Steve Wozniak
And that was just 2017.
What are we as individuals to do to secure our identities online when governments and the businesses operating within their borders cannot even protect themselves? We stay educated. And here’s what I can tell you to help you stay safe.
Securing Your Digital Life
Review the following threats and responses you can take against those threats to hack your way to better privacy.
Advertisements seem to be following you around the Web, do they? You bet they are.
In 2007 Google, the world’s top search provider, spent 3.1 billion to acquire a company called DoubleClick. With the acquisition Google introduced a feature called Demographics and Interest in their wildly popular (and free) Google Analytics tool—itself an acquisition just two years prior.
Google then incentivized Analytics users into bugging their own websites with something called the DART cookie—which today gives Google detailed insights into not just your search behavior, but allows Google to track your very specific browsing behavior.
Don’t go wasting your time with oldschool ad blockers. Do this instead:
Learn how to go Beyond Incognito with a
hostfile override and curtail at the OS-level all outbound traffic to nefarious ad and malware servers.
Though few people know it, Google gives users the ability to opt out of personalized ads through Ad Personalization. Go ahead and disable personalized ad tracking right now. And while you’re in there have a have a look at all the other stuff Google is tracking too, including a precise history of your location if you’re an Android user.
Not the tech savvy type? Not to worry. There’s a new browser just founded by Brendan Eich called Brave. Brave browser disables trackers and helps prevent unnecessary bandwidth usage—saving you time and money while you browse.
Brave is available for both desktop and mobile and has tight integration for MetaMask and BitWarden. Use Brave to surf the Web, manage ERC-20 tokens landed during Initial Coin Offerings and help maintain your privacy online.
Looking for a better mobile experience? Check out Firefox Focus, another privacy-focused browser with the ability to block trackers for Safari Mobile and does some nifty things for Android users as well.
It’s no surprise Facebook captures your data and mines it. But did you know it even shapes the way you think using AI? Everything you say and do on Facebook is not only used to fine-tune the ads targeted at you by DoubleClick and others, it is also used to train itself to hold your attention longer–turning you into the best consumer possible.
If you are not paying for it, you're not the customer; you're the product being sold.Andrew Lewis
Message using encrypted chat. Apps such as Signal, Keybase and Telegram can be used for encrypted messaging and group chat. Use both to reveal social and personal personas with various degrees of privacy. Heads up though Edward Snowden hated on Telegram prior to the ICO and that’s understandable given, like What’s App, Telegram collects activity records.
Use ProtonMail with end-to-end email encryption. They have both 2048 (bank-level) and 4096-bit encryption options, it’s completely free and you can even opt in to receive receipt notifications at another inbox to help maintain your sanity.
And if you pay a little money you can use ProtonMail along with the ProtonMail Bridge to encrypt email from an existing email client along with vanity domain name support.
Communicate ephemerally with Snapchat. Not only did Snapchat reinvent the camera, to solves the problem of too many disturbances when using social media. A little known fact, Snapchat also allows you to hide photos from your phone.
Believe it or not iMessage by Apple is also E2E encrypted. If you’re fortunate enough to own a computer with iOS you’re already protected by their messaging service when you communicate with any other iMessage user.
Most people understand the importance of changing their passwords for each account or app and using only secure, difficult to crack, passwords. But none of that matters when your online password manager can get hacked like LastPass was hacked in 2015 before critical security flaws popped up again just two years later.
And by you I mean everyone, with all their eggs in one basket. Of course the LastPasses and Dashlanes of the world are prime targets for hackers. And if hackers can get past ultra high-security DMZs like Equifax likely has of course they’re going to find a way in to a centralized database. Use free and open-source KeePassX to protect your secrets and decentralize your passwords right now if you haven’t done so already.
And if you’re looking for something newer with a stellar mobile experience at the expense of a little privacy check out BitWarden, which helps keep all your devices in sync and integrates with Brave browser.
Years ago I received an email from a college buddy named Tom who was traveling overseas. In the email he pleaded for help after losing his wallet—he needed money and fast. Several hours later I received another email from Tom.
The second email was from the Tom explaining how he hadn’t lost his wallet and didn’t need money. Tom went on to explain he was at an internet cafe using an insecure Wi-Fi connection and someone jacked his passwords using a packet sniffer like WireShark.
In the past setting up VPN was a tricky task and meant installing some fugly-looking software and reading a bunch of dry technical instructions. That is if you didn’t choose to pay for your VPN… But those days are over.
Today we have TunnelBear—a VPN app for iOS, Android, Windows, Linux and macOS. The bear will give you VPN easily, and it’ll do it for up to 1.5GB/month free. TunnelBear comes recommended by the privacy aficionados at DuckDuckGo and, based on my personal experience, is a damn pleasure to use.
Use TunnelBear to workaround censorship restrictions and help protect against mass surveillance. Compare TunnelBear with similar services like Mullvad and several other privacy tools to see which are best suited for your needs.
Towards Better Digital Security
Here are some additional things to try if you want to improve your privacy and better secure your digital life. A strong dose of paranoia will help you stay safe, so don’t be afraid to experiment and find the techniques which work best for you.
- Unlink social and financial accounts.
- Anticipate eventual loss of mobile device.
- Consider use of Authy for two-factor auth.
- Consider using Haven tool on Android.
- Understand why SMS is easily hacked.
- Avoid untrusted USB charging stations.
- Move place to place while working.
- Do your part to spreadprivacy.com
- Subscribe to the and EFF newsletter.
- Read The Intercept_ and Zero Hedge.
- Consider donating to freedom.press.
- Follow Julian Assange and Ed Snowden.
- Encrypt and lock files with OpenPGP.
- Monitor your NIC with Little Snitch.
- Implement HSTS on your websites.
- Pry into macOS packages with Suspicious Package.
- Learn to spoof a network address.
- Investigate the Apple SIM protection.
- Try out ethvpn with OpenVPN.
- Store secure notes in BitWarden.
Don’t just take it from me. If you really want to learn the importance of privacy take it from an OG hacker, Kevin Mitnick, who lays it all out in his book titled The Art of Invisibility.