Thanks for that. I especially appreciate how you kept things reasonably "grounded", unlike advice that - well meant as it might be - suggests rather extreme all-or-nothing approaches, where even Signal is (supposedly) "too centralized", where then some way more obscure (and not even necessarily more secure or private) solutions get brought up; with FOSS only approaches being mixed in, etc.
"Useful, actionable" advice, and tools and solutions that "regular folks" can (and will) use, and while there might often be "more secure" or "more private" approaches, solutions, tools, etc. in some cases, those are of no use if they are way too involved to use, or too obscure for anyone to use them, for example.
Which doesn't mean there isn't value in some of the "more extreme" solutions. But that's where we'd get back to "usability" and, of course, "threat modeling" again anyway ;)
Anyway, what I'm trying to say, I think: I liked your approach here a lot!
- Encrypt your hard drive. Linux and Mac just reduce the likelihood of viruses getting onto your computer; most viruses are written for windows. Encrypting your drive makes it much harder for people to read it if they get physical access to your device. Similarly as a non-US person your US border control can copy my devices on entry, so I either need to encrypt them and/or use burner ones
- If you're sharing photos online strip out all of the exif data first. Photos from your phone can store the GPS data in the exif, some social media will auto strip it but that just means they get to read it themselves.
- Don't assume VPNs provide any decent security improvements. It'd be better to look into solutions like Tor if you're really concerned
- Turn Wifi and Bluetooth off on your phone before leaving the house. Your phone is very chatty otherwise and can leave quite a trace without realizing that. It could also lead you to connecting to unsecured networks where people could try and steal bank data etc
Thanks for the link to the article on Firefox. What a bummer. I've been using the privacy browser DuckDuckGo for a while. (Pls shout out if this is a terrible choice.)
I feel like I would pay some anarchist to do this work for me and my digital footprint . . . as a semi-public figure who has been focusing on other issues (and not big tech/the surveillance state) I feel totally lost and more than a little overwhelmed. Also as a millenial who has had to adapt to technology over the past few decades this feels like SO much to try and integrate now . . . but I am really grateful for folks like yourself who put this out there in an accessible way.
it's overwhelming as hell for me too! It's kind of a slog and a lot to learn, but I see it as just accepting that conditions have changed and so my priorities are going to change. It's been getting easier once I get used to the changes.
There does need to be WAY more methods that do more of this for you.
And if we are overwhelmed I can only think how much more people who don't even normally think about this sort of thing must be. I think of a conversation I had with someone who was having trouble getting their org's Facebook page updated on short notice. When I suggested that maybe the org needed to think about getting off Facebook you'd have thought I suggested that the org communicate with its members via semaphore flags. It wasn't that this person thought Facebook was great, it was just that they didn't really understand that there were options or even how to explore them. And I couldn't really help because social media is really not my thing (got off Facebook and Twitter before they became the retched hives of scum and villainy that they are now).
I want to mention that using bluetooth to connect to your car for music is not a guarantee that it's not getting your address book and other data. Most recent cars will ask when you connect via bluetooth if you want to sync your address book, so keep that in mind.
I personally do plug my iPhone in to the car for CarPlay, because I tend to still trust Apple a bit and they say that the on information they pass to the car is the device ID.
Also, regarding VPN....look into your VPN's phone app settings and set it to enable whenever you leave your home wifi network. I have mine set to simply route me back to my home network so that I can reach things hosted there, without exposing them to the internet, but you can also do this with most VPN's apps, right out of the box. This is better because it doesn't rely on me remembering to connect whenever I leave the house.
If you can't go the Linux route, in the interim using a Chromebook (while keeping you in the google-sphere to some extent) at least gets you off the expensive surveillance bloatware of Windows or iOS. They're pretty inexpensive and fast these days. Since we mostly live on our browsers these days, you can get most everything done on one.
Thanks for that. I especially appreciate how you kept things reasonably "grounded", unlike advice that - well meant as it might be - suggests rather extreme all-or-nothing approaches, where even Signal is (supposedly) "too centralized", where then some way more obscure (and not even necessarily more secure or private) solutions get brought up; with FOSS only approaches being mixed in, etc.
"Useful, actionable" advice, and tools and solutions that "regular folks" can (and will) use, and while there might often be "more secure" or "more private" approaches, solutions, tools, etc. in some cases, those are of no use if they are way too involved to use, or too obscure for anyone to use them, for example.
Which doesn't mean there isn't value in some of the "more extreme" solutions. But that's where we'd get back to "usability" and, of course, "threat modeling" again anyway ;)
Anyway, what I'm trying to say, I think: I liked your approach here a lot!
Great advice. Here's some more I might suggest
- Encrypt your hard drive. Linux and Mac just reduce the likelihood of viruses getting onto your computer; most viruses are written for windows. Encrypting your drive makes it much harder for people to read it if they get physical access to your device. Similarly as a non-US person your US border control can copy my devices on entry, so I either need to encrypt them and/or use burner ones
- Beware of privacy degradation in services, even Firefox is becoming less useful: https://www.zdnet.com/article/the-firefox-i-loved-is-gone-how-to-protect-your-privacy-on-it-now/
- If you're sharing photos online strip out all of the exif data first. Photos from your phone can store the GPS data in the exif, some social media will auto strip it but that just means they get to read it themselves.
- Don't assume VPNs provide any decent security improvements. It'd be better to look into solutions like Tor if you're really concerned
- Turn Wifi and Bluetooth off on your phone before leaving the house. Your phone is very chatty otherwise and can leave quite a trace without realizing that. It could also lead you to connecting to unsecured networks where people could try and steal bank data etc
Thanks for the link to the article on Firefox. What a bummer. I've been using the privacy browser DuckDuckGo for a while. (Pls shout out if this is a terrible choice.)
I feel like I would pay some anarchist to do this work for me and my digital footprint . . . as a semi-public figure who has been focusing on other issues (and not big tech/the surveillance state) I feel totally lost and more than a little overwhelmed. Also as a millenial who has had to adapt to technology over the past few decades this feels like SO much to try and integrate now . . . but I am really grateful for folks like yourself who put this out there in an accessible way.
it's overwhelming as hell for me too! It's kind of a slog and a lot to learn, but I see it as just accepting that conditions have changed and so my priorities are going to change. It's been getting easier once I get used to the changes.
There does need to be WAY more methods that do more of this for you.
And if we are overwhelmed I can only think how much more people who don't even normally think about this sort of thing must be. I think of a conversation I had with someone who was having trouble getting their org's Facebook page updated on short notice. When I suggested that maybe the org needed to think about getting off Facebook you'd have thought I suggested that the org communicate with its members via semaphore flags. It wasn't that this person thought Facebook was great, it was just that they didn't really understand that there were options or even how to explore them. And I couldn't really help because social media is really not my thing (got off Facebook and Twitter before they became the retched hives of scum and villainy that they are now).
You and your readers might be interested in this, summarises terms of service more accessibly https://tosdr.org/en
I want to mention that using bluetooth to connect to your car for music is not a guarantee that it's not getting your address book and other data. Most recent cars will ask when you connect via bluetooth if you want to sync your address book, so keep that in mind.
I personally do plug my iPhone in to the car for CarPlay, because I tend to still trust Apple a bit and they say that the on information they pass to the car is the device ID.
Also, regarding VPN....look into your VPN's phone app settings and set it to enable whenever you leave your home wifi network. I have mine set to simply route me back to my home network so that I can reach things hosted there, without exposing them to the internet, but you can also do this with most VPN's apps, right out of the box. This is better because it doesn't rely on me remembering to connect whenever I leave the house.
If you can't go the Linux route, in the interim using a Chromebook (while keeping you in the google-sphere to some extent) at least gets you off the expensive surveillance bloatware of Windows or iOS. They're pretty inexpensive and fast these days. Since we mostly live on our browsers these days, you can get most everything done on one.