For example, change your password regularly, use 2FA.

  • mholiv@lemmy.world
    link
    fedilink
    English
    arrow-up
    13
    ·
    edit-2
    1 year ago

    Security is not equal to privacy. Even if you do use 2FA and change your passwords all the time. You don’t gain any additional privacy.

    Changing your google password and adding 2FA to your google account does nothing to make your life more private because google still can read all your emails, and sell your data regardless of 2FA.

    The best habits to maintain privacy are to avoid using the services of companies that’s business model is violating your privacy.

    Some pro privacy habits might be:

    • Avoid any google products or services.
    • Avoid and Meta products or services.
    • Don’t use any free software or services that are not community run / non profit. They make money from selling your data.

    In a positive light these habits might be reflected as:

    • Using a google free phone. (i.e. GraphineOS or CalyxOS or /e/OS or even an iPhone as a last resort.)
    • Use Lemmy, mastodon and other alternatives to big social media corps.
    • Pay for reputable e-mail hosting with a reputable provider, (Ie Microsoft365 Business Account, Tutanota, or Proton Mail) or host your own.

    Privacy isn’t all or nothing. Small steps are still improvements. Microsoft respects their business client’s privacy because that is what is demanded and Microsoft makes money by providing B2B services. Apple is in the business of selling expensive hardware and iCloud services so they don’t need to violate your privacy as much. These products while not perfect are leaps and bounds better then using any google or meta product.

    Small steps are good steps.

    If I had to choose one thing to do I would say to drop any phone that has the play store pre installed.

    • mholiv@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      One addition. People say to use a VPN but I would argue that this is virtually pointless if you continue to use privacy violating services from privacy violating companies.

      If your connect to what’s app or Snapchat or gmail over a https collection inside a secure VPN you are still sending them your data. Just with an extra lawyer of encryption. Google doesn’t need your IP if you give them your complete email inbox.

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        One thing a VPN does is prevent your ISP from selling your browsing data to third parties. If you have Comcast or Xfinity it’s worth it just to deny them even a penny.

      • Skimmer@lemmy.zip
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 year ago

        This is true, but you also gotta consider most people do browse and go to other websites than just ones they log-in to or social medias. I think using a VPN generally makes it harder for other websites (like news articles as an example) to track you across the web. (For instance, if I visit Website A with unique IP Address Y, and also visit Website B with unique IP Address Y, even without logging in or directly giving them any data, they could correlate those 2 things. That’s where I think a VPN can really help things because it gives you a large pool of users in this case without using your unique IP).

        Even besides this, you’re missing another point. I’d argue the largest benefit to VPNs is just preventing your ISP from collecting and selling the websites you visit and metadata around them. That’s a huge and undeniable benefit to using VPNs for privacy if you use a trustworthy and reputable one, just being able to prevent your ISP from seeing what you’re doing, when you’re doing it, etc, which is especially important with how dodgy ISPs are and how most collect and sell user data.

      • hiire@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Agreed. I’d still recommend a VPN in case your ISP is some sort of big company that sells or sends your traffic to other companies or the gov though, or if you want to torrent in the US, Germany or other countries where the copyright laws are super enforced.

        Just make sure you choose a reliable VPN, not some random VPN from youtube. Read articles, reviews, investigate, ask in privacy-focused communities

    • pjhenry1216@kbin.social
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      Security is not equal to privacy, but security is absolutely a means of protecting privacy. They asked how to protect privacy which absolutely is in the realm of security.

      You don’t gain additional privacy from using 2FA, but your personal info is less likely to be stolen versus person info protected by less secure authentication methods.

      Privacy uses security to protect itself. Security doesn’t increase privacy. It increases privacy protection, which is what they asked about.

      Edit: shout out to proton mail though. It has some quirks that might turn off some people (mainly not being readily compatible with IMAP clients without the use of the Proton Bridge. But it’s there for a reason and works. And honestly, most of the other stuff you said is pretty good too. The Microsoft/iPhone stuff is obviously arguable (I fall on your side of it) but in the end the best practices is to limit exposure. The less your data is accessible by others, the better. Using email masks (I use Firefox Relay) to minimize email leaks is another good idea.

  • RotatingParts@lemmy.ml
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    Use Linux, a VPN, Firefox with containers and multiple privacy add-ons. I use Veracrypt volumes to store “private” information in the cloud.

    • HaphazardFinesse@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Is there a distro you recommend? I’ve toyed around with Tails, but the lack of persistence and forcing all traffic through Tor instead of a VPN (I guess the whole point of Tails) is too inconvenient for daily use.

      • Skimmer@lemmy.zip
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I recommend Fedora for most people, its what I use. It has a great configuration out of the box for privacy, security, and usability, and is overall a really great option for both beginners and advanced users. Had no issues or complaints with it so far.

        You can check out Privacy Guides for some other good options as well and more details, and just generally other recommendations and good resources.

      • Random Dent@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Not to be one of those people, but I use Arch (btw) as a daily driver and I really like it, but also I’m a tinkerer. But TBH even just something Debian with a decent VPN would probably be a lot more private than just regular Windows 11 or whatever IMO.

        • HaphazardFinesse@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          I’m a tinkerer as well, but I’m at a point in my life where I need to prioritize my tinkering haha. Like buying stir-fry takeout (Windows/MacOS), cooking it by buying a pre-packaged bag (packaged mainstream Linux distro), or starting from scratch, experimenting with literally everything from chopping technique to cooking temp for each ingredient, until you realize you’re missing an ingredient you need, then you have to go back to the store (Arch lol).

  • thelastknowngod@lemm.ee
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    I pepper my randomly generated passwords. For example, imagine you have a random string generated from your password manager. If the password manager’s database is breached or your master password is leaked somehow, the attackers have access to all of your information.

    Now think of a word or acronym or something… Something simple (can be simpler than a normal password). When you add a login, save the generated string to the manager but use a combination of the string + unique word for the website login.

    Let’s assume CHEESE is my pepper word.

    The generated string: hjifd;39Vq$7}

    Saved to password manager: hjifd;39Vq$7}

    Submitted to website: CHEESEhjifd;39Vq$7}

    Now even if the database is leaked my passwords are still mostly useless.

    • HaphazardFinesse@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I do something similar (though less secure) for general purpose passwords; I have a couple of common “base” passwords that are decently secure that I commit to memory. Then for each website/service, I pick a pattern based on the name/url (maybe something like the first two and last three characters of the url), and append them to one of my “base” passwords, so each site gets a unique password, but I only have to remember a couple of them + the pattern

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    1 year ago

    Yubikey, always on vpn, use mullvad browser when not logged into anything.

    Mull on the phone, always on vpn.

    For logging into services use different chrome profiles, one set of cookies per profile in chrome.

    Keep the phone in airplane mode, with wifi on, as much as possible use randomized mac address. Uninstall apps not in use.

    Pay for as much as you can using cash or monero http://kycnot.me

    • auth@lemmy.ml
      link
      fedilink
      English
      arrow-up
      0
      arrow-down
      1
      ·
      1 year ago

      Unlike recording audio without consent (in 2-party consent states), recording images isnt illegal which is kind of strange (the laws don’t keep up with technology).

      • PancakeLegend@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        They did and I’m perfectly prepared to double down.
        If I told people I used a password manager, and which one, I give a bad actor a target. I give a social engineer a thread to pull.
        If I told people I had a bitcoin at an exchange, secured using a certain method, I’d be painting a target on me.
        If I told people about a rock with a key under it, then I’ve given out far too much info. Sure you don’t know where I live, but small pieces of info can add up quickly. It’s flat out dumb telling people the details of your security. What form it takes, and what products or procedures you use. Just telling them what you’re protecting is too much. Don’t. It’s bad security practice. Like it or not, I’m actually trying to be helpful.

  • rick_y@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    I don’t understand how changing your password or using 2FA enhances your privacy? I use a different fake name on each website I register, also use a different mail alias for every website I sign up to.

      • mholiv@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Not OP but the reason 2FA does not help is because “hackers” who might be stopped by 2FA are not the people violating your privacy.

        It’s the mega corps that you use 2FA to log into that violate your privacy.

        This all being said everyone should turn on 2FA for security reasons. Just know that this does not help privacy.

        • pjhenry1216@kbin.social
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          Eh, I would say hackers absolutely do violate your privacy, but simply aren’t the only ones. 2FA only protects against one threat vector, but not another.

          • mholiv@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            True “hackers” do. But the average person’s privacy is violated so frequently and at such depth but companies that the amount of “violation” done by “hackers” rounds to zero.

            This being said 2FA is something everyone should use.

            • pjhenry1216@kbin.social
              link
              fedilink
              arrow-up
              0
              arrow-down
              1
              ·
              1 year ago

              Eh, the violation that hackers incur will tend to have a much higher impact (though lower probability) than others like Google though. Someone who has had their identity stolen will likely have more issues with hackers than with Google. You are correct about the breadth of privacy being violated “legally” but it’s only gotten that bad because of how little it affects folks day to day lives to the point they don’t really care (not defending it, just stating the observation). So, yeah, you’re more likely to be violated by Google, but if you’re violated by a malicious actors, it will hurt a lot more.

              Both are bad and both need to be protected against. Both will violate your privacy and neither should be ignored.

  • pjhenry1216@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Different password and email for each site (I pay for Firefox Relay, only has one instance of a site that blocked it so far). Edit to add: Firefox Relay can also provide a phone number (for a cost) that you can use on sites instead of your own. There are caveats to keep in mind for when to use it, but it helps.

    Proton Mail instead of Gmail.

    Proton Drive instead of Google Drive / OneDrive. More expensive, so keep this in mind.

    Proton VPN when concerned about the security of my internet connection.

    Hosted VPS in a cloud provider for photo storage using an open source photo focused content management system.

    Pihole hosted in a VPS to help block various trackers (and ads too, but that’s convenience, not privacy protection).

    Wireguard to connect to VPS hosted services. Option to turn on full tunnel, but generally obsolete with Proton VPN as an option.

    Proton is on here a bit mainly because they offer a decent suite of services. There are others that are available.

    The thing is, none of this is free and protecting your privacy rarely will be. There are FOSS solutions to help, but you generally need to pay for hosting and access (even if it’s buying a raspberry pi). Proton is more accessible to many than something like setting up services on a VPS behind Wireguard.

    If you wanna go full paranoid, you can use tiered personal VMs for web browsing. High security ones for things like banking and what not can be destroyed and spun up on demand. And others where it’s less important can be refreshed at longer intervals depending on your convenience requirements. Still need to ensure your host/base images are protected, but it will minimize exposure on the guest vm to malware. Less likely to have a keylogger get your bank login info if it’s a brand new VM each time.