Privacy and security

G-MAN2004

G-MAN2004

G-MAN2004

Caporegime
Joined
4 Jul 2004
Posts
30,780
Lately I've become a bit more concerned about privacy when it comes to my devices both online and offline, and what I can do to give me more of it. So I thought I'd post this in order to get some more tips and advice on what else we can do...

Here's what I currently have going on:

• Use a VPN for both phone and laptop
• Disable WebRTC in your browser. WebRTC allows websites to detect your true IP address, even if you're using a VPN. On Windows I use Chrome with the WebRTC Network Limiter extension
• uBlock Origin and HTTPS Everywhere extensions
• On Android I also use Orbot (Tor) with the Orfox browser over VPN
• Laptop's SSD is encrypted using Microsoft's Bitlocker, so two passwords are required before I can even login to Windows, and no one can (hopefully) see what's on the drive
• Android is also encrypted
• Make sure all of the Microsoft and Google location history and other tracking is turned off.
• I've gone through hundreds of websites I've used over the years and deleted all of my accounts, using the website in this article: http://www.telegraph.co.uk/technology/0/delete-internet-website/
• I use a password manager (LastPass) with a super strong master password, as well as 20 character minimum passwords for everything else
• 2-step authentication for everything I can, such as Google account, Lastpass, etc.
• All my messages are sent through WhatsApp due to end-to-end encryption
• I no longer have Facebook or Twitter

I suppose it's already a bit overkill for the average person, but what else could I do?

And no, I have nothing to hide. :p

(Sorry, didn't know where to post as it could fit into multiple forums tbh)
 
2FA is such a massive thing. Every service and platform should be pushing their users to turn it on, I dont know why they don't.
 
Scam said:
2FA is such a massive thing. Every service and platform should be pushing their users to turn it on, I dont know why they don't.
Click to expand...

Agreed, it's especially easy now with many 2FA options. Google Authentication on mobiles and found WinAuth which works with sites that offer Google Authentication: https://winauth.github.io/winauth/index.html

Open source, portable and password protected.
 
GeX said:
Why do you trust your VPN provider more than your ISP?
Click to expand...

TheSkateyBird said:
Further to above, ensure your VPN provider keeps no logs. I use NordVPN and they write logs to /dev/null
Click to expand...

I suppose there's always that risk. I use TigerVPN at the moment who claim they do not log or monitor activity, but it doesn't appear quite as simple as that.

I've been looking into Nord recently and I reckon I'll be getting a sub from them next. Always seem to be highly rated.
 
G-MAN2004 said:
I suppose there's always that risk. I use TigerVPN at the moment who claim they do not log or monitor activity, but it doesn't appear quite as simple as that.

I've been looking into Nord recently and I reckon I'll be getting a sub from them next. Always seem to be highly rated.
Click to expand...

Can highly recommend them, the desktop and mobile apps are very good and regularly updated, customer support is quick too if you ever need it. You can have up to six devices connected at the same time as long as they're using different VPN servers.
 
Before Firefox updated I had request policy, no script, Ghostery, Adblock Plus and self destructing cookies. It was concerning just how much you are tracked online. However much of my browsing is now on my phone (with none of the above) and all those extensions were a lot of hassle when visiting new sites and don't work with the latest Firefox.

Privacy pretty much died when the Smartphone era took off.
 
What are you concerned about to take all those steps?
Not saying it’s wrong, just interested in the reasons.
 
Hmm, I am concerned about my security, but only with my financial/gaming accounts.

Every account has two-step verification setup, and I do use a VPN but not day to day. Its to access content not available over here.

The only concern I have relates to my email security.

I have two main email accounts, and I know that one of them has been accessed before by someone else somewhere. I have also been the victim of identity fraud before and as a consequence, I am a paid-up member of Experian, not necessarily to track my credit score but to have instant notifications when a credit search is performed on my profile. A time to raise the alarm bell. Experian also has a facility when you can tell it the email addresses you use and it scours over numerous sites (god knows what) to work out if they have been compromised. Apparently, my Hotmail email login details have been sold online.


The password is now a mental 25 letter/number format but still....a little concerned.
 
A public VPN provider is for getting around content blocks or region locks, it's not offering you any increased security as everything you do online should be TLS encrypted anyway.

If you use public hotspots a lot and also use insecure services (why?) then consider a VPN. I think you have to accept that you aren't going to win if you're up against a state actor.
 
How come people are so worried about big data and analytical marketing data?

The numbers are far too numerous to gain any viable individual data on one person to provide a security risk. As per the data protection act algorithms are run to anonymise any data, especially when those collecting data are such large companies such as google etc.

Do you really have such sensitive data?
 
Trifid said:
Before Firefox updated I had request policy, no script, Ghostery, Adblock Plus and self destructing cookies. It was concerning just how much you are tracked online. However much of my browsing is now on my phone (with none of the above) and all those extensions were a lot of hassle when visiting new sites and don't work with the latest Firefox.

Privacy pretty much died when the Smartphone era took off.
Click to expand...

NoScript now works with Firefox 57. Self Destructing Cookies has supposedly been replaced by Cookie Autodelete but that requires specific Firefox config settings and as yet I haven't been able to find out which ones so it does absolutely nothing on my security-tweaked Firefox config. I haven't upgraded to FF57 precisely because some of my security addons don't work on it and as yet I haven't found replacements.

On the security front, I was amused and reassured by Avast's advertising popups (I use their free AV and it advertises Avast's products at me) about Avast's privacy and security products. The adverts show data about you as an example of how much is openly made available...and it was all wrong because my security works fairly well.

terley said:
How come people are so worried about big data and analytical marketing data?

The numbers are far too numerous to gain any viable individual data on one person to provide a security risk. As per the data protection act algorithms are run to anonymise any data, especially when those collecting data are such large companies such as google etc.
Click to expand...

"Anonymous" data is hardly ever really anonymous. That's just making noises to reassure people. In any case, the more data is available the easier it is to de-anonymise it.

Do you really have such sensitive data?
Click to expand...

Identity "theft" is a thing, but it's more a matter of principles. Privacy used to be considered a good thing by default and some people still think that it is despite the extremely rapid change in the last decade or two towards privacy being seen as a bad thing by default.

In addition, it's prudent to assume that you can't be sure how laws and social customs will change over your entire lifetime. Data on you that isn't an issue today might be at some point in your future.
 
People go through all these crazy steps turning into tin foil hat mode to protect their privacy when the companies already had them from day one.

Soon as you make an cellular/mobile connection you have given up all the privacy you are trying so hard to protect.
 
Last edited:
Couldn't you just install Pi-hole (on your home network) and not have to do half that list in the first place?
Plus, if you are that concerned about your privacy, you shouldn't be using Google for any thing at all.
 
You must log in or register to reply here.
Back
Top Bottom