One of the most common questions I get from people who are starting to realize the need for personal privacy is, "Where do I start?"To better answer t
One of the most common questions I get from people who are starting to realize the need for personal privacy is, “Where do I start?”
To better answer that question for yourself, it can be helpful to build out a simple threat model by considering what data you want to protect, whom you want to protect it from, and how much trouble you’re willing to go through to protect it.
Seth For Privacy is a privacy educator who hosts the “Opt Out” podcast. He also contributes to the Monero project, an open-source and privacy preserving cryptocurrency. This article is part of CoinDesk’s Privacy Week series.
While this question is not one I can answer for you, here is how I would do it if starting from scratch in my privacy journey today.
Please remember that not all threats are equal, and not all people have the same priorities – so be sure to take what is below (especially the order!) with a grain of salt and try to assess the best path for you.
1. Find a privacy-loving community
This is not a technical solution but is by far the most important step you can take. Having a group of people around you to support you, give solid feedback and bounce ideas off of is an essential aspect of a successful journey towards privacy.
A community of like-minded peers concerned about privacy can help with the psychological burdens – nihilism, loneliness, hopelessness – that can come with falling down the privacy “rabbit hole.”
Before you go any further, this should be your first priority regardless of your own personal threat model and needs.
Techlore’s Discord server, the “Opt Out” podcast and “TheNewOil” blog have all been invaluable resources. They also all have “rooms” on the social platform Matrix (here, here and here, respectively), which is a tool you should familiarize yourself with. The Bitcoin Freedom and Tech Matrix room also deserves a special plug, and is broader in scope than just the intricacies of Bitcoin.
2. Use a privacy-preserving browser
This step might appear daunting if you’re used to the conveniences of Google Chrome, for instance, but in the data economy, convenience comes with privacy trade-offs.
Thankfully there are excellent browser alternatives. As we spend more and more of our lives online, a browser that is more privacy-preserving by default or being able to “tune” (configure) a browser you already use can be a huge win in decreasing the amount of data that third parties collect about you. A few choice browsers:
- Firefox is one of the most popular browsers. The “Yet Another Firefox Hardening Guide” will walk you through the process of tuning your browser. It’s very straightforward, and only needs to be done once per computer.
- Brave Browser has some excellent defaults but takes some odd approaches (like cryptocurrency ads all over the place and built-in cryptocurrency wallets which aren’t helpful to most people). The Anonymousplanet.org guide shows you how to make it a bit more privacy and secure.
- Ungoogled Chromium takes the best of Chrome Browser and strips Google from it, making a very compelling and very fast browser. It can be a bit tricky to get and keep updated on some operating systems, and extension installation and updates are a bit of a pain, but it’s a great option for those who are hardcore but still like the Chrome web engine.
See also: Handshake Goes Live With an Uncensorable Internet Browser
There are also a series of extensions that bring privacy with the convenience of a download.
- uBlock Origin is available for all of the browsers mentioned above. It goes far beyond just blocking ads, and handles a wide swath of ad, tracker and script blocking in a way that is very rarely detrimental to the browsing experience. It’s an absolute must install, no matter which browser you choose.
- LocalCDN helps to improve privacy by replacing potentially dangerous pieces of websites with vetted and safe local ones, reducing network calls and the risk of compromised assets being delivered by web pages. It’s similar to Decentraleyes.
- The password manager extension you download will depend on the password manager you choose in the next step, but I highly recommend installing one, where available, for simpler autofill and password management when browsing.
3. Use a password manager
While this step isn’t technically privacy related, properly securing your passwords will lead to much better privacy by reducing the amount of data leaks and hacks you experience as a result of stolen or leaked credentials. Password managers make it extremely simple to manage usernames and passwords across all of the sites and apps you use without needing to reuse these credentials.
Migrating to a password manager is also a great chance to think twice about which accounts you actually need, and close those you don’t.
- Bitwarden is what my wife and I use. It works very well, is open-source, cross-platform and can be self-hosted if desired.
- KeepassXC is a well-respected FOSS (free and open software) password manager. It does not…
www.coindesk.com