Editor’s note: Our blog post, Protect Your Privacy in 5 Minutes, garnered a lot of positive feedback. However, one reader felt that it did not go far enough. While we stand by our recommendations, we offered to publish his rebuttal, which you can read below.
On Monday [ed: 4/10/17], a blog appeared here titled “Protect Your Privacy in 5 Minutes.” That reminded me a little bit of Jack Seward’s remarks about books with titles like Instant Japanese or Japanese in 6 Weeks. Seward’s own book was called Japanese in Action, but he claims that was his publisher’s idea, and that he wanted to call it Japanese in 25 Hard Years.
So here’s a blog we might call “Protect Your Privacy in Somewhat More than 5 Minutes.” Basically, this is about leaving the Surveillance Industrial Complex and joining the rest of us in the Free World.
For links and some further details, look at the end of this post.
Step one: ditch Google for ixQuick, Startpage or Searx.
Step two: ditch Gmail, AIM, etc. for OpenMailBox.org, ProtonMail, Tutanota, or Lavabit.
Step three: ditch whatever you’re using for IM and use Ricochet or Tor Messenger instead. Ricochet is the more secure, but if your friends won’t give up XMPP, go with Tor Messenger. Get an account on Calyx Institute. Sign up within Tor Messenger.
Step four: download and start using the Tor Browser Bundle for web browsing that mainly consists of reading. Set the security on high, and make that your default. Another good use for the Tor Browser is to create and access webmail accounts on ProtonMail, OpenMailBox, and Tutanota.
Step five: for other browsing, install the latest Firefox, and add the following add-ons:
- HTTPS Everywhere
- No Enumerable Extensions
- No Resource URI Leak
- Privacy Settings
- Self-Destructing Cookies
- uBlock Origin
In the preferences, disable third-party cookies. Set the following about:config settings:
privacy.resistFingerprinting to true
dom.webaudio.enabled to false
webgl.disabled to true
Most of the other settings you’ll want, you can set with the Privacy Settings add-on.
Step six: stop using for-profit social media. If they’re in business to make money, and they don’t ask you to pay, you’re not the client; you’re the product. On Facebook, you’re the product. Apply this general rule to all services; if they don’t ask you to pay, and they make a profit, they’re in the business of snooping on you.
You needn’t give up all social media. Diaspora is active and growing all the time. Get a Diaspora account, and join us in the free world! And Diaspora is not the only social media in the free world. Look around.
Step seven: make better passwords. For passwords you have to memorize, use Diceware with the EFF’s list or use Schneier’s method. With Schneier’s method, I would not use a common phrase or book quote for obvious reasons. I’d use a sentence that’s about something very personal that I’ve never shared with anyone. If it includes some numbers, that’s a bonus.
Use Firefox’s built-in password storage for all site usernames and passwords. Make these passwords completely unmemorizable. Don’t forget to set the Master Password, otherwise the browser won’t store them securely.
These steps are not all I do, but these steps don’t involve a life-style change. Actually, I think you should consider some life-style changes.
Step eight: ditch Windows and MacOS for Linux Mint. Cinnamon or MATE? Suit yourself.
Step nine: get EasyGPG, and start encrypting stuff.
Step ten: adopt the 2-phone system. Leave your home phone on all the time, and at home. Never off; never moves. Take your away from home phone with you whenever you leave home, but leave it off except when you need to make a call. Buy flip phones for cash, and pay for calls with refill cards bought with cash. Refuse any “smart” phones. In fact, refuse anything with “smart” as part of its name. “Smart” means it snoops on you.
I know what some of you are thinking. “You expect me to be totally out of touch for hours at a time?” Yes, that’s how it was for all of us when I was a boy, and it was great! We used to say, “Familiarity breeds contempt.” It still does. We get along better together when we’re willing to let each other alone. Try it!
Step eleven: start paying with paper rectangles and metal disks instead of plastic debt rectangles.
Step twelve: use a VPN to stop your ISP from snooping on everything you do when you’re not browsing with the Tor Browser. Choose well; some VPNs that advertise are crap. Get a recommendation from someone. Start with me; I use AirVPN.
Step thirteen: Think before you give up personal information. Could it compromise your or your family’s safety? If a merchant asks for a phone number, address, or other personal information, ask, “If I don’t tell you, will you refuse to do business with me?” Don’t be combative; just be matter-of-fact. I have yet to have any merchant refuse to do business with me.
Step fifteen: contribute what you can to EFF, the Tor Project, and OpenMailBox.
Details and links:
https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt EFF’s Diceware list
https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases about the EFF list
https://en.wikipedia.org/wiki/Diceware about Diceware
https://www.schneier.com/essays/archives/2008/11/passwords_are_not_br.html Schneier’s password method
https://podupti.me/ to create a Diaspora account
https://arstechnica.com/ Ars Technica
https://trac.torproject.org/projects/tor/wiki/doc/TorMessenger Tor Messenger
https://calyxinstitute.org/ Calyx Institute
https://www.torproject.org/download/download-easy.html.en Tor Browser Bundle
https://tails.boum.org/ Tails, a secure, live operating system based on Debian, that uses Tor
https://linuxmint.com/ Linux Mint
https://www.schneier.com/ Bruce Schneier’s blog
To change or add an about:config setting in Firefox, type about:config in the address bar. To add privacy.resistFingerprinting, right click on the list and select new:boolean. Set it to true.
This blog post is the work of a regular Diaspora user who often posts about the issues of privacy, security, and surveillance.