There are lots of better places to read about privacy and security on the internet. Described below is mostly my personal setup as well as a few reasons why I believe security and privacy are important.

Also, I've found security and privacy to be used somewhat interchangeably on the internet, but I've separated them into: security - keeping secret stuff secret and  privacy - keeping my data to myself

Security

I basically think of this as using a bike lock on the internet. If my bike lock is even a little bit harder to cut than the one parked next to me, I'm likely safe.

Internet Security

  1. Passwords - I use 1Password
    • All passwords should be different xkcd. This is impossible to do using human memory
    • All passwords should be strong xkcd. Also very hard to do using human memory.
    • Ideally, passwords should be stored in encrypted form and hard to decrypt, similar to locking bike.
    • Here's the Wirecutter review.
  2. MFA/2FA - I use the 1Password multifactor/two factor authentication feature wherever possible. I also use Authy as the 2FA app for 1Password itself.
    • Don't use texting/email authentication if possible Reply All - Snapchat Thief
    • A yubikey (or similar) also seems like a good option
  3. Email - email is used to reset passwords on hella websites. Even if I get lazy about other security stuff, I try to change my email password often and always keep MFA turned on.

Phone Security

  1. I use a PIN on my phone. Seems fine (?)

Security Resources

I've found good resources for personal security on nytimes and Electronic Frontier Foundation. The Reply All podcast often discusses personal internet security as well.

Privacy

Security (as I've defined it) has pretty clear benefits. Privacy, however, has less clear benefits to me. Mostly it seems like my data is being used for advertising, which feels pretty benign, especially if I want to buy the thing being advertised.

However, it's not hard to find examples of companies/other countries taking our personal data and using it for destructive purposes. It's also easy to image a company I've willingly provided with my data falling into a difficult financial situation and selling my data for profit instead of using it for the original purpose. So I try to keep my data private where possible/convenient.

Internet Privacy Basics

  1. Internet browser - I use Firefox instead of Chrome for personal use. Obviously a biased source, but useful comparison
    • Not sure this makes a difference, but I've read that not signing into Chrome using a Google account can help with privacy.
  2. Search engine - I have been using DuckDuckGo instead of Google for 1+ years with no noticeable difference
  3. Browser extensions:
    • HTTPS Everywhere
    • Privacy Badger
    • UBlock Origin (Ad blocker)
    • Facebook Container (Firefox only)
    • DuckDuckGo Privacy Essentials
  4. DNS - I use a more private domain name server (DNS) (the internet service that routes blog.ianmyjer.com to the proper IP address)
    • Firefox you can set HTTPS over DNS using Cloudflare
    • Otherwise, Mac/Windows/Linux you can set system DNS to 1.1.1.1 (Cloudflare)

Internet Privacy Intermediate/Advanced

  1. Virtual Private Network (VPN) - Mozilla (maker of Firefox) recently came out with a VPN that I've been using on my phone. It seems fast and gets great reviews.

    • A VPN moves routes internet traffic in/out through a server hosted somewhere else. This way, your internet service provider can't see your traffic and your traffic gets pooled in with all other users of the VPN making it harder to pick out individuals. Wirecutter has a good review of VPNs and why you should use one.
  2. TOR browser - I don't actually do this because it's way too slow, but TOR basically makes you anonymous on the internet (except for some minor/known edge cases)

Messaging Privacy

  1. I use Signal with anyone who will switch. It's fast, supports everything all the other texting applications support, and has a desktop application. Many messaging services offer end-to-end encryption but they still store your metadata (how you use application, who you message, etc.). Signal is open source, non-profit, and stores as little of your data as possible.

Phone Privacy

I have an Android which bothers me, but I'm not a huge fan of iPhones so here we are. Would love to learn more about how others manage phone security!

I like the DuckDuckGo blog and the Cloudflare blog. Also Mozilla, TOR, EFF, are good resources.