Select Page

November 2023

A Reasonable Guide to Personal Security & Privacy

The Hard Sell: Why do I need privacy and security? I’m not a criminal.

Privacy is often conflated with secrecy. While somewhat related, they are distinct terms. They both center around the boundaries between what you know and are in control of (agency), and what is shared with others. The subject of disclosure, and its effect on other people, typically determines where it falls along the spectrum. This is the difference between making sure your passwords aren’t vulnerable to a hack versus being the person doing the hacking.

When you use the restroom, do you close the door? Even when you are at home and living with people you trust, do you still close the door? Your intent is not to deceive anyone about what you are doing in the bathroom, but to create a secluded space of your own to use the restroom.

Privacy fundamentally is about control over your self, your space, and your information.

When adapting this analogy to the internet, we can think of our passwords, search histories, shopping history, emails, text messages, credit card information, and more. You may not care if someone knows that you bought a new t-shirt, but given the choice you would prefer that information about your shopping history not be bought and sold to an unnamed company without your consent.

In a benevolent world, all of the above could be sent as plain text to trusted services to meet their recipient. However, if the past few years have taught us anything (here, here, here, and here to start) is that there is a severe lack of regulation and consumer protections for internet users. Your information will pass through different services, people, transform into different data types, be stored, divided, sold, and more. Few of these steps are optional. Many of them are compulsory to simply opening up a browser and conducting day-to-day tasks.

When we use tools to protect our privacy, we are making sure our information stays within our control and we get to say how it is used and by whom it is viewed. That’s all!

But, just because something is private, doesn’t mean that it’s safe.

Security is concerned about the integrity of your information. Simply, is it hard to access? When storing passwords, are they on a sticky note, a notepad text file, or are they protected with something like encryption?

Encryption is like translating your password into a language no one else knows.

When you encrypt your passwords only you have the formula to translate it back into the original password that you can then use to log into your account. If your email company gets hacked and the passwords of all the users are accessed by a malicious person(s), then instead of your password, they will get the translated version. Without spending a lot of time and resources trying to figure out your unique translation scheme, they won’t be able to access your real password!

Encryption is one of many techniques used to protect your information, but it in and of itself doesn’t include privacy. Using both privacy and security on your own terms are the key to a safe internet experience.

In lieu of regulation and consumer protection, there are relatively unobtrusive steps that everyone can make to protect themselves while online.

Disclaimer: With every increase in privacy and/or security comes with a cost to your convenience. This cost varies, but with time they will become habit and normal.
I am not responsible if any of these things blows up your computer or make you mad.
I did not test each of these suggestions on every platform and setup, so your mileage may vary.

Level 1: Required Practice

Anything listed in this section is unobtrusive and has a disproportionate positive impact on your privacy and safety. Do them now. As you read, do them.

Password Managers

Imagine you have something valuable. You want to protect this valuable object while still having access to it. One way to add a level of protection is to store it in a safe.

A password manager is a safe for your passwords.

The basic concept is as follows.You download either an application for your computer (as you would with Microsoft word) or a plug-in onto your browser (like adding an ad-blocking tool to your Chrome or Firefox browser). When you enter your credentials for a particular website, the password manager saves your username and password. This accomplishes two really important tasks. First, when it saves your usernames and passwords, it encrypts them. A great feature that you don’t have think much about. The second part is magical. When it saves your password, the next time you need to log into that website, it automatically fills in your username and password for you.

So long are the days of remembering a different password for every account.

Or, more realistically using the same password for every website. Now, there is no excuse to create a strong password and make it different for each website (hint: there is a password generator built-in to many of the password managers).

It can at first seem daunting to catalog every website and add it into your manager right away. I would recommend against this method. Each time you log into a website, your password manager should ask for your credentials, or if you are logged in you can manually add them. Over time you will accumulate all of the relevant account information you need!

I personally recommend changing the passwords each time this happens.

In short order, your passwords will be secure and stored in one safe place and something else will take on the labor of remembering and entering your passwords! A word of warning. You will need to create one really, really good password to unlock your password manager safe. If you lose this password, then you lose the password manager. Part and parcel to security is that the folks managing your passwords can’t see them either, so keep that password safe and secure by other means. But hey, it’s just one password to keep in mind!

Private Search

Google isn’t an ambivalent company. The idea that you can open up a web browser and find exactly what you are looking for in short order thanks to Google comes at a large cost. One that we pay via our data. Our search behaviors (what we search, which link we click on, etc) is packaged up and used for Google’s internal projects (like making Google search better), but also sold to various unnamed companies for their profit. All of this happens without most people knowing it’s happening. Not to mention Google is the default on most major browsers.

An incredibly simple solution is to change the search engine you are using.

This is difficult at first, but once you know your alternatives it becomes an easy switch. Open your settings of your browser (Chrome, Firefox, Opera, Safari, etc.) and find your “search” setting. Change the default to DuckDuckGo or Ecosia. These are privacy and/or environmentally-focused search options. Feel free to research other alternatives if either of these don’t work for you.

Encrypted Messaging

If you are an Apple user, congrats! You already have this done. Much of Apple is very secure. As long as you are happy with their other practices, then you are more-or-less quite secure (just opt out of their data collection practices). For everyone else, your messaging apps aren’t likely to be secure or private.

What this means is that if your messages become compromised (like these many, many hacks) the messages will be readable by any who receive them.

What we need is to have the messages encrypted. You may have heard of this with applications like What’s App. However, a word of caution that What’s App is a Facebook-owned product, which means that they do collect some data on your messaging.

Meta-data are information about your messages. So, when you sent it, who you sent it to, and more.

Using an app like Signal or Telegram protect both your messages and your meta-data, but you have to message someone who also has the same application. This goes for Apple as well. You may be wondering why this matters.

When you text someone, and it is encrypted through one of these apps, only the users who participated in a particular chat have access to those messages. The companies running the technology cannot access them even if they wanted to. If you and the person(s) you are texting decide to delete the messages (or photos or videos) then they are gone for good. No one can see them again.

Multi-Factor Authentication

You have probably already seen this one. Is you use Gmail or most Apple products, this feature has been standardized for a lot of pieces of software.

The concept is simple: on top of a password, ask for another form of verification.

This could be a text message or email with a code or push notification. It could also be through a third-party application like Duo. Regardless, this is a great form of added security that allows you peace of mind if your password gets compromised. In that case, the person with your password would then also have to compromise your phone and/or email address which is a lot of work and very, very unlikely.

For those who want to push this concept even further, look into a security key. This is a device that looks just like a thumb drive. Instead of sending a text message or email, it instead checks to see if the USB stick is in the device you are using. For some this will be more convenient!

Level 2: Some more discomfort for even more security and privacy!

These steps will take you off the beaten path. A lot of these methods with start using new services and software rather than augmenting what you probably already are using. You can always use these as a backup, for particular tasks (like sending sensitive documents), or transfer over a longer period of time!

Encrypted Email

Once more, if you use Apple’s Mail client, then you need to follow a few steps, but the encryption is more-or-less built in.

For the rest of us, a new email client is in order.

Services like Tutanota and ProtonMail were created for this exact reason.

If you create an account, no different than Gmail, then you will have an email which you can use to send email, sign up for services, and the normal email things you do with other clients. However, now whenever you email someone with the same service, the message and attachments will be encrypted as well! What about if the receiving end isn’t using your service?

Well, there is a workaround. With these services, you can set a password on the email you send. Communicate the password to the receiving party (using encrypted text) and they will successfully be able to open the email safely! Yes, there are a couple of extra steps, but this can be reserved for sensitive emails like sending a scan of your driver’s license or passport.

Secure Browsers

For this section we have securing browsers and secure browsers.

Basically, if you are running Firefox, then you are already on the right track, but there are a number of steps you can take to lock down your privacy. So there is your work securing.

Every other major Windows browser (Chrome, Edge, Opera, etc) all run what’s called Chromium. The core being Chrome. The foundational architecture of Google’s Chrome. Yes, all of these browsers share the same core. Opera is impressive in regards to privacy. However, it shares the same foundation as Google’s Chrome. This means that there is a level of data leakage common to all of these browsers which all runs back to Google.

If you would like to escape these issues, then you will need a new browser.

Firefox will likely be the easiest to transition to as even with an untouched installation, it is more secure and private than most other browsers.

Virtual Private Networks (VPNs)

There are many leaks and vulnerabilities along the data pipeline that flows in and out of your life. One that has yet to be covered in this article is your network itself. That is, the source of your internet when it enters your house.

A  virtual private network helps with that problem.

Put simply, a VPN secures any data it encompasses with from your internet service provider (ISP) and anyone else who could be snooping on your network.

What this looks like in practice is your computer’s address will be obscured. If you are in Canada, you can make it look like you are in Malaysia to everyone else. Also, the data being sent will be obscured as well, so this is an added layer of privacy and security.

There are numerous providers of VPN services and most of them are good. A good general rule is to stay away from free VPNs.