For me it would be the following:
- Don’t reuse usernames/names
- Avoid using social media
- Use Tor/VPN when you can
For normies it’s easy:
- Password Manager
- Firefox
- Adblocker
Those three will make up for 90% of peoples bad habits.
Literally this. This is the answer.
Password Manager that is not LastPass lol
Password manager is something I’ve been preaching but they seem to find it to much of a hassle. Set up Ubikeys for my MIL. Works like a charm.
I would add: turning off telemetry, especially windows and other ms products
How does a password manager improve online privacy? Aren’t you just centralizing all of your login credentials that could be hacked like a certain password manager was recently?
Use strong master password. Use a 2fa / passkey. Use reputable secure one like bitwarden or better a offline one like keepassXC.
Password managers are great tools that if used correctly can be very good but when you use them incorrectly it can go very wrong.
The main thing that they solve is week passwords, and passwords that are reused.
Keepass wiht my kdbx in a webdav share with basic auth is the tits. I can access and modify it remotely and it’s easy to detect and block any bots/users who are snooping and trying to access the webdav share. After 3 years of using this setup I’ve only had a dozen hits on that directory out of the hundreds of thousands of bot requests.
Provided that your key store password can be made very strong, all the risk posed by having all your eggs in that one basket are, speaking from the perspective of an average computer illiterate user like my mom, far outweighed by avoiding the inevitable alternative of one password (or a family of derivative passwords) used across all services.
One extremely good lock is a step up from two dozen shitty ones if it’s a cascade failure either way.
For me the real value is that a good password manager makes it easier to not use “login with Google” for everything
For sure if you use a cloud provider, but there are self-hosted and totally offline solutions.
Here’s the ultimate tip for securing your private information.
- Keep away from the Internet
Yea a lot of this advice “don’t use anything from Google/Microsoft/Facebook/amazon” or “avoid social media” is just going to tell newcomers that privacy isn’t for them
Instead go in order
- secure private messaging since that’s where a lot of your personal private info is going (use Signal)
- switch to Firefox over chrome, it’ll do all the same things
- use bitwarden (or keepass, but that one is a bit more technical) to manage your passwords, and generate random passwords for things you can reset easily
All of these are easy, don’t have much of a learning curve, and will give them significant gains privacy wise. Also I’m betting they will continue to learn and do more stuff after that.
“Use Signal” is great, but every other person you know insisting on using WhatsApp makes it moot.
- Password manager such as Bitwarden, generate long strong passwords for everything.
1a. Corpo SSO (By which I mean “log in with Google/Microsoft/Apple/Whatever”) nothing. - Hardware keys, MFA on anything that doesn’t support one.
- Degoogle, de-megacorp.
- Use Linux, stop the Stockholm syndrome that is Windows.
VPN shouldn’t even be in the top 10. The benefits are dubious at best and the jury is still out on whether it makes you more of a target or if you can trust ANY provider meaningfully.
- Password manager such as Bitwarden, generate long strong passwords for everything.
I think you are confusing privacy with anonymity.
deleted by creator
Don’t be afraid to lie when it doesn’t matter. Unless it is for something official or that will impact the service, use the wrong DoB, enter the wrong name, etc… if it isn’t going to need verification then there is no need to give valid data that can be stolen or misused at a later date.
But be sure to take note of that piece of information that you have lied, in case they will ask you when the time comes for account recovery.
- Ditch Chromium.
- Use a Password Manager instead of “log in with Google/Facebook/whatever”
- Keep tabs on Mobile App permissions and revoke as many as you possibly can. I revoke location permissions from every single app except Navigation apps, which have to ask for location permissions. If possible, remove apps in favor of Native Alpha / Hermit web apps
I disagree with your #3 point. There is nothing stopping you from disclosing personally identifiable information through Tor or a VPN. They can help you with keeping private, but they don’t do anything if you don’t know how to use them for privacy.
The Tor browser resists fingerprinting, but a VPN doesn’t. A VPN only keeps your IP address private, and your IP address isn’t really that interesting to the big tracker companies.
I would say something more like Firefox’s container tabs is way more useful for privacy.
Your IP address is everything to companies that track you. It’s way easier to automate software to collate data on a range of IP addresses than it is to create bespoke automation or gasp employ somebody to create data points on you. If you’re in the habit of identifying yourself online by signing all of your posts with your name, age, and email address, sure, a VPN won’t keep you 100% private, and your DNS lookups are still plaintext, but if you change your server periodically and don’t provide any details about who you are, what the hell is an ad serving company going to do with a range of known VPN server IP addresses?
Not really. I know Google doesn’t associate an IP address. You can test it in a private window.
Also that would be silly. Most families share an IP address, so your tracking data would be all mixed up for the whole family. And most people’s IP address changes every month or two, so again, your tracking data would be mixed up with the previous family who used that IP.
IP address is nearly useless as a tracking mechanism. You can use it to get someone’s approximate location, and that’s about it.
Wow. Lemmy’s user base has really pidgeon-holed itself in these comments. Just observing, not critcizing. Interesting to see. Privacy to most people here means privacy from big tech and government. Responses are also largely technology-focused solutions rather than personal practices.
I’m going to throw “Don’t give out your personal information” into the ring to round things out.
Got some disagreements here:
I’d say you can reuse names/user names but then you should seperate your internet personality from your reallife personality.
Choose the right social media (fedi verse stuff that doesn’t spy on you)
Also tor is a bit much for most things. for staying private a vpn you can personally trust should be enough
But the tips you listed are great for staying anonymous
Fediverse stuff can still be scraped and used to profile you, but since there’s no targeted advertising on the platform, if you’re anonymous, that’s extremely unlikely.
- Use a trustworthy VPN and encrypt your DNS lookups
- Set up a Pihole for DNS filtering and ad server blocking/use UBO on FF
- Don’t associate your online usernames with your real name or any identifying information like your birthyear (so like, don’t use Facebook)
don’t reuse usernames
but sentimental value ._.
I would put “Alwayse use uBlock origin, and decline any data consents” instead of the third point, and swap it with the 2nd
- Don’t use Brave.
Brave’s track record on privacy has been really good. It’s all the other terrible shit they do that you should avoid them for.
Oh, what’s the deal with Brave? I’ve been pretty impressed with it, but I suppose I’m not familiar with the privacy isuses.
They’ve been doing sketchy shit lately.
Oh I see—what sketchy shit have they been doing?
https://lemmy.world/post/2846523
https://www.xda-developers.com/brave-browser-installs-vpn-windows/
And a few other stuff. What did you await from a crypto browser anyways? Just use something Firefox based instead, no need for chromium.
In response to the first article: The whole point of brave was privacy-respecting ads, which is something I can get behind. The article doesn’t mention much in terms of how they are selling data that is connected to you. Adding affiliate links to the url–not a great idea but also not a huge offense to me. I see very little substance to critique this part of Brave in the article.
The rest of the article is about associations Brave has with other “bad” people and “bad” things. These are not real arguments for why the actual software is not good. Saying Brave promoted FTX doesn’t really mean that Brave is evil. Not everyone knew what was going on there. Again, I don’t see much substantive critique of Brave on this front.
For the second article: I very much don’t like it when software decides to install other software that I’m not aware of. Big mistake for Brave.
deleted by creator
What do you mean by that? You’re brave enough to giveaway your personal information to Brave?
deleted by creator
Everything you’ve done on Brave browser
deleted by creator
- Password manager
- Adblocker
- 2FA
Next steps are a Quick software audit: how do you check your email, what chat apps are you using, what browser are you using, etc.
Always keep things low-friction to stat out
https://bbbhltz.codeberg.page/blog/2022/03/low-friction-introduction-to-digital-privacy/
- Don’t say too much about yourself or post photos
- Burn old accounts and make new ones periodically
- Turn off features that notify people when you get online or what you’re doing like Steam and messaging clients
