So recently I’ve gotten a bit more serious about my internet security, and made some changes. Here’s a short list of what I’ve done, but I’m wondering if I’m missing anything important:
- Moved from Brave to Firefox
- Bought my own domain for my email (so I can switch email providers at any time)
- Switched to Duck Duck Go from google (It’s gotten worse anyways)
- Bought the Proton package (VPN, Encrypted email, etc…)
- Installed Thunderbird (instead of microsoft mail app)
- Installed uBlock Origin
- Installed Bitwarden for password managing (My passwords are also no longer all the same)
Is there anything that I have missed that should be a priority for internet security?
I’m gonna be straight with you.
Cybersecurity isn’t just about doing all the things secure and private. It’s also about judging/predicting likelihood of your risks so as not to over do it.
You are already above and beyond what you need to secure the average person (Firefox switch is eh, Firefox can still be locked down or “hardened” via config changes.)
I can’t offer any further advice without knowing your “enemy.”
Is this just for general purpose use or are you especially risky in a specific area
You raise a good point. I would say for the most part, I fall under general purpose, with some exceptions. I guess what I’m wondering is, are there security/privacy things that everyone should have, but most people just don’t know about?
You’re doing just fine then! I’d look into hardened Firefox configurations and I’d probably honestly reduce what you’re all doing with email. It’s a bit redundant - to have three customizations to what’s essentially one experience.
Your browser will be fine 99% of the time with script blockers like umatrix, config hardening, not using chrome/chromium. So using protons web interface is probably just fine. Even then, emails usually not too crazy for the average user in terms of risk either, besides it being a focal point for pivoting off of (use different emails for different areas you want to segment and keep using that manager software (passwords, accounts etc)
Keepass is free and works great to secure your stuff
Don’t even get me started on sms-based vulnerabilities (cough cough apple)
Set up 2FA/MFA for all of your accounts wherever supported. It’s probably one of the few easier things you can do that is missing from your list, and you will vastly improve your security posture for it.
I just use Google authenticator but there are plenty of other apps out there if you’d prefer something else.
https://prism-break.org/en/ here is a bunch of free and private Software suggestions for all plattforms this really hooked me up
In this day and age… write your pass words down in a notebook instead of saving them on your pc/the internet
You can pepper them for extra safety
This is terrible advice. Use a password manager and know how to make backps.
There is nothing wrong with using a well made open source password manager like keepass.
- MFA all accounts that support it
- important accounts use hardware key like Yubikey
- Ditch SMS mfa use Authenticator or hardware key
- custom email aliases (proton have SimpleLogin) use separate email for every account just like password
- change your browsing habits from YouTube instagram twitter to privacy alternatives (there is Firefox plugin Privacy Redirect)
- use separate vm for higher risk browsing or separate computer (tails)
- get VoIP phone number redirect your current phone to VoIP.
- use pre paid phone only for internet and never use it for phone or sms. For more paranoid activate away from home using fake name (Mint mobile for instance doesn’t check if it’s real)
- use phone that was never registered to your name (don’t reuse old phones)
- setup always on VPN on your home on router with killswitch so you never reveal your IP accidentally
- use privacy oriented DNS service
If you into privacy I recommend Extreme Privacy book that goes over many things. The lengths that you go to protect your privacy will depend on your threat model. Privacy is expensive unfortunately.
custom email aliases (proton have SimpleLogin) use separate email for every account just like password
voluntarily subjecting yourself to mitm attack is… uh… not the smartest idea in the world 😂
and definitely not something you should advise to someone asking how to increase their security.
get VoIP phone number redirect your current phone to VoIP.
you have to pay for every such call. and what is the security gain here?
use phone that was never registered to your name (don’t reuse old phones)
that is to protect you from nsa, in some enemy of the state scenario?
setup always on VPN on your home on router with killswitch so you never reveal your IP accidentally
again, what scenario is this useful in? lets say i am not really into international terrorism…
The lengths that you go to protect your privacy will depend on your threat model.
yeah, and reading your advises, you are obviously some james bond hunted by 10 enemy intelligence services at once 🤣
