When I sat down and made a list of topics to write about, I was a bit overwhelmed. I wanted to get content out quickly, but I realized that this needs to have an order or a method to the madness. Then I thought about it and realized that making a good "start here" kind of post is the way to go right now!
Let's say you're interested in taking those first steps toward reclaiming some of your privacy and security or "tinfoil your digital life". You're in the right place! Let's explore the simplest, first steps to take toward our goal of having more privacy and security!
Stop Giving Away Your Info So Quickly
First things first, you're going to have to learn how to think about things differently. When signing up for something, always ask yourself why they are requesting certain information, then assume the worst possible reasons. For example, you're signing up to be on an email list, but they ask for your name and phone number. All you want is periodic emails. Why do they need your name and phone number? Assume the worst case; they might sell your name and phone number to spammers. Queue the text message spambots!
Let's explore another example. Let's say you're creating a new account on a social media site. You want to remain anonymous, but the site is requiring both a first and last name. Your idea of being "L33tNinja_81" isn't going to work out! You also can't just use "John" or "Jane" since the last name is a requirement. Let's be logical here. Is the site something like LinkedIn where having your full name could be beneficial because recruiters use the site for hiring? No? Is this a site for finding your long, lost high school friends? No? Then they don't need your last name. Don't give it to them. If the field is required, fill it in with an initial or something you make up. Otherwise, just assume your data will be sold or your posts filled with drunken party pictures from last weekend will eventually come back to bite you!
The point is, don't just give your last name, phone number, date of birth, etc to any random site. Question why they want it. Social sites like to display some of your info but ask yourself if you want that info displayed.
Get a Different Browser
We spend an absurd amount of time on the internet these days. I'm not telling you that you should change that. Instead, change what you use to browse the web and how you do some very basic things.
For starters, you probably need a better browser. Without getting on a soapbox, I'll say that Chrome is from Google who you should never trust; Safari is garbage and always will be; Firefox is ok at best (although they recently made statements that were very against free-speech so they lost any love they may have had from me); and every browser Microsoft has ever made has been the worst mainstream browser at the time. Microsoft sucks at browsers!
So what should you use? My recommendation from this post is Brave Browser. Brave will feel familiar if you're a fan of Chrome, will allow you to use Chrome extensions, is fast, and is privacy-focused. Simply browse as you normally would and let Brave stop other sites and companies from tracking you. If you ever run across a site that seems broken, you disable the shields in Brave which will fix the problem unless the site itself is broken. Other than Brave, you can explore Dissenter, Tor, and DuckDuckGo Privacy Browser on your mobile device.
Do a Better Job with Your Passwords
Now that you're using a MUCH more private and secure browser, it's time to address your common behaviors. First, of all, stop just mindlessly clicking "Yes" every time your browser asks if you want to save a password for a site. Don't leave that up to your browser! You either need a password manager service or you need to get old-school and keep those in an encrypted document or something. If you are wearing a super thick tinfoil hat, consider using something like KeePass as it is open-source, has been around for a long time, has apps for just about every platform including Linux, and will create an encrypted file containing all of your passwords. At that point, you have to decide where to store that file. A lot of folks will choose to store their KeePass file in their cloud storage so they can access it from any device. I used to do this very thing!
If your tinfoil is a little less extreme and you trust some companies, there are several password services out there to look at. I personally use LastPass. I have 2-factor authentication enabled which makes me feel a bit better about it, but I will admit that I do struggle with how I feel about using a service like LastPass. It is so convenient, but I am trusting that they have their security game on point. There are other services out there as well. You just have to make your own decision about your level of comfort with each of these options and choose the best one for you.
On the subject of passwords, QUIT USING THE SAME ONES OVER AND OVER! Yes, I'm yelling that, and no, I'm not sorry! One of the best features all of these password solutions have is the ability to randomly generate your passwords for you. If you are using a service, you don't have to remember your password anymore. The danger in using the same password everywhere is substantial. Let's say you use "password1234" for everything (and we'll ignore the fact that it is a horrible password for now). You use it to log into your bank, all of your social media accounts, and many other sites. One day you create an account on some little site that stores your movie library or something random. This site is big enough to be the target of a hack but small enough that the devs are a little too lax with the security measures. They get hacked. Some malicious person or group of people have your username/email and password which you have used on every other site. Now they can randomly try bank sites, social networks, etc with every set of credentials they stole. For those people who don't use a different password for every site, now you just lost SEVERAL accounts, might have a hijacked social media account posting Russian porn, and your bank account is drained. This is why you use a different password for EVERY site!
Treat Every Link Like It Is Potentially Harmful
Another thing to consider is the sheer amount of phishing and scams on the internet these days. This is especially noticeable when you check your email. Scammers have gotten pretty good at tricking people into clicking malicious links and creating fake websites that impersonate others to get your credentials from you. You have to be more careful with links!
How do we check links, though? Well, you can think about this in two different contexts. First, if you are about to enter sensitive info, check the URL bar at the top to make sure you are where you think you are. If you meant to go to paypal.com, make sure that is what it says! If it says something like "paygal.com" or "paypal.yourpaymentservices.com" or something else, then it's a trap! Web addresses can get long and complex, but you mainly need to focus on the bit after the "https" and before the first "/". It will always end with a domain, a dot, and the suffix. I could have "paypal.tinfoilmylife.com" on my domain. It doesn't matter that "paypal" is in the address, it matters that the domain is tinfoilmylife.com!
The other context to consider is when you are clicking links. This is primarily a concern when checking email from the browser. I can make a link have any text I want and direct it to any address I want. For example, I'll throw up a link that says it is to www.Facebook.com, but it really takes you to my Minds.com profile. Did you click it? DON'T! LOL. It is safe and it does take you to my Minds profile even though it says it is for Facebook, but if I wanted to scam you I could have it take you to whatever fake site I've built to try and phish your credentials, banking info, etc from you.
So how do you handle links? First, you will right-click on it to open your browser's right-click menu. From here, the wording can be different from browser to browser, but we're looking for something along the lines of "Copy link address". Select that and now the actual address from that link is on your clipboard. From here, you can paste that into a document, empty email message, or even the URL bar to inspect it. Just don't navigate to it until you've verified that it is what you expect! This mostly applies to checking your email, but you should use this regularly just to be safe!
Browse a Little More Safely
If you've made it this far then congrats! You've just gained a basic amount of knowledge on some safer approaches to living in the digital world. I wanted this to be a very approachable, easy list of basic things you can do to secure your digital life a bit.
If you already knew to do most or all of these things then you're already doing more than the majority to stay safe online! Pat yourself on the back. There will be more posts to come that will go deeper and deeper into what you can do to stay safer online. Keep checking back!