Welcome to the world of online/digital privacy!
Like its sister guide for cybersecurity, this privacy guide was written for complete privacy novices in mind. It is designed to be a starting point for anyone new to the world of online privacy.
It also contains actionable advice for getting started on your privacy journey without the need for threat modeling (though it is certainly advised to set a direction for your efforts eventually.)
When it comes to improving privacy, absolute novice advice often includes “creating a threat model.” This is actually great advice as threat modeling allows you to focus on achieving your goals while keeping in scope your personal resources, such as time and money.
However, there are “privacy 101s” users can and absolutely should take prior to sitting down and figuring out a threat model that works for them. These basics have great and potentially near-immediate “returns” when starting out one’s privacy journey. Threat modeling should take place after these “basics” are in play.
The steps outlined in this guide are basic, highly recommended privacy steps anyone can take regardless of an established/not established threat model:
Use a privacy-oriented browser
Use a secure/encrypted email provider
Use private search engines
You do not need to have a threat model in place to take action on the points listed in this guide.
For example, it would make little sense for users to switch to a privacy-friendly operating system yet continue to use Google Chrome in their day-to-day browsing activities. Likewise, it would make little sense for users to continue to use privacy-unfriendly email services while signing up for more private/secure services.
Above all else: take your time. Small changes are easier to manage and retain over big, “dramatic” changes. Privacy is a journey.
Before proceeding, you should ensure you’re hitting the baseline for personal cybersecurity.
Security and privacy overlap, both inside and outside the digital space. It’s highly advised to review and shore up basic cybersecurity practices alongside improving your privacy, if you haven’t done so already:
You should master these basic personal cybersecurity best practices prior to starting on your privacy journey or taking any of the steps outlined here.
Basic security naturally lends itself to privacy. I strongly recommend viewing the getting started guide (the sister guide to this one) on security.
Put into context, it would make little sense to use a privacy-oriented browser and all the features such a browser may have to offer, but continue to reuse passwords across online accounts. Likewise, enabling MFA at least on sensitive accounts protects the account from unauthorized access – by extension, this also protects the data inside that account from access by malicious actors.
It’s also viable to implement this guide and the cybersecurity one at the same time for simultaneous improvement for your privacy and security!
Implementing better basic security practices can improve your privacy as a secondary benefit by helping to prevent and lock down your accounts and devices.
Your privacy can be compromised when security is weak or lax. With weak security, unauthorized users obtain access to your online accounts – for example, they could collect personal identifiable information (PII) from unauthorized access to your accounts!
Privacy-oriented browsers are web browsers that respect user privacy.
Privacy-oriented browsers generally aim to share as little data as possible with the websites users visit. By default, they usually mitigate the effectiveness of common tracking/fingerprinting methods and preventing unneeded information exchange between the browser and the web server.
Privacy-oriented browsers also limit data collection and “phoning home” and telemetry activity on their backend (in this specific case, I am using “backend” to refer to the side where users don’t necessarily directly interact with the browser), preserving your privacy as a user.
Plenty of browsers phone home potentially identifying and sensitive data such as (but not limited to):
On any internet-connected device, such as your home computer or your smartphone, your most used application is probably your browser, which makes privacy in the browser highly important. URLs visited and browsing history can be particularly sensitive and the unintentional/unaware sharing of such information greatly undermines privacy.
If someone knows your web they can learn a disturbing amount about you. This is compounded by combination with other information details — such as demographics, location history, device information, usage analytics just to name a few. The privacy issue is even further compounded if this data is shared with others (even if “anonymized”) or is used for other purposes, such as tracking and serving targeted advertisements.
Understanding browsers
At its core, a browser is software used to easily access the internet. You’re probably reading this post in your browser, where your browser pulled together JavaScript, HTML, and CSS resources from the Avoid the Hack web server to render this web page as you currently see it.
Modern browsers do more than just chaining together requests and render web pages and allowing easy access to the internet. You’re probably familiar with some of the extra functions your browser of choice can perform more so than you think.
Think about all that is possible to do in your browser without ever switching to another app or program:
Note: Not an all inclusive list.
Due to their functionality and capabilities, modern browsers can easily be more complicated than entire operating systems. With such sophistication, arises other issues. Many of the “mainstream” and widely popular browsers out there tend to “overshare” data with visited websites and developers (of the browser), ultimately compromising user privacy.
Browser privacy issues
Underneath all that complexity, the widely…
*** This is a Security Bloggers Network syndicated blog from Avoid The Hack! authored by Avoid The Hack!. Read the original post at: https://avoidthehack.com/getting-started-privacy