Privacy, Security & Anonymity Reference

Why is privacy important

  • “You might not have anything to hide, my friend. But you have everything to protect.” — Mikko Hypponen
  • “Arguing that you don’t care about the right to privacy because you have nothing to hide, is no different than saying you don’t care about free speech because you have nothing to say” — Edward Snowden

Cleanup

  • Remove bloatware
  • Remove unused programs
  • Only install software that is needed
  • Deleting old messages
  • Delete call history
  • Remove unused files
  • Move sensitive files into external drives
  • Clear Browser Data: Cookies, Cache (Activate auto delete)
  • Disable Data Collection in Settings
  • Delete Data Collected, e.g.: Google My Activity
  • Delete unnecessary Online Accounts (Fake data before deleting, because service may not delete it)
  • Reverse Image Lookup to find accounts where you posted your images-> Delete account or posted image

Social Media

  • Delete unnecessary Social Media Accounts
  • Avoid using full name
  • Make accounts private
  • Enable privacy settings
  • Minimize Data Access
  • Don’t upload personal images

Permissions and Settings

  • Disable information sharing between apps
  • Disable Analytics & Diagnostics
  • Move Over to FOSS
  • Avoid Personalization
  • Ditch Intrusive Operating System
  • Avoid Sharing Personal Data / Syncing Accounts
  • Least Privilege

Hardening Browser

  • Check automatic updates
  • Set home page to privacy oriented search engine
  • Set search engine to privacy oriented search engine
  • Disable Password Management by Browser
  • Auto Delete History
  • Block as many cookies as possible
  • Auto remove cookies
  • Enable Tracking Protection
  • Enable Do Not Track Signal
  • Limit Permissions
  • Disable Data Collection by your browser
  • Don’t activate syncing
  • Advanced Settings: https://www.privacytools.io/browsers/#about_config
  • Install privacy extensions
  • Disable WebRTC

Browsing Habits

  • Download files and programs only from original source
  • Check for Typos
  • Do not ignore Browser Warnings (e.g. Certificate Warning)
  • Assume everything is a scam, as long as the opposite is not proven
  • Check Links before clicking
  • Check Email Domain
  • Double Check suspicious things
  • Give least privilege to web sites
  • Way of typing can be used to identify you (typing habit) -> Use Extension to change typing habit (e.g. Keyboard Privacy (Chrome), behavioral-Keyboard-Privacy (Firefox))

Physical Privacy

  • Encrypt Hard Drive
  • Fully Power Off System When Not needed
  • KableLock
  • Don’t use public devices, e.g. Printers
  • Wipe data on Printers
  • Protect from Shoulder Surfing -> Privacy Screen Protector
  • Restrict Access to BIOS (Password)
  • Lock Down Boot Priority
  • Libreboot
  • Cover Web Cam / Physically Remove Camera
  • Connect Dummy Mic that does not work
  • Physically Remove Microphone
  • Remove Unnecessary USB Devices, e.g. Microphones, Webcams
  • Don’t trust rented devices, e.g. Work Smartphone, School Laptop
  • E.g. NFC, GPS, Bluetooth…
  • Disable Bluetooth, only activate when needed
  • Auto Update
  • Use proper Bluetooth password
  • Disable GPS, when not needed
  • Don’t record GPS data
  • Opt out location tracking
  • Disable Location Sharing in apps like Snapchat and co.
  • Opt out NFC Tracking
  • Disable NFC
  • Don’t use NFC for payment
  • Lock your SIM Card
  • Disable Wifi when not needed
  • Use Faraday Bag
  • Leave your phone at home
  • Use Devices for specific purpose, e.g. School, Personal, Banking
  • E.g. buy a ChromeBook to use only for Online Banking
  • You could also use Virtual Machine instead of Physical Devices. Qubes OS is also recommended

Auditing

  • Keep up to date in news: Reddit (r/privacytoolsIO, r/cybersecurity, r/OPSEC), News Source (Slashdot, The Hacker News, Bleeping Computers, Threatpost), Youtube (Techlore, TheHatedOne, Seytonic, ThreatWire)
  • Online Checkup for Hacks and Leaks: HaveIBeenPwned
  • Check for Updates for every device and software
  • Run Malware Scans
  • Update all of your passwords
  • Local Checkup: Apps, Settings, Privacy Settings
  • Minimalism: Delete unused files, programs, apps, settings …
  • Peer Review: Ask a friend to find information about you Online
  • Insert Step Here: Do what ever else you want, e.g. Check Firewall Logs, Check DNS Logs …

Security

  • Search on Google or other sites (havbe i been pwned?, pipl, any who), if your personal data has been leaked -> Change Leaked Passwords
  • Keep Software Up to date
  • Use complex password, e.g. with Password Manager
  • Compartmentalize Password Manager Databases
  • Append second password to the passwords in Vault
  • Frequently change your passwords
  • Bio metrics are less secure than passwords. In some countries you cannot be force to hand over your password, but you can be forced to unlock with your bio metrics
  • Disable Bio metrics, when: Crossing Border, Going to protests, Going to Airports…
  • Avoid Android Lock Patterns (ALP)
  • Sign Out / Lock when leaving your Computer
  • Security Questions: Use fake / random data and use your password manager
  • Use 2FA
  • Avoid SMS for 2FA
  • Protect your Email Account
  • Logout from Services
  • Read all check boxes in installation programs -> Avoiding Potential Unwanted Programs (PUPs)
  • Use WPA2
  • Change default password
  • Change default SSID
  • Change default Admin Portal
  • Disable WPS
  • Update Firmware
  • Use a VPN on your router
  • Use Open Source Router Software: pfSense, OpenWrt
  • (Use Whitelist to allow certain MACs)
  • (Hide SSID, but it is Security Through Obscurity)

Lifestyle

  • Make sure whom to trust
  • Be Minimal: Don’t give up data
  • Be Aware: Why is something needed, Be aware of social engineering attacks, Be aware that the company you are trusting can change / get acquired by another company
  • Be bold: Don’t get into pressure
  • Be prepared
  • Use Email Aliases
  • Never tell about your wealth
  • Ask: Why? Where? How Long? What Recourse? Alternatives? Is it required?
  • Tell People to keep information about you confidential
  • Don’t let license plates of your car reveal to much personal information
  • Pseudonymization & Anonymization of your personal data
  • Shred anything with Personal Information
  • Don’t share anything that will show that you are out of your house
  • Pay with cash
  • Use Gift Cards
  • Use RFID Blocking Wallet
  • Go to every store with a Pseudonym
  • Ship to Amazon Locker
  • Check if your bank allows Virtual Cards
  • Try Checkout as Guest if possible
  • Keep sensitive items in a Safe
  • Backup Drives should be in a safe
  • Offsite Backups
  • Get Rid of your Smart Devices, e.g. Alexa
  • Loss of convenience
  • You may seem suspicious
  • You can’t share your life with other people
  • Possibility of obsession
  • You have to pay attention all the time
  • Share knowledge
  • Explain why you do what you do
  • Normalize Privacy (Sociaty things Privacy is Criminality)
  • Donate for Merchandise

Checklists

Tools

  • New Users: Linux Mint, Manjaro
  • More Advanced: Debian, Open Suse, Fedora, Arch (Based), QubesOS
  • Tor Focused: TailsOS, Whonix
  • Live Operating Systems: TailsOS, Most Linux Distros
  • OpenBSD, FreeBSD, HardenedBSD
  • YT Channels: Switched To Linux, The Linux Experiment, LearnLinuxTV

https://www.privacytools.io/operating-systems/#mobile_os

  • GraphenOS (Most Secure)
  • CalyxOS (Most Convenient)
  • LineageOS (Less Security!)
  • Linux Phone OS: Librem, Pinephone
  • App Stores: Aurora Store, F-Droid
  • Google Services: OpenGApps, microG
  • Searx
  • DuckDuckGo
  • Qwant
  • Startpage
  • Signal
  • Threema
  • Wire
  • Briar
  • Wickr
  • ChatSecure
  • Matrix, e.g. Element
  • Burner
  • Shuffle
  • mySudo
  • Use Alias Service: AnonDaddy, Simplelogin
  • Use Encryption: PGP, GPG, OpenPGP, Mailvelope
  • Providers: Protonmail, Tutanota, Disroot
  • Email can be self hosted
  • Temporary Disposable Email Address: TempMail, Guerrilamail, Harvard Threat, 10MM (10 Minute Mail)
  • Alternative Email Solutions: I2P-Bote
  • Encrypt before sharing!
  • Nextcloud
  • Firefox Send
  • Onion Share
  • HTTPS Everywhere
  • uBlock Origin: Add & Tracker Blocker
  • Privacy Badger: Blocks spy ads and invisible trackers
  • Decentraleyes
  • Cookie AutoDelete: Delete Cookies of one tab after closing the tab
  • NoScript (Firefox) / ScriptBlock (Chromium)
  • CanvasBlocker (Firefox) / Canvas Defender (Chromium): Avoid tracking with Canvas Fingerprinting
  • behavioral-Keyboard-Privacy (Firefox) / Keyboard Privacy (Chrome)
  • Bitcoin
  • Monero
  • Cryptocurrency Wallet: Ledger
  • Password Managers: Bitwarden, KeePass, KeepassXC, LessPass, Master Password
  • 2FA: (Authy), FreeOTP, andOTP, Aegis, TPM Module, Yubikey, USB Drives
  • Hints on Paper: E.g. If your password is “gaming23”, then write down “timekiller + 23”
  • Full Disk Encryption: Bitlocker, Linux Disk Encryption, Vera Crypt
  • 7zip
  • Vera Crypt
  • GNU Privacy Guard (GnuPG)
  • Encrypt your files: Cryptomater
  • Host your own Cloud: Nextcloud
  • Protondrive
  • Mega
  • Tresorit
  • Icedrive (Free Tier does not have Zero Knowledge Encryption)
  • Cryptdrive
  • MAC Address: Windows Build In Tool, Technitium, spoof on Github (Linux), Android Randomization, iOS Randomization
  • Android Location Spoof
  • Android: Scrambled Exif
  • Jailbroken iOS: PhotoExif
  • Nonjailbroken iOS: ViewExif
  • Linux: BleachBit, Ubuntu Cleaner
  • Windows: Geek Uninstaller, CCleaner (Closed Source!)
  • Mac: AppCleaner, CCleaner (Closed Source!)
  • Windows: CCleaner, BleachBit, Eraser
  • Linux: BleachBit
  • SSD Manufacturer Software
  • Some BIOS have a Secure Delete Tool
  • Use Full Disk Encryption -> Files can’t be recovered in an unautherized way
  • justdeleteme.xyz
  • ComputerWorld Removal Guide
  • Albine Removal Guide
  • W10Privacy: Make Windows 10 more private
  • AppCensus: Get Information about Permissions that an App uses
  • Plexus: Shows Apps that work with Degoogled Phones and microG
  • Panopticlick
  • AmIUnique
  • BrowserSPY.dk
  • Libreboot
  • coreboot

Changelog

  • 15/08/21: Create this Article
  • 27/08/21: Update Cloud Storage section

Passionate about Cyber Security. I am publishing CTF writeups and Cybersec content!