this post was submitted on 26 Jul 2023
7 points (81.8% liked)

Privacy

29831 readers
627 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
7
What habits do you have to protect your privacy? (lemmy.world)
submitted 11 months ago by [email protected] to c/[email protected]
32 comments fedilink hide all child comments
 

For example, change your password regularly, use 2FA.

all 34 comments
sorted by: hot top controversial new old
[–] [email protected] 9 points 11 months ago* (last edited 11 months ago) (2 children)

Security is not equal to privacy. Even if you do use 2FA and change your passwords all the time. You don’t gain any additional privacy.

Changing your google password and adding 2FA to your google account does nothing to make your life more private because google still can read all your emails, and sell your data regardless of 2FA.

The best habits to maintain privacy are to avoid using the services of companies that’s business model is violating your privacy.

Some pro privacy habits might be:

  • Avoid any google products or services.
  • Avoid and Meta products or services.
  • Don’t use any free software or services that are not community run / non profit. They make money from selling your data.

In a positive light these habits might be reflected as:

  • Using a google free phone. (i.e. GraphineOS or CalyxOS or /e/OS or even an iPhone as a last resort.)
  • Use Lemmy, mastodon and other alternatives to big social media corps.
  • Pay for reputable e-mail hosting with a reputable provider, (Ie Microsoft365 Business Account, Tutanota, or Proton Mail) or host your own.

Privacy isn’t all or nothing. Small steps are still improvements. Microsoft respects their business client’s privacy because that is what is demanded and Microsoft makes money by providing B2B services. Apple is in the business of selling expensive hardware and iCloud services so they don’t need to violate your privacy as much. These products while not perfect are leaps and bounds better then using any google or meta product.

Small steps are good steps.

If I had to choose one thing to do I would say to drop any phone that has the play store pre installed.

[–] [email protected] 6 points 11 months ago (4 children)

One addition. People say to use a VPN but I would argue that this is virtually pointless if you continue to use privacy violating services from privacy violating companies.

If your connect to what’s app or Snapchat or gmail over a https collection inside a secure VPN you are still sending them your data. Just with an extra lawyer of encryption. Google doesn’t need your IP if you give them your complete email inbox.

[–] [email protected] 4 points 11 months ago

One thing a VPN does is prevent your ISP from selling your browsing data to third parties. If you have Comcast or Xfinity it's worth it just to deny them even a penny.

[–] [email protected] 2 points 11 months ago* (last edited 11 months ago)

This is true, but you also gotta consider most people do browse and go to other websites than just ones they log-in to or social medias. I think using a VPN generally makes it harder for other websites (like news articles as an example) to track you across the web. (For instance, if I visit Website A with unique IP Address Y, and also visit Website B with unique IP Address Y, even without logging in or directly giving them any data, they could correlate those 2 things. That's where I think a VPN can really help things because it gives you a large pool of users in this case without using your unique IP).

Even besides this, you're missing another point. I'd argue the largest benefit to VPNs is just preventing your ISP from collecting and selling the websites you visit and metadata around them. That's a huge and undeniable benefit to using VPNs for privacy if you use a trustworthy and reputable one, just being able to prevent your ISP from seeing what you're doing, when you're doing it, etc, which is especially important with how dodgy ISPs are and how most collect and sell user data.

[–] [email protected] 1 points 11 months ago

VPN is only about security against folks outside the two endpoints (ISPs, some governments, etc)

[–] [email protected] 1 points 11 months ago

Agreed. I'd still recommend a VPN in case your ISP is some sort of big company that sells or sends your traffic to other companies or the gov though, or if you want to torrent in the US, Germany or other countries where the copyright laws are super enforced.

Just make sure you choose a reliable VPN, not some random VPN from youtube. Read articles, reviews, investigate, ask in privacy-focused communities

[–] [email protected] 3 points 11 months ago

Security is not equal to privacy, but security is absolutely a means of protecting privacy. They asked how to protect privacy which absolutely is in the realm of security.

You don't gain additional privacy from using 2FA, but your personal info is less likely to be stolen versus person info protected by less secure authentication methods.

Privacy uses security to protect itself. Security doesn't increase privacy. It increases privacy protection, which is what they asked about.

Edit: shout out to proton mail though. It has some quirks that might turn off some people (mainly not being readily compatible with IMAP clients without the use of the Proton Bridge. But it's there for a reason and works. And honestly, most of the other stuff you said is pretty good too. The Microsoft/iPhone stuff is obviously arguable (I fall on your side of it) but in the end the best practices is to limit exposure. The less your data is accessible by others, the better. Using email masks (I use Firefox Relay) to minimize email leaks is another good idea.

[–] [email protected] 3 points 11 months ago (2 children)

I pepper my randomly generated passwords. For example, imagine you have a random string generated from your password manager. If the password manager's database is breached or your master password is leaked somehow, the attackers have access to all of your information.

Now think of a word or acronym or something.. Something simple (can be simpler than a normal password). When you add a login, save the generated string to the manager but use a combination of the string + unique word for the website login.

Let's assume CHEESE is my pepper word.

The generated string: hjifd;39Vq$7}

Saved to password manager: hjifd;39Vq$7}

Submitted to website: CHEESEhjifd;39Vq$7}

Now even if the database is leaked my passwords are still mostly useless.

[–] [email protected] 1 points 11 months ago

I do something similar (though less secure) for general purpose passwords; I have a couple of common “base” passwords that are decently secure that I commit to memory. Then for each website/service, I pick a pattern based on the name/url (maybe something like the first two and last three characters of the url), and append them to one of my “base” passwords, so each site gets a unique password, but I only have to remember a couple of them + the pattern

[–] [email protected] 2 points 11 months ago (1 children)

Use Linux, a VPN, Firefox with containers and multiple privacy add-ons. I use Veracrypt volumes to store "private" information in the cloud.

[–] [email protected] 2 points 11 months ago (2 children)

Is there a distro you recommend? I’ve toyed around with Tails, but the lack of persistence and forcing all traffic through Tor instead of a VPN (I guess the whole point of Tails) is too inconvenient for daily use.

[–] [email protected] 2 points 11 months ago

I recommend Fedora for most people, its what I use. It has a great configuration out of the box for privacy, security, and usability, and is overall a really great option for both beginners and advanced users. Had no issues or complaints with it so far.

You can check out Privacy Guides for some other good options as well and more details, and just generally other recommendations and good resources.

[–] [email protected] 2 points 11 months ago (1 children)

Not to be one of those people, but I use Arch (btw) as a daily driver and I really like it, but also I'm a tinkerer. But TBH even just something Debian with a decent VPN would probably be a lot more private than just regular Windows 11 or whatever IMO.

[–] [email protected] 2 points 11 months ago

I'm a tinkerer as well, but I'm at a point in my life where I need to prioritize my tinkering haha. Like buying stir-fry takeout (Windows/MacOS), cooking it by buying a pre-packaged bag (packaged mainstream Linux distro), or starting from scratch, experimenting with literally everything from chopping technique to cooking temp for each ingredient, until you realize you're missing an ingredient you need, then you have to go back to the store (Arch lol).

[–] [email protected] 2 points 11 months ago (2 children)

I don't divulge my security practices publicly, online. That would be incredibly dumb.

[–] [email protected] 0 points 11 months ago (1 children)

Op didn't ask for security practices.

[–] [email protected] 1 points 11 months ago

They did and I'm perfectly prepared to double down.
If I told people I used a password manager, and which one, I give a bad actor a target. I give a social engineer a thread to pull.
If I told people I had a bitcoin at an exchange, secured using a certain method, I'd be painting a target on me.
If I told people about a rock with a key under it, then I've given out far too much info. Sure you don't know where I live, but small pieces of info can add up quickly. It's flat out dumb telling people the details of your security. What form it takes, and what products or procedures you use. Just telling them what you're protecting is too much. Don't. It's bad security practice. Like it or not, I'm actually trying to be helpful.

[–] [email protected] 1 points 11 months ago (1 children)

Sue people that take pictures of me.

[–] [email protected] -1 points 11 months ago (1 children)

Unlike recording audio without consent (in 2-party consent states), recording images isnt illegal which is kind of strange (the laws don't keep up with technology).

[–] [email protected] 1 points 11 months ago

Im not from usa, anything you record of me, even texts could make you liable for personal rights violations in Germany.

[–] [email protected] 0 points 11 months ago (1 children)

I don’t understand how changing your password or using 2FA enhances your privacy? I use a different fake name on each website I register, also use a different mail alias for every website I sign up to.

[–] [email protected] -2 points 11 months ago (1 children)

Why do you think using 2FA doesn't improve privacy?

[–] [email protected] 0 points 11 months ago (1 children)

Not OP but the reason 2FA does not help is because “hackers” who might be stopped by 2FA are not the people violating your privacy.

It’s the mega corps that you use 2FA to log into that violate your privacy.

This all being said everyone should turn on 2FA for security reasons. Just know that this does not help privacy.

[–] [email protected] 0 points 11 months ago (1 children)

Eh, I would say hackers absolutely do violate your privacy, but simply aren't the only ones. 2FA only protects against one threat vector, but not another.

[–] [email protected] 0 points 11 months ago (1 children)

True “hackers” do. But the average person’s privacy is violated so frequently and at such depth but companies that the amount of “violation” done by “hackers” rounds to zero.

This being said 2FA is something everyone should use.

[–] [email protected] -1 points 11 months ago

Eh, the violation that hackers incur will tend to have a much higher impact (though lower probability) than others like Google though. Someone who has had their identity stolen will likely have more issues with hackers than with Google. You are correct about the breadth of privacy being violated "legally" but it's only gotten that bad because of how little it affects folks day to day lives to the point they don't really care (not defending it, just stating the observation). So, yeah, you're more likely to be violated by Google, but if you're violated by a malicious actors, it will hurt a lot more.

Both are bad and both need to be protected against. Both will violate your privacy and neither should be ignored.