First off, writing this article sucks. In a free country we shouldn’t have to look over our shoulder if we want to read or write a dissenting opinion. But the latest surveillance state bill could make you a “domestic terrorist” for not sticking to the official narrative. Lots of detail on that elsewhere, here’s a start: https://www.americanpartisan.org/2021/01/is-the-dhs-saying-you-are-a-terrorist/
Digital security is about finding the right balance between risk and convenience, so prepare to be inconvenienced. It’s necessary. Democrats are trying to force through some heinous crap, with zero bi-partisan support. MLK Jr once said that an unjust law is no law at all. So with that in mind, here’s how to cover your tracks.
Start with a threat assessment. Are you worried about creepy government agencies… or getting doxxed by lefty loser? What’s the ‘surface area’ for attack? Are you browsing websites, emailing, posting in forums, using social media? Are you on a computer or smartphone? How do you connect to the internet? Do you have a doorbell camera or smart TV? Does your car have tech?
It’s a lot to think about, but the conclusion is easy. You shouldn’t trust any of it. Here’s more detail on that: https://www.stationx.net/zero-trust-model/. It’s also important to realize this won’t get fixed overnight. So just pick one area and get started.
I’ll start with web browsing. Just want the quick version? Get Brave Browser, make DuckDuckGo your default search engine and use private tabs. Get a VPN and turn on the kill switch. Test that everything is working (links below) and you’ll be doing wildly better than most folks.
If you want to go deeper, Firefox Browser is the gold standard because if gives you more options to lock it down. It’s also open source and managed by a non-profit. Open source means anyone can read through their code and check for backdoors. Non-profit means they don’t answer to a corporate overlord. As an example, Firefox was the only browser to patch Vault 7 before it dropped.
If you haven’t heard of that leak, it was bigger than Snowden and exposed a variety of CIA cyber weapons. It’s worth a look (https://en.wikipedia.org/wiki/Vault_7) to understand what kind of things are possible. It’s also pretty telling that companies like Google and Apple didn’t patch. Maybe a conflict of interest?
One downside to Firefox… it’s run by hippies. Their CEO went to the Peoples Republic of Berkeley for undergrad and law school, they have a Chief Diversity Officer, etc. Will their politics eventually show up in the product? Probably so, which is why I also really like Brave Browser.
The CEO of Brave was once the CEO of Firefox, but got kicked out for making donations to conservative causes (good sign). Brave is privacy minded and open source, but it’s also based on code used by Google Chrome (a known data whore). Brave has a strange Ad/crypto-coin business model, so we’ll have to monitor who butters their bread.
A good browser is just the start. You also need to lock it down. This means clicking on File -> Preferences and spending a half-hour enabling privacy options and disabling data sharing options. You also need to add privacy extensions. Extensions on the browser are like apps on your phone. Brave conveniently has much of this already set up, but you can go deeper with Firefox. Here’s a pretty good overview: https://proprivacy.com/privacy-service/guides/firefox-privacy-security-guide.
Using a VPN is mandatory, and there are free options. To understand why… it masks your browsing activity and your IP Address. An IP Address is similar to a PO Box. You have to share your IP Address so a website knows where to send you info. And a VPN is like a secure mail forwarding service. You could be anywhere in the world, only your VPN service knows where you pick up the mail.
Without a VPN, you’re basically posting your geographic area every time you visit a webpage. Why is this bad? Let’s say Lefty Doxxer is looking for one Andrew Jackson. Doxxer wants to post his street address to followers, along with a recipe for molotov cocktails. The search will be a lot easier if Doxxer knows that Andrew gets his internet from the Waxhaw, NC area vs possibly anywhere in the world.
Perhaps more importantly, your VPN hides your browsing history from your ISP. Why do we care? Your ISP is likely logging and selling all of your personal browsing history as ‘marketing data’. Creepy government agencies might buy your ‘marketing data’ without the fuss of a warrant. Or maybe your ISP decides to report a ‘thought crime’ because the CEO is super-woke. Who knows. If you have a VPN, all they’ll see is that you’re connecting to a VPN (not very exciting).
A VPN will also make your internet slower. It’s one more thing to check if internet goes out. VPNs may trigger fraud warnings if you shop online. Some websites you like may block VPNs, or require annoying CAPTCHAs. It’s all trial and error. You can always turn off your VPN if you’re visiting vanilla sites, but understand the privacy implications and observe how you forget to turn it back on later. Or if you’re feeling more ambitious, look at moving your VPN to the router, adding a firewall, nesting multiple VPNs, adding Tor, JonDonym, etc.
If you’ve made it this far, then congratulations. There’s a good chance that you have the patience and focus to work the list from your threat assessment. As you make progress, setbacks are normal. Frustration is just your ego talking. When you get stuck, walk away and come back later. You’ll make changes that break things and then have to unwind them, that’s still progress. DuckDuckGo is your friend, most of the answers are already out there. And as always… test to make sure it’s working: