Security is often in direct conflict with convenience. Establishing your threat model can help you to make decisions on how to balance the two, and should be the first step on your digital privacy journey.
Consider the following questions when developing your threat model:
Do these consequences affect only you, or will others be harmed?
Who are you worried about violating your privacy?
Have you attracted the attention of a nation state willing to spend millions of dollars in order to gain access to your digital devices? If you have, many of the suggestions on this page will be insufficient. Assume that any digital device can be compromised with sufficient time and resources.
Many privacy decisions that you make will center around trust. You may not trust your ISP with knowing your browsing habits, but do you trust the free VPN you saw an ad for with the same?
There is more to digital privacy than choosing the "right" tools. Adopting a security focused mindset will help to keep you safe as landscapes change.
Consider how actions may link together.
Do not take steps to be anonymous, only to login to a preexisting personal account or use your credit card.
You may have excellent digital security, but if you can be coerced into divulging information that doesn't help much.
Phishing and violence can both be effective ways for others to bypass your digital safeguards. If you are using a secure tool such as Signal to communicate, but someone can see your screen or the device you are using has been compromised with malware, the secureness of the tool is irrelevant.
Embrace the principle of defense in depth: do not just take one step to protect yourself, layer.
There is a constant arms race involving software exploitation and mitigations of said exploits. Timely software updates help prevent easy, widely known attacks against your devices.
A supply chain attack can take a few forms.
Malicious actors may offer unofficial downloads to try and confuse the end user into downloading modified software. This can take the form of typosquatting, or an ad campaign advertising a free or "enhanced" software download.
Malicious actors may attempt to take over a download link or otherwise modify the software you wish to use. One protection sometimes available against this is checksum validation. If a checksum is available on the official website, using it to validate your download can provide piece of mind that the software was not tampered with or corrupted. How to compare checksums against your download will vary from device to device.
Explore application and device settings. Of particular interest are settings pertaining to advertising, advertising or other unique identifiers, telemetry, and AI.
EFF article on disabling ad ID tracking on phones
Reusing a password regardless of strength is a very poor idea.
See: Credential stuffing
A dedicated password manager is a must. My personal preference are password managers which I can use offline, such as KeePass or KeePassXC. These sometimes require extra steps to sync across devices.
For your master password, consider using a method similar to the default settings from https://www.xkpasswd.net/ This website does a good job of quantifying the security of its generated passwords with a concept known as entropy. When using a scheme to generate a password, it is important to consider scenarios where an attacker knows the scheme you used. A good scheme will still be secure in this worst case scenario.
Schemes leveraging words may be easier to remember and to type for confident typists. For slower typists, a shorter password consisting of random letters, numbers and symbols may be quicker to type at the potential cost of being harder to memorize. Typing on a phone can also be frustrating relative to a fullsized keyboard when special characters and numbers are involved.
A variation of the default scheme xkpasswd.net has used is described below:
?&9514Stranger, Austria, Glossary, WaterSTRANGER, austria, GLOSSARY, waterResult:
STRANGER&austria&GLOSSARY&water&9514?
Your master password, if forgotten, will prevent you from accessing your other passwords. This is one situation where you may write the password down and store it in a safe place. If you are completely confident in your memorization, you may wish to destroy the paper copy by shredding and/or burning.
The thought of generating your password in a web site is uncomfortable for many. The claim that the website is not sending data to a server is verifiable with a web browser's development tools, but this is not a verification task an average user is likely to undertake.
I made an offline variant which may interest you: fmn-passgen
Using https://haveibeenpwned.com/ may encourage you to use a password manager.
This website allows you to check if your emails or passwords have been involved in publicly known data breaches. You may also enter your email address to be informed of future breaches.
Using seperate passwords for every website makes it such that a breach cannot compromise other accounts with a credential stuffing attack. However, sometimes information leaked from breaches has consequences related to scamming and doxxing.
Do not use biometric authentication as the sole means of authentication for a device. Historically, individuals have been legally compelled by state actors to open devices biometrically. Any unscrupulous entity will also find it easier to force you to open a device with your fingerprint or face rather than make you divulge a password.
Some biometric authentication devices are also trivial to fool. Several fingerprint scanner designs were defeatable with a black and white paper printout of your fingerprint.
In the realm of multifactor authentication, SMS is not a secure delivery method under any circumstance. Prefer time-based challenges which can be stored in your password manager or on a phone app when possible.
Encrypt! Encrypted data cannot be read without knowledge of the key.
Consider VeraCrypt. Read their notes on plausible deniability.
If using Unix, a variety of customizable options will be available to you if you wish to use something besides VeraCrypt. These other options may or may not provide you with plausible deniability.
SMS is NOT secure, assume anything you text is being stored by your service provider and intercepted by anyone interested.
End-to-end encrypted messaging is the goal. Signal is a solid choice which also offers audio and video calls.
Proton Mail offers a free encrypted email account which does not require special effort. Communication between Proton accounts will also be encrypted. However, it is still possible to send unencrypted messages to non-Proton accounts. Thus while your account may be safe from legal requests to divulge your inbox contents, the account you are communicating with may not be.
OpenPGP and GnuPG can be used to secure any text conversation regardless of medium or the security of the underlying transport. It can allow for private communication between parties on an insecure platform such as SMS. PGP has a perhaps undeserved reputation of being inconvenient for the average user.
Unbreakable cryptography for securing your messages that can be done with pen and paper has been around since at least 1882 in the form of the one-time pad. Not very convenient to use correctly though.
Most browsers are either based on Firefox or based on Chromium, unless you are unfortunate enough to be stuck with an Apple system. Firefox and Chrome themselves are not particularly great choices for sensitive web browsing. Security hardened variations on both browsers exist, as well as instructions for configuring or modifying the browsers to resolve certain concerns.
My personal preference remains Firefox, and I strongly recommend installing UBlock Origin
If your threat model concerns stop at ISP snooping where you are visiting, a VPN is largely sufficient to protect you. If your concern is that your ISP or another malicious actor monitoring your web traffic can see what you send and receive from websites, HTTPS is generally sufficient protection.
The general principle of operation of a VPN is:
With basic technical knowledge, it is not difficult to create your own VPN. However, if you are the only one using it, any actions performed by your VPN can still easily be traced back to you if it is clear that you are the owner and operator of the VPN server.
A helpful method of navigating paid VPN options can be found at windscribe.com. The service offers context as to the commercial ties that various VPN providers have, and whether or not a provider's claims have been verified by a third party or survived legal attempts to force the provider to divulge information that they claim to not keep. At the time of writing, Mullvad is a good choice.
From the history of the Tor project:
The goal of onion routing was to have a way to use the internet with as much privacy as possible, and the idea was to route traffic through multiple servers and encrypt it each step of the way. This is still a simple explanation for how Tor works today.
The Tor Browser is the recommended way to use Tor and is fairly user friendly.
Tor can not guarantee your anonymity, individual Tor users have been deanonymized in the past and reading about the mistakes these users made or didn't make may improve your understanding of what Tor can offer.
Security tools such as VPNs and Tor can be layered together as well.
Pixel phones and iPhones generally have the best security hardware and reasonable support periods in which the devices will receive updates.
You may be interested in GrapheneOS for use on Pixel phones.
Small things, like turning off Bluetooth and NFC when not in use can also be helpful.
Depending on your reasoning for using a burner phone, you may want to discard and start over after specific events or on a periodic basis. Purchase the phone and plan using cash, and be mindful of what personal information you associate with the plan. For certain threat models, obscuring your appearance and covering your face at time of purchase may be an additional thing to consider. Your mode of transportation to point of sale is also relevant at this point. For pay-by-use, there are sketchy SIMs available online obstensibly intended for international travel.
Anything you print can be traced to the printer that produced it. Printers may also store print jobs.
If the ethical concerns weren't enough for you, the fact that your queries and provided context are being stored may be. Running a private model should be a priority if you must use it in a sensitive manner.
Devices with built-in AI that function by monitoring your device should be considered compromised. End-to-end encryption doesn't help if you have malware on your device or the recipient's device that can see everything anyway. Scams leveraging AI can be significantly harder to detect, as images and voices can be generated. Verify suspicious queries from friends and family with a different band of communication or in person.
Windows and MacOS have all sorts of fun telemetry and other privacy concerns. Steps may be taken to modify these operating systems, although each update may require you to perform those steps again.
A commonly recommended entry point into Linux at the time of writing is Linux Mint. For common computer tasks such as word processing, web browser usage, and most gaming, Linux can at times be indistinguishable from MacOS or Windows.
For operating systems with a specific privacy or security focus, consider:
A change in behavior may be suspicious on its own. Instead of turning your phone off, consider leaving it at home.
What information can be used to uniquely identify you while browsing the web?