Privacy and Security Resources

Introduction

This guide is for those that have realized our privacy has been purposefully eroded the last few decades.  It covers the basic steps that everyone should consider. 

It’s better to build your digital safe haven now, before you lose control of private data.  If data is not in your hands, then it can be used against you.

Threat Assessment – Most people are vulnerable in the following areas – Mobile Phones, Web Browsers, Home Wi-Fi Routers, and Digital Account Management (including Email and Credit Reports). 

If you have an active threat, are a journalist or public person, etc., then you will need professional help beyond these suggestions. 

Digital Privacy and Security is a life-long marathon, not a sprint, so start now! 

Pro Tip – It is not illegal to use an alias or hide your information for non-criminal purposes.   However, never give false information to Banks, Law Enforcement, or Government.

Recommendations

  1. Use a Password Manager – You need an encrypted way to create and store strong, unique passwords and random usernames for each account.  Also, securely store information such as credit card numbers, passport and driver license scans, software licenses, secure notes, etc. Make sure you have setup emergency access for your family.  Start with one account within your Password Manager, then add accounts as you gain confidence.  Look for audited and open-source software.

BitWarden (open source), Proton Pass (open source), 1Password (partially open source) – Free/Paid – Audited cloud-based password vaults.

KeePassXC (open source) – Free – Secure offline computer-based password manager (for advanced users).

There are additional Password Managers available that are also considered safe and useful.

  1. Implement Two-factor Authentication (2FA) on All Accounts – SMS codes to verify your login are much better than nothing, but are still vulnerable to “Sim Swapping”.  A generated TOTP code from an Authenticator App (Better), or a physical device like a YubiKey (Best) greatly increases your account security.  Make sure hardware devices are FIDO2 for future compatibility.

Ente Auth (open source, audited), Bitwarden Authenticator (open source, audited) – Free – Cross platform authenticators.

Aegis Authenticator (open source) – Free – Open Source, Android-only authenticator.

YubiKey (partially open source) – Paid – Hardware based 2FA and FIDO2 device.

  1. Rent a PO Box (Post Office) or CMRA Box (Commercial Mail Receiving Agency) – Do not associate your name with your home address.  Start sending mail and packages to these services. Some PO Boxes allow you to use the Post Office street address for deliveries.  Try to get that PO Box, UPS Box, or CMRA address on your driver’s license.  See RV Nomad Status for more information.  
  2. Implement a Credit Freeze for Every Member of Your Household – A Credit Freeze (not a Credit Lock) is now free for all adults and children.  Identity theft of minors is a growing problem because it can take years to discover.  Get the free Intel TechniquesCredit Freeze Workbook on how to do this.
  3. Lock down Your Social Media – Regularly review your privacy settings.  Delete old content and comments.  Reduce the amount you share.  Consider deleting all content while keeping the account active for future use (see #16).  Google, Facebook, and Instagram are the worst three privacy invaders.  Don’t run social media apps on your mobile devices, instead run it within a secured Web Browser.  Remove or don’t allow GPS information in pictures.  Use the FB containers plugin for Firefox, or open a private browser window in Firefox or Brave.
  4. Opt Out of All Data Collection – Remove online records where you can. Your data is collected and then resold many times over, so you have to be prudent and search for your data several times a year.  Get the free Intel TechniquesData Removal Workbook on how to do this.  Or use a data removal service to do this like DeleteMe, Incgoni, or Optery, or EasyOptOuts.
  5. Do a Digital Account Review, Cleanup, and Then Migration to Encrypted Platforms – Delete unneeded data for accounts that you do not need anymore.  Move from less secure and less private services (Yahoo, Hotmail, One Drive, Evernote, etc.) to encrypted and privacy-focused services that can’t see your data (Zero Knowledge).  Look for free services that also have a paid account option.  Consider self-hosting your own secure “cloud” server using a NAS, purchased, or spare computer as a home server, that is running free/paid home server software (Start9Umbrel, OpenMediaVault, CasaOS, etc.).  Contact me or see my Sovereign Computing document for more options.

ProtonMail (open source, audited), Tutanota (clients open source, audited) – Free/Paid – Encrypted email storage at rest and to other accounts.

Sync, Proton Drive (open source, audited) – Free/Paid – Encrypted cloud storage (replace Dropbox/One Drive/Google Drive)

Tresorit (audited) – Paid – Encrypted cloud storage.  Free large file transfer to others.

Standard Notes (open source, audited), Notesnook (open source, audited?) – Free/Paid – Encrypted cross-platform synced (like OneNote, Evernote)

  1. Protect Your Phone Number – Sim-swapping is on the rise, so do not give out your real phone number and instead use Virtual Numbers.  Use a different Virtual Number for Family, Friends, Work, and other situations.  Companies use your mobile number to legally track and uniquely identify you.

MintPaid – Prepaid cellular where service can be in an alias.

Google VoiceFree/Paid – Allows Virtual Numbers to forward to your mobile number.  Can pay to transfer your old phone numbers to Google Voice.  Recommend you keep all your old numbers.

MySudoPaid – Use one, three, or nine virtual phone numbers on your mobile device.

Above Suite, BraxPaid – JMP.chat and XMPP service or you can freely setup your own with inexpensive VoiP (advanced)

Linphone (open source) – Free – Voice over IP client for use with a paid VoIP phone service like Twilio or Telnyx.

  1. Protect Your Email Addresses – You need at least four email accounts to compartmentalize your information (work, personal, social media, financial, etc.).  Create unique email aliases for different online accounts, from mailing lists to online stores, or use other unique secure aliases for important email (banks, doctors, insurance, bills).  Turn off email client remote images to reduce spam.

Proton Mail (open source, audited), Tutanota (clients open source, audited) – Paid – Create configurable and secure email aliases for important emails

SimpleLogin (open source, audited) – Free/Paid – Create email aliases. Now working with Proton.me 

Iron Vest, 33mail, Addy.io  – Free/Paid – Create masked emails forwarded to your real email.  It will mask your email even on the reply.

  1. Protect Your Credit and Debit Cards – Do not give out your real Card information to companies.  We have seen large data breaches in the last decade where customers information was stolen.  Consider moving to Bitcoin/Lightning/Nostr as a censorship-resistant freedom payment platforms.

Privacy.comFree/Paid – One-time/limited use Debit cards.  These cards are locked to a Vendor, so if the card number is stolen then it can’t be used anywhere else.  Can limit monthly spend amount.

Abine Blur, MySudoPaid – Masked Credit Cards. 

  1. Protect Your “Data in Motion” – SMS texting and phone call metadata are all visible to your phone provider so the FBI recommends secure messangers.  Additionally, Internet browsing is kept forever and sold.  Always use encrypted communications and use a recommended VPN provider for your devices and home router.  Be careful of fake, free Wi-Fi hotspots in Airports and other locations.

ProtonVPN (open source, audited) – Free/Paid – a Virtual Private Network that secures your internet traffic

Mullvad (open source, audited) / ExpressVPN (partially open source, audited) – Paid – a Virtual Private Network that secures your internet traffic

Twin Gate/Zero Tier (open source)/Tail Scale (partially open source) – Free/Paid – Layered networking that connects various server/clients

PiVPN (open source, protocols audited) / Wireguard (open source, audited) – Free – Create your own VPNs (more advanced)

NextDNS (partially open source) / 1.1.1.1 (partially open source, audited) / Quad9 (open source, audited) – Free/Paid – If you can’t use a VPN, then use a privacy DNS provider.

Signal (partially open source, audited) / Molly (open source, signal portion audited) – Free – Encrypted replacement for SMS and phone calls between Signal users. Molly has a Signal replacement that is partially open source. Molly-FOSS is a fully open source version.

Simplex Chat (open source, audited) – Free – Next-generation distributed encrypted messaging using relays

Wire (open source, audited) – Free/Paid – An audited encrypted conferencing system for video and voice

Element/Matrix (open source, audited) – Free/Paid – An encrypted voice/video/message system

Threema (open source, audited) – Paid – An encrypted text/voice messenger

MySudo – Free/Paid – Free encrypted messaging and voice calls between MySudo users

OxChat (open source) – Free – A encrypted messenger using the NOSTR protocol.

Keet (open source) – Free – A peer-to-peer encrypted messenger using the BitTorrent protocol.

Briar (open source, audited) – Free – A peer-to-peer encrypted messenger using the Onion network. Wi-Fi, or Bluetooth.

  1. Lock Down All Your Mobile Devices – Make sure your devices have all the necessary security updates.  Remove Apps you do not need or haven’t used in a long time.  Be suspicions of Applications because there are a number (especially free Apps) with spyware capabilities that can steal passwords and SMS two-factor codes.  Turn off Bluetooth and Wi-Fi when in public.

Lock down privacy settings and regularly review application access permissions.  Use device encryption.  Listen to (archived) The Privacy, Security, & OSINT Show – Episode 291 for more information on mobile security.

Apple iPhones are easier to lock down the privacy settings than on a stock Android device. 
 Even better, install GrapheneOS on an unlocked new or used Android Pixel phone (easy).  If you need assistance then Paratus Radio can do the initial install and configuration, then provide training

GrapheneOS (open source, audited) – Recommended – Secure Mobile OS based on Android.  Only Google Pixels supported.

CalyxOS (open source) – Another de-Googled mobile OS for Pixels that focuses on usability over security.

LineageOS (open source) – Mobile device OS based on Linux.  Only some phones and tablets are supported.

NoAgendaPhone, Above Phone – Shop for new GrapheneOS/CalyxOS Pixel phones.

Silent Pocket Camera Stickers – For covering your rear-facing camera.

Mic-Lock Microphone Blocker (3.5mm) – For disabling microphone in devices.
Mic-Lock Blocker (Lightning) – For disabling microphone in newer Apple products.

Anti-Tracking EMF-blocking Pouch – Designed and tested by Dr. Bradley (DisasterPreparer).

Silent Pocket Faraday Bag – For stopping cellular tracking of your mobile device.

NextDNS (partially open source) – Free/Paid – Secure DNS for iPhone/Android with ability to block ads and trackers.

NetGuard Firewall (open source) – Free – For Android to block ads and trackers.

  1. Lock Down Your Desktop/Laptop – Windows 10/11 is horrible on privacy and getting worse.  Consider a Macintosh (somewhat better on privacy), or a Linux (best) computer with Intel management disabled for your next laptop or desktop.  Consider replacing the BIOS with Coreboot (Advanced).  Freshly reinstall the operating system and use whole-disk encryption. 

Run as a regular user (not as Administrator) for virus/trojan protection.  Do the recommended security updates on a monthly basis or better have them automatically applied.  Remove all unnecessary Apps.  Update the applications you use (especially Adobe products).

ZorinOS, PopOS!, Mint, or UbuntuFree/Paid – Linux operating systems geared for beginners (open source + proprietary code)

Tails (open source, audited) – A privacy-oriented Linux Desktop that only boots off USB drive.  Has encrypted storage.

Coreboot (open source, audited) – An Open-Source Firmware for your computer. 

System 76, Privacy Computers, PineBook, Raspberry Pi 400 – Purchase Linux PCs with Coreboot.

KnockKnock (open source, audited) – Free – Mac Utility to block Malware.

Little SnitchPaid – Mac Firewall to block unknown outgoing connections. (Open Snitch is open source copy)

LuLu (open source, audited) – Free – Mac Firewall to block unknown outgoing connections.

MacUpdaterFree/Paid – Mac Utility to scan and update Mac applications.

BitlockerFree – Windows 7/8/10/11 Disk Encryption.

VeraCrypt (open source, audited) – Free – Creates Encrypted partitions or drives on Windows/MacOS/Linux computers.

Spybot Anti-BeaconFree/Paid – Blocks Windows software from calling home.

GlasswireFree – Windows/Android Firewall to block unknown outgoing connections.

NextDNS (partially open source) – Free/Paid – Secure DNS for Windows/Mac with the ability to block ads and trackers.

Run the following Windows software on a monthly basis.

O&O ShutUp10 (or Windows Privacy Dashboard, W10Privacy, Blackbird, Privatezilla) – Free/Paid – Corrects Windows 10/11 privacy settings.

O&O AppBusterFree/Paid – Lists and deletes all the extra software on your computer.

BleachBit (open source, audited) – Free/Donation – Cleans up your Windows computer of old files, cookies, etc.

Spybot Search & DestroyFree/Donation/Paid – Scans your Windows computer for Malware.

Malwarebytes Anti-MalwareFree/Paid – MBAM scans your Windows computer for malware. 

UCheck (open source) – Free/Paid – Easy updater for Windows applications

  1. Lock Down Your Home Network – There are a number of detailed steps, so I recommend following the short and full task lists from routersecurity.org.

The least secure home routers are from an ISP and most home’s Wi-Fi routers use out of date firmware, so make sure it’s recent (within 6-8 months), if not, then you need to upgrade.

If you just have basic needs, then I recommend a router with OpenWRT installed.    

Consider moving to a “Prosumer” level router like the Ubiquiti or Protectli, and networking/Wi-Fi systems like Ubiquiti or Omada which gets regular updates and has many security features.

Use a free/paid DNS filtering service (DNS Blackhole/Sinkhole) like NextDNSCloudflare Family DNS or others (easy) or self-host the free Pi-hole or AdGuard Home (intermediate/advanced).

  1. Use Open-Source and Privacy-Oriented Software – Remove unused apps.  Run any suspicious or problematic software inside a virtual machine or software sandbox.

Only Office / LibreOffice (both open source, audited) – Free / Paid – Full featured open source office applications. 

Jitsi Meet (open source, audited) – Open source Zoom

SumatraPDF (open source) – Open source Adobe Acrobat Reader

Thunderbird (open source)– Open source email client (Win/Mac/Linux/Android)

K-9 Mail (Android, open source, audited) / Canary Mail (iOS/Mac/Android, mostly, open source, audited) – Open-Source email clients

Firefox Web Browser (open source, audited) / Brave Web Browser (Chrome based, open source, audited) – Free/Donation – for many platforms.  Do not install any “toolbars” and disable PDF viewing in the browser.  Use minimal extensions to minimize your browser fingerprint and threat exposure.  Many extensions can spy on you.

Tor Browser (open source, audited) – Free/Donation – Uses the Onion network.  Based on Firefox

Ublock Origin (open source, audited) – Free – This is a Brave/Firefox/Tor plugin.  Blocks many known trackers and advertisement platforms (better than Adblock Plus). Be aware of fake adblockers with similar names.  Ublock Origin is configurable per website and can block certain javascript.

Firefox Multi-Account Containers (open source)– Free – A Firefox Plugin which provides the ability to contain website data within a containerized tab and prevents websites from seeing other website cookies in different containers.  This prevents cross-tracking of your web browsing habits

Privacy Badger (open source, audited) – Free – Blocks many known trackers and advertisement platforms

Brave Search, Presearch, Duck Duck Go, StartPage.com – Privacy oriented search engines.  Use instead of Google, Bing, Yahoo, etc.  DDG Search doesn’t have the DDG Browser issues

Run software in a virtual machineFree/Paid – For advanced Windows/Mac/Linux users

  1. Plant Your Flag – Consider opening online accounts with healthcare portals, social media, and government agencies (e.g. SSA, Unemployment, etc.) even if you don’t need them.  Save the passwords in your Password Manager. 

If you already have an account, then others can’t open it to impersonate you.  Think Twitter/X usernames like @RealMikeTyson (Real) vs @MikeTyson (Fake).  There was unemployment fraud in 2019/2020 due to thieves opening accounts in other people’s names.  Medical ID theft is growing where they open a Health Care System account in your name and either steal sensitive information or bill expensive health care to you.

  1. Protect Your “Data at Rest” – We generate more documents, photos, and videos than we realize and often leave them unprotected.  To safeguard your data, use encrypted storage (See #7).  It is now recommended to use software encryption like Bitlocker or Veracrypt instead of hardware encryption, as its more portable and can be updated to protect against new vulnerabilities.

Additionally, we should also create a system of regular encrypted backups for our data.  The backup rule is “Three -Two – One – Zero”: maintain at least three backups on two different media (e.g. cloud storage, portable hard drive, USB drive), with one copy offsite (e.g. cloud service, safety deposit box, or with a nearby family member).  Finally, it’s crucial to test the backup to see if it restores correctly.  Businesses have lost millions of dollars and some have closed because they didn’t verify if their backups could be restored.

Privacy Resources

Big Tech Threat

Explainers, Recommendations and Privacy Guides

Feel free to email me with questions, corrections, updates, and additions at:

ejfb4e267y4h@opayq.com  (This is an email alias)

Scroll to Top