Data Privacy Day - My Setup

Yesterday, January 28th, was Data Privacy Day.

In light of this, I will share some recommendations for tools and software which can help regain some privacy and improve online security.

It’s something I have become very concerned/passionate about over the past couple of years, so I’m pleased to see it is becoming somewhat of a hot topic.


Password Manager

Probably the most important step to implement. If someone isn’t very technically minded, I tell them, “If you do nothing else, use a password manager!”

A lot of the time people just don’t understand why using the same password again and again is such a security risk, particularly if they haven’t had their user credentials stolen in the past.

They also might say something like, “surely having all my passwords in one place, protected by one password, is a bigger risk?”. Potentially, yes. There is always some level of risk.

In truth, it’s better to have just one point of weakness in your online setup. In that way, it’s easier to monitor. You can also ensure the password you use for the password manager is as strong as can be, and also use Two Factor Authentication for an added layer of security.

The password manager I recommend is:

Bitwarden

  • Free and open-source
  • Desktop, mobile, browser plugins
  • Sync between devices
  • Cloud or self-host

Browser and Browser Plugins

Firefox is my personal choice. I use the following plugins:

  • uBlock origin
  • Decentraleyes
  • HTTPS Everywhere
  • Cookie AutoDelete
  • DuckDuckGo Privacy Essentials

as well as these custom configuration settings. This setup might be overkill for the everyday user however.

Brave Broswer is a more practical option. It’s a chromium browser (meaning it’s built in a similar way to Google Chrome), but with a lot of ad-blocking and anti-tracking features built in. They are also trying something slightly different: users getting ‘paid’ for seeing ads. There’s more to it than that, but it’s not privacy related so I won’t go into it here.

Tor should also get a mention, useful if you’re seeking anonymity on the web. Some people do use it as their everyday browser, but expect a lot of sites not to function correctly if you do so.

On Mobile

Given the amount of time we spend browsing on our phones nowadays, privacy-orientated browsers on them should not be neglected.

For iOS:

  • DuckDuckGo Privacy Browser
  • SnowHaze

For Android:

  • Bromite

Email

The biggy. And probably the hardest to change, given that it’s tied to most of our online accounts, holds all our online correspondance, and is basically just a pain in the ass to even think about switching.

However, lets take Gmail as an example. It’s free. It works. It’s good at filtering spam (although I have an unsubstantiated theory on that). What’s not to love?

Google is reading every email you send and receive. It’s collecting data from every single email you have ever sent or received. It’s using it to better understand you as a person - what makes you click, and thus what makes you tick.

Of course Gmail is only one part of Google’s data collection process, but it’s a great resource for them.

It’s free because you are the product being sold.

I think a lot of people pretend like they don’t care, or that they’ve got nothing to hide so it doesn’t really matter. If it really doesn’t bother you, then fine. If it does, there are alternative email providers who don’t view you as a commodity.

Proton Mail - I can’t recommend this company highly enough.

  • Located in Switzerland (strong privacy laws)
  • Open-source
  • Strong encryption
  • Mobile apps
  • 500mb free storage

I’d recommend signing up to a paid plan, if only as a way of supporting what Proton Technologies are trying to achieve. Reclaiming a huge chunk of your online privacy for the price of a coffee a month? That’s money wisely spent.

Tutanota

  • Located in Germany
  • Strong encryption
  • 1gb free storage
  • Easy to create throwaway addresses

Sign in with Apple - a great user-friendly option.

While not strictly an email provider alternative, it’s worth drawing attention to what Apple are now doing with ‘Sign in with Apple’.

They now offer the option of hiding your email whenever you use this option to create an account with an app or website.

Apple will generate a unique, random email address for that account, meaning your personal email isn’t shared with the app or website.

Any messages sent to that address are then automatically forwarded to your personal email address.


VPN

A VPN (virtual private network) will not make you anonymous online.

However, it will hide your browsing activity from your internet service provider, because all traffic will go through the VPN’s servers.

It’s therefore essential that you can trust your VPN, as they potentially have access to all your internet browsing data (and if they are dodgy, they can sell this on to the highest bidder).

Mullvad

  • €5 per month
  • 436 servers in 38 countries (at time of writing)
  • Independently audited
  • No mobile clients
  • Anonymous payment (you can even post them cash)

ProtonVPN

  • Free, or €96 per year for plus service
  • 568 servers in 43 countries (at time of writing)
  • Based in Switzerland
  • Mobile clients

Algo VPN

  • Free and open-source (although you pay for the cloud server)
  • You control your own data
  • Mobile and desktop compatible using Wiregaurd (no Linux yet though)

This is a more technically challenging option, as it involves spinning up your own ‘private’ VPN on your own cloud server. It’s actually nowhere near as difficult as it might sound, because Algo does almost all the work for you. If you’re mildly comfortable at the command line, this will be no problem. Here is a podcast with the creator of Algo VPN, should you be interested in finding out more.


Messaging

This is another difficult change for people to make, as a messaging app is only as good as the friends you have that also use it.

Signal

  • End-to-end encryption
  • Voice and video calling
  • Free and open-source

SafeSwiss

  • End-to-end encryption
  • Anonymous sign-up
  • Based in Switzerland

Here is a detailed comparison of all the major secure messengers: https://securechatguide.org/effguide.html


Other Digital Tools

Cloud Storage

Nextcloud

  • Free, open-source cloud storage
  • Ability to self-host
  • Multiple servers to choose from

Productivity/Notes

Standard Notes

  • End-to-end encryption
  • Desktop and mobile applications
  • Sync between devices

Two-factor Authentication (2FA)


Things To Remember

Avoid Google wherever possible. Use something like DuckDuckGo for searching.

Tip: if you really need to use Google for a specific search, in DuckDuckGo just put !g before your search term e.g.

!g privacy

While you are signed in somewhere, like Facebook, you are voluntarily leaving a trail. Facebook has just released its Off-Facebook Activity Tool, which shows you the apps, websites and businesses that Facebook knows you have visited. This tool allows you to clear the identifiable information they have linked to your account. This is a great step!

Some changes take time to get used to, or just take more time in general e.g. 2FA. This is time well spent. Your data and online activity should not be treated as products.

Privacy is not the same as anonymity. Requesting that our online actions remain mostly private is not an admission of nefarious behaviour. After all, why do people choose to have curtains in their home?


Deep Dive Resources

Further recommendations and comparisons:

A huge resource where you can learn much more:

Books:

Podcasts: