A guide for the paranoid: how to avoid surveillance and data theft

2024 Author: Malcolm Clapton | [email protected]. Last modified: 2024-01-15 16:39

Steps to take so that only you can use your data.

Windows spies on you by sending telemetry to Microsoft, and Google remembers your searches and analyzes the contents of emails to flood you with ads. Of course, you can just ignore it. But big corporations aren't the only ones interested in your data. These can be simple scammers and extortionists. Even your relatives or colleagues, opening your laptop, can see something that is not intended for prying eyes.

To protect your files, passwords, correspondence and other confidential information, you need to take care of security. It is not necessary to follow absolutely all of the instructions below. But you can read them and decide which of them may be useful to you.

Encrypt the data

Even if your system is password protected, an attacker can easily reset it by booting from an external drive if you leave your computer unattended. There is no need to reset your password - any Live Linux distribution can easily read and copy your data. Therefore, you need to take steps to encrypt.

Windows, macOS, and Linux all have built-in encryption. Use them, and your documents will be out of reach of strangers, even if your laptop falls into the wrong hands.

Windows has a built-in BitLocker encryption tool. Open Control Panel, go to System and Security and select BitLocker Drive Encryption.

On macOS, data encryption can be done using FileVault. Go to System Preferences, find the Security & Privacy section and open the FileVault tab.

Most Linux distributions usually offer to encrypt your home partition when installing the system. Formatting a partition creates an encrypted eCryptfs file system. If you neglected this when installing the system, you can later encrypt the desired partitions manually using Loop-AES or dm-crypt. To find out how to do this, see the instructions.

For more advanced encryption features, the free, open-source, cross-platform VeraCrypt utility can be used. In addition to simple encryption, it can create deceptive sections with unimportant information that can divert the attention of attackers from the really valuable data.

Download VeraCrypt →

Be careful with encryption. If you forget your password, you won't be able to recover your data. Also, take care that your computer is protected from accidental power surges. If the device suddenly turns off while working with an encrypted disk, data may be lost. And don't forget about backups.

Use password managers

Using meaningful phrases as passwords and remembering them is not a good idea. Use password managers. Generate new random passwords every time for any account you create.

It is better to use password managers that store their databases locally. KeePass is a great choice. It is open source, has clients for all popular platforms, and can protect your passwords with passphrases and key files. KeePass uses a strong encryption mechanism: even if a copy of your database is stolen, it will be completely useless to an attacker.

Download KeePass →

Use Tor

Even if you use incognito mode in Chrome or Firefox all the time, your Internet activity can still be tracked by your ISP, your network system administrator or browser developer. To make surfing really private, it's worth using Tor, which uses onion routing.

Download Tor →

If your ISP is blocking Tor from downloading, you can:

• Download from GitHub.
• Receive by email by sending the name of your operating system (windows, linux, osx) to [email protected].
• Get it via Twitter by sending @get_tor a message with the text help.

Choose trusted search engines

Are you tired of the fact that Google and Yandex know about everything that you are looking for on the Internet? Switch to alternative search engines like DuckDuckGo. This search engine does not store information about you and guarantees your privacy.

DuckDuckGo →

Secure information in cloud storage

To secure information stored in the cloud, it is worth encrypting it. Even if the service is compromised, attackers will not be able to read your data. This can be done using any encryption utility, such as the built-in Windows BitLocker or VeraCrypt.

You can go ahead and create your own cloud on your home server. Use ownCloud for example. With its help, you can not only store files in your cloud, but also raise your mail server and securely synchronize mail, calendar and contacts.

Download ownCloud →

Use anonymous email service

Google servers look at the content of your emails to serve targeted ads. Other email providers do the same. How to deal with this? Obviously, do not use Google mail, Yandex and others like them.

You can try instead:

Protonmail. Open source anonymous email service. Provides End-to-End encryption. This means that only you and your recipient can read the correspondence. Supports two-factor authentication.

Protonmail →

Tutanota. Another anonymous email service. The source code is open source. Tutanota automatically encrypts all your emails and contacts on your device.

Tutanota →

Your own mail server. Safe and encrypted as much as you want. Naturally, in order to raise your server, you will need certain knowledge. But all the information you need can be found on the Internet.

Go to private messengers

Skype, Telegram, Viber, WhatsApp and other proprietary instant messengers are certainly convenient, but they have a number of critical privacy flaws. What kind of confidentiality can we talk about if your correspondence is stored on a remote server?

To preserve the privacy of correspondence, use decentralized messengers. They do not use servers, connecting users' clients directly. The most popular options are:

Tox. Advanced P2P messenger. Tox is completely decentralized, and communications between users are securely encrypted. There are clients for Windows, Linux, macOS, and Android. Supports voice, video, screen sharing, conferences can be created.

Download Tox →

Ring. Able to work as a centralized SIP client, use your home server, or act in a decentralized manner. There are clients for Windows, Linux, macOS, and Android.

Download Ring →

Retroshare. Creates an encrypted connection between anonymous clients, providing the ability to correspond, make audio and video calls, exchange files, as well as read forums and subscribe to news channels. Works on Windows, macOS and Linux.

Download Retroshare →

Bitmessage. Another open source P2P messenger. The decentralized protocol, message encryption and authentication using randomly generated keys make it very secure. Supports text messaging only. There are clients for Windows, macOS and Linux.

Download Bitmessage →

Tor Messenger. Anonymous cross-platform messenger for advanced Tor users. Encrypts correspondence. Does not use servers, communication goes directly between clients. Supports Windows, macOS and Linux.

Download Tor Messenger →

Install Linux

Consider switching to Linux. You can turn off telemetry in Windows or macOS as much as you want, but you have no guarantees that it won't turn back on with the next update. Closed source operating systems are less trusted than Linux.

Yes, Linux does not have some specific applications. But for work on the Internet and leisure, it is quite suitable. If you still cannot do without programs that are not available on Linux, for example, the Adobe package, or you want to play games available only for Windows, you can install a system from Microsoft in a multiboot with Linux or in a virtual environment and disable its access to the Internet. Your data will not be damaged by viruses or stolen if you store it on an encrypted Linux partition.

The popular Ubuntu is not the best choice, as Canonical has recently partnered with Microsoft, and telemetry has even been suspected in Ubuntu. For privacy-minded users, consider using community-supported distributions: simple and stable Debian, or difficult to install yet flexible Arch.

Forget mobile phones

If you are really paranoid, then you have not used a mobile phone for a long time. Instead, you can buy a USB modem, plug it into your netbook, and make AES encrypted VoIP calls.

If you don't want to go that far, but still worry about the privacy of your phone conversations, buy an Android smartphone and install a third-party open source firmware on it, such as LineageOS (formerly CyanogenMod). Do not use Google services on your phone. Don't install Google Play, use third-party open source repositories like F-Droid. And install Adblock on your phone.

Absolute privacy is unattainable in principle. But the listed methods can protect you from theft of confidential data by fraudsters, from the curiosity of colleagues sitting at the same table with you, from the annoying attention of Google and Microsoft marketers.