Protect Your Browsing/Data Sharing
For free, because in this house I don’t believe in making people pay for basic human rights.
I’ve decided to share my browsing protecting tips here. Digital security is usually quite expensive, but it doesn’t have to be! In this day and age, you’ll be told to watch out for home-born hackers and ‘hacktivists’ accessing your data, but I gotta tell you, what your own governments and ISPs are doing makes this more important (aka: they’re worse).
I know with all the TIKTOK IS SPYING ON YOU stuff, a lot of my friends have come to me seeking some advice on this. This is also great if you don’t want parents checking your browsing >_> just sayin’
If anyone has questions - drop me an ask! I’ll always answer for this topic. I am also happy to ‘expand’ on one of these suggestions if they’re unclear :)
Note: This works under the assumption you have your default ISP provided router and can’t get another one for whatever reason. I will advise that if you can get an additional router, do so! Try to avoid the one the ISP has provided to you.
Additional Note: This is not ‘optimal’. There is no such thing in security – everything has a backdoor.
Let’s get cracking! This is a long, and thorough post, but I _do _have a pdf somewhere if you want it because it looks nicer :*)
Use Tor to browse.
There you go, there’s my advice leaves
https://support.torproject.org/ to Download/Install/Run.
Don’t change anything, except maybe using Tor in ‘bridge’ mode.
Okay, you can use other browsers (see: Chrome/Firefox), but they are not as secure as Tor.
USE A VPN IF YOU ARE GOING TO USE TOR! I prefer Firefox (extensions + good security)
________________________________________________________________
Install the following extensions if you have Chrome or Firefox:
Privacy Possum
Stops tracking cookies. PSA: Cookies are not evil, certain cookies can be.
Firefox: https://addons.mozilla.org/nl/firefox/addon/privacy-possum/
Chrome: https://chrome.google.com/webstore/detail/privacy-possum/ommfjecdpepadiafbnidoiggfpbnkfbj
Ghostery
Stops tracking adverts and cookies. Why do I need this in addition to Privacy Possum? Ghostery specifically looks at tracking cookie ads. It’s like adding MOAR POWAH to Privacy Possum.
Firefox: https://addons.mozilla.org/nl/firefox/addon/ghostery/
Chrome: https://chrome.google.com/webstore/detail/ghostery-%E2%80%93-privacy-ad-blo/mlomiejdfkolichcflejclcbmpeaniij?hl=nl
HTTPS Everywhere
Enforces HTTPS. If you look next to the URL in your browser, you’ll see the little lock which indicates the specific URL is secure and uses HTTPS. Many websites still use the old HTTP, which is not as secure and you should NEVER EVER VISIT AN HTTP SITE ITS LIKE READING A BOOK OVER SOMEONE’S SHOULDER, thank you.
Firefox: https://addons.mozilla.org/nl/firefox/addon/https-everywhere/
Chrome: https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp?hl=nl
Adblock Plus
Foff, ads.* Firefox: https://addons.mozilla.org/nl/firefox/addon/adblock-plus/
Chrome: https://chrome.google.com/webstore/detail/adblock-plus-free-ad-bloc/cfhdojbkjhnklbpkdaibdccddilifddb
________________________________________________________________
DNS Settings
Ideally, you should change this on your router. ISPs use a default DNS – you don’t want to use anything those bastards say you should use.
Use Cloudflare or OpenDNS:
Cloudflare is more secure overall and keeps up to standards in addition to not storing your data, whereas OpenDNS is great at avoiding malicious websites, just take your pick really 😊There are a ton of other options, feel free to google ‘free DNS servers’. Google has it’s own as well, but, yaknow, it’s Google.
Cloudflare
Primary Server: 1.1.1.1
Secondary Server: 1.0.0.1
OpenDNS
Primary Server: 208.67.222.222
Secondary Server: 208.67.220.220
Add these to your router settings:
In a browser, go to http://192.168.1.1/ or http://192.168.1.0/ (it varies per router). This will lead to your router’s configuration portal. Don’t have a router with a configuration portal? Throw it in the trash and tell your ISP they suck for giving it to you.
Login to the admin portal. If you have not configured this or set a password, try the default combinations: usernames are usually ‘admin’ or blank, the passwords are usually blank, ‘admin’, or ‘1234’.
Each router is different, navigate to where it asks for DNS values or servers, and enter the above addresses. You will see ‘Static’ near the DNS options, select it. This also ensures you’re in the right place. If you’re not sure what to do, look up the model/make of your router and check how you can change DNS.
Whilst you’re at it, change your WiFi password from the default one, and create a proper password for the WiFi portal login. If these two things are kept as default, all these protection methods are pointless as it is easy to crack your router passwords.
Can’t do this on your router because your parents are ds?* No worries! This can be done on your device! :) Yeah, I know how parents work.
Windows OS
Go to Control Panel <Network and Internet < Network and Sharing Center
Click on the link next to “Connections:”* Click “Properties” in the dialogue that pops up.
Select Internet Protocol Version 4 < Click Properties < Select “Use Following DNS Servers” < Enter the primary and secondary server addresses
Do this again for Internet Protocol Version 6 in the list.
Boom. Windows is so nice to make this easy.
Mac OS
Go to Apple Menu < System Preferences < Network
Select the Network you’re connected to
Click Advanced
Select DNS Tab
Click the + button < Enter chosen DNS < Save
Linux OS
I’m going to assume if you’re using Linux, you know how to use the terminal and are using a modern Linux system. Enter these line by line. There are many ways to do this (Google is your friend)
· sudo apt update
· sudo apt install resolvconf
· sudo systemctl status resolvconf.service (check that it is running)
· sudo systemctl start resolvconf.service (to start it, use ‘enable’ instead of ‘start’ to enable)
· sudo nano /etc/resolvconf/resolv.conf.d/head
· nameserver YOUR.DNS.ADDRESS.HERE
· nameserver YOUR.SECOND.DNS.ADDRESS.HERE
· sudo systemctl start resolvconf.service
Android
Oh yeah, you can do this on phones too wiggles eyebrows. Note, if you’re using a VPN it will lock you out of editing this. Turn it off, edit your DNS, turn it back on. This can be tricky with mobile devices that have not been jailbroken (I don’t advise doing that if you have no clue what you’re doing).
Go to Settings < Connections < WiFi
Select the gear icon next to your current WiFi
Select Advanced < Ip Settings drop-down < Static
Enter chosen DNS options under “DNS 1” and “DNS 2”
iPhone
Go to Settings < Wi-Fi
Select the arrow button next to your current WiFi
Select DHCP tab, scroll down to DNS
Select DNS, and enter your DNS servers
TEST YOUR DNS IS WORKING:
OpenDNS: https://welcome.opendns.com/ (You’ll see a “Welcome to OpenDNS” message”
Cloudflare: https://www.cloudflare.com/ssl/encrypted-sni/ (You’ll see check marks for all fields)
________________________________________________________________
Turn of WPS on router. Enable encryption on router.
If you can access your router portal, find any sort of toggle or field that says “WPS” and disable it. WPS= bad.
Wherever there is an option for WPA2 (or higher) to enable, enable it.
Enable the firewall on your router and Operating System – ALWAYS. If you disable this, you’re disabling an additional layer of security. Firewalls are confusing things and a royal pain in the ass to configure, but having the default is better than having nothing.
________________________________________________________________
Configure your browsers.
Browsers have most things enabled by default, including tracking your location, turning your microphone on etc. Let’s disable that nonsense and make them ask you for permission because it’s 2020.
I’m using Chrome as an example below because it is INFAMOUS for this. Essentially, go through your browser and scroll through settings you don’t like.
Go to the little menu icon < select “Settings”
Sign out if it’s linked to your Google account. Let’s not give Chrome a reason to track your browsing history for your account >_>* Disable EVERYTHING:
Here, I turned off everything I would find annoying except autocomplete because I’m lazy.
NICE TRY GOOGLE, YOU CANT SAVE MY CREDIT CARD. (Seriously, don’t ever EVER autosave passwords/payment info).
The trick is to balance ease of use with security. These may vary from person to person, in general though, if there’s a setting ‘ask before etc.’ select that over ‘allow’.
As a rule of thumb:
NEVER ENABLE FLASH (not even an ‘ask before’), NEVER ENABLE LOCATION (ask before is fine, but at your own risk), NEVER ENABLE CAMERA (ask before is fine, but at your own risk, use the desktop version of an application over the browser version), NEVER ENABLE MICROPHONE (same as camera)
________________________________________________________________
Additional Tipss
Check every single social media setting. You should disable anything that accesses your privacy, if possible.
Cover your camera with a sticker. Disable it unless it’s needed
Disable your mic unless you need it.
Turn off Bluetooth/NFC when you don’t need it.
Have two separate networks/Wi-Fi for smart devices and personal devices.
Always use two/multi-factor-authentication for every single app, site, device etc. that you can.
Biometrics are preferable and the usual chosen default (fingerprints, retina scan, NOT FACE OR VOICE THIS IS SO EASY TO IMMITATE BRO PICTURES ARE A THING)
SMS (try to avoid if you can, please)
App ‘token’ authentication. A good choice if done well.
Hard physical key or token. The best option (Google: Yubikey, for some information on how this works).
Passwords
I know you use the same password for everything – get a centralized password manager, and start using different ones. Examples include PasswordSafe, Keeper, Bitdefender etc. Try go for a Cloud provider, and pay a little bit for the extra security and backup. If they’re compromised, then you will know, and you’ll be able to change everything. You can tie password managers to a token too.
USE PASSPHRASES, 17 characters is a good average length, use a mix of characters, uppercase, lowercase, numbers, ascii etc.
It doesn’t matter if your password is ‘complex’, it matters if it is complex and long. Servers and computers these days are jacked up on tech steroids and can bruteforce many things, given enough time.
Anti-virus.
EVERYONE SHOULD HAVE ONE, ON EVERY DEVICE. If you have a device that can add AV, add it. This goes for phones, PCs, smartTVs, you name it.
Free versions are okay, some free ones I like are Bitdefender, Kaspersky, McAfee, Avast (hate their fihsfirstg89ewjg9srjgrd ads though).
Sorry Mac users, that belief that you don’t need one is from 2008. Windows has more security built in than Mac, which means Mac devices should 100% make sure they are adding an AV.
VPN
Ahhhhh. The great VPN. A tricky one. Most free versions I find incredibly slow, but give them a try – play around! A VPN is an excellent addition and these days, I’d argue it’s an absolute must. Many AV solutions include a VPN package with their deal. If you want to make sure those sites don’t share your data, this is the thing that will hurt the most - a good VPN will make it a jumbled mess.
Updates - just do them.
There is no complete security in this day and age – it really is just a matter of time. If you use social media, you’re traceable, be it by the company, ISP, some bored 10 year old, or your ex, your data is out there circulating. Once it’s on the internet, it’s there forever, so don’t worry too much and try to make sure it’s all complex binary trash so that they open it and go “WTF” 😊
