Friends and family sometimes ask me for advice about security tools or practices they should use to improve their own security. Before long I had a decent set of canned responses for all levels of technical ability that I have compiled here.
Because I value personal data privacy so highly, I am very strict about the tools I adopt personally. Unfortunately, many of these tools also come with a learning curve and may require some level of technical configuration. Some of these tools trade off convenience for security. I firmly believe that some security is better than none, so in some areas, I have included a secondary suggestion for those who just want something simple to use that still respects their privacy and provides security.
Most people use Windows, so I try to suggest tools that are multi-platform. I almost never recommend Windows as a day to day operating system. If tools are keeping you on Windows, everything on this list supports Mac and Linux to make the switch that much easier.
The OS I use: Linux / Ubuntu.
Linux is much easier to use, especially in the latest versions, than most people think. I know at least one non-technical person that uses it and is happy with it. For some, this is a non-starter due to missing software needed for work, but I personally have yet to find any task I couldn't do as well or better on Linux.
I dabble in 3D modeling, programming, video game design, and digital art. I also enjoy gaming from time to time, and have found that even VR and most windows games run just fine in Linux.
The OS I recommend for those not willing to jump to Linux: Mac OSX
Apple has a good security and privacy track record, and is built for non technical consumers. Some tasks that have strong alternatives in Linux may not run on a Mac, but I have used one professionally for years (in an office environment that does not allow Linux) without any problems.
Just don't use iCloud.
I run a custom built desktop for most of my work, but there are a couple of laptops I like.
Linux Laptop: The system76 Darter Pro
For under $1600 you get a Linux laptop with an i7 processor, 32GB RAM, and 500GB SSD. Amazing value with components working on Linux out of the box. If you want to spend a little more, their Oryx pro line is also excellent.
General Laptop: Apple macbook pro
In my opinion, Apple's quality has gone down over the last few years. You will pay roughly double the above for similar or worse specs. However the software, security, and privacy make this worth it over the common windows laptops loaded with adware that are often sold.
I use FireFox for all my browsing. I don't like sending data to Google via my web browser.
I also use the following security plugins (note that some of these, in particular NoScript and uMatrix, will make some sites unusable without configuration)
If you just really like chrome, then I recommend switching to Chromium where possible.
Password managers are great for getting strong, unique passwords for all sites you visit. I recommend and use BitWarden. It's open source, free for users, syncs across many devices, and multi-platform.
If you are worried about using a cloud service, then they do offer a self hosting option so you can manage it yourself.
I use Proton Mail. It uses client side encryption, default email encryption between proton mail users, and claims all their code is open source and they do no logging. I have a paid account, which is not very expensive. They do have a free version, but since it is my primary mail provider I like having the extra capabilities.
Most users don't encrypt their hard drives. If you do, I would go with your OS providers encryption options to make it as easy as possible.
I also sometimes want to encrypt specific files, or create encrypted folders for things like financial data or other sensitive files.
For encrypted folders, I use VeraCrypt. It's very easy to use and offers the ability to create hidden drives.
For single file or secret storage, I use gpg. This is good more for when I have something like a sensitive configuration file I need to store in github or might leave lying around.
I currently use an iPhone, though I am likely to switch to LineageOS at some point. For most users, an iPhone offers good enough privacy and security - certainly when compared to standard Android.
Again, skip iCloud.
If you use OSX or Linux, you don't actually need anything like Antivirus. For Windows users, I recommend using Microsoft's Windows Defender. Many AV companies are now just as bad as what they seek to prevent.
ISP's frequently log traffic and build data profiles of their customers. They have experimented with injecting ads and redirecting valid web page requests to increase profit at their customers expense. Without net neutrality, they may shape traffic based on what you are doing for financial gain. VPN's can prevent all of these along with the data collection that comes with it. They also protect you when you connect outside the home, such as at coffee shops or airports.
I personally use Private Internet Access. They once showed in court that they did not keep logs, and I have near native throughput with them, along with many servers and locations around the world.
Note that you cannot depend on a VPN to protect you from government or risky behavior. If you need to protect yourself from more serious threats, then use both a VPN and Tor.
I use a custom script that uses duplicity on Linux to locally encrypt files and then back up to BackBlaze B2 storage. Backblaze offers unlimited backup storage for $5/month, which is a steal compared to many other backup services.
I also keep an external hard drive which is my first line of defense, so my backup process is: local file -> external hard drive -> B2 cloud storage.
For my iphone, instead of iCloud I use PhotoBackup to sync my iPhone photos back to my local hard drive. PhotoBackup uses rsync, which is an open source and highly efficient file synchronizer. It only works with Mac and Linux though, so Windows users may have to find something else.
Here is a sample script you could run on linux after installing duplicity and the b2 driver. I schedule this using cron to run nightly:
#!/bin/sh export PASSPHRASE=my_encryption_password export B2_ID=my_b2_id export B2_KEY=my_b2_key ####### # copy important files to backup storage # /media/user/backup is my external hardrive ####### rsync -au /home/user/* /media/user/backup/ ####### # run backup to backblaze. # this runs a full backup every 2 months, and incremental otherwise. # It deletes any backups after 4 fulls, so about 8 months old ####### duplicity --full-if-older-than 60D /media/user/backup b2://$B2_ID:[email protected]_name/ duplicity remove-all-but-n-full 4 --force b2://$B2_ID:[email protected]_name/
For non-linux users, backblaze offers a complete and simple solution. If you want to encrypt data locally that backblaze has no access to, consider an alternate solution like Duplicati with a backblaze upload. I have never used Duplicati myself, but it is open source and seems to use good client side encryption.
I combined a number of tools I use for programming to roll my own. This is an unusual solution, but it is amazing how well it works for me. It has the following components:
- Self hosted, encrypted Gitlab instance
- Each notebook is a Gitlab project, with a wiki
- Git to checkout and version control the wiki
- Sublime text with markdown to edit the wiki
This setup allows me to edit both locally on any device that supports git, and via the web through the gitlab markdown editor. I can also share any notebook with others via the gitlab permissions and get fine grained control. You could swap out Atom (or any other editor) for Sublime if you want to be fully open source.
For simpler solutions that also respect privacy, I have heard good things about standard notes.
Notably missing from this list are social media and chat applications. I minimize my use of these, but due to their nature are hard to migrate without also bringing along friends and family.
What other tools do you use, or would you like to hear about?