What steps can I take to be more secure on the internet?
So recently I've gotten a bit more serious about my internet security, and made some changes. Here's a short list of what I've done, but I'm wondering if I'm missing anything important:
Moved from Brave to Firefox
Bought my own domain for my email (so I can switch email providers at any time)
Switched to Duck Duck Go from google (It's gotten worse anyways)
Bought the Proton package (VPN, Encrypted email, etc...)
Installed Thunderbird (instead of microsoft mail app)
Installed uBlock Origin
Installed Bitwarden for password managing (My passwords are also no longer all the same)
Is there anything that I have missed that should be a priority for internet security?
Cybersecurity isn’t just about doing all the things secure and private. It’s also about judging/predicting likelihood of your risks so as not to over do it.
You are already above and beyond what you need to secure the average person (Firefox switch is eh, Firefox can still be locked down or “hardened” via config changes.)
I can’t offer any further advice without knowing your “enemy.”
Is this just for general purpose use or are you especially risky in a specific area
You raise a good point. I would say for the most part, I fall under general purpose, with some exceptions.
I guess what I’m wondering is, are there security/privacy things that everyone should have, but most people just don’t know about?
You’re doing just fine then! I’d look into hardened Firefox configurations and I’d probably honestly reduce what you’re all doing with email. It’s a bit redundant - to have three customizations to what’s essentially one experience.
Your browser will be fine 99% of the time with script blockers like umatrix, config hardening, not using chrome/chromium. So using protons web interface is probably just fine. Even then, emails usually not too crazy for the average user in terms of risk either, besides it being a focal point for pivoting off of (use different emails for different areas you want to segment and keep using that manager software (passwords, accounts etc)
Keepass is free and works great to secure your stuff
You can think about your physical network. Do you own the device that connects to your ISP? Do you have a gateway device between you and it? Do you have an open WiFi or is it quiet and password protected? Do you have a switch that can vlan all the iot devices or guest wifi network?
That’s a good point. Mostly protecting my data from sites, hiding info from my (shared) internet owner and ISP, keeping accounts secure, and steering clear of viruses.
Among other stuff.
If you share internet you definitely need a vpn. Anyone who can log into the router can see your exact internet history. Depending on the exact situation you can also set up vlans, but only if the other person cant just simply disable them at the end point (router). Maybe you can setup your own router behind the current one with a build-in always-on vpn.
Custom email aliases and password managers are great just in case one account gets hacked they cant just use that account to log into other sites.
Viruses, just don't click on suspect links, check for phising etc in emails, harden your browser by blocking JavaScript as much is possible without it breaking the websites. And don't use windows, since most viruses target that. Linux and Mac are less targeted and have better build in security.
And update all your stuff regularly, even things like router firmware.
Oh and don't attach iot products to the internet, those usually have terrible security and can be used to break into your network. Block them in the router (again, having your own router helps) and preferably put then on their own vlan.
Set up 2FA/MFA for all of your accounts wherever supported. It's probably one of the few easier things you can do that is missing from your list, and you will vastly improve your security posture for it.
I just use Google authenticator but there are plenty of other apps out there if you'd prefer something else.
Use the noscript addon. It protects your data by blocking all javascripts. Sadly it makes a hassle of going on a site but you will suprised how many javascripts are only there for tracking.
Also, I use ecosia as a search engine which is non profit. all profits go to the enviroment. Using !g before the prompt and it uses google and since i use privacy badger, ublock and noscript i dont think they track too much.
Eventually you will notice a patern of which ones are needed for basic function (the domain your on, wp.com, squarespace and sometimes google.com) i just switch them to trusted or if they can track temp trusted.
Sometime im also lazy and turn most to temp trusted but if i have time i work out the important ones.
I find it really distrustful that my doctors site uses many trackers.
Take away admin permission from your default accounts. It's not enough any more to be careful. There are web browsers/operating systems that have code execution vulnerabilities. Chrome just released a patch two days ago for this reason.
It would be a good idea to explore Linux if you care about all the telemetry Windows collects. There are distros out there that are so user friendly that someone using Windows their entire life can hit the ground running, like Linux Mint.
Are they really though? I use a VPN I still get a certain group of people that seem to know my internet traffic. (this might be a an extreme case, Im pretty sure I pissed off real authentic criminals.)
What I mean by that is that local people put "pressure" on me by tracking my internet use. I've had local people in my town affiliated with bad people I know that will post exact info about my internet use on Facebook. Similar to how modern ads work but it people in my town that seem to post personal things that correspond to my life exactly. and these people aren't regular people, I'm talking drug users and ex drug users and gang members.
I found out about things I wish I never found out about
Edit I use signal on my phone and the've fucked with me on ways that correlate personal texts from signal as well.
-moved from brave to firefox
Why? Brave is open source.
-bought my own domain for my email so I can switch providers
Great to have more control over your assets, but I don't think this is exactly more secure.
-Switched to duck duck go
They sold out forever ago. Your search history is probably safe with Google and not all that lucrative to fraudsters anyway.
-bought the proton package
VPNs are pretty worthless for typical privacy use cases. Instead of your ISP logging your browser data, Proton does, and they're glowies anyway. If you really want to hide your activity, just use tor! It's not as worthless for typical stuff as it used to be, it can even do 360p video. So you've got no excuse to feed your porn habits to the cloud.
Also, before anyone says "boohoo, you're stressing the network with video", literally anything but video will always be doable even if everyone tries to watch video, because noone's gonna watch video if video isn't watchable. Supply and demand, yo.
-installed Bitwarden for password managing
Isn't that an online password manager? Keeping all your passwords in the cloud? No bueno! I use KeePassXC for local storage, database on a local network drive under a router without an internet connection. But really, you could always just write them down like our grandparents used to do. Should be fine as long as the feds don't come knocking.
I definitely recommend one of those data eraser services that contacts all the data brokers and gives them legal notices to erase your data from their systems. It's a shame they're necessary, but oh well.
moved from brave to firefox Why? Brave is open source
Brave Search has been selling data they don't own, for AI to train with, which makes me distrust the Browser
bought my own domain for my email so I can switch providers. Great to have more control over your assets, but I don’t think this is exactly more secure.
It does keep my business accounts secure, but I guess that's different than internet security
Switched to duck duck go They sold out forever ago. Your search history is probably safe with Google and not all that lucrative to fraudsters anyway
Do you have any sources/info? I was not aware of them being sold out.
If you really want to hide your activity, just use tor!
True, for general use though, Tor is just so slow.
Keeping all your passwords in the cloud? No bueno!
Bitwarden is fairly secure, and open source as a plus. but I do keep a notebook backup too.
I definitely recommend one of those data eraser services that contacts all the data brokers and gives them legal notices to erase your data from their systems. It’s a shame they’re necessary, but oh well.