Secure Your Digital Life: A Stress-free Guide for the Digital World
We are nearing 2020 and if you are like most people, your life has become more connected online than ever before. From social media and email to financial accounts and medical records, a growing majority of people have the most intimate parts of their lives stored on internet connected servers that other people own (read: "the cloud").
Our data has become increasingly vulnerable to cyber security threats and a growing number of people are becoming alarmed to this. According to a recent Pew Research Center study, roughly 6 of every 10 Americans believe it is not possible to go through their daily life without their data being collected. And over 80% feel as though they have no control over their data being collected by companies and the government. If you are one of those people, this guide is for you.
Most of us have heard the never ending scandals and horror stories of Facebook selling user data to the next bidder, giant department stores being hacked and losing all personal and financial data of their customers, or someone having their home robbed after sharing photos on social media while they were on vacation. These are just a few examples of the type of malicious activity that occurs 24/7 throughout the internet connected globe. Check out this live map to view how many cyber attacks are happening right now.
We learn of these terrible things, feel helpless with no control, and bury the fear and anxiety about it somewhere deep in our minds. We tell ourselves "it is OK because I have nothing to hide", or "I don't need to worry about that, no one cares about me anyway". Meanwhile, we are all being targeted everyday because our personal information is worth much more than most realize. There is booming industry based solely on the collecting and selling of your personal data. We, collectively, are a gold mine and we share in absolutely none of the profits.
In this world there are two separate multi-billion dollar industries. Both are dedicated to learning, tracking, and storing private details about you; and selling it at a premium. The legal version is in the form of massive tech and telecom companies selling your personal data to advertisers and intelligence agencies (in the name of freedom, of course). The illegal version is in the form of multi-national crime factions that pay top dollar to gain access to as many bank accounts and personal identities as they can get their hands on; using the stolen identities to steal even more from credit companies.
This is all enough to keep one tossing and turning at night.
Which is why we are here. To provide you with a stress-free guide to maximize your privacy and security online and regain control of your personal data. With the tools and strategies we share in this guide, you will be well on your way to securing your digital life and being able to rest easier at night, knowing your digital life is protected even while you sleep.
This guide will introduce you to the two fundamental security essentials, nine enhanced protection measures, and three advanced protection measures that all can help you regain control of your digital life.
Note: If you want to support our work you can do so by purchasing services or products through affiliate links that are marked throughout the article. This does not cost you anything extra, and when you do so we receive a payment.
The Two Security Essentials
Although there are several important tools and strategies, there are two tools we consider to be the most important starting points for anyone concerned about improving their privacy and security online. The two things we recommend for setting a good foundation for the future of your digital life are a good password manager and a virtual private network (VPN).
1. Password Manager
One thing most cyber security professionals will agree on is the importance of strong passwords. In fact, weak or reused passwords is the most common way hackers will gain access to their targets. As a result, weak or reused passwords is the cause of most compromised accounts and data breaches.
The good news? There are several good password managers that can make this much easier for you. Beyond the standard password requirements, they say the best password is the one you can't remember. This is why utilizing a password manager is so important. These are tools that will allow you to set a very strong and unique password for every account you own, and then forget about it. The password manager uses strong layered encryption to keep your other passwords safe, then you only need to remember the one password to open the vault to all others.
A good password manager can be seamlessly integrated into your smartphone or web browser, and can even auto-fill your online logins and forms once you have everything set up. The password manager we highly recommend is 1Password, as it is very reputable and is incredibly easy to use. It is also partnered up with the useful "Have I Been Pwned", which you will learn about in the Enhanced Protection Measures part of this guide.
Another great option is KeePassXC, which is a free and open source software (FOSS), meaning it is auditable by all and available to all. Highly developed FOSS projects have become the gold standard for privacy and security on line.
A VPN is essential for three key reasons. First, it significantly improves privacy by hiding your personal IP address, and showing whatever website, app, or services you are on that you're located somewhere far away from your actual physical location. This also makes it much harder for companies to track you and feed you ads for the latest product you didn't know you needed.
Secondly, VPNs will secure all of your internet traffic through strong encryption, making it impossible for anyone short of a three-letter agency to read whatever information you are sending over the internet. Yes, when you send private information over an unencrypted connection it can be read in plain text by unsuspecting parties.
Fig. 1 Illustration of how VPN works.
Last but not least, a VPN will also block your internet usage from the internet service provider (ISP) or Wi-Fi access point you use to access the internet. This will help limit the private information about you that ISPs sell to advertising companies.
Many VPNs also come with a "killswitch" that will automatically disconnect you from the internet if there is an issue with the VPN connection, ensuring you do not transmit any personal IP address or unencrypted data ever again.You will notice as we dive deeper that encryption is an absolute necessity when it comes to securing your digital life.
There are many options out there for VPN providers, and just as many online comparisons. It can be hard to trust these comparisons and reputations of the VPN providers change whenever there is an attack on their servers or they change leadership through being bought out by another company. Currently the two VPN providers we can recommend with good conscience are ProtonVPN (affiliate link) and Mullvad.
Made by the same engineers and scientists as ProtonMail, ProtonVPN also boasts what they call a Secure Core VPN connection, which routes VPN traffic through one of the servers they have built and installed in Switzerland, Iceland, or Sweden. These server sites are in privacy friendly jurisdictions and located under high physical security, to safeguard against the servers themselves being physically compromised. This adds another layer of privacy when connecting to sites on the internet located in high risk jurisdictions.
Mullvad has a good reputation in the privacy-focused online communities and they share their program code as open source. One bonus for them is that they do not require any personal identifying information to use their services (not even an email address).
Historically Private Internet Access (PIA) and NordVPN (affiliate links) had good reputations and depending on your threat model, they may still be an option for you. That being said it's important to know, PIA is being bought by Kape, a company with a terrible reputation for installing malware on their programs. The leadership at PIA insists they will not let Kape jeopardize their services. Some believe Kape bought PIA as an attempt to fix the stain on their own reputation. However, the verdict is still out, so proceed with caution.
NordVPN servers were attacked and the company did not do a great job notifying users of the issue. Although the attack did not jeopardize important user data, the response led many not to trust them again. We like that NordVPN is based in Panama, which provides extra privacy protections due to their jurisdiction laws. We do not like how they handled their vulnerability response. It is inevitable for companies to fall victim of cyber attacks, but what's important is how they handle the response and communicate with their users about it.
To help you decide if a VPN would be useful, you can find out the basic information your computer device is leaking right now with this quick DNS Leak Test (affiliate link).
Nine Enhanced Protection Measures
1. VPN Routers
Now that you are subscribed to a VPN service and have it all set up on your computer and smartphone, the next natural step is to upgrade your home or office router to run all of your devices through a VPN. A VPN router comes with upgraded firmware that makes it super easy to connect to all internet traffic through your existing VPN provider.
We highly recommend FlashRouters (affiliate link) for this, because they use reputable routers and have a smartphone app that makes setting up a VPN easy enough for anyone to do. With the app you can also assign which devices you want to run through the VPN and which you want to connect through open internet. For example, maybe you want the kids' tablets to be protected via VPN, but don't feel the need for VPN just to watch Netflix. With FlashRouters' app and support team this is easy to do and you will sleep much easier with all of your personal information sent through an encrypted tunnel that does not reveal your physical location.
2. Encrypted Communication
This where end-to-end encryption really becomes the main-event. If you are sending messages back and forth that are not end-to-end encrypted (meaning, the message can only be encrypted by the sender device and decrypted by the receiver device), you are at risk of your messages being read by any bad actor who gains access to your message traffic.
Fig. 2 End-to-end encryption explained by our friends at ProtonMail.
Some companies provide end-to-end encryption, like Whatsapp or Telegram, but the traffic is run through their servers and at risk of being compromised by the companies themselves (or any attacker who gains access to their servers). Whatsapp in particular is owned by Facebook, which has proven to be the least concerned with your privacy and willing to sell your data whenever they please.
Other companies go out of their way to demonstrate their privacy adherence, even going so far as incorporating their business in Switzerland, where there are incredibly strong privacy protection laws in place. ProtonMail (affiliate link) is one of these companies. To quote the security details of their website:
All user data is protected by the Swiss Federal Data Protection Act (DPA) and the Swiss Federal Data Protection Ordinance (DPO) which offers some of the strongest privacy protection in the world for both individuals and corporations. As ProtonMail is outside of US and EU jurisdiction, only a court order from the Cantonal Court of Geneva or the Swiss Federal Supreme Court can compel us to release the extremely limited user information we have.
ProtonMail is increasingly becoming a strong competitor to Gmail in terms of usability and it far surpasses Gmail in terms of privacy protections.
Another Switzerland-based company is Wire, and it is one that we recommend wholeheartedly for encrypted text and social communications; whether you are using it for personal or business use. The usability and design of Wire in our opinion is even nicer than Whatsapp.
Others demonstrate their dedication to privacy by incorporating as a nonprofit, rather than a business that makes it's shareholders happy by selling your data. This is why we can comfortably recommend Signal for encrypted text messaging.
Try these tools out and then convince all of your family and friends to switch over too!
3. Identity Protection and Monitoring
Remember the multi-billion transnational cyber crime industry we mentioned earlier? They thrive on finding and stealing our identities, which are all connected to the internet at this point. Most of the tools and strategies we share in this guide will help protect you from these bad actors, but we also recommend taking precautionary steps to protect and monitor your identity.
A good place to start is to monitor your email addresses and whether or not they have been discovered in any large data breaches. You can do this very easily through the Have I Been Pwned website. A free and easy to use powerful tool, Have I Been Pwned is developed by Troy Hunt, a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security.
Enter any and all of your email addresses into the Have I Been Pwned website and they will notify you if any of the accounts associated with that email address have been compromised. They will also notify you of any future data breaches that email address is linked to, so you can act quickly to go and update your password for those accounts.
Another strategy people use is to freeze their credit reports, so if a bad actor does gain access to your identity, they will not be able to pull a credit report and secure loans or credit in your name.
As Jameson Lopp shares in his "A Modest Privacy Protection Proposal":
Beyond using a VPN for all online banking or credit websites (affiliate link), the final step you can take in protecting and monitoring your identity comes at an additional cost, but for many people the peace of mind is worth it. There are dozens of identity monitoring and protection services out there, and probably even more side-by-side comparisons online of each of them. The one we've seen near the top of most lists is Identity Force, and we like that it comes with a free trial so you can see how you like it before committing to a subscription.
4. Secure Storage
When it comes to storing your personal files, photos, video, and other bits of data, encryption is another essential consideration. This allows you to keep your data locked safely away until you unlock it with your strong private password (remember 1Password or a similar password manager can keep strong passwords safe for you). If you have an encrypted hard drive, use it. If not, at least password protect important folders and files that contain personal photos and private health, finance, or business information.
Most people these days also use some sort of cloud storage to help keep their information safe even if their house were to burn down or they were to misplace their physical devices that store data. This is fine, but there are some considerations to make before doing so.
Google Drive and Dropbox are both well known cloud storage options. They are also big targets as large data companies that might make money off your personal information. A good practice for backing up data to non-privacy-friendly providers is to encrypt the files and folders before you upload. That way if a malicious actor were to gain access to your files it would be encrypted and unable to be read.
You could also consider using a more privacy focused cloud storage provider like NordLocker (same company that provides NordVPN). NordLocker offers 5GB for free and it also plays well with the larger storage providers like Google and Dropbox, allowing you to add another layer of security to data stored with those services. With NordLocker you also have the option to easily and safely share encrypted files with others.
5. Secure Account Access (2FA)
Two factor authentication (2FA) adds another step to logging in to an account, which often requires the verification of information that is found on a single device that you own. Really it can be a combination of something you own and either something you know or something you are. This adds a great amount of security because an attacker would also need to have access to your device (or you) in order to access your account.
Fig 3. Two-factor Authentication (2FA) illustration.
Typically 2FA comes in the form of a text message (which is vulnerable to SIM swap attacks if you are a big enough target for hackers), or through an app like Google Authenticator (the only Google app that privacy conscious people might use). After submitting your typical login credentials, you will be prompted to enter the 2FA code that is on your device (a text message or a self-refreshing code on an app like Google Authenticator). Only after entering the code found on your device will you be able to access your account.
In the security and privacy focused digital world, it is recommended to use 2FA account access whenever it is an available option. Find the security settings in most accounts to determine whether 2FA is an option you can turn on.
While a common 2FA device is just a smartphone, there also devices that are even more secure because outside of using them to confirm a login, they are able to remain completely separate from the internet. Some of the more popular 2FA devices include Yubikey, Ledger (affiliate link), or Trezor. Ledger and Trezor are also cryptocurrency hardware wallets, so if you own cryptocurrency you might purchase one of these options and "kill two birds with one stone".
6. Internet Connected Device Op-Sec
To reiterate, for maximum privacy, all of your internet connected devices should be run through a VPN (affiliate link). Beyond that, there are some other operational security (Op-Sec) measures that you can take to keep your digital life as safe as possible.
- Enable VPN before using internet dependent applications
- Disable Bluetooth
- Disable Location Tracking Services (unless using GPS for navigation)
- Disable Wi-Fi when not at trusted Wi-Fi networks or using VPN
- Remove unused applications
- Keep all software updated automatically
- Enable ad-blockers or script-blockers
- Use anti-virus software on regularly scheduled scans
Additionally you will want to make sure you are using a privacy-focused web browser. The two we recommend are Firefox and Brave (affiliate link). You should also research the best privacy settings for the web browser of your choice to make sure you are getting the most out of it.
Now that you've got a good web browser set up, the next step is to make sure you are using a privacy-focused search engine (for example, not Google or Bing). We prefer DuckDuckGo.
Now that you've tweaked your browser for safety, it's time to also consider physical tweaks to your device itself. This means covering your webcams so hackers are unable to view you in your pajamas (or on the toilet, or something worse) if they gain access to your Wi-Fi network. You may also want to make sure your microphone is turned off. This also entails making sure you have not granted access to your camera or microphone for any of the apps on your device.
Additional resources for learning more about general Op-Sec strategies and tools:
- National Cyber Security Alliance: Stay Safe Online
- A Secure Life
- PrivacyTools - Encryption Against Global Mass Surveillance
- Techlore: Becoming Anonymous Video Guide
- Techlore: Privacy and Security Tutorials
7. Social Media Op-Sec
When it comes to social media Op-Sec, there are a few things you should do to begin protecting your privacy. An obvious approach is to go into the settings of your social media accounts and toggle them for maximum privacy. You can and should do that, but there's more that can be done.
First, you should clear your history of old photos and posts. Or, perhaps even delete your account and start a fresh one with new habits in mind. Further still, delete your accounts and apps and stay off. Those of us who have the greatest privacy and security in their digital lives are the people who opt-out of social media entirely. Consider trying it. It's a rather liberating feeling. If that's not an option, you can still build some better Op-Sec habits.
One of the new habits you should build include limiting the personal information you share. Basically, don't share personal details about your life with the public. This becomes easier when you begin to look at every social media outlet as a public forum, because even if you toggle a switch saying to not share with anyone outside your friends, you are still sharing this with the social media company and the many other advertising companies and government agencies they sell your data to. Even worse, at some point you may have added an old friend who is actually not your old friend at all. And that person may be waiting until to post something that will make it easier for them to steal your information, or perhaps worse, rob your home when you post photos saying "hello from the Bahamas"! Don't post vacation photos, especially while you are still on vacation.
Another good Op-Sec strategy for social media is using anonymous accounts whenever practical. This will also help you develop a more mindful awareness of what you post on social media and why, because you will be filtering yourself through a "will this reveal too much information about me?" mindset.
To maintain healthy boundaries between your real and digital lives, it is appropriate to have that sort of mindset while online; it is irresponsible to not.
8. Try A New Operating System
An operating system is the software that drives our computers and smartphones. When the device is turned on, it boots into the operating system of our choosing. Yes, it is a choice you can make. The most commonly used operating systems are Windows, Apple's Mac OS X & iOS, and Android (which is made by Google).
All three of those operating systems have sophisticated tracking included in their software and if found in the wrong hands, could be a huge risk to your privacy. That said, Apple is leading the way for those three to be more considerate of user privacy (at least in their marketing). The big three operating systems are also the most targeted when it comes to hackers developing malware that can hijack your computer and steal your data.
A lesser known operating system is Linux. Linux is an open-source software and is highly developed by privacy-conscious developers throughout the globe. Being open-source, there are actually dozens of Linux variety operating systems available.
Fig.4 Top 10 Linux distributions according to TecDistro
We use Linux for several reasons. It is less of a target than the big three OS companies because less people are using it (hackers like to cast a wide net). Also Linux often requires less computing resources to operate. Changing over to Linux is known as a way to breath new life into an old computer that's been slugging by on Windows. We also like it because there are so many varieties of Linux operating systems, known as distributions, and most of them are free!
A good way to start with Linux is Linux Mint. This brand of Linux is known for converting Windows users, because the desktop design layout is similar to Windows, but it is free, open-source, and is a great way to access all of the awesome free software that comes with most Linux distributions. It just works and it is a great way to transition into the world of Linux.
Just below in the Advanced Protection Measures section of this guide you will learn of two more Linux distributions that are highly focused on protecting privacy.
9. Keeping Finances Private and Secure
We've already discussed strategies for securing your online accounts and you should definitely incorporate those practices into securing your financial accounts. Here we will share a few quick strategies we've heard of for physical security of your wealth.
First and foremost, if you use credit cards, they most likely have an RFID chip in them, which can be read by anyone with an RFID reader in your vicinity. These devices can be purchased by anyone on eBay from $10-100. A malicious person could put one in a small bag and walk around a crowded area swooping up the credit card details of everyone they pass near. To add protection for this to your physical wallet, all you have to do is use an RFID sleeve and keep your cards inside of the sleeves.
In order to protect the privacy of your wealth from prying institutions or in the event of an economic crisis, you could also keep some of it in cash, precious metals, and cryptocurrency like Bitcoin or Monero. How to implement these measures goes beyond the scope of this article, but it's worth doing some research if wealth preservation is something that fits your threat model. Most people who diversify their wealth do so to protect themselves from risk of an economic crisis like capital controls, a major market crash, or hyperinflation; but they also tend to be relatively private people.
If you go the cash or precious metals route, you'll probably want to also invest in a safe or a safe-deposit box at your bank. If you invest in cryptocurrency, storing it on a hardware wallet like the Ledger (affiliate link) or Trezor and then adding it to the safe or safe-deposit box, is a good idea.
Three Advanced Protection Measures
Tor (acronym for "the onion router") is a sophisticated routing tool that routes all of your internet traffic through the Tor network. Similar in outcomes as a VPN, it hides your IP address and web traffic from prying eyes. Tor is maintained as a free and open-source tool and is used daily to protect the privacy of journalists, dissidents, and normal people throughout the planet. While Tor is what some use to access the "dark web", it is also used by regular people to access the internet with a greater level of privacy.
To learn more about Tor and determine whether it would be useful for you, visit the official website of the Tor Project.
Fig.5 Graphical depiction of how Tor works, by Visual Capitalist. In reality Tor hops through three relays, instead of the five depicted here.
Tails is another acronym, for "the amnesic incognito live system". A live operating system in this case is one that is booted from a USB thumb drive and can be used on any computer machine that can be booted from a USB port. Tails is a live operating system built from free and open-source Linux software that aims to help users preserve privacy and anonymity; and can be used on any computer without leaving a trace that it was used.
The "amnesic" component of Tails makes it so every time you boot into your Tails thumb drive it's as if it were the first time you ever booted. It stores no information whatsoever, but you do have the option of creating a "Persistent" drive, allowing you to have an encrypted storage space within Tails that you can access after booting into the system.
The "incognito" component of Tails means the computer you use your Tails USB stick on will not be able to record or leave any trace you were there. Pretty neat technology. It also routes all internet traffic through the Tor network by default.
Unless you are a journalist, political dissident, or international spy, you probably won't need Tails for everyday use. However, it is a very powerful tool that you might consider getting familiar with in case you can think of a creative use-case for it.
To learn more about Tails and determine whether it's something you might use, you can visit the official website.
3. Qubes OS
We've saved the most advanced tool for last. Qubes is a security oriented operating system that uses Xen hypervisor technology, the same technology used by major website hosting providers to isolate various websites from each other. It is free and open-source software that is endorsed by many security experts and privacy advocates.
To quote the Qubes official website:
This approach allows you to keep the different things you do on your computer securely separated from each other in isolated qubes so that one qube getting compromised won’t affect the others. For example, you might have one qube for visiting untrusted websites and a different qube for doing online banking. This way, if your untrusted browsing qube gets compromised by a malware-laden website, your online banking activities won’t be at risk. Similarly, if you’re concerned about malicious email attachments, Qubes can make it so that every attachment gets opened in its own single-use disposable qube. In this way, Qubes allows you to do everything on the same physical computer without having to worry about a single successful cyberattack taking down your entire digital life in one fell swoop.
Pretty impressive stuff, right? Qubes OS is also integrated with Whonix, a Linux distribution that uses Tor and focuses on privacy enhancements.
While Qubes does have reasonable documentation to help with setup and troubleshooting, it is definitely for more advanced users, or for those who are eager to learn. To learn more and determine whether it's something that you want to try, visit the official Qubes OS website.
We hope this guide provided you with useful information and that you will return often as you work toward taking necessary steps to maximize your online privacy and security. Consider bookmarking it to return as needed. As you get more comfortable with these strategies, we encourage you to share this with your friends, family, and colleagues and help empower them to secure their digital lives as well.
In doing so we can live with less fear and anxiety about being online in this digital world, knowing we've done all we can to protect ourselves and our families. And as a result, we will all be getting better sleep at night and living healthier, happier lives!
Disclaimer: Information found on Sleep Tools is not medical advice and should not be interpreted as such. It is also not financial advice. You should consult with a professional before following any of the recommendations found on the Sleep Tools website. The material on this site is provided for general information only and should not be relied upon or used as the sole basis for making decisions without consulting primary, more accurate, more complete or more timely sources of information. Any reliance on the material on this site is at your own risk. For more information see our Terms of service. If you follow the tips here or throughout the Sleep Tools website and do not experience any relief, we strongly encourage you to consult with a sleep doctor, as you may be experiencing a more serious sleep disorder.
YES, WE ACCEPT CRYPTO DONATIONS!
Donate any of these supported currencies through our Globee donation portal linked below: BTC, XMR, LTC, DOGE, DCR, ETH, LNBT, XRP