Yohan Beugin - January 2024
A non-exhaustive list of different advice and recommendations about online security and privacy.
Perhaps the simplest most important advice: exercise common sense, do not trust everything, and question and doubt any sort of urgency. Wherever something looks suspect, strange, or you are not sure about, pause for a moment and contemplate the situation before clicking or entering all your information. If you can not decide if it is legitimate or not (some scams can be very elaborate), disregard what is being asked from you: nothing is really that urgent or important in practice, and if it were, people would probably reach out to you again and differently.
Human beings are very bad at remembering things, it is a fact. So, it is totally unrealistic to ask people to use random passwords and remember them all. The good news is that it is not necessary, that's what a password manager is here for, just remember its master password to unlock it and let it do the rest: storing unique and randomly-generated passwords for all your accounts. See this other post for more details.
This is about retaining control of your information and with whom you share it to reduce your exposure and dependency on services. The business model of a majority of popular social medias and online services is to capture your attention and show you ads targeted to your interests. These interests are inferred from the very data you are providing these services with by interacting with them. Unfortunately, if you want to use these services, there is little you can do to avoid that, except maybe providing as little data as you can, opting out of reporting and collection in the settings, restricting public access to your information as much as possible, and blocking online tracking (see further point below).
It can be convenient to use your Google, Facebook, etc., account to log in on other online services, but this comes at a price: making it easier for third parties to track you and aggregate data on your behaviors across online services. Same if you are always logged in your Google account while searching on Google and browsing the web.
Operating system and software updates regularly contain security patches for new discovered vulnerabilities. Install software from trusted sources, i.e., the official website, packages repositories, etc.
Feeling dependent of a service or locked in? Look for potential and more privacy-preserving alternatives on this website for instance. You could be surprised at how sometimes open source alternatives can provide way better service than their commercial and ads-based counterparts.
End-to-end encryption (E2E) ensures that no one else (like the platform, service, regulators, etc.) can decrypt the messages to plaintext except you and your correspondent(s); guaranteeing the privacy of your communications. Unfortunately, not all communication services support (E2E), and a few that do (WhatsApp, Facebook Messenger, etc.) although they can not see the content of your conversations, they can still collect metadata about them: telephone numbers, contacts, statistics, who you speak to and when, IP addresses, etc.
Instead, you should use Signal; regularly considered as the most secure and privacy-centric messaging application ever made. Signal is an open source, end-to-encrypted, and cross-platform messaging application (Android, iOs, and desktop apps for Linux, macOS, and Windows), the application is free and has been peer reviewed: thus, the cryptographic protocols and algorithms used by Signal have been validated as safe and secure. The development of the application is exclusively funded by donations, and finally Signal does not track you, nor sell your activity or data.
It just tells your web browser to not locally save your history, cookies, and other data, but websites that you are visiting can still track you in other ways, access your IP address, etc.
A VPN allows you to establish a secure and encrypted tunnel between your device and a server of your VPN provider. Thus, when the VPN connection is established, the websites you visit see the IP address provided by your VPN provider instead of yours. You need to trust your VPN to have a no-log policy, i.e., that they do not track, collect, or share your browsing activity, which requires subscribing to a paid service. I would recommend Proton VPN.
Another way to hide your IP address is to use anonymous networks such as Tor with which your traffic is routed through 3 intermediary nodes before reaching its destination, anonymity is provided because each node only knows the identity of the previous and next hop.