What personal privacy/security measures do you take?

Comments

[Joshua Bemenderfer]

I don't talk to anyone. Does that count? :P

[Scott Arciszewski]

1. I keep my software up to date. If you do nothing else on this list, do that.
2. I use Signal.
3. For Windows before 10, I used to use EMET. It blocked a few Firefox crashes that were either non-reproducible bugs or active exploits over the years. :)
4. For Linux, I use the grsecurity kernel patches. (I run Debian with the dotdeb repositories for PHP 7.)
5. I do most of my casual Internet browsing with Tor Browser (via torbrowser-launcher) inside of a virtual machine. Once a site is trusted, I'll actually visit it in my host OS.
6. I use password managers. Mostly LastPass (for casual use) and KeePass (for high-security use).
7. I encrypt my hard drives (with a 64-character passphrase) and smartphones (with a passphrase, not a PIN).

[onebree]

What do you store in Keepass that falls under high security use? Why not just use KP for everything?

[Ghost]

Maybe he just prefers the UI of LastPass over KeePass, and is willing to compromise on some security for usability?

[Scott Arciszewski]

Precisely.

[Udi]

One of the biggest measures is not exposing it online like that :)

[Seyed Zia Azimi]

To take it even one step further, Even I did not exposing anything should I write a comment for questions like this at all?!
Some sort of Privacy Paranoia! :D

[Arne Bahlo]

• Password manager (1Password)
• 2FA wherever possible
• Disk encryption (FileVault)
• Network filter (Little Snitch)
• File access filter (Little Flocker)
• Micro/Webcam access warning (Micro Snitch)
• Persistent install warning (BlockBlock)
• Being careful when installing software (Brew if available)
• Block ads (uBlock/1Blocker)

[Henré Botha]

I do almost nothing, and it's terrible. I should know better.

I've recently started using uBlock Origin. I used Adblock Plus before that, but that was to avoid seeing & loading ads, not to protect myself. Installing uBO was intended as a security & privacy measure.

[Erika Wiedemann]

I've had to increase my laptop security on two different occasions two totally different ways - I'm looking forward to this thread to fill in some gaps.

~5 years ago someone got into and locked me out of several of my social media and email accounts by 1) me not logging myself out at the end of my session (on their computer), and b) successfully guessing my security questions. This was before MFA was near-standard, so I at least implemented my own version with notifications/email. I then set MFA up as soon as it was available. I've beefed up my security questions and use LastPass as a PW manager (that never remembers me). I also only use my own laptop, or another computer I strongly trust. I also have a backup email and phone contact number.

The second time my laptop was physically stolen from my apartment. Luckily I'm confident my password was strong enough, and there was very little data stored on the machine - everything was backed up and also stored in 'the cloud.' Since then I've moved out and encrypted my HDD. I hope to get a kensington lock soon to try and bolt down the machine if I have to leave it at home. The laptop webcam is also covered.

[Tim Schuster]

1. Keep up to date
2. Don't do stupid
3. Backups
4. Backups
5. Backups
6. Backups
7. Password Manager
8. Using the Password Manager
9. Catch-All Emails to detect and pinpoint leaks (I recommend using a suffix like "-ca" to filter out any spam from Catch-All, google is f.e. "google.com-ca@example.com")
10. U2F
11. In case 10 fails, 2FA using Google Auth or similar apps
12. Don't use SMS or DIY-2FA (looking at you Steam)
13. uMatrix for Malware Domains (not ads)
14. ABP to block almost malicious ads (enabled acceptable ads because personal reasons)
15. Backups
16. Encrypting the important stuff (I don't see the usefulness of fulldisk encryption on anything but portable devices)

[Michael Powe]

• Private VPN on all devices <------ !!! (I use PIA, but really: they're all so cheap, you're crazy not to use one.)
• Password Safe for storing/generating passwords (Handy and works on all devices.)
• Minimum password length 12 characters
• Don't do business with or give PII to unverifiable sites. Seriously, know who you're doing business with!
• Whole disk encryption on my linux box (and it is built in on my work laptop)
• Periodically review list of devices connected to my network, and make sure I can identify who/what they are
• For streaming accounts, periodically change password and/or kick off any registered devices that I can't identify
• Set PIN's for online purchases when possible (e.g., Amazon)
• Hushmail (I don't use this much, but I keep an active paid account just because I want to be able to send encrypted mail sometimes.)
• Webcam unplugged when I'm not using it
• My financial information and will, &c are on a hidden VeraCrypt volume. My wife has a poop sheet on how to find it and get into it. The volume itself is on a USB drive.

[John A. Kallergis]

Whats a poop sheet?

[Dominic Pettifer]

• Don't install Flash (or any browser plugins), disable it if a browser comes with it preinstalled (Chrome)
• Full disk encryption for all devices.
• Password manager (1Password) with unique passwords for every service.
• Use devices that have biometric login (e.g. Fingerprint) so people don't see you typing in your password, and it's not recorded by a security cameras (may sound silly but think this will become a new attack vector in the future).
• Try to point computer screens away from windows (as in the glass kind, not the OS). All it takes is a competitor renting an office opposite yours, and armed with a high powered telescopic camera.
• Use an AdBlocker.
• Try to get all my software from official app stores (Mac App Store)

[Steve Loughran]

Two tier network at home: DMZ for consumer stuff, "critical" for work. iPhone over android. Moving to yubikey for auth and code signing. Make sure that second-hand cars we buy don't come with adobe flash.

Still vulnerable to leakage of personal data from many sites, and wilful actions of installed phone apps like airline check in ones. Run 1+ of: Maven, apt-get or brew every single day on that critical development laptop

If I consider where I am most vulnerable, it is in that automated download and execution of developer tools and application libraries, To put it another way: the code I've written over the years runs on thousands of developer boxes every day. These people are relying not just on my competence, but my goodwill and the quality and detail of the peer review process in those OSS projects.

Video: youtu.be/tcRjG1CCrPs

[Federico Zivolo]

1. Update software regularly
2. Use 2FA wherever possible
3. Use complex passwords generated by 1Password
4. I have an interactive firewall on my Macs (HandsOff!)
5. All the security features of macOS enabled

[Saul]

I got a aluminum baseball bat in my room, althought i think its for softball. Two-step verification and secondary email account and phone number. Linux (Debian) my main OS. Is it weird that i don't trust password managers? i mean, i rather memorize the passwords, even if there are a lot. I use AdBlock, but im guilty of whitelisting some of my favorite content creators.

[Stephen Senkomago Musoke]

1. Use different passwords for each service

2. Keep software up-to-date

3. Only use a single card for online purchases, hidden behind Paypal

4. Use Single Sign On (SSO) for a secondary social media account, rather than my primary email address

5. Do not use public computers for access

6. Encrypt hard drives

7. Do not put anything online that I do not want there

8. Notifications on accounts so that I know what is going on with my account at all times

9. 2 factor authentication where possible

[Enno Rehling (恩諾)]

All the normal stuff (password manager, encryption), plus I unsubscribe from every online service that gets pwned, or is otherwise using bad security practices (like, sends forgotten passwords over email). And yes, that means I can no longer have a Tumblr, LinkedIn, or Adobe account, but these are the breaks.

[Anurag Mathur ]

1. All software updated. Work windows laptop protected with AV/ Firewall/ Host IDS/Disk Encryption. Home MBP always updated with disk encryption.
2. Always use HTTPS
3. I use iPassword to manage and generate passwords.
4. Always logout at the end of session from any website.