Welcome Back, In the last part, we spoke about privacy for Normal users, and I specifically chose easy techniques that won’t change your daily habits so much that they disturb your convenience. But since you are here, you are probably looking for a more advanced way of protecting your privacy, and that’s what we are going to do in this article.
We are going to assume that you have some knowledge of computers and can deal with them, because we are not going to explain all the technical stuff that is required for this to work.
Image Meta Data
You probably upload tons of pictures online, on Facebook, Instagram, and Twitter, without knowing that every image you upload might contain some very private information about you, like your location, name, device information, and camera information. So if you care about your privacy, you have to make sure you strip all your images of metadata before uploading them anywhere. To do that, I recommend using the mat2 utility on Linux, and there are also some good websites that do that, but I’m not going to recommend a specific one; this requires you to do some research to see what works best for you.
Browser
In the last article, we talked about installing Firefox or Brave as your primary browser and installing some privacy-enhancing add-ons on it. But now I recommend an even more extreme approach, which is to download Librewolf, which is a privacy-focused browser forked from Firefox. It comes hardened for privacy out of the box.
For any "super private" search or a confidential one, only use the Tor browser. This browser hides your data through three layers of encryption scattered around the world; basically, your connection goes through three different computers before reaching your website, which hides your identity. Tor alone isn’t enough, though.
Operating Systems
We talked in the previous article about operating systems and how Linux is much better for privacy. While, of course, using a Linux system will be much more private than Windows or macOS, it is still not enough for anonymity. For that, you should use a system specifically designed for it. I have three recommendations for you:
Tail OS, which is a live OS, basically runs on a USB drive,so you don’t have to delete your main OS. It is also amnesic, meaning it doesn't remember or record any activity done on it. And all network traffic on it automatically goes through the Tor network. It also comes with a suite of applications for your convenience.
Whonix Is a virtual machine-based OS; it also runs all your traffic through the Tor network, but it’s by default not amnesic, meaning it remembers your activities, which is useful if you're going to use it daily, but there is an option to boot it in live mode, which makes it amnesic. To run it, you have to open two virtual machines on the host: a Whonix gateway and a Whonix workstation. The Whonix gateway is the VM that connects to the internet, but you shouldn’t use it for browsing or interacting with the web. The workstation doesn’t directly access the internet, but it connects through the gateway VM, which is also where you do everything.
Qubes OS, which is also a VM-based OS, but it's different; you have to install it as a main OS first, then inside of it you can run virtual machines for everything you want to do; basically, you can have different virtual machines for different purposes, so you can isolate every identity or application you have from the others. There is also an option to run everything through Tor. But be careful because it is resource-hungry because of its VM nature.
Emails
We subscribe to tons of websites and newsletters online, and with lots of data breaches happening around us, I don’t think it’s a good idea to expose your real email like that, which can make you easily identified across the web. Also, it’s not convenient to have multiple emails because you will have to log into each one every time you need to check your inbox, so I recommend using aliases. Aliases are basically fake emails that forward whatever is sent to them to your main inbox.
There are many services that provide aliases, and I have two recommendations:
- Anonaddy, which gives you unlimited aliases, and a browser extension to make it easy to create new aliases on the fly.
- SimpleLogin, which gives you the ability to send and receive with your alias, and PGP encryption for emails sent to you
Encryption
Encryption is an algorithm or a protocol that obfuscates your data to make it unreadable without a special key.
But Which Encryption Protocol Should I Use?
This is a very common question, and the answer is: It depends :). For emailing, you should use PGP (a.k.a. Pretty Good Privacy), which is an asymmetric encryption protocol. For example, let’s call you Alice, and you have a public key and a private key, and the person you want to send a message to, let’s call him Bob, has another public and private key. To send a message to Bob securely, you encrypt it using their public key, and then Bob can decrypt it using their private key.
There are also some symmetric encryption algorithms to protect your files. If you are going to upload personal files to Google Drive, for example, you should use symmetric encryption.I recommend these two applications:
Veracrypt You can use it to create an encrypted file, encrypt a whole drive, and also create a hidden encrypted volume inside your encrypted file. If you were forced to give your password to someone, you could give them your outer volume’s password, which should contain seemingly personal stuff, while if you entered the hidden volume’s password, you’d open your actual secret files.
Cryptomator gives you an easy way to create non-fixed containers, basically encrypted folders that can grow in size as you add files to them, which is very useful for file syncing with the cloud and for storing personal files and folders without having to predetermine a size for them.
Both of these options are open-source, and that’s a huge bonus.
Be sure to never login to websites with your real identity when you are using Tor or any other anonymous OS. Also, take extreme care not to upload your private key anywhere unless it’s symmetrically encrypted!
Now that we have reached the end of this article, I hope it helps someone out there.
Check Later For Another Awesome Article :D
Top comments (1)
part 2 is great, too! instead of about:config i'd recommend using "LibreWolf" that comes hardned already.