Part 2: Enhanced Protection Measures

by Sleep Tools November 22, 2019 | Originally published on Sleeptools.co.

Note: If you want to support our work you can do so by purchasing services or products through affiliate links that are marked throughout the article. This does not cost you anything extra, and when you do so we receive a payment.

This is part two of a three part guide. Read Part 1 here, or the full guide.

The Nine Enhanced Protection Measures

1. VPN ROUTERS

Now that you are subscribed to a VPN service and have it all set up on your computer and smartphone, the next natural step is to upgrade your home or office router to run all of your devices through a VPN. A VPN router comes with upgraded firmware that makes it super easy to connect to all internet traffic through your existing VPN provider.

We highly recommend FlashRouters (affiliate link) for this, because they use reputable routers and have a smartphone app that makes setting up a VPN easy enough for anyone to do. With the app you can also assign which devices you want to run through the VPN and which you want to connect through open internet. For example, maybe you want the kids’ tablets to be protected via VPN, but don’t feel the need for VPN just to watch Netflix. With FlashRouters’ app and support team this is easy to do and you will sleep much easier with all of your personal information sent through an encrypted tunnel that does not reveal your physical location.

2. ENCRYPTED COMMUNICATION

This where end-to-end encryption really becomes the main-event. If you are sending messages back and forth that are not end-to-end encrypted (meaning, the message can only be encrypted by the sender device and decrypted by the receiver device), you are at risk of your messages being read by any bad actor who gains access to your message traffic.

Fig. 2 End-to-end encryption explained by our friends at ProtonMail.

Some companies provide end-to-end encryption, like Whatsapp or Telegram, but the traffic is run through their servers and at risk of being compromised by the companies themselves (or any attacker who gains access to their servers). Whatsapp in particular is owned by Facebook, which has proven to be the least concerned with your privacy and willing to sell your data whenever they please.

Other companies go out of their way to demonstrate their privacy adherence, even going so far as incorporating their business in Switzerland, where there are incredibly strong privacy protection laws in place. ProtonMail (affiliate link) is one of these companies. To quote the security details of their website:

All user data is protected by the Swiss Federal Data Protection Act (DPA) and the Swiss Federal Data Protection Ordinance (DPO) which offers some of the strongest privacy protection in the world for both individuals and corporations. As ProtonMail is outside of US and EU jurisdiction, only a court order from the Cantonal Court of Geneva or the Swiss Federal Supreme Court can compel us to release the extremely limited user information we have.

ProtonMail is increasingly becoming a strong competitor to Gmail in terms of usability and it far surpasses Gmail in terms of privacy protections. Another Switzerland-based company is Wire, and it is one that we recommend wholeheartedly for encrypted text and social communications; whether you are using it for personal or business use. The usability and design of Wire in our opinion is even nicer than Whatsapp.

Others demonstrate their dedication to privacy by incorporating as a nonprofit, rather than a business that makes it’s shareholders happy by selling your data. This is why we can comfortably recommend Signal for encrypted text messaging.

Try these tools out and then convince all of your family and friends to switch over too!

3. IDENTITY PROTECTION AND MONITORING

Remember the multi-billion transnational cyber crime industry we mentioned earlier? They thrive on finding and stealing our identities, which are all connected to the internet at this point. Most of the tools and strategies we share in this guide will help protect you from these bad actors, but we also recommend taking precautionary steps to protect and monitor your identity.

A good place to start is to monitor your email addresses and whether or not they have been discovered in any large data breaches. You can do this very easily through the Have I Been Pwned website. A free and easy to use powerful tool, Have I Been Pwned is developed by Troy Hunt, a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security.

Enter any and all of your email addresses into the Have I Been Pwned website and they will notify you if any of the accounts associated with that email address have been compromised. They will also notify you of any future data breaches that email address is linked to, so you can act quickly to go and update your password for those accounts.

Another strategy people use is to freeze their credit reports, so if a bad actor does gain access to your identity, they will not be able to pull a credit report and secure loans or credit in your name.

As Jameson Lopp shares in his “A Modest Privacy Protection Proposal”:

You should freeze your credit reports; this will prevent anyone from requesting a copy and potentially finding sensitive [financial] data. Here are links to freeze your credit report for major providers in the U.S.: TransUnion Equifax Experian Innovis SageStream Advanced Resolution Services Clarity Services CoreLogic I also recommend submitting forms to opt out of as many data brokerages as possible — you can find an extensive list here.

Beyond using a VPN for all online banking or credit websites (affiliate link), the final step you can take in protecting and monitoring your identity comes at an additional cost, but for many people the peace of mind is worth it. There are dozens of identity monitoring and protection services out there, and probably even more side-by-side comparisons online of each of them. The one we’ve seen near the top of most lists is Identity Force, and we like that it comes with a free trial so you can see how you like it before committing to a subscription.

4. SECURE STORAGE

When it comes to storing your personal files, photos, video, and other bits of data, encryption is another essential consideration. This allows you to keep your data locked safely away until you unlock it with your strong private password (remember 1Password or a similar password manager can keep strong passwords safe for you). If you have an encrypted hard drive, use it. If not, at least password protect important folders and files that contain personal photos and private health, finance, or business information.

Most people these days also use some sort of cloud storage to help keep their information safe even if their house were to burn down or they were to misplace their physical devices that store data. This is fine, but there are some considerations to make before doing so.

Google Drive and Dropbox are both well known cloud storage options. They are also big targets as large data companies that might make money off your personal information. A good practice for backing up data to non-privacy-friendly providers is to encrypt the files and folders before you upload. That way if a malicious actor were to gain access to your files it would be encrypted and unable to be read.

You could also consider using a more privacy focused cloud storage provider like NordLocker (same company that provides NordVPN). NordLocker offers 5GB for free and it also plays well with the larger storage providers like Google and Dropbox, allowing you to add another layer of security to data stored with those services. With NordLocker you also have the option to easily and safely share encrypted files with others.

5. SECURE ACCOUNT ACCESS (2FA)

Two factor authentication (2FA) adds another step to logging in to an account, which often requires the verification of information that is found on a single device that you own. Really it can be a combination of something you own and either something you know or something you are. This adds a great amount of security because an attacker would also need to have access to your device (or you) in order to access your account.

Fig 3. Two-factor Authentication (2FA) illustration.

Typically 2FA comes in the form of a text message (which is vulnerable to SIM swap attacks if you are a big enough target for hackers), or through an app like Google Authenticator (the only Google app that privacy conscious people might use). After submitting your typical login credentials, you will be prompted to enter the 2FA code that is on your device (a text message or a self-refreshing code on an app like Google Authenticator). Only after entering the code found on your device will you be able to access your account.

In the security and privacy focused digital world, it is recommended to use 2FA account access whenever it is an available option. Find the security settings in most accounts to determine whether 2FA is an option you can turn on.

While a common 2FA device is just a smartphone, there also devices that are even more secure because outside of using them to confirm a login, they are able to remain completely separate from the internet. Some of the more popular 2FA devices include Yubikey, Ledger (affiliate link), or Trezor. Ledger and Trezor are also cryptocurrency hardware wallets, so if you own cryptocurrency you might purchase one of these options and “kill two birds with one stone”.

6. INTERNET CONNECTED DEVICE OP-SEC

To reiterate, for maximum privacy, all of your internet connected devices should be run through a VPN (affiliate link). Beyond that, there are some other operational security (Op-Sec) measures that you can take to keep your digital life as safe as possible.

Enable VPN before using internet dependent applications

Disable Bluetooth

Disable Location Tracking Services (unless using GPS for navigation)

Disable Wi-Fi when not at trusted Wi-Fi networks or using VPN

Remove unused applications

Keep all software updated automatically

Enable ad-blockers or script-blockers

Use anti-virus software on regularly scheduled scans

Additionally you will want to make sure you are using a privacy-focused web browser. The two we recommend are Firefox and Brave (affiliate link). You should also research the best privacy settings for the web browser of your choice to make sure you are getting the most out of it.

Now that you’ve got a good web browser set up, the next step is to make sure you are using a privacy-focused search engine (for example, not Google or Bing). We prefer DuckDuckGo.

Now that you’ve tweaked your browser for safety, it’s time to also consider physical tweaks to your device itself. This means covering your webcams so hackers are unable to view you in your pajamas (or on the toilet, or something worse) if they gain access to your Wi-Fi network. You may also want to make sure your microphone is turned off. This also entails making sure you have not granted access to your camera or microphone for any of the apps on your device.

Additional resources for learning more about general Op-Sec strategies and tools:

7. SOCIAL MEDIA OP-SEC

When it comes to social media Op-Sec, there are a few things you should do to begin protecting your privacy. An obvious approach is to go into the settings of your social media accounts and toggle them for maximum privacy. You can and should do that, but there’s more that can be done.

First, you should clear your history of old photos and posts. Or, perhaps even delete your account and start a fresh one with new habits in mind. Further still, delete your accounts and apps and stay off. Those of us who have the greatest privacy and security in their digital lives are the people who opt-out of social media entirely. Consider trying it. It’s a rather liberating feeling. If that’s not an option, you can still build some better Op-Sec habits.

One of the new habits you should build include limiting the personal information you share. Basically, don’t share personal details about your life with the public. This becomes easier when you begin to look at every social media outlet as a public forum, because even if you toggle a switch saying to not share with anyone outside your friends, you are still sharing this with the social media company and the many other advertising companies and government agencies they sell your data to. Even worse, at some point you may have added an old friend who is actually not your old friend at all. And that person may be waiting until to post something that will make it easier for them to steal your information, or perhaps worse, rob your home when you post photos saying “hello from the Bahamas”! Don’t post vacation photos, especially while you are still on vacation.

Another good Op-Sec strategy for social media is using anonymous accounts whenever practical. This will also help you develop a more mindful awareness of what you post on social media and why, because you will be filtering yourself through a “will this reveal too much information about me?” mindset.

To maintain healthy boundaries between your real and digital lives, it is appropriate to have that sort of mindset while online; it is irresponsible to not.

8. TRY A NEW OPERATING SYSTEM

An operating system is the software that drives our computers and smartphones. When the device is turned on, it boots into the operating system of our choosing. Yes, it is a choice you can make. The most commonly used operating systems are Windows, Apple’s Mac OS X & iOS, and Android (which is made by Google).

All three of those operating systems have sophisticated tracking included in their software and if found in the wrong hands, could be a huge risk to your privacy. That said, Apple is leading the way for those three to be more considerate of user privacy (at least in their marketing). The big three operating systems are also the most targeted when it comes to hackers developing malware that can hijack your computer and steal your data.

A lesser known operating system is Linux. Linux is an open-source software and is highly developed by privacy-conscious developers throughout the globe. Being open-source, there are actually dozens of Linux variety operating systems available.

Fig.4 Top 10 Linux distributions according to TecDistro

We use Linux for several reasons. It is less of a target than the big three OS companies because less people are using it (hackers like to cast a wide net). Also Linux often requires less computing resources to operate. Changing over to Linux is known as a way to breath new life into an old computer that’s been slugging by on Windows. We also like it because there are so many varieties of Linux operating systems, known as distributions, and most of them are free!

A good way to start with Linux is Linux Mint. This brand of Linux is known for converting Windows users, because the desktop design layout is similar to Windows, but it is free, open-source, and is a great way to access all of the awesome free software that comes with most Linux distributions. It just works and it is a great way to transition into the world of Linux.

Just below in the Advanced Protection Measures section of this guide you will learn of two more Linux distributions that are highly focused on protecting privacy.

9. KEEPING FINANCES PRIVATE AND SECURE

We’ve already discussed strategies for securing your online accounts and you should definitely incorporate those practices into securing your financial accounts. Here we will share a few quick strategies we’ve heard of for physical security of your wealth.

First and foremost, if you use credit cards, they most likely have an RFID chip in them, which can be read by anyone with an RFID reader in your vicinity. These devices can be purchased by anyone on eBay from $10–100. A malicious person could put one in a small bag and walk around a crowded area swooping up the credit card details of everyone they pass near. To add protection for this to your physical wallet, all you have to do is use an RFID sleeve and keep your cards inside of the sleeves.

In order to protect the privacy of your wealth from prying institutions or in the event of an economic crisis, you could also keep some of it in cash, precious metals, and cryptocurrency like Bitcoin or Monero. How to implement these measures goes beyond the scope of this article, but it’s worth doing some research if wealth preservation is something that fits your threat model. Most people who diversify their wealth do so to protect themselves from risk of an economic crisis like capital controls, a major market crash, or hyperinflation; but they also tend to be relatively private people.

If you go the cash or precious metals route, you’ll probably want to also invest in a safe or a safe-deposit box at your bank. If you invest in cryptocurrency, storing it on a hardware wallet like the Ledger (affiliate link) or Trezor and then adding it to the safe or safe-deposit box, is a good idea.

For more advanced measures view part three here on Medium or the full guide at Sleeptools.co.