Part 1: Introduction and Essentials

by Sleep Tools November 22, 2019 | Originally published on Sleeptools.co.

We are nearing 2020 and if you are like most people, your life has become more connected online than ever before. From social media and email to financial accounts and medical records, a growing majority of people have the most intimate parts of their lives stored on internet connected servers that other people own (read: “the cloud”).

Our data has become increasingly vulnerable to cyber security threats and a growing number of people are becoming alarmed to this. According to a recent Pew Research Center study, roughly 6 of every 10 Americans believe it is not possible to go through their daily life without their data being collected. And over 80% feel as though they have no control over their data being collected by companies and the government. If you are one of those people, this guide is for you.

Most of us have heard the never ending scandals and horror stories of Facebook selling user data to the next bidder, giant department stores being hacked and losing all personal and financial data of their customers, or someone having their home robbed after sharing photos on social media while they were on vacation. These are just a few examples of the type of malicious activity that occurs 24/7 throughout the internet connected globe. Check out this live map to view how many cyber attacks are happening right now.

We learn of these terrible things, feel helpless with no control, and bury the fear and anxiety about it somewhere deep in our minds. We tell ourselves “it is OK because I have nothing to hide”, or “I don’t need to worry about that, no one cares about me anyway”. Meanwhile, we are all being targeted everyday because our personal information is worth much more than most realize. There is booming industry based solely on the collecting and selling of your personal data. We, collectively, are a gold mine and we share in absolutely none of the profits.

In this world there are two separate multi-billion dollar industries. Both are dedicated to learning, tracking, and storing private details about you; and selling it at a premium. The legal version is in the form of massive tech and telecom companies selling your personal data to advertisers and intelligence agencies (in the name of freedom, of course). The illegal version is in the form of multi-national crime factions that pay top dollar to gain access to as many bank accounts and personal identities as they can get their hands on; using the stolen identities to steal even more from credit companies.

This is all enough to keep one tossing and turning at night.

Which is why we are here. To provide you with a stress-free guide to maximize your privacy and security online and regain control of your personal data. With the tools and strategies we share in this guide, you will be well on your way to securing your digital life and being able to rest easier at night, knowing your digital life is protected even while you sleep.

This guide will introduce you to the two fundamental security essentials, nine enhanced protection measures, and three advanced protection measures that all can help you regain control of your digital life.

Note: If you want to support our work you can do so by purchasing services or products through affiliate links that are marked throughout the article. This does not cost you anything extra, and when you do so we receive a payment.

The Two Security Essentials

Although there are several important tools and strategies, there are two tools we consider to be the most important starting points for anyone concerned about improving their privacy and security online. The two things we recommend for setting a good foundation for the future of your digital life are a good password manager and a virtual private network (VPN).

1. PASSWORD MANAGER

One thing most cyber security professionals will agree on is the importance of strong passwords. In fact, weak or reused passwords is the most common way hackers will gain access to their targets. As a result, weak or reused passwords is the cause of most compromised accounts and data breaches.

The good news? There are several good password managers that can make this much easier for you. Beyond the standard password requirements, they say the best password is the one you can’t remember. This is why utilizing a password manager is so important. These are tools that will allow you to set a very strong and unique password for every account you own, and then forget about it. The password manager uses strong layered encryption to keep your other passwords safe, then you only need to remember the one password to open the vault to all others.

A good password manager can be seamlessly integrated into your smartphone or web browser, and can even auto-fill your online logins and forms once you have everything set up. The password manager we highly recommend is 1Password, as it is very reputable and is incredibly easy to use. It is also partnered up with the useful “Have I Been Pwned”, which you will learn about in the Enhanced Protection Measures part of this guide.

Another great option is KeePassXC, which is a free and open source software (FOSS), meaning it is auditable by all and available to all. Highly developed FOSS projects have become the gold standard for privacy and security on line.

2. VPN

A VPN is essential for three key reasons. First, it significantly improves privacy by hiding your personal IP address, and showing whatever website, app, or services you are on that you’re located somewhere far away from your actual physical location. This also makes it much harder for companies to track you and feed you ads for the latest product you didn’t know you needed.

Secondly, VPNs will secure all of your internet traffic through strong encryption, making it impossible for anyone short of a three-letter agency to read whatever information you are sending over the internet. Yes, when you send private information over an unencrypted connection it can be read in plain text by unsuspecting parties.

Fig. 1 Illustration of how VPN works.

Last but not least, a VPN will also block your internet usage from the internet service provider (ISP) or Wi-Fi access point you use to access the internet. This will help limit the private information about you that ISPs sell to advertising companies.

Many VPNs also come with a “killswitch” that will automatically disconnect you from the internet if there is an issue with the VPN connection, ensuring you do not transmit any personal IP address or unencrypted data ever again.You will notice as we dive deeper that encryption is an absolute necessity when it comes to securing your digital life.

There are many options out there for VPN providers, and just as many online comparisons. It can be hard to trust these comparisons and reputations of the VPN providers change whenever there is an attack on their servers or they change leadership through being bought out by another company. Currently the two VPN providers we can recommend with good conscience are ProtonVPN (affiliate link) and Mullvad.

Made by the same engineers and scientists as ProtonMail, ProtonVPN also boasts what they call a Secure Core VPN connection, which routes VPN traffic through one of the servers they have built and installed in Switzerland, Iceland, or Sweden. These server sites are in privacy friendly jurisdictions and located under high physical security, to safeguard against the servers themselves being physically compromised. This adds another layer of privacy when connecting to sites on the internet located in high risk jurisdictions.

Mullvad has a good reputation in the privacy-focused online communities and they share their program code as open source. One bonus for them is that they do not require any personal identifying information to use their services (not even an email address).

Privacy Tools has developed some very useful VPN articles to help learn all of the considerations that should be made, which can be found here and here.

Historically Private Internet Access (PIA) and NordVPN (affiliate links) had good reputations and depending on your threat model, they may still be an option for you. That being said it’s important to know, PIA is being bought by Kape, a company with a terrible reputation for installing malware on their programs. The leadership at PIA insists they will not let Kape jeopardize their services. Some believe Kape bought PIA as an attempt to fix the stain on their own reputation. However, the verdict is still out, so proceed with caution.

NordVPN servers were attacked and the company did not do a great job notifying users of the issue. Although the attack did not jeopardize important user data, the response led many not to trust them again. We like that NordVPN is based in Panama, which provides extra privacy protections due to their jurisdiction laws. We do not like how they handled their vulnerability response. It is inevitable for companies to fall victim of cyber attacks, but what’s important is how they handle the response and communicate with their users about it.

To help you decide if a VPN would be useful, you can find out the basic information your computer device is leaking right now with this quick DNS Leak Test (affiliate link).

Learn more about browsing anonymously, how VPN works, and the important differences between Free VPN Vs. Paid VPN services (affiliate links).

For more enhanced measures view parts two and three here on Medium or the full guide at Sleeptools.co.