Digital Security and Privacy for Normal People

This is a guide for individuals who are interested in improving their digital security/privacy. Only basic knowledge of how to use your computer and mobile device is required.

Low-hanging fruit

Everyone should do these. You only need to set them up once, are high value for relatively low effort, and there is little/no downside. Instructions are linked, where possible. You can of course skip any that aren’t relevant to you.

Browser(s)

This goes for desktop and mobile.

Devices

Do these for all of your computers, phones, tablets, etc.

Messaging

  • iPhone: Enable RCS on the devices you use the Messages app from.

Important accounts

Prioritize securing services that you frequently use for communication, or that have sensitive information like your contacts, financial, payment, or health information. In other words, which accounts do you have that, if hacked, would be a Big Deal? Examples of services that might be at the top of that list:

  • Bank(s)
  • Ecommerce
  • Email
  • Social media

We’ll refer to this in subsequent sections.

Security Checkups

Some services have a built-in Security Checkup tools, walking you through various account settings. Go through them for:

Passwords

Multi-factor authentication

Also known as two-factor authentication (2FA). All major services offer MFA.

When enabling MFA, using one or more of the following is recommended:

Next steps

Great work! Your personal security and privacy are now waaaay above average.

Eager/willing to do more?

Keep going

Privacy vs. security

In short, security is like having bars on your windows: hackers can’t get in, but they can see through. Privacy is like having blinds, where they can’t see in, but they can reach their hand in and unlock the door. You’ll need a combination of protections to address both.

Glossary

  • Data breach: TODO
  • Data broker: TODO
  • Hack: TODO
  • Multi-factor authentication (MFA): A service requiring more than just a password to log in.
  • Passphrase: Synonym for password.
  • Personal health information (PHI): TODO
  • Personally identifiable information (PII): TODO
  • Privacy: TODO
  • Pwned
  • Security: TODO
  • SMS: Short Message Service, also known as “text messages”.
  • Two-factor authentication (2FA): See multi-factor authentication.

Disclaimer

This guide makes no guarantees that, even with following all steps of this guide, that your digital security/privacy will not be compromised. If you are a high-value target for hackers, such as:

  • An activist
  • A celebrity
  • An executive
  • A journalist
  • A politician
  • A system administrator

…then this guide will not be enough. See resource like the Surveillance Technology Oversight Project (STOP)’s Protest Surveillance toolkit. If you’re a high-profile target, you should consult a security professional for additional actions.