Digital Security and Privacy for Normal People - next steps

These tips require a bit more commitment or technical comfort, but are worth the effort.

Messaging

Use a messaging app with end-to-end encryption (E2EE).

For more information, see the Freedom of the Press Foundation’s Secure Communication guide.

Accounts

Google: Go through their Privacy Checkup.
Meta (Facebook, Instagram, etc.): Go through their:
- Privacy Checkup
- Ad preferences
Try Privacy Party.

Sensitive information

Examples of sensitive information:

Credit card numbers
Passwords
Social security numbers
Photos or messages you don’t want other people to see

If someone contacts you via phone or email and asks for sensitive information, don’t give it to them. This often comes up as fake customer support or debt collectors. If this happens and you think it might be legitimate, follow up via official channels (the customer service number on the back of your credit card, etc.)

How to send

Don’t share sensitive information in SMS or (unencrypted) email directly. See more info for Gmail and Outlook. An easy alternative is putting the information in a file/document in Google Drive / Dropbox / etc. and sharing that.

Personal information

Your personal information is constantly being sold by data brokers.

Sign up for a data removal service to get your information automatically removed from people-search sites.

Leaks

Your personal/contact information, passwords, etc. may have become available to people that shouldn’t have it.

Sign up for data breach alerts through one of the following services:
- 1Password Watchtower
- Have I Been Pwned notifications
  - Can do a one-time check without signing up
- Mozilla Monitor

Passwords

Use different (strong) passwords for every service.
- If you use the same password across services, one service getting hacked means your accounts with other services could be compromised. This happens all the time.
- The best way to do this is with a password manager.

Password manager

Set up a password manager.

A password manager solves a number of problems:

You don’t have to remember all of your different passwords for different services.
Your list of passwords can’t be stolen as easily as if they are written on paper, a Word document, or a spreadsheet.
Most can generate a random, non-trivial password.
- This often means you won’t know your own password for a given service…which is not a bad thing!

It’s worth paying for one of the top-recommended options, but if you’re cost-conscious or want minimal hassle, you can use one that comes built into your browser:

Devices

Do these for all of your computers, phones, tablets, etc.

Go through the Wirecutter Secure Your Smartphone guide.
Enable full disk encryption.
- Back up your system first
- Computer
  - Windows: BitLocker
  - Mac: FileVault
- Phone
  - Android
  - iOS: just set a password
iOS/Mac: Review your personalized ads setting.
iOS: Go through the built-in privacy and security protections page.
- iOS: Review app tracking permissions.

Payments

When paying in-person using a credit or debit card, use the chip or contactless/tap-to-pay instead of swiping.
Use disposable/one-time/virtual credit card numbers for payments, especially if you are wary of the vendor.
Make online payments through PayPal or another trusted service instead of entering your payment information into a third-party site directly.
Don’t let vendors store your credit card details.
- Many will have an option like “save for later” — don’t check that box.

Credit

Freeze your credit.

Networking

Make sure there is a password on your wifi network. If you like having an open network, you can buy a router with a built-in public hotspot.
Set up DNS over HTTPS.
- This can cause issues when you’re on some networks, like in a corporate office or on airplane WiFi. You may need to disable now and then.
Check for upgrades to your router firmware.