Protect Your Browsing/Data Sharing
For free, because in this house I donât believe in making people pay for basic human rights.
Iâve decided to share my browsing protecting tips here. Digital security is usually quite expensive, but it doesnât have to be! In this day and age, youâll be told to watch out for home-born hackers and âhacktivistsâ accessing your data, but I gotta tell you, what your own governments and ISPs are doing makes this more important (aka: theyâre worse).Â
I know with all the TIKTOK IS SPYING ON YOU stuff, a lot of my friends have come to me seeking some advice on this. This is also great if you donât want parents checking your browsing >_> just sayinâ
If anyone has questions - drop me an ask! Iâll always answer for this topic. I am also happy to âexpandâ on one of these suggestions if theyâre unclear :)Â
Note: This works under the assumption you have your default ISP provided router and canât get another one for whatever reason. I will advise that if you can get an additional router, do so! Try to avoid the one the ISP has provided to you.Â
Additional Note: This is not âoptimalâ. There is no such thing in security â everything has a backdoor.Â
Letâs get cracking! This is a long, and thorough post, but I _do _have a pdf somewhere if you want it because it looks nicer :*)Â
Use Tor to browse.Â
There you go, thereâs my advice leaves
https://support.torproject.org/ to Download/Install/Run.
Donât change anything, except maybe using Tor in âbridgeâ mode.
Okay, you can use other browsers (see: Chrome/Firefox), but they are not as secure as Tor.
USE A VPN IF YOU ARE GOING TO USE TOR! I prefer Firefox (extensions + good security)
________________________________________________________________
Install the following extensions if you have Chrome or Firefox:
Privacy Possum
Stops tracking cookies. PSA: Cookies are not evil, certain cookies can be.
Firefox: Â https://addons.mozilla.org/nl/firefox/addon/privacy-possum/
Chrome: https://chrome.google.com/webstore/detail/privacy-possum/ommfjecdpepadiafbnidoiggfpbnkfbj
Ghostery
Stops tracking adverts and cookies. Why do I need this in addition to Privacy Possum? Ghostery specifically looks at tracking cookie ads. Itâs like adding MOAR POWAH to Privacy Possum.
Firefox: https://addons.mozilla.org/nl/firefox/addon/ghostery/
Chrome: https://chrome.google.com/webstore/detail/ghostery-%E2%80%93-privacy-ad-blo/mlomiejdfkolichcflejclcbmpeaniij?hl=nl
HTTPS Everywhere
Enforces HTTPS. If you look next to the URL in your browser, youâll see the little lock which indicates the specific URL is secure and uses HTTPS. Many websites still use the old HTTP, which is not as secure and you should NEVER EVER VISIT AN HTTP SITE ITS LIKE READING A BOOK OVER SOMEONEâS SHOULDER, thank you.
Firefox: https://addons.mozilla.org/nl/firefox/addon/https-everywhere/
Chrome: https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp?hl=nl
Adblock Plus
Foff, ads.* Firefox: https://addons.mozilla.org/nl/firefox/addon/adblock-plus/
Chrome: https://chrome.google.com/webstore/detail/adblock-plus-free-ad-bloc/cfhdojbkjhnklbpkdaibdccddilifddb
________________________________________________________________
DNS Settings
Ideally, you should change this on your router. ISPs use a default DNS â you donât want to use anything those bastards say you should use.Â
Use Cloudflare or OpenDNS:
Cloudflare is more secure overall and keeps up to standards in addition to not storing your data, whereas OpenDNS is great at avoiding malicious websites, just take your pick really đThere are a ton of other options, feel free to google âfree DNS serversâ. Google has itâs own as well, but, yaknow, itâs Google.
Cloudflare
Primary Server: 1.1.1.1
Secondary Server: 1.0.0.1
OpenDNS
Primary Server: 208.67.222.222
Secondary Server: 208.67.220.220
Add these to your router settings:
In a browser, go to http://192.168.1.1/ or http://192.168.1.0/ (it varies per router). This will lead to your routerâs configuration portal. Donât have a router with a configuration portal? Throw it in the trash and tell your ISP they suck for giving it to you.
Login to the admin portal. If you have not configured this or set a password, try the default combinations: usernames are usually âadminâ or blank, the passwords are usually blank, âadminâ, or â1234â.
Each router is different, navigate to where it asks for DNS values or servers, and enter the above addresses. You will see âStaticâ near the DNS options, select it. This also ensures youâre in the right place. If youâre not sure what to do, look up the model/make of your router and check how you can change DNS.
Whilst youâre at it, change your WiFi password from the default one, and create a proper password for the WiFi portal login. If these two things are kept as default, all these protection methods are pointless as it is easy to crack your router passwords.
Canât do this on your router because your parents are ds?* No worries! This can be done on your device! :) Yeah, I know how parents work.Â
Windows OS
Go to Control Panel <Network and Internet < Network and Sharing Center
Click on the link next to âConnections:â* Click âPropertiesâ in the dialogue that pops up.
Select Internet Protocol Version 4 < Click Properties < Select âUse Following DNS Serversâ < Enter the primary and secondary server addresses
Do this again for Internet Protocol Version 6 in the list.
Boom. Windows is so nice to make this easy.
Mac OS
Go to Apple Menu < System Preferences < Network
Select the Network youâre connected to
Click Advanced
Select DNS Tab
Click the + button < Enter chosen DNS < Save
Linux OS
Iâm going to assume if youâre using Linux, you know how to use the terminal and are using a modern Linux system. Enter these line by line. There are many ways to do this (Google is your friend)
·       sudo apt update
·       sudo apt install resolvconf
·       sudo systemctl status resolvconf.service (check that it is running)
·       sudo systemctl start resolvconf.service (to start it, use âenableâ instead of âstartâ to enable)
·       sudo nano /etc/resolvconf/resolv.conf.d/head
·       nameserver YOUR.DNS.ADDRESS.HERE
·       nameserver YOUR.SECOND.DNS.ADDRESS.HERE
·       sudo systemctl start resolvconf.service
Android
Oh yeah, you can do this on phones too wiggles eyebrows. Note, if youâre using a VPN it will lock you out of editing this. Turn it off, edit your DNS, turn it back on. This can be tricky with mobile devices that have not been jailbroken (I donât advise doing that if you have no clue what youâre doing).
Go to Settings < Connections < WiFi
Select the gear icon next to your current WiFi
Select Advanced < Ip Settings drop-down < Static
Enter chosen DNS options under âDNS 1â and âDNS 2â
iPhone
Go to Settings < Wi-Fi
Select the arrow button next to your current WiFi
Select DHCP tab, scroll down to DNS
Select DNS, and enter your DNS servers
TEST YOUR DNS IS WORKING:
OpenDNS: https://welcome.opendns.com/ (Youâll see a âWelcome to OpenDNSâ messageâ
Cloudflare: https://www.cloudflare.com/ssl/encrypted-sni/ (Youâll see check marks for all fields)
________________________________________________________________
Turn of WPS on router. Enable encryption on router.
If you can access your router portal, find any sort of toggle or field that says âWPSâ and disable it. WPS= bad. Â
Wherever there is an option for WPA2 (or higher) to enable, enable it.
Enable the firewall on your router and Operating System â ALWAYS. If you disable this, youâre disabling an additional layer of security. Firewalls are confusing things and a royal pain in the ass to configure, but having the default is better than having nothing.
________________________________________________________________
Configure your browsers.Â
Browsers have most things enabled by default, including tracking your location, turning your microphone on etc. Letâs disable that nonsense and make them ask you for permission because itâs 2020.
Iâm using Chrome as an example below because it is INFAMOUS for this. Essentially, go through your browser and scroll through settings you donât like.
Go to the little menu icon < select âSettingsâ
Sign out if itâs linked to your Google account. Letâs not give Chrome a reason to track your browsing history for your account >_>* Disable EVERYTHING:
Here, I turned off everything I would find annoying except autocomplete because Iâm lazy.
NICE TRY GOOGLE, YOU CANT SAVE MY CREDIT CARD. (Seriously, donât ever EVER autosave passwords/payment info).
The trick is to balance ease of use with security. These may vary from person to person, in general though, if thereâs a setting âask before etc.â select that over âallowâ.Â
As a rule of thumb:
NEVER ENABLE FLASH (not even an  âask beforeâ), NEVER ENABLE LOCATION (ask before is fine, but at your own risk), NEVER ENABLE CAMERA (ask before is fine, but at your own risk, use the desktop version of an application over the browser version), NEVER ENABLE MICROPHONE (same as camera)
________________________________________________________________
Additional Tipss
Check every single social media setting. You should disable anything that accesses your privacy, if possible.
Cover your camera with a sticker. Disable it unless itâs needed
Disable your mic unless you need it.
Turn off Bluetooth/NFC when you donât need it.
Have two separate networks/Wi-Fi for smart devices and personal devices.
Always use two/multi-factor-authentication for every single app, site, device etc. that you can.
Biometrics are preferable and the usual chosen default (fingerprints, retina scan, NOT FACE OR VOICE THIS IS SO EASY TO IMMITATE BRO PICTURES ARE A THING)
SMS (try to avoid if you can, please)
App âtokenâ authentication. A good choice if done well.
Hard physical key or token. The best option (Google: Yubikey, for some information on how this works).
Passwords
I know you use the same password for everything â get a centralized password manager, and start using different ones. Examples include PasswordSafe, Keeper, Bitdefender etc. Try go for a Cloud provider, and pay a little bit for the extra security and backup. If theyâre compromised, then you will know, and youâll be able to change everything. You can tie password managers to a token too.
USE PASSPHRASES, 17 characters is a good average length, use a mix of characters, uppercase, lowercase, numbers, ascii etc.
It doesnât matter if your password is âcomplexâ, it matters if it is complex and long. Servers and computers these days are jacked up on tech steroids and can bruteforce many things, given enough time.
Anti-virus.
EVERYONE SHOULD HAVE ONE, ON EVERY DEVICE. If you have a device that can add AV, add it. This goes for phones, PCs, smartTVs, you name it.Â
Free versions are okay, some free ones I like are Bitdefender, Kaspersky, McAfee, Avast (hate their fihsfirstg89ewjg9srjgrd ads though).
Sorry Mac users, that belief that you donât need one is from 2008. Windows has more security built in than Mac, which means Mac devices should 100% make sure they are adding an AV.Â
VPN
Ahhhhh. The great VPN. A tricky one. Most free versions I find incredibly slow, but give them a try â play around! A VPN is an excellent addition and these days, Iâd argue itâs an absolute must. Many AV solutions include a VPN package with their deal. If you want to make sure those sites donât share your data, this is the thing that will hurt the most - a good VPN will make it a jumbled mess.Â
Updates - just do them.
There is no complete security in this day and age â it really is just a matter of time. If you use social media, youâre traceable, be it by the company, ISP, some bored 10 year old, or your ex, your data is out there circulating. Once itâs on the internet, itâs there forever, so donât worry too much and try to make sure itâs all complex binary trash so that they open it and go âWTFâ đ
