Follow these guidelines to improve your online privacy and security

By Rahul Pandit

Posted on Saturday, 20 June 2020

Last updated on Monday, 10 March 2025

I have written this article to compile in one place all the suggestions I give to my friends and family all the time. I have tried to write it in a way someone not very familiar with technology can understand it. Though, you may need to use your favorite search engine a little! If you read and actually follow through all the guidelines given in this article, you will be much safer and you will substantially increase your online privacy. I will regularly expand and update this article to make sure it stays relevant. It is rather long so buckle up!

Update all devices regularly

Software bugs are fixed and updates for them are released all the time. Same goes for newly discovered security vulnerabilities. Therefore, it's imperative that you keep your devices updated. It is the easiest thing you can do to safeguard yourself against hacking attempts. Whether it's your desktop, laptop, mobile phone or your router, please keep all of them updated. Update the apps and the OS. Enable automatic updates, if such a feature is available.

Read messages, notifications and warnings carefully

Operating systems often issue notifications about newly released updates, browsers display a warning when you attempt to type password on an insecure site. Do not take these messages lightly. If you're installing a new app or a software program, don't just click Next, Next, Next, Finish! Read the fine print. Check what data they collect/share by reading their privacy policy. Also, if you're using Firefox with recommended privacy extensions, it will outright block fake popups pretending to be from your OS or anti-virus.

Use open source or non-tracking alternatives to commercial and tracking services

Try using Linux instead of Windows for a change. Linux is open source and, unlike Windows, it doesn't collect any telemetry data about your computer use. Recent releases of Ubuntu and Linux Mint are very user-friendly even for someone who is not technically proficient. Switch your default browser to Firefox beause it has superior privacy protection. Use open source and just as capable LibreOffice instead of Microsoft Office. Use DuckDuckGo or Qwant instead of Google or Bing because they don't track your browsing habits. Use F-Droid which has only open source apps rather than Google Play store. Use Signal Messenger which is open source, end-to-end encrypted, doesn't retain metadata and is operated by a non-profit organization instead of WhatsApp which is owned by Facebook, not open-source, stores metadata, shares it with the government if they ask and uses it to show you ads. Check out more privacy respecting alternatives to popular products.

Don't share sensitive information with anyone

Never share sensitive information with anyone! Sensitive information like passwords, pins, OTP codes, credit/debit card numbers, CVV numbers should be kept private. If you're in a situation where you need to share a password with someone you know (remember, never with strangers), change it as soon as you can.

Also, don't share your name, email address and phone number with any shops, stores and other businesses. A lot of businesses like cafes, clothing stores and fast food restaurants ask for a phone number or an email address or both when you buy stuff there. They then upload your details to Google, Facebook or some other advertiser or data broker to later haunt you online with their stupid ads. Those advertisers and data brokers also use this piece of data (that you shopped at that particular business) to build a more accurate behavioral profile of you. So, just say NO!

Make Firefox your default browser

Firefox is open source and it prevents online tracking by default. In Firefox, enable DNS over HTTPS and strict enhanced tracking protection. Install uBlock Origin, HTTPS Everywhere, ClearURLs, Privacy Badger, Decentraleyes and Multi-Account Containers extensions. Make it the default browser on your computer and your phone to get privacy protection everywhere. Read get started with Firefox, to know more details.

Verify full URL of a website

Always verify full URL of a website before entering sensitive data like passwords or credit card information on the page. Take the same precaution when you're downloading files from a website.

The website should have HTTPS certificate, ie, the URL should start with https://. But just because a site has HTTPS certificate, doesn't make it legitimate. You need to verify the domain name too. What comes after https:// and before the next / is the domain name of the website. If you take a look at the address bar of your browser right now, you can see that it starts with https://www.rahulpandit.com/. So the domain name of this website is www.rahulpandit.com. By the way, the www. part is optional and some websites don't use it and some browsers may not display it.

Say, you're logging into your Facebook account, then domain name of the website should be either www.facebook.com or facebook.com. Phishing attacks often try to lure you into visiting fake websites like www.facebook-account.com or loginfacebook.com or even facebook.com.example.com, etc. They look just like the original website and even have HTTPS certificates, but the domain names give the game away.

Don't open links that you get in unknown emails, SMS or social media messages. The text accompanying such links often promises exaggerated rewards, pirated content or it is often a fake message pretending to be from the government or your service provider like your ISP or your bank. The link might point to some malware serving website or a phishing website which will ask you to input sensitive information. Verify the URL and check whether the domain name is legitimate.

Don't download unverified files

Don't download files that came as email attachments from unknown email addresses. And don't download files from unknown websites promising cracked software and games. They most likely include malware.

Check integrity of downloaded files

When you download a file from the internet, look for a checksum value on the download page. Checksum is like a unique fingerprint derived from the file. It is guaranteed to be different for each and every file. If the checksum mentioned on the page matches with the checksum you got from the downloaded file, it means that the file wasn't corrupted or modified in transit. Most popular checksums are MD5, SHA1, SHA256 and SHA512. You'll have to use a checksum generator software to calculate checksums of files. Some websites also offer a PGP signature of the file which is signed by its developer's private PGP key. If you have their public PGP key with you, you can verify that it's them who signed the file and therefore the file is legit.

Don't install unverified applications

Before installing an application on your computer or your phone, do a little research on it. Use your favorite search engine and find out which company is developing the app and what is the business model of the company, ie, how is that company making money. Read their terms of service and privacy policy and note what data they are collecting from users and who they are sharing it with. See if there are any news articles about the company or the application. Only install the application if you're satisfied with your findings.

Bookmark official websites

This is a very simple and effective measure against phishing attacks. Use the bookmark feature of your browser and bookmark all the official websites of the services you use such as email, social media, banks, government websites and others. Visit them only using bookmarks and not via some link you received somewhere.

Password-protect everything

Use strong passwords to protect your online accounts, computer, phone, router, wifi connection and other devices you may have like IoT devices. Routers and some IoT devices often have bad default passwords such as admin or 1234 or 0000, please replace them with strong passwords. A strong password is random and long, ie, it's gibberish, it's more than 10 characters in length and it has upper and lower case letters, numbers and special characters.

Cracking simple passwords like ILoveIceCream or password54321 is child's play for hackers. Same goes for passwords which are just couple of words or phone numbers or birthdays. Such passwords can be cracked easily by attackers who know you or by programs which simply try out a lot of passwords at the speed of millions of passwords per second. That's why you need strong passwords to protect yourself against clever attackers and bruteforce attacks.

Use a password manager

Don't reuse same passwords on multiple websites. If just one website suffers from a data breach, crooks will try your email-password combination found in that breach on other websites as well. Also don't use short or simple passwords either.

The problem here is that the human brain sucks at coming up with and remembering multiple long and random passwords. This is where password managers come in. With password managers, all you need to remember is your master password which is used to safely store rest of your passwords in an encrypted password vault. Password managers have a password generator as well that we can use to come up with new strong passwords. I recommend Firefox Lockwise, KeePassXC and BitWarden.

Enable 2-factor authentication

Many online services such as social media, email and banks offer to send you a one time code every time you want to log in. You'll have to provide that code in addition to your password to gain access to your account. This process is known as 2-factor or multi-factor authentication. This prevents unauthorized access to your account even if your password is leaked.

Some services send this code using SMS or email while a growing number of services use something called TOTP (Time-based One Time Password) codes. Services using TOTP ask you to scan a QR code using an authenticator app like Aegis Authenticator which generates a unique code every 30 seconds. Prefer TOTP method because it is completely offline and it protects you against sim swap attacks.

Use a non-administrator account on your computer

The operating system you use on your computer typically has 2 types of user accounts : administrator accounts and regular user accounts. Administrators can do potentially dangerous things like deleting system files, installing/removing software, creating/deleting other user accounts, etc. Regular user accounts, however, are very limited. Use such a regular user account for day-to-day use and only log in via administrator account when you need to do something that requires it.

Encrypt your devices

To protect your devices against unauthorized access, turn on encryption. Linux has full disk encryption using LUKS. Windows has Bitlocker. Or, you can use VeraCrypt for Linux, Windows and Mac. Android phones and iPhones both offer encryption in privacy settings and are most likely encrypted by default nowadays. Please turn it on and set a strong password for it. If your device is stolen after you've turned on encryption, thieves won't be able to access the data inside as long as your password is strong.

Take weekly backup

Yes. Good old, boring backups. Backups will save your important files when your hard disk crashes unexpectedly. And backups will save your pictures and videos if your phone gets stolen. You can take offline backups on an external hard disk either by manually copy-pasting all the important files or by using a backup software. Also, you can use self-hosted Nextcloud or Dropbox or Google Drive or Microsoft OneDrive to take online backups.

Enable firewall

Enable firewall on your computer and in your router to keep hackers and script kiddies out of your network. If you're using Windows, enable Windows Firewall. If you're using Ubuntu or Ubuntu-based distribution, enable UFW. Also please don't open or forward any ports in your router unless you know what you're doing.

Install anti-malware software

If you're using Windows, you already have Windows Defender installed. It's a reasonably good anti-malware and it's better than other bloated anti-virus programs available for Windows. If you use Linux, the chances of getting a malware are very low although it has happened in the past. Don't be complacent just because you use Linux. Linux users can install Clam AntiVirus and one of the following anti-rootkit programs : chkrootkit or rkhunter.

Remove applications you no longer use

Check your computer and your phone and uninstall applications that you don't need. May be you installed some application long ago but you don't use it now. Well then, it's time to uninstall it already! If you can't uninstall it, see if you can at least disable it.

Buy phones that come without bloatware and provide regular updates

Most phones come with bloatware. Bloatware includes all the apps and games that come preinstalled on your phone that you don't use but you can't remove. Buy either Pixel or 'Android One' phones if you like Android or iPhones if you like iOS because they contain the lowest number of bloatware apps and they provide regular security updates. Of course, you won't be able to uninstall some Google apps you don't want on Android phones and some Apple apps you don't want on iPhones but it's still better than nothing.

If you're technically inclined and have a compatible phone, install LineageOS or GrapheneOS on your phone. These are privacy focused, open source operating systems based on Android.

Don't give unnecessary permissions to apps

Does that weather app really need to access your contacts? Why does that flashlight app need to know your location? You need to be on the constant lookout for shady apps asking permissions they don't really need. These apps collect as much data as they can and then sell it to third party data brokers who then sell it to advertisers, insurance companies, etc. Periodically review all the apps and the permissions you have granted them. Just to be on the safe side, don't install apps which need extensive permissions that they shouldn't need to do their job.

Delete cache weekly

Apps and OS of your phone and computer collect cruft as days and weeks go by, consuming more and more disk space and slowing your devices down. Delete cache on your phone by going into Settings -> Storage. Use Bleachbit on Linux and Windows to clean cache files.

Turn off stuff you're not using

Turn off GPS (location), wifi, bluetooth, mobile internet data connection and wifi hotspot if you're not using them. You will reduce your attack surface, save a lot of battery power and decrease tracking done by tech companies. Same goes for your devices too. Turn off your laptop, desktop computer, router and IoT devices if you're currently not using them. Also, reboot your phone once a week.

Secure your wifi router

  • Use WPA2 security.
  • Secure your wifi connection with a strong password.
  • Change the default password that is required to access router settings.
  • Update firmware of your router regularly.
  • Change default DNS servers set by your ISP to a privacy-respecting alternative like Cloudflare or NextDNS
  • Disable telnet, FTP, UPnP, WPS and remote administration 'features' of your router.
  • If your router has it, enable guest network feature for friends and family members who've come to temporarily visit you.

Minimize use of social media

Social media is cancer. There, I said it!

Anyway, don't post private information on social media; you might as well invite crooks into your living room. Besides, big tech companies thrive on users' personal data. Remember, even though social media is free to use, you're still paying them in data, your personal data.

Then there's fake news and conspiracy theories. Don't believe every message you get on social media and messaging apps. Do some research and verify claims made in those messages. Don't forward them either. These messages usually appeal to your emotions rather than logic. Remember, their aim is to provoke outrage and to do that they often include exaggerated or even false claims.

Beware of social engineering

If someone calls or sends an email or a message saying they are from your work or from the government or they're a service provider (electricity company, bank, ISP) and they urgently need money or your sensitive information (OTP, PIN, password, etc), end the call. They most certainly don't. But just to be sure call/email/visit them later using official contact details and ask if there really is some emergency situation. By the way, this is just scratching the surface of what social engineering attacks are.

Change your default DNS servers

When you want to visit example.com, your browser sends a request to your default DNS server, which is often owned by your ISP, asking it IP addresses associated with example.com. Since your ISP knows what IP address your device has and they own the DNS server, they know all the websites you visit! ISPs often sell this data to third-party advertisers and data brokers. ISPs also block some websites by checking DNS requests. Therefore, it's necessary to change the default DNS server set by your ISP. Go to your computer's network settings and replace existing DNS servers with one of the following options. Replace them in your router too.

DNS queries, by design, are plaintext. New protocols like DNS over HTTPS (DoH) and DNS over TLS (DoT) encrypt your DNS queries before sending them to DNS servers. Unfortunately older devices don't support DoH or DoT. But newer versions of Android and iOS and browsers like Firefox and Chrome do support either DoH or DoT. For Android, go to Settings -> Network -> Private DNS. For Firefox, go to Preferences -> General -> Network Settings -> Enable DNS over HTTPS. Some encrypted DNS providers are given below.

Block ads, tracking and malware

Unfortunately, blocking online ads, tracking, malware and phishing attempts is a necessity in today's world. Make sure you install programs developed by open source community because some proprietary ones take money from advertisers to whitelist their ads. Having multiple content blockers at different levels provides defence in depth.

Use Tor browser or Tails OS for private browsing

Tor browser and Tails OS are used daily by hundreds of thousands of people around the world. They are primarily used to bypass censorship and to remain anonymous on the internet. But they can also be used to avoid tracking done by big tech companies. They are also helpful if you're searching for controversial, sensitive or taboo topics that you don't want anybody to know. People living in democracies, people living in authoritarian countries, activists, journalists, whistleblowers and diplomats posted in foreign countries among many, many other normal people use these tools daily.

Tor browser is a modified version of Firefox browser. Tor browser uses tor network to route your browser traffic securely and anonymously. If you visit a website using Tor browser, the website won't know your real geographic location unless you tell it yourself. Also, under normal circumstances, nobody will know that it is you who is visiting the website.

Tails is a privacy-focused operating system based on Linux. Tails OS can be started from a USB flash drive without modifying your current OS. Tails has a lot of privacy related applications installed by default including Tor browser, KeePassXC and many others. Playing around with Tails is a great way to get started with many privacy tools.

Note that Tor and Tails are great tools but they are not perfect. Do some research about pros and cons of using them if your life depends on maintaining secrecy.

Get new software and hardware when they become outdated

Once the manufacturer stops giving out updates, the device becomes outdated. In general, if your phone, router or some other internet-connected device hasn't gotten any updates in over a year, it's time to buy a new one. Buy recently released software and hardware and check for how long updates will be provided for the device before buying. Same thing applies for software too. Upgrade your software and your OS once the developers stop giving out updates.

Delete all the data before selling your device

This one is now common knowledge, I hope. If you're selling your old phone or computer, delete all the data and factory reset the device. To be damn sure you've erased all the data, perform a secure disk wipe.

Use your common sense

Use your common sense, learn about social engineering attacks, improve your operational security, employ critical thinking skills and be situationally aware.

Be safe out there, folks.



Cover Picture Credit : Photo by Micah Williams on Unsplash


Tags : Privacy Security

Next : Secure and fast static site alert!

Previous : Why self-host?

See All Posts

Recent Posts

Deploy Vaultwarden password manager, Portainer, Nginx and Certbot in Docker

Posted on Saturday, 29 March 2025

Deploy Vaultwarden password manager along with Portainer, Nginx and Certbot in Docker containers.

Tagged under Privacy Security Open Source Self-host

Good Pi-hole blocklists that stop online ads, trackers and malware

Posted on Thursday, 13 March 2025

Good Pi-hole blocklists for you to use.

Tagged under Privacy Security

Block online ads, trackers and malware with Pi-hole, WireGuard, DoT and DoH servers

Posted on Monday, 10 March 2025

Block online ads, trackers and malware on all of your devices with network-wide adblocker Pi-hole deployed on a server. Connect to it using WireGuard or DoT (DNS-over-TLS) or DoH (DNS-over-HTTPS).

Tagged under Privacy Security Open Source Self-host

Free third-party DNS for blocking ads and trackers

Posted on Sunday, 09 March 2025

Use free third-party DNS services for blocking online ads and trackers

Tagged under Privacy Security

My Chess Notes

Posted on Saturday, 02 March 2024

The notes I jotted down while I consumed chess videos and books.

Tagged under Chess

Home
Blog
Online Privacy & Security Guide
About