So here is the big question; What would it take to become as secure as possible online?
If I wanted to protect myself from the data harvesting of large corporations like Google, Apple, Microsoft, Facebook, Amazon, etc. As well as from government organizations like the NSA. How many everyday luxuries would I have to give up? What operating systems would I have to run? What services would I have to personally host? What daily habits would I have to change? Out of all the data harvesting, which companies are the least insidious? Which are the most insidious?
Try to answer these questions from the perspective of a average technology enthusiast. Don’t come in and start posting things like; “just don’t use the net” or “make your own ISP”. These ideas are not realistic and do not add anything constructive to the conversation.
It seems like most people in this community are serious about privacy and are open-source enthusiasts. Let’s pool our knowledge and help each other be more secure and more informed.
Edit Edit: So it seems like people are going a bit TOO crazy with this. My objective of this thread is not to go absolutely crazy. I want things that a normal user could actually do. Sure there are ways of going off the grid but that is not practical. One still needs to get some work done. Try to think more along the lines of something you would ACTUALLY do.
Edit: Seriously though, host your own email server, manually control all connections, basically, get rid of all automated processes which you don't control.
TAILS seems like an interesting distro. It could be useful to keep on a thumb drive in case of an emergency. But I don't think this would make a very good "daily driver" OS. For someone who actually needs to get work done.
Also using Tor makes me cringe a bit, it's a minefield out there.
How would you manually control all connections? What do you mean by this? Things like devices on your network? Or applications and programs on these devices?
Also living in a RF shielded chamber will help as well. Its not that bad. They make copper mesh screen rooms too, so you can see outside and avoid the dread of living in a windowless bunker.
I think you are yourself over-killing it a bit. All the data harvesting by big companies is pretty basic (I guess/hope). It's basic because it is all it needs to be since people don't protect themselves that much from it.
Get Firefox, tweak its settings and get a few addons.
Get a trustworthy VPN with shared IP.
Get a trustworthy encrypted email service, like tutanota or protonmail. Not hushmail.
Use duckduckgo & startpage.com search engines as much as you can.
Don't use services by big internet companies, like facebook and google. If you have to, make fake profiles and be sure not to share personal information, like phone numbers and primary email-addresses
Simple steps to make it much harder to track you without making your own life much harder. After these 5 steps you could run local http server on your pc, collect all needed javascript libraries that websites use from different CDNs, and re-direct them with hosts file to your local http server.
At first this is going to keep tedious and perhaps a bit overkill but the value of privacy and security is what you put on it so if it matters to you then you'll attempt taking a different approach to things. My list is going to progress from easy and be increasingly difficult but all listed items have their place so decide up to which point you'd like to go
Use a different search provider, Google stores and sells so much data that you cannot consider your searches private. Consider what you search for, do you want to share what you search? Use a provider such as duckduckgo, or privatesearch where your searches are actually private
Change your web browser to firefox or if you REALLY don't like that then use Chromium but even that isn't ideal. Chrome isn't secure, Google has had their fingers all around it
a) EXTRA: Some important browser extensions I highly recommend are HTTPS Everywhere, ublock or adblock edge, and Privacy Badger or Disconnect. The value in these things comes from that this helps block the tracking that comes with ads and social media buttons etc.
If you use Skype consider the fact it is owned by Microsoft now and Microsoft is in NSAs pocket meaning your calls are recorded and listened in on. Talk to your friends and see if you guys can switch to another software for your calls, good options are things such as Jitsi, Tox, Subrosa
Change your DNS to one that is not your ISPs or Googles, but preferably one that is free and open and does not log. An option for this is FreeDNS. This is a basic and important step as ALL the websites you visit get resolved through DNS which means whoever's DNS you are using can see all the websites you're going to (unless they don't use logs)
Switch away from compromised email services such as hotmail and gmail. Use something such as ProtonMail.ch or OpenMailBox.org
Password security is a factor, the average password isn't much more than a short word with maybe some numbers stuck onto the end. This has very low entropy and can be cracked easily, using a tool such as Keepass can help you securely store your login information, and generate very strong passwords
A VPN is also a good idea, it's good for helping get disconnected from tracking since your connection is tunnelled through your provider serving as a gateway to the internet in a way that serves to hide you. The bonus is between you and your VPN provider your connection is very securely encrypted (using a good provider that has good settings on their openVPN)
Providers such as NordVPN.com, Cryptostorm.is, or frootvpn.com are private, secure, no logs, good price, etc.
and finally, I highly recommend using Linux. An Linux distribution such as Linux Mint is both easy to use and inherently more secure right out of the box compared to Windows. Windows is backdoored and insecure, if possible and there is nothing holding you to Windows (such as work, specific software etc) than switching is recommended and not as hard as you think. Linux isn't all wizard terminal foo as some may think, the average user if they can install Windows can install Linux Mint and learn the basics in an afternoon
a) if you do this some basics to do are enable your firewall, follow previous suggestions such as change your DNS, install firefox, etc
Online presence:
Consider what you share online, even with the security noted above all of it is thrown away when you share very specific information about yourself, your habits, where you're from, etc as it adds up and becomes a web of identifying information. So being vague is your friend
@100557662 Thanks for the post, you went into some real detail here and this was the kind of thing I was looking for. Right now I think my first step will be moving to Firefox, I use chrome right now. I already use the extensions Ghostery, HTTPS Everywhere, and Adguard. I think after that the next step will be finding a new email provider. Currently using Gmail. Also I'm going to be trying out Linux on my non-gaming machines.
Question: What is the popular opinion on Google Docs? As far as privacy goes? I use it quite alot so this will be difficult to find a replacement for. Because it is owned by Google I'm assuming it is compromised as well.
I am already seeing the things I need to change as fast as possible. Moving away from basically everything Google will be my first step. Thanks for the reply.
Then you should turn off history in the browser, because it can be leaked to sites by simple CSS. Disable WebRTC in settings by disabling media.peerconnection.enabled (leaks your real IP) Disable safebrowsing features like browser.safebrowsing.enabled Disable flash or https://addons.mozilla.org/en-US/firefox/addon/flashblock but if you use flash, then you "must" edit mms.cfg in C:\Windows\SysWOW64\Macromed\Flash and add following setting: DisableSockets=1. Otherwise your real IP can easily be leaked when you use VPN. And be sure only to save cookies from sites you trust with Self Destructing Cookies for example. Cookies are the easiest way to track you.
Next step would then be to minimize fingerprinting, which is a bit difficult to be honest.
Always browse the web inside a VM or container that has no personal information. No script, and blur are useful plug ins for stopping tracking.
Use Kolab to run your own email. Use Owncloud to have cloud storage and your own "docs" web app. Remember to use SSL for your own services and have clam AV scan your server. You should also run keep ads on said server as well.
Encrypt all your storage with 256bit AES.
A hardware firewall that does intrusion detection, antivirus, and package sniffing. PFsense and IPfire do this.
Using a cheap computer (Raspi) as a ssh box to connect to things like IRC and web browsing is a nice way to add another layer between you and the net.
For Linux distros it is hard to abeam a Harden Gentoo install. Opensuse has a pretty good security setup out of the box though.
Smart phones advoid them if possible. If you have to use them use SailfishOS, Ubuntu or a stripped version of android. The phone it's self should be off unless you are using it. Only use pay as you go phones with a fake name.
Pay for everything with cash or crypto currency. When you use a card only use refillable ones and rotate where you buy them from