This guide outlines basic security practices aimed at enhancing your privacy when using digital devices. An emphasis is placed on the importance of using Free and Open Source Software (FOSS), as it is not only free but also open for auditing, making it more secure than proprietary software.

Basic Security Rules

1. Use FOSS: Always opt for Free and Open Source Software. It's auditable, and vulnerabilities are more likely to be discovered and fixed. Don't trust proprietary software like WhatsApp, Telegram, Signal, or others promoted by government agencies or corporations.

2. Avoid App Store Installations: Installing software directly from Google Play or Apple's App Store could allow these companies to push updates or backdoors to your device without your consent.

Typing

Using the default keyboards on Android or iOS devices compromises your privacy. These keyboards, akin to having a keylogger, transmit your typing data to companies like Google, Microsoft, and Apple. It's essential to start your privacy journey by switching to a FOSS keyboard.

Recommended Keyboard: Florisboard

• Installation:

  • Navigate to the Florisboard Release Page.
  • Under the Assets section, download the florisboard-XXX-release.apk file and install it on your device.

• Initial Setup:

  1. Open Florisboard.
  2. Click on "Open System Settings" and enable Florisboard.
  3. Click "Switch Keyboard" and select Florisboard.
  4. Click "Start Customizing".

Configuration Tips

Theme - Dracula Theme

For users who prefer a dark theme:

• Download the Dracula Theme Zip File.
• Extract and import the dracula.flex file into Florisboard under "Theme" settings:
  • Change "Theme mode" to "Always night".
  • Press on "Manage installed themes".
  • Press "Import" and select the extracted file.
  • Choose "Dracula Theme" under the night theme menu.

Keyboard Settings

• Disable sounds and vibrations:
  • Navigate to Keyboard > Key press > Sounds & Vibration.
  • Disable "Key press sounds" and "Key press vibration".

Glide Typing

• Enable glide typing:
  • Go to Gestures & Glide typing.
  • Enable "Glide typing".
  • Note: Only English gliding is supported in versions older than 0.4.0.

Language Settings

• Add and configure languages:
  • Navigate to Languages & Layouts.
  • Click "Add subtype", select your languages, and save.
  • The system will display your subtypes for easy selection and saving.

Advanced Settings

• Enable "Force private mode" to further enhance privacy.

Finishing Up

With these settings, major corporations like Google and Apple should no longer be able to track your keystrokes through the keyboard application, significantly enhancing your privacy.

Email

Overview

Managing email efficiently and securely involves using separate accounts for communications and registrations. This approach enhances privacy and reduces the risk of exposing your primary communications to unwanted tracking or breaches.

Recommended Email Service: Proton Mail

Setup

Proton Mail is a secure email provider that allows you to create an account without verification, aligning with privacy needs.

• Download Proton Mail:

  • Download and install the Proton Mail app or sign up on their website.

• Account Creation:

  • Choose a username that is a random 8-character string combining digits and letters for memorability and privacy.
  • Use a strong password generated by a reliable password manager, as you will not need to type it manually—copy and paste instead.
  • If you don't have a password manager yet, write a temporary password, and then use a password generator to create a stronger password.

Configuration

• Disable Telemetry:
  • Go to Settings and turn off "Anonymous telemetry" and "Anonymous crash reports" to prevent sending unnecessary data to Proton servers.

Using Email Aliases for Privacy

• Communication Email:

  • Use your main Proton Mail account for actual communications. When sharing this email address or registering for important services, utilize the "+alias" feature. This helps you track where messages are coming from and is useful for managing privacy and spam.

• Alias Email:

  • For less important registrations, use an additional email or the "+alias" feature with random strings. This prevents services from linking your activities across different platforms and allows you to block communications from any compromised sources easily. For example, if your email is [email protected], you will receive messages sent to [email protected] normally.

• Best Practices for Aliases:

  • Always use random strings as aliases when possible. This prevents others from knowing you are tracking the source of emails, enhancing your privacy.

Finishing Up

By employing a dual-email strategy with the use of aliases, you can significantly enhance your email privacy. This setup allows you to control and monitor who has access to your primary communication channels and to efficiently manage exposure to potential spam and phishing attempts. Regularly review your email settings and aliases to maintain optimal privacy and security.

Passwords

It is crucial to use a password manager for your digital security. This allows you to use uniquely generated passwords for each service without the need to memorize them all—except for your master password.

Recommended Tool: Bitwarden

Installation

Bitwarden is a robust password manager with options for desktop and mobile devices:

• Desktop: Bitwarden for Desktop
• Mobile: Bitwarden for Android and iOS

Account Setup

• Account Creation:
  • Create a Bitwarden account using a secure email, such as ProtonMail.
  • Instead of a random string, choose a master password that is complex yet memorizable. Use a mix of letters, numbers, and symbols to form a phrase or a combination that you can remember. You must not have used this password anywhere else, and you can't use it in the future.
  • Use the Bitwarden Password Strength Tool to ensure your password would take at least 3 years to crack, which is adequate for short-term security. Opt for a password that could take 10 years or more to crack for enhanced long-term security.
  • During setup, opt out of "check known data breaches" to prevent Bitwarden from comparing your password with compromised ones.
  • Set a master password hint that has no real relation to your password as an added security measure (e.g., hint: "Our anniversary's place").

Configuration

Account Security

• Navigate to Settings > Account Security.
• Do not enable "Unlock with biometrics". While convenient, biometrics can be bypassed under coercion. Instead, set up a PIN for regular access:
  • Use a numeric PIN as a compromise between security and practicality.
  • The app requires the master password after three incorrect PIN attempts, providing an extra layer of security.
  • Ensure you have Bitwarden installed on multiple devices, enabling you to unlock one device using another if needed.

Finishing Up

By implementing these practices, you enhance the security of your digital life. The use of a robust password manager like Bitwarden helps maintain strong, unique passwords for all your accounts, reducing the risk of security breaches. Remember, the strength of your security is determined not just by the software you use but by how you use it. Be diligent and update your security settings and passwords regularly.

Communication

It's a misconception that apps like WhatsApp, Telegram, or Signal are secure simply because they offer end-to-end encryption. These apps link your phone number with other identifiable data such as your IP and contacts. To truly manage your privacy, it's recommended to handle communications via your own systems.

Recommended Setup: Matrix and Element

Matrix.org

Matrix is an open-source service that can be used as a backend for secure communications.

• Matrix GitHub: matrix-org

Element App

Element, developed by New Vector Limited, serves as the frontend.

• Download and Installation:
  • Download Element from element.io/download.
  • Install the application on your device.

Account Creation

• Email Registration:

  • Use a secure email service like ProtonMail for registration.
  • Complete the email verification process.

• Username and Security:

  • Choose a username that does not relate to your personal information. A random generated string is preferable.
  • Store your username and password securely, preferably in a password manager.

• Server Setup:

  • Initially, you can use the matrix.org server.
  • TODO: Consider setting up a self-hosted server for greater control.

Configuration Settings

General Settings

• After registration, access Settings > General.
• Change your Display Name to something your peers can recognize without revealing personal information.
• Remove any linked emails under "Emails and phone numbers" to sever ties between your email and your matrix credentials.

Preferences

• Disable the following options to maintain privacy within your interactions:
  • Show read receipts
  • Show removed messages
  • Show join and leave events
  • Show account events

Security and Privacy

• Make the following adjustments in Settings > Security and Privacy:
  • Disable "Send analytics data".
  • Enable "Incognito Keyboard".
  • Enable "Prevent Screenshots of the application".

Optional Adjustments

• Markdown Formatting:

  • Enable markdown formatting under Settings > Preferences.

• Live Location Sharing:

  • Enable "Live Location Sharing" under Settings > Labs for sharing your location securely when necessary.

Creating a Room

• Room Setup:
  • Create a room with a name that is identifiable to your peers but obscure to outsiders.
  • Set the room as Private and enable encryption to secure all communications within.

Finishing Up

Securing communication involves ensuring safety at all endpoints. Trust among peers to maintain these standards is crucial; if one node in your network is compromised, the entire network's security is jeopardized.