Privacy

42437 readers

662 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Good Privacy Practices (Intermediate) (self.privacy)

submitted 1 day ago* (last edited 20 hours ago) by Normo to c/privacy@lemmy.ml

13 comments fedilink hide all child comments

These are some practices which worked for me, You can adjust them to match your preferences. Feel free to add your own in the comments

If you are forced to use something that is privacy invasive, Make it isolated from your actual profile. (Ex- Using a 2nd Browser profile, Using an alias to signup)

Always use the services that you use from their official clients. Don't blindly trust 3rd party clients just because they claim that they are "more private", Do some research before using it.

Don't mix up your work life with your personal life. Consider getting a second phone just for work purposes or you could use a second profile for work purposes if your phone has the ability to create multiple user profiles.

Keep a habit of clearing the browser data once in a while. (You can make your browser automatically clear the browser data when closing but it can be kinda annoying when you have to log back into websites everytime)

Strip away the metadata of your photos and documents when sharing them.

Check connected apps/services regularly and revoke unused ones. (on Discord, GitHub, Matrix and etc.)

Audit app permissions regularly (Some apps adds in new permissions or re-enables permissions over updates)

The old #3 tip got removed (The password one) because it served no additional protection and was pretty annoying. It was a mistake by me, sorry

you are viewing a single comment's thread
view the rest of the comments

[–] stupid_asshole69@hexbear.net 2 points 1 day ago (1 children)

3 is stupid.

The point of a password manager is to enable the use of multiple different passwords and usernames. The point of using multiple, hopefully unique, passwords and usernames is that when joes website gets breached and their passwords and usernames get leaked because they were storing them in plaintext it doesn’t mean all your accounts everywhere else are now compromised.

That happens a lot and if you want to learn how affected you are at this very moment just check haveibeenpwned to see what’s osint on your usernames.

So let’s say you’re appending the classic “monkey1” to your autofilled password manager passwords. You’d be protected from a password manager breach until one of your website logins is breached and someone realizes all your gibberish high entropy passwords have “monkey1” on the end. Considering there are billions of leaked credentials and millions get added each week, that’s kind of like putting wallpaper up so the tank coming through your brick wall has to work a little harder.

So what would be actual good advice? Key rotation. At some interval, clear your cache, browsing history etc and change all your passwords. Now you’re actually protected from breaches of old credentials and current credential breaches are rendered moot.

If you read all the way down to here, consider not relying on this community for privacy or security advice. The fact that “stupid asshole” was able to easily articulate why something on the list is a waste of time when no one else has done so should raise some eyebrows.

[–] Normo 2 points 20 hours ago (1 children)

bruh why you are so harsh. It was clearly a mistake on my end 😭😭

[–] stupid_asshole69@hexbear.net 1 points 14 hours ago

That’s not harsh. The closing sentences were not meant as an attack on you but as commentary on a pattern in this community.

It’s worth noting that appending a string to your password manager passwords would protect you from simple automated attacks after a password manager breach. Sometimes that’s enough.