For example, change your password regularly, use 2FA.
Use Linux, a VPN, Firefox with containers and multiple privacy add-ons. I use Veracrypt volumes to store “private” information in the cloud.
Is there a distro you recommend? I’ve toyed around with Tails, but the lack of persistence and forcing all traffic through Tor instead of a VPN (I guess the whole point of Tails) is too inconvenient for daily use.
I recommend Fedora for most people, its what I use. It has a great configuration out of the box for privacy, security, and usability, and is overall a really great option for both beginners and advanced users. Had no issues or complaints with it so far.
You can check out Privacy Guides for some other good options as well and more details, and just generally other recommendations and good resources.
Not to be one of those people, but I use Arch (btw) as a daily driver and I really like it, but also I’m a tinkerer. But TBH even just something Debian with a decent VPN would probably be a lot more private than just regular Windows 11 or whatever IMO.
I’m a tinkerer as well, but I’m at a point in my life where I need to prioritize my tinkering haha. Like buying stir-fry takeout (Windows/MacOS), cooking it by buying a pre-packaged bag (packaged mainstream Linux distro), or starting from scratch, experimenting with literally everything from chopping technique to cooking temp for each ingredient, until you realize you’re missing an ingredient you need, then you have to go back to the store (Arch lol).
I pepper my randomly generated passwords. For example, imagine you have a random string generated from your password manager. If the password manager’s database is breached or your master password is leaked somehow, the attackers have access to all of your information.
Now think of a word or acronym or something… Something simple (can be simpler than a normal password). When you add a login, save the generated string to the manager but use a combination of the string + unique word for the website login.
Let’s assume CHEESE is my pepper word.
The generated string: hjifd;39Vq$7}
Saved to password manager: hjifd;39Vq$7}
Submitted to website: CHEESEhjifd;39Vq$7}
Now even if the database is leaked my passwords are still mostly useless.
I do something similar (though less secure) for general purpose passwords; I have a couple of common “base” passwords that are decently secure that I commit to memory. Then for each website/service, I pick a pattern based on the name/url (maybe something like the first two and last three characters of the url), and append them to one of my “base” passwords, so each site gets a unique password, but I only have to remember a couple of them + the pattern
Different password and email for each site (I pay for Firefox Relay, only has one instance of a site that blocked it so far). Edit to add: Firefox Relay can also provide a phone number (for a cost) that you can use on sites instead of your own. There are caveats to keep in mind for when to use it, but it helps.
Proton Mail instead of Gmail.
Proton Drive instead of Google Drive / OneDrive. More expensive, so keep this in mind.
Proton VPN when concerned about the security of my internet connection.
Hosted VPS in a cloud provider for photo storage using an open source photo focused content management system.
Pihole hosted in a VPS to help block various trackers (and ads too, but that’s convenience, not privacy protection).
Wireguard to connect to VPS hosted services. Option to turn on full tunnel, but generally obsolete with Proton VPN as an option.
Proton is on here a bit mainly because they offer a decent suite of services. There are others that are available.
The thing is, none of this is free and protecting your privacy rarely will be. There are FOSS solutions to help, but you generally need to pay for hosting and access (even if it’s buying a raspberry pi). Proton is more accessible to many than something like setting up services on a VPS behind Wireguard.
If you wanna go full paranoid, you can use tiered personal VMs for web browsing. High security ones for things like banking and what not can be destroyed and spun up on demand. And others where it’s less important can be refreshed at longer intervals depending on your convenience requirements. Still need to ensure your host/base images are protected, but it will minimize exposure on the guest vm to malware. Less likely to have a keylogger get your bank login info if it’s a brand new VM each time.
