Congratulations! You are embarking on a path towards owning your personal data to feel more secure. With so many companies harvesting your personal data, it can be overwhelming to think about all of the things you would have to do to protect yourself. Below is a template to begin to reclaim your personal data privacy. Is this an exhaustive list? No - personal privacy is an incredibly deep field and to become completely private you would have to make some severe sacrifices (e.g. only dealing in physical cash, running a physical email server). However these items will get you a good start and you shouldn’t have to change your daily life too much.
🔍Privacy Checklist🔎
Email ✉️
- [ ] Get away from Gmail! Start using Proton Mail. Spring for the Proton Unlimited plan.
- [ ] Sign up for Proton Mail (do not create a username that includes personal information about yourself e.g. [email protected] if you want that address to be completely private)
- [ ] If using Proton Unlimited, you can use up to 15 different email addresses. Use your various emails for different types of websites to further obscure your online identity. These email addresses can have varying levels of intended privacy. You can have an outward facing, public email address that has your name in it, a personal email address for only friends/family, and a completely private email address. You can also register a domain name outside of Proton Mail (via a service like GoDaddy) and use Proton Mail with a private domain name ([email protected]).
- [ ] Use your Proton Mail email addresses when signing up for online services in the future.
- [ ] Migrate your Gmail information to Proton Mail, if desired.
- [ ] Do the hard work of unsubscribing from all of the email subscriptions that you’ve amassed over the years from your old email account.
Browser 🌐
- [ ] Change your web browser to a privacy-first alternative, such as Brave or Firefox. Do this on your laptop and your cell phone.
- [ ] Be wary of the Browser extensions you add - some have access to the data of the current webpage. Stick to only what is necessary (e.g. your password manager)
Multifactor Authentication 🕵️
- [ ] Purchase two Yubikeys (I prefer the Yubikey 5C NFC). This is a hardware security key that will be used as your multifactor authentication for key accounts (such as your Proton accounts).
- [ ] Download the Yubico Authenticator for desktop and mobile. This will generate rotating One Time Passwords (OTPs).
- [ ] Program your two Yubikeys to unlock your Yubico Authenticator app.
- [ ] Keep one key on your person (carkeys) and the other in a safe location (like a safe or safe deposit box). Do not lose your key! If you are securing online services via your Yubikey, only the person with the physical key will be able to attempt to authenticate to Yubico Authenticator.
- [ ] Ensure that any online account that you have is protected by multifactor authentication (either via text message, Yubico Authenticator, or via automatic generation from 1Password in the next step). This site will let you know if an online service supports multifactor.
- Description
Passwords 🔒
- [ ] Begin using a password service such as 1Password to mitigate the risk of getting your account hacked.
- [ ] Pay for the individual or family 1Password plan.
- [ ] Create your 1Password password. Write your master password down and place it in a safe place (like a safe or safe-deposit box). Do not take a picture of it!
- [ ] Go through the exercise of: changing your email addresses for online services to one of your Proton Mail emails and then generate new passwords through 1Password. This is also a good time to set up MFA for these accounts, either though text messages, Yubico Authenticator, or via 1Password OTPs.
- Description
Location 🌏
- [ ] Turn off location services on your Google account! While you are at it, pause your Web & App Activity as well on your Google account.
- [ ] Begin using a privacy focused Map App. Apple is surprisingly good with privacy, so Apple Maps is a good alternative. Otherwise you could use something like HERE WeGo
Network 🌐
- [ ] Get a Virtual Private Network (VPN) Service. Proton VPN is my preferred option. We’ll be talking more about Proton; I believe it is worth it to buy some of their paid plans. Do this on your laptop and cell phone.
- Description
- [ ] Download ProtonVPN desktop app
- [ ] Download ProtonVPN mobile app
- [ ] For both the desktop and mobile app:
- [ ] Use the Stealth protocol, if possible
- [ ] Turn on Secure Core to route traffic through privacy-friendly countries