These are some practices which worked for me, You can adjust them to match your preferences. Feel free to add your own in the comments
- If you are forced to use something that is privacy invasive, Make it isolated from your actual profile. (Ex- Using a 2nd Browser profile, Using an alias to signup)
- Always use the services that you use from their official clients. Don’t blindly trust 3rd party clients just because they claim that they are “more private”, Do some research before using it.
- Don’t mix up your work life with your personal life. Consider getting a second phone just for work purposes or you could use a second profile for work purposes if your phone has the ability to create multiple user profiles.
- Keep a habit of clearing the browser data once in a while. (You can make your browser automatically clear the browser data when closing but it can be kinda annoying when you have to log back into websites everytime)
- Strip away the metadata of your photos and documents when sharing them.
- Check connected apps/services regularly and revoke unused ones. (on Discord, GitHub, Matrix and etc.)
- Audit app permissions regularly (Some apps adds in new permissions or re-enables permissions over updates)
The old #3 tip got removed (The password one) because it served no additional protection and was pretty annoying. It was a mistake by me, sorry
3 is stupid.
The point of a password manager is to enable the use of multiple different passwords and usernames. The point of using multiple, hopefully unique, passwords and usernames is that when joes website gets breached and their passwords and usernames get leaked because they were storing them in plaintext it doesn’t mean all your accounts everywhere else are now compromised.
That happens a lot and if you want to learn how affected you are at this very moment just check haveibeenpwned to see what’s osint on your usernames.
So let’s say you’re appending the classic “monkey1” to your autofilled password manager passwords. You’d be protected from a password manager breach until one of your website logins is breached and someone realizes all your gibberish high entropy passwords have “monkey1” on the end. Considering there are billions of leaked credentials and millions get added each week, that’s kind of like putting wallpaper up so the tank coming through your brick wall has to work a little harder.
So what would be actual good advice? Key rotation. At some interval, clear your cache, browsing history etc and change all your passwords. Now you’re actually protected from breaches of old credentials and current credential breaches are rendered moot.
If you read all the way down to here, consider not relying on this community for privacy or security advice. The fact that “stupid asshole” was able to easily articulate why something on the list is a waste of time when no one else has done so should raise some eyebrows.
bruh why you are so harsh. It was clearly a mistake on my end 😭😭
That’s not harsh. The closing sentences were not meant as an attack on you but as commentary on a pattern in this community.
It’s worth noting that appending a string to your password manager passwords would protect you from simple automated attacks after a password manager breach. Sometimes that’s enough.