Drew Howden Tech

Privacy & Security Tips

On Your Computer (and other devices)

  • MOST IMPORTANT: Keep your operating system and software up-to-date! At minimum, stay on top of your security updates
  • Put passwords on ALL your devices (even the ones you don’t think need them)
  • Check your privacy & security settings on all your devices; Disable telemetry (data collection)! Audit these settings from time to time. Same goes for online accounts too!
  • Set up a firewall on your computer; I recommend a “deny all incoming, allow all outgoing” policy, which blocks unsolicited connections to your computer, while still allowing all your programs to function
  • Encrypt your hard drive; Windows, macOS, and Linux all offer options to do so
  • You might have guessed this one: Switch to Linux if you’re on Windows; Microsoft does not care about your privacy, and Linux has more security features and a much smaller attack surface compared to Windows
  • If you must use Windows, use an antivirus; I recommend either Malwarebytes, or the built-in Windows Defender. Stay away from Norton and McAfee—you’d be better off with a virus than one of those!
  • Never download programs from unknown sources! Stick to official app stores whenever possible
  • Audit the list of programs you have installed periodically, and uninstall programs you no longer use; This reduces your attack surface
  • Enable the “show file name extensions” option, which allows you to clearly see what kind of file you are dealing with before you open it; Linux does this by default
  • Check unknown/suspicious files with VirusTotal, which scans files with dozens of different antiviruses
  • I know this isn’t really a privacy or security tip, but more of a practical one: Backup, backup, and BACK UP your data! Ideally, have two backups—one locally, and one in the cloud. Check out Ubuntu’s backup solution

To learn more about how to secure a Linux PC, check out this video:

*Although this video was made with Linux servers in mind, you can take most of these points and apply them to desktop Linux!

Online

  • Use unique, complex passwords on every single website (yes, every single website)! Ideally, use a password manager (I recommend Bitwarden) to do this
  • “Complex password” means at least 12 characters (14 or more is ideal), including a mix of uppercase and lowercase letters, numbers, and special characters
  • Set up 2-Factor Authentication (2FA) wherever possible; Ideally using an offline code generation app like Google Authenticator, rather than email or text message verification codes
  • Don’t use public Wi-Fi; If you must use public Wi-Fi, use a VPN, or at the very least, make sure web addresses start with “https” (which indicates an encrypted connection)
  • Don’t use Google Chrome or Microsoft Edge as your browser; Google and Microsoft do not care about your privacy! I recommend switching to Mozilla Firefox (which actually comes preinstalled on many Linux distributions)
  • Similarly, don’t use Google or Bing as your search engine; Use DuckDuckGo instead
  • Use a tracker blocker; Firefox has one built-in—I recommend changing the setting from “Standard” to “Strict”
  • Change your DNS server from the default, to prevent your ISP from keeping logs of what websites you visit; I recommend using Cloudflare’s DNS (even better, do this on your router)
  • Check your privacy & security settings on ALL your online accounts—especially social media accounts—from time to time

On Your Router

  • Change your Wi-Fi network SSID and password from the default
  • Configure your router to use WPA2/WPA3 security, which is the latest standard
  • Change your admin password from the default; Here’s a list of default router passwords
  • Change your DNS server from the default; I recommend using Cloudflare’s DNS
  • Disable UPnP (Universal Plug and Play), unless you use an application that relies on it (such as BitTorrent or some online games); Because UPnP allows devices to open ports on your router without authentication, it greatly increases your attack surface! In addition, some routers’ UPnP implementations have massive security flaws!
  • Disable WPS (Wi-Fi Protected Setup); WPS is an outdated, insecure authentication mechanism that makes it easier for someone to connect to your Wi-Fi network without authorization, and it provides almost no benefit over typing your Wi-Fi password in manually
  • Enable IPv6 security settings, which apply a “deny all incoming, allow all outgoing” policy to IPv6 traffic, so unsolicited IPv6 connections are blocked—similar to what the NAT functionality does with IPv4; IPv6 security settings are sometimes not enabled by default!