Privacy Checklist

Inspired by Barton Gellman's "Digital Self-Defense for Normal People", the following steps should help citizens of any skill level live a more secure, private life.

Update Your Software

Turn on Automatic Updates for your operating systems (Windows, MacOS, Linux), browsers, and apps.

Use a Password Manager

Don't reuse your passwords or save them in your browser. Invest in a password manager like 1Password.

Use 2-Step Authentication

2FA protects your accounts even if your password falls into the wrong hands. Software options like DUO are good; hardware options like Yubikey are better.

Use a Longer Phone PIN

4-digit PINs are easy to guess. Use a 6-8 digit PIN to enhance your security. After all, your phone holds your most valuable secrets.

Be Cautious with Email

Sometimes friendly looking email can contain malware. Don’t open attachments or links until you verify by phone or private messenger that they’re legit.

Avoid Emailing Sensitive Data

Email is a security nightmare. Whenever possible, use a private messenger instead- especially when sending sensitive data. If you have to use email, do it securely.

Back Up Your Data x2

If you backup to the cloud, do it with a secure provider like CrashPlan. If doing it yourself, use two hard drives (one away from your computer). If you can, do both.

Browse Privately with a VPN

Good VPNs keep your browsing habits private and secure, but not all VPNs are created equal. We suggest TunnelBear, NordVPN, or Freedome.

Use an Encrypted Messenger

Whenever possible, avoid using SMS messaging. Instead, use an end-to-end encrypted private messenger.

Use Your Computer's Firewall

Firewalls block unwanted incoming connections to your computer, and now come standard on MacOS and Windows. Turn them on and keep them on.

Get a Fake Phone Number

Avoid using your real phone number whenever possible. Use a disposable numbers from a service like Hushed. If things get spammy, ditch it for a new one.

Protect Your Credit Cards

Credit cards are extremely vulnerable to attack and are a primary source of identity theft. Whenever possible, use PayPal (with 2FA enabled), ApplePay, or cash instead.

Don't Upload Your Addresses

Some services like Facebook and LinkedIn want your contacts to make connections easier. Don't do it. Keep your Address Book out of third-party services.

Opt Out of Cloud Records

Some doctors and schools are putting patient and student records in the cloud. Opt-out of this whenever possible. Keep sensitive data as contained as possible.

Keep Learning & Stay Vigilant

Being secure takes work and practice. Apps can help, but changing your mindset is more valuable than changing your tools. Keep learning & help others along the way.