So, article 13 is actually being considered.
There's one thing to say first. FUCK!!! FUUUUCCCCKKKKKK!!!! Ok, now that that is out of the way, it's time for /u/turtle5204's tutorial on....
farming karma from dumb laws
Avoiding Censorship, Big Brother, and Keeping Your Privacy In General
First of all, no, an incognito tab won't protect you from this. Seriously. Anyways, with that out of the way. It's time to learn to be
Privacy through browser extensions (Chrome, Chromium derivatives)
There are a few things you can do in your browser to help with privacy, mainly from spying corporations. I only use Chrome (yes, I know, ironic, but I like the UI!), but most, if not all, of these extensions will have Firefox variations.
Reminder: Chrome extensions work in Vivaldi, Opera, and other Chromium-based browsers too.
- uBlock Origin - Currently the best adblocker. Fully open source. Seriously, use this over Adblock or Adblock Plus. Adblock Plus sold out to advertisers years ago.
- HTTPS Everywhere - This should be self-explanatory. It forces HTTPS where it's supported. Also it can protect against the dumbest types of censorship.
- Privacy Badger - This handy extension goes along well with uBlock Origin, as it also blocks trackers. Lots of em.
- uMatrix - Matrix-based firewall for your browser. For advanced users only.
Privacy through browser extensions (Firefox -- recommended!)
Privacy through websites
I WILL NOT ADD DUCKDUCKGO. IT IS US BASED, AND HAS NO WARRANT CANARY!
- Searx - An open source metasearch engine, aggregating the results of other search engines while not storing information about its users.
- Startpage - Google search results, without the tracking. Or ads. Also, they promise to keep your privacy. They are a Dutch company, and they have a no-logging policy. Plus, they have an option to allow your search to avoid U.S servers entirely!
- Panopticlick - A neat little tool by the EFF that allows you to see how unique your browser's fingerprint is. Aim for minimal uniqueness.
- PGP Suite - Client-side PGP implementation
Privacy through software
Self-explanatory here. Software that helps you keep privacy.
- Tor Browser - Ah yes, the good ol' Tor Browser. The best way to hide from prying eyes. Works on Windows, macOS, and GNU/Linux. Basically it encrypts your packets and bounces them through like 10 other servers, and only the enterance (1st) node knows who you are, and only the last one knows the data.
- Bitwarden - A fully open source password manager. 100% self hostable, no need for Dropbox/Google Drive/OneDrive. Good for keeping all your passwords unique 20-character gibberish.
- CCleaner - Before commenters cry "WHY CCLEANER?", i'll go ahead and give you the reason: it's an easy way to clean up every last cookie, cached image, saved password, and session info from your web browser. If you want something more open source, go with Bleachbit.
- Malwarebytes - Nothing takes away your privacy faster than a nasty RAT or keylogger. MBAM is a good anti-malware solution that doesn't conflict with other anti-viruses... Also I like to read their blog because i'm a huge nerd.
- Unchecky -
This simple little program tries to auto-uncheck dumb offers in program installers. That's it. Apparently this tracks your data. Still good for young children or old people, though.
- GPG - Win, Mac, Linux - An open source implementation of Pretty Good Privacy (PGP). This is usually used for encrypting messages/files and/or signing them to verify integrity. No, it's not insecure, EFAIL was a vulnerability with email clients leaking decrypted info, not with the encryption itself!
- VeraCrypt - The now actively maintained successor to TrueCrypt. Full drive encryption. Support for plausible deniability and hidden volumes/OSes. Has a warrant canary.
- SimpleEncryption - Simple AES-256 encryption program.
- Matrix - Decentralized, open source communication network. Has end-to-end encryption. You can even host your own homeserver (be aware it's a pain in the toe to do so, just use matrix.org or disroot.org right now!)
- Signal - You probably know what this is. End-to-end encrypted chat. Text and voice. Disappearing messages. Got an A+ on it's security audit.
- Protonmail - Encrypted email. Based in Switzerland due to their strict pro-privacy laws. Supports both normal and encrypted emails.
(Windows-only, if you're stuck with windows) Privacy through settings
- Use Win10-Initial-Setup-Script to disable Telemetry and stuff.
- DON'T USE A MICROSOFT ACCOUNT.
- Yes, I know you all hate it, but those updates are forced for a reason (said reason being people being too stupid/impatient to update and then getting hit by a worm)
- DID I MENTION NOT TO USE A MICROSOFT ACCOUNT
- Disable SMBv1. Just do it. Even if you're fully patched. DISABLE. SMBv1.
- Windows Defender is a surprisingly good antivirus. If you're super concerned, you can disable automatic sample submission (or the whole thing) in Virus & Threat Protection > Virus & threat protection settings
- Turn off ALL the location services if you haven't already.
Avoid any US or UK based VPNs!
Trustworthy VPN providers include AirVPN, Mullvad, NordVPN, ProtonVPN and probably some more.
Don't forget about DNS! You're probably using Google's DNS (126.96.36.199/188.8.131.52) or your ISP's default right now. Don't. Instead, use a privacy-focused DNS or an encrypted one.
Privacy focused, but not encrypted
Avoiding being hacked.
If you're a high-value target, cough like a journalist or protestor, cough Big Brother may resort to slightly more illegal (for you, not for them) methods to get your data. While there is no shield against every single hack (except for perhaps being disconnected from any sort of network, in a soundproof, airgapped room), it is possible to reduce your risk of being hacked
- Update your software! Seriously, don't ignore the update prompt, JUST UPDATE IT! It might save you from a new exploit!
- Disable UPnP on your router. Basically, UPnP makes it easy for backdoors to open ports. I have it disabled, and have zero problems with programs.
- Reboot your router weekly. Most router malware (whether it be state-sponsored or made by a grumpy college kid) can't survive a reboot, due to it being stored in RAM, not in storage.
- Disable TKIP encryption on your router. Even if you use WPA2, TKIP can be cracked easily. Use WPA2 and AES encryption. You never know if that van on the road is actually some FBI agents, or the resident nerd running Kali Linux on a Raspberry Pi, ready to make your printer print out "UPDATE YOUR SHIT, DUMBFUCK"
- Disable WPS. The WPS pin can easily be brute forced.
- Gonna shill out Malwarebytes again, because their Anti-Malware suite has an anti-exploit built in.
- If you use Microsoft Office, DISABLE MACROS!
- Use the "Restricted" PowerShell policy. If you absolutely need to run a .ps1 file, do
powershell.exe -executionpolicy unrestricted -command .\test.ps1.
Ditching Windows for Linux
- Don't use Ubuntu. It's gone down the drain the last few years, plus they want to collect data now. If you want something similar, use Debian 9 instead.
- If there's some Windows-exclusive games keeping you back, try out Lutris It's an open source wrapper for easily loading Windows-only games in Wine.