How To Be Safe Online
“Who cares? I’ve got nothing to hide..”
As from PrivacyGuides:
Privacy is a human right inherent to all of us that we are entitled to without discrimination.
You shouldn’t confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That’s because you want privacy, not secrecy. Everyone has something to hide, privacy is something that makes you human.
Being Safe Online is like knowing how to be safe on the street. We’re (hopefully) taught as kids to do things like, “look both ways before crossing the street” and we’ve all heard common knowledge like, “don’t share your passwords with people!”.
Protecting passwords is not enough to be “Safe” online anymore.
Encrypting your Data is step 1 toward Digital Sovereignty. Next is Protecting your Privacy and then is Good Practices.
Phase 1 - Encryption
Encryption is a data protocol that keeps information safe from unintended/prying eyes.
- If you whisper a secret to your friend’s ear, would you feel weird if some random person you don’t know all of a sudden appeared and heard everything you said? Except, the random person remains unknown and you would never even see them. Only, the information “kept secret” being leaked would reveal that this information was intercepted.
- Probably. So, this is what could relatively happen without using encryption.
Encryption helps contain data with the intended recipients. Opt for Data Encryption whenever possible.
*My personal recommendations.
Check out My Digital Workspace for more workflow ideas!
Signal is the instant messenger to use. Telegram is centralized and holds mixed feelings about it. For the most part, it seems relatively secure.
Element is like a Discord alternative. Great for group chats and communities!
Phase 2 - Privacy
Just because something is encrypted, doesn’t make it private.
What’s App is notoriously un-private. They tout being end-to-end encrypted, which protects the contents of the messages, but Meta collects ridiculous amounts of metadata and then sells it to other marketing companies. They don’t need to see the message contents to see who the message is from and to, what time, where it was sent, how long it was looked at, and a whole bunch of highly identifying information.
Unfortunately, people can get stuck in Phase 1 and can easily assume that “encryption = safe & secure”.
Safe? uhhh, about that….
The story goes something like,
You find a store online, they’re giving you 10% off if you sign up for their mailing list! Great.
You sign up with your main email, so you can read them and stuff. - The same email you used for Instagram, YouTube, Cash App / Venmo, your banking app, paying your taxes…
These companies now know:
- Your interests (what you’re genuinely interested in buying, your web browsing history - youtube videos, google searches, google maps gps, etc.)
- How much money you’re working with
And so, they can advertise very effectively to “you”, by showing you relevant ads within your actual budget and keep “you” perpetually poor, buying stuff you don’t need.
“You” is the common folk that are targeted and if you aren’t aware of the predators, it could be “you” too.
On the other end, it does support consumerism rather well, and if you were one selling products, then, “is it so bad?”
Again, if you’re using these hotmails, gmails, they know everything about you, the seller, too. They can really effectively sell you things to “help improve” your business now, still keeping you within a certain frequency.
This is the common situation nowadays, because nobody really taught us how to be safe online… This is what i’ve been doing for years too so, they’ve got pretty much everybody on reigns.
The way to regain your digital sovereignty is by using “data silos” to create ambiguity between different digital identities.
Starting with a “master mailbox” - definitely something encrypted like Tutanota, ProtonMail, or even CTemplar
There are several ways to go about this, depending on the budget.
Use ProtonMail with SimpleLogin as “Alias 1” and Tutanota as a separate email address for “official” emails as “Alias 2”.
Tutanota is significantly cheaper than ProtonMail at ~$1.30/month compared to $5/month. AnonAddy is also cheaper than SimpleLogin, having a few pricing tiers depending on your needs. They offer “Unlimited Aliases” but limit your bandwidth.
AnonAddy is better for having a different email alias for every single account registered. SimpleLogin limits the active aliases to 15. However, you can disable aliases to keep it the active addresses within 15.
If, you have more separate accounts, go for AnonAddy. If you get more emails from fewer accounts, go for SimpleLogin.
Tutanota doesn’t support PGP, so the security of SimpleLogin is compromised.
ProtonMail is a more featured email provider than Tutanota. They offer many modern features like nested folders for organizing the inbox (very nice!) and labels (tags) to sort emails too.
Tutanota feels clunky while ProtonMail feels very smooth and polished.
As we create “Second Brains”, its important to know who can poke it and access it. Automated systems can aggregate data in ways that no person would ever dedicate the mind to. Using the same email address across any platform will guarantee that an aggregating data machine will collect everything about you across these different platforms and generate a scarily accurate profile about you.
These machines can know how our brains work in ways that we may never get to know ourselves as the people living with these brains.
They can exploit our egos to influence us into decisions we would normally never make.
Start regaining your Digital Sovereignty today!
Phase 3 - Practice
This is all about changing your digital practices. Stuff like, remembering to use a SimpleLogin alias instead of your gmail when signing up for stuff.
“ahh I’ll get around to it later. I’ll sign up for this one with my gmail, it’s fine.”
The problem with this, is, you’re still giving Google information about your interests. You’re still building their profile about you. Stopping this is about stopping the habit.
Transfer all your accounts to ProtonMail or Aliases from gmails. then, forget gmail even exists. It is no longer a valid option. Don’t use it for anything! If you can… sometimes, our networks are built upon these platforms that its not a “simple switch” one can make overnight. In fact, it’s likely that you’ll need your gmail for quite some time while you’re finding all the old accounts you signed up for and getting around to updating the information.
Bonus Round - Custom Domains
Although custom domains drastically reduce one’s privacy, they are very convenient for “Clearnet” purposes. Using a custom domain in your email address reduces the need to go into all your accounts again to change your email address. You can simply transfer your custom domain to any mail provider with ease. Prior emails will be inaccessible of course, but proper backups will help keep all your data safe and available. If you end up not liking ProtonMail or want to try Tutanota or CTemplar, you can transfer your custom domain without needing to actually change your email address.
Also, they make your web presence legit af.
Just be aware of where you distribute your domain! It is easy to single out someone online if you’re the only one using that domain.
Check out Privacy Guides for more information!
Notes mentioning this note
There are no notes linking to this note.