For me it would be the following:

  1. Don’t reuse usernames/names
  2. Avoid using social media
  3. Use Tor/VPN when you can
  • Nik282000@lemmy.ca
    55·
    1 year ago

    For normies it’s easy:

    1. Password Manager
    2. Firefox
    3. Adblocker

    Those three will make up for 90% of peoples bad habits.

    • Schlemmy@lemmy.ml
      5·
      1 year ago

      Password manager is something I’ve been preaching but they seem to find it to much of a hassle. Set up Ubikeys for my MIL. Works like a charm.

    • dangblingus@lemmy.dbzer0.com
      21·
      1 year ago

      How does a password manager improve online privacy? Aren’t you just centralizing all of your login credentials that could be hacked like a certain password manager was recently?

      • Zastyion345@lemmy.ml
        3·
        1 year ago

        Use strong master password. Use a 2fa / passkey. Use reputable secure one like bitwarden or better a offline one like keepassXC.

        Password managers are great tools that if used correctly can be very good but when you use them incorrectly it can go very wrong.

        The main thing that they solve is week passwords, and passwords that are reused.

        • Nik282000@lemmy.ca
          2·
          1 year ago

          Keepass wiht my kdbx in a webdav share with basic auth is the tits. I can access and modify it remotely and it’s easy to detect and block any bots/users who are snooping and trying to access the webdav share. After 3 years of using this setup I’ve only had a dozen hits on that directory out of the hundreds of thousands of bot requests.

      • pixelscript@lemmy.mlEnglish
        1·
        1 year ago

        Provided that your key store password can be made very strong, all the risk posed by having all your eggs in that one basket are, speaking from the perspective of an average computer illiterate user like my mom, far outweighed by avoiding the inevitable alternative of one password (or a family of derivative passwords) used across all services.

        One extremely good lock is a step up from two dozen shitty ones if it’s a cascade failure either way.

      • Nik282000@lemmy.ca
        1·
        1 year ago

        For sure if you use a cloud provider, but there are self-hosted and totally offline solutions.

  • auf@lemmy.ml
    494·
    1 year ago

    Here’s the ultimate tip for securing your private information.

    1. Keep away from the Internet
    • Otter@lemmy.caEnglish
      18·
      1 year ago

      Yea a lot of this advice “don’t use anything from Google/Microsoft/Facebook/amazon” or “avoid social media” is just going to tell newcomers that privacy isn’t for them

      Instead go in order

      • secure private messaging since that’s where a lot of your personal private info is going (use Signal)
      • switch to Firefox over chrome, it’ll do all the same things
      • use bitwarden (or keepass, but that one is a bit more technical) to manage your passwords, and generate random passwords for things you can reset easily

      All of these are easy, don’t have much of a learning curve, and will give them significant gains privacy wise. Also I’m betting they will continue to learn and do more stuff after that.

  • cooopsspace@infosec.pubEnglish
    281·
    1 year ago
    1. Password manager such as Bitwarden, generate long strong passwords for everything.
      1a. Corpo SSO (By which I mean “log in with Google/Microsoft/Apple/Whatever”) nothing.
    2. Hardware keys, MFA on anything that doesn’t support one.
    3. Degoogle, de-megacorp.
    4. Use Linux, stop the Stockholm syndrome that is Windows.

    VPN shouldn’t even be in the top 10. The benefits are dubious at best and the jury is still out on whether it makes you more of a target or if you can trust ANY provider meaningfully.

  • Chaotic Entropy@feddit.uk
    17·
    1 year ago

    Don’t be afraid to lie when it doesn’t matter. Unless it is for something official or that will impact the service, use the wrong DoB, enter the wrong name, etc… if it isn’t going to need verification then there is no need to give valid data that can be stolen or misused at a later date.

    • ReversalHatchery@beehaw.org
      3·
      1 year ago

      But be sure to take note of that piece of information that you have lied, in case they will ask you when the time comes for account recovery.

  • OpenSourceDeezNuts@sh.itjust.works
    12·
    1 year ago
    1. Ditch Chromium.
    2. Use a Password Manager instead of “log in with Google/Facebook/whatever”
    3. Keep tabs on Mobile App permissions and revoke as many as you possibly can. I revoke location permissions from every single app except Navigation apps, which have to ask for location permissions. If possible, remove apps in favor of Native Alpha / Hermit web apps
  • hperrin@lemmy.world
    10·
    1 year ago

    I disagree with your #3 point. There is nothing stopping you from disclosing personally identifiable information through Tor or a VPN. They can help you with keeping private, but they don’t do anything if you don’t know how to use them for privacy.

    The Tor browser resists fingerprinting, but a VPN doesn’t. A VPN only keeps your IP address private, and your IP address isn’t really that interesting to the big tracker companies.

    I would say something more like Firefox’s container tabs is way more useful for privacy.

    • dangblingus@lemmy.dbzer0.com
      1·
      1 year ago

      Your IP address is everything to companies that track you. It’s way easier to automate software to collate data on a range of IP addresses than it is to create bespoke automation or gasp employ somebody to create data points on you. If you’re in the habit of identifying yourself online by signing all of your posts with your name, age, and email address, sure, a VPN won’t keep you 100% private, and your DNS lookups are still plaintext, but if you change your server periodically and don’t provide any details about who you are, what the hell is an ad serving company going to do with a range of known VPN server IP addresses?

      • hperrin@lemmy.world
        1·
        1 year ago

        Not really. I know Google doesn’t associate an IP address. You can test it in a private window.

        Also that would be silly. Most families share an IP address, so your tracking data would be all mixed up for the whole family. And most people’s IP address changes every month or two, so again, your tracking data would be mixed up with the previous family who used that IP.

        IP address is nearly useless as a tracking mechanism. You can use it to get someone’s approximate location, and that’s about it.

  • SaltyIceteaMaker@lemmy.ml
    111·
    1 year ago

    Got some disagreements here:

    I’d say you can reuse names/user names but then you should seperate your internet personality from your reallife personality.

    Choose the right social media (fedi verse stuff that doesn’t spy on you)

    Also tor is a bit much for most things. for staying private a vpn you can personally trust should be enough

    But the tips you listed are great for staying anonymous

    • hperrin@lemmy.world
      4·
      1 year ago

      Fediverse stuff can still be scraped and used to profile you, but since there’s no targeted advertising on the platform, if you’re anonymous, that’s extremely unlikely.

  • atimehoodie@lemmy.mlEnglish
    111·
    1 year ago

    Wow. Lemmy’s user base has really pidgeon-holed itself in these comments. Just observing, not critcizing. Interesting to see. Privacy to most people here means privacy from big tech and government. Responses are also largely technology-focused solutions rather than personal practices.

    I’m going to throw “Don’t give out your personal information” into the ring to round things out.

  • dangblingus@lemmy.dbzer0.com
    8·
    1 year ago
    1. Use a trustworthy VPN and encrypt your DNS lookups
    2. Set up a Pihole for DNS filtering and ad server blocking/use UBO on FF
    3. Don’t associate your online usernames with your real name or any identifying information like your birthyear (so like, don’t use Facebook)
  • ReversalHatchery@beehaw.org
    7·
    1 year ago

    I would put “Alwayse use uBlock origin, and decline any data consents” instead of the third point, and swap it with the 2nd

    • hperrin@lemmy.world
      61·
      1 year ago

      Brave’s track record on privacy has been really good. It’s all the other terrible shit they do that you should avoid them for.

    • amitten@normalcity.lifeEnglish
      44·
      1 year ago

      Oh, what’s the deal with Brave? I’ve been pretty impressed with it, but I suppose I’m not familiar with the privacy isuses.

            • amitten@normalcity.lifeEnglish
              2·
              1 year ago

              In response to the first article: The whole point of brave was privacy-respecting ads, which is something I can get behind. The article doesn’t mention much in terms of how they are selling data that is connected to you. Adding affiliate links to the url–not a great idea but also not a huge offense to me. I see very little substance to critique this part of Brave in the article.

              The rest of the article is about associations Brave has with other “bad” people and “bad” things. These are not real arguments for why the actual software is not good. Saying Brave promoted FTX doesn’t really mean that Brave is evil. Not everyone knew what was going on there. Again, I don’t see much substantive critique of Brave on this front.

              For the second article: I very much don’t like it when software decides to install other software that I’m not aware of. Big mistake for Brave.

  • chicken@lemmy.dbzer0.com
    6·
    1 year ago
    1. Don’t say too much about yourself or post photos
    2. Burn old accounts and make new ones periodically
    3. Turn off features that notify people when you get online or what you’re doing like Steam and messaging clients