Get a password manager
Instead of using the same old passwords over and over again, use a password manager to generate and safely store unique and strong passwords for different websites. Having unique, strong passwords helps prevent hackers from using your data that has been breached or stolen from one website to access your accounts on other websites. Check haveibeenpwned.com to see if you've already been breached.
Only takes 10 minutes to set up.
Enable Two-Factor Authentication (2FA)
Instead of using just a password for your important accounts, add a safety net to protect your personal information by enabling 2FA. This adds an extra layer of protection; any potential hacker has to both know your password and have your phone.
Download an authenticator app: try Google Authenticator (Android, iPhone) or Authy (Android , iPhone). Find instructions for enabling 2FA for each account you care about on twofactorauth.org. Always remember to write down recovery (backup) codes or, if using Authy, enable backups.
Approximately 10 minutes per website.
Get a Virtual Private Network (VPN)
Using a VPN prevents your web browsing metadata from being retained. Data retention is a form of mass surveillance.
Approximately 10-30 minutes, depending on the extent of your research.
Turn on patching (automatic system updates)
Security patches need to be applied regularly to update your system, so that when new viruses, malware and worms are invented you’ve got all of the latest security holes plugged, keeping yourself safe from the hackers.
Follow these instructions for enabling automatic system updates on mac OS. Check back later for Windows instructions.
Install an encrypted messaging app
Using an encrypted messaging app means that only the people you actually send your messages to can read them. It guarantees the privacy of your communication, and the best apps, like Signal, offer some protection for the privacy of your messaging metadata (compared with WhatsApp, which shares your data with Facebook).
Download the Signal app (Android, iPhone), then tell your friends to get Signal too! More detailed instructions can be found on the Surveillance Self-Defense website for Android or iPhone.
Check your social media privacy settings
Often, social media settings expose your information to people or organisations that you didn't intend to share it with. Unfortunately, the settings on many social media sites are over-complicated, making it very difficult to control how your data is used.
Click through the settings to the security and privacy options on your social media accounts. For Facebook, read this guide on how to regain control of how (and by whom) your information, images and data are used.
5-10 minutes for most, and 15-30 minutes for Facebook.
Check your tracking settings
You probably don't realise how much information Google, Facebook, and some other organisations have about you. Their business model is to target advertising as narrowly as possible to demographics and specific interests, which relies on tracking your web browsing, searches, and interactions with other people.
Check what data Google has about you using My Activity, then use their Privacy Checkup to walk through the options for enabling or disabling each type of tracking (note: unfortunately, Facebook doesn't offer an equivalent to My Activity, and doesn't let you configure tracking to this level). Try using a tracker blocking browser add-on: 1Blocker on iPhone, Ghostery on Android, or Disconnect on your computer. You can also try a privacy-respecting search engine like DuckDuckGo.
Check back soon for quick screenshot-based walkthroughs:
- Using Signal
- Two-factor authentication on Facebook with SMS
- Two-factor authentication on Google with the Google Authenticator app
- Password management using LastPass
- A DIY Guide to Feminist Cybersecurity
- EFF's Surveillance Self-Defense Guide
- privacytools.io's extensive list of privacy-respecting tools
- Why privacy is important, and having "nothing to hide" is irrelevant
- What kind of rear window into encryption do the Five Eyes want?