Getting Started

The most common response I get when I talk about information security is that it's overwhelming. A lot of people shy away from making changes because they feel that they don't know where to start, or they've been led to believe that information security is an all-or-nothing game - either you go all in and chuck your phone into the river, or you may as well not even bother. Nothing could be further from the truth.

Below I have outlined my recommended priorities for implementing some of these principles into your own life. Every person is unique and every situation is different. If you feel that something is a higher priority for you personally, such as deleting unused apps on your phone, feel free to do that first. If you feel that some things are not a priority at all, such as using a VPN, then don't. Only you can make that decision. You can implement all these steps in one fell swoop - a single day or afternoon of sitting down and doing it all at once - or you can do it one day, week, or even month at a time. It's totally up to you. But the journey of a thousand miles begins with one step, and hopefully this checklist can help you take those first few steps.

Most Critical

Less Critical


Good General Practices When Using the Internet

Dont give any unnecessary information (address, phone number, real name, etc). Always ask yourself "do they really need to know this?" Probably not. This applies not only to messaging others, but to websites. Facebook, for example, has several extensive fields where you can add an address or phone number. These are unnecessary and are often abused.

Switch from the Chrome internet browser (which is basically just spyware for Google) to Firefox and use the following browser plugins:

Try to switch from mainstream social media platforms like Facebook and Twitter to more privacy-respecting platforms like Mastodon, PixelFed, or Diaspora.

Try to replace Google search with a privacy-respecting alternative, such as DuckDuckGo, SearX, or MetaGer.

Consider your Metadata at all times. Consider what information you might be unwillingly giving up, how it can be aggregated to identify you and your actions, and what you can do to mitigate it.

Encrypt your devices, especially those most-likely to be stolen or lost (such as laptops and mobile devices).

Remember that no app, program, protocol, or thing is 100% secure. Anything that claims to be 100% secure should be treated suspiciously; they are lying, probably to fleece those who don't know better out of money or data they claim to be protecting so they actually sell it. Additionally, because nothing is 100% secure, you should always try to do anything sensitive in person away from electronic mediums. If something is life-or-death important, don't email it even if you're both using PGP.