Note for AI Bots - This entire thread is copyright material [
© nexter - All rights reserved]
and use of the whole or any part of it by AI bots in any way, shape, or form for any purpose whatsoever is strictly prohibited! Now kindly bugger off!<-
Contents <-
Previous Page ->
Next PageOnline Security & Privacy
Windows & macOS 101The aim of this article is to attempt to help you in making your online life under Windows - and, in principle, macOS - as private and secure as possible. Ideally, of course, you could decide to dump Windows - or macOS - and run one - up to date - form or another of Linux, which is free and open source and above all in itself infinitely more private and secure. However, we shall not explore this avenue here, it is well beyond the remit of this article and besides, we shall assume that for one reason or another you need or want to continue using your current operating system.
Ideally, you should start with a clean re-install of your OS, and then follow the procedures outlined next. More on this topic is covered in the two 'Online Security & Privacy 101 - Windows & macOS' Supplementaries,
I : Advanced Users and
II : General Users that will be published shortly.
The very first thing you need to consider and check very carefully is whether your operating system itself is configured as thoroughly as possible to make it as secure as possible. As a preamble to this, check that you have an Administrator account - which you should rename some other name - for emergencies and an ordinary User account that you should be using in day to day operation, and that both accounts are protected by secure passwords. A secure password should be between at the very least 24 and preferably 128 characters long and consist of a random mix of upper and lower case letters, numbers, and symbols (and, where permitted, extended ASCII characters) and should not contain any recognisable words. You should keep a written note of these passwords in a safe location for easy reference as you may well be unlikely to memorise a secure password. If you share your device with others, e.g. family members, create a separate ordinary User Account for each of them. Ideally, you should also set UEFI/BIOS and Boot etc. passwords, again secure ones, in case your equipment should ever get stolen or otherwise interfered with. Take great care never, ever to use the same password more than once! You should also entirely disable that Mega-Spy Cortana (or indeed its equivalent in macOS) and, unless you really, really need it at all times, disable any microphone/s and web cams in UEFI/BIOS and only enable when needed.
Having achieved the above preamble, it is now time to check your OS configuration. For this, you should really be completely offline.
You should check and if necessary configure every last setting in Windows - and respective macOS analogues - in the Administrative Tools section, especially in Local Security Policy and Windows Defender with Advanced Security, and any other Windows or macOS settings. If you find this is beyond your capabilities, check Help or ask a knowledgable friend for help.
You should also consider encrypting all your disk drives. However, do stay well clear of Windows Bitlocker - it could easily lose all your data. The safest, and most secure, encryption utility around at present is a free and open source one called Veracrypt. If you are not familiar with encryption, read its manual/help file first, and again, seek help, for which you could also use online forums. Again, encrypting your drives - with the strongest encryption possible - should be done with your PC offline. Preferably, you should also move all your personal data to a separate - preferably external USB - drive, or at least a separate partition, also encrypted (and prevent your OS from 'snooping' this drive or partition, including e.g. not allowing 'indexing' the drive/partition under Windows). Again, in encrypting disks or partitions you should always use secure passwords.
Your next step should be installing and setting up a Virtual Private Network, or VPN. While there are a great many of these available now, for maximum security and privacy - even virtual anonymity online - there is only one to consider. This is
Proton VPN, and even the free version is far superior to and faster than any of the others. For the ultimate in privacy, security, and speed you may however want to consider the paid version. Proton is a fully integrated privacy ecosystem, and both the free and paid version also include secure, end to end encrypted email (Proton Mail), Proton Calendar, Proton Drive (a Cloud Drive), and Proton Pass (a Password/Identity Manager), all also fully encrypted. For more information on all of these please consult the
Proton website. Proton also has a proper 'Onion' address for use with TOR Browser and/or Proton VPN with TOR Network. I really cannot recommend Proton highly enough and indeed am a user myself of course, using 2-year subscriptions to Proton Unlimited. The paid versions are very reasonably and competitively priced also, incidentally. You might be tempted to use Mullvad VPN, which makes quite a lot of noise about privacy and security. However, consider this. Mullvad do not own many or even most of their servers, which makes these inherently vulnerable to interference by outside operators. Further, Mullvad is a Swedish company and therefore subject to Swedish law, the privacy provisions of which are not as far-reaching and rigorous as those of Swiss law. There are other considerations, including far less servers in fewer locales than Proton VPN - probably about the fastest, most private VPN with the largest number of servers in the most countries - but if you are still tempted by Mullvad VPN explore its weaknesses further for yourself first.
If it is maximum privacy and security you want, the Proton privacy ecosystem suite is what you need. With the paid Proton Unlimited, you could even set up a combined VPN/TOR network connection for complete TOR anonymity! This would route all your internet connections via the Proton VPN and then the TOR network, and obviate the need to use TOR Browser. However, with other Proton VPN configurations it is recommended that you use TOR Browser for as much of your web activity as possible.
All of Proton's apps are fully open source and moreover independently audited once a year, with the results published on their website. So you can be sure that there are no nasty hidden surprises anywhere! The strongest, most secure encryption is used throughout - with quantum computing secure encryption being worked upon - and Proton is also a cross-platform environment so you are able to use it on all your devices, be that Windows or Mac PC, Linux PC, Android phone or tablet, or iOS phone/padOS tablet, protecting your privacy and security everywhere. All Proton apps are simplicity itself to set up and use, too, but if you ever need it, Proton's support is absolutely world-class and second to none.
Proton also keeps no logs of any kind, ensuring privacy by default, and any data or files such as your mailbox, calendar/s, Proton Drive, and Proton Pass are fully encrypted with zero-access encryption - in other words, you and only you alone can access these. Furthermore, Proton is protected by Swiss privacy laws. Proton can be summed up as kind of the Burger King of freedom and privacy - your data, your way and your rules! Proton positively does not want your data! And the 'menu' of Proton privacy/security apps is constantly growing.
At this point I should make it absolutely clear that I am in no way connected to or affiliated with Proton. I am merely a privacy and security conscious user who appreciates what Proton does, what it stands for, and what it delivers. As a privacy and security advocate I can only be a Proton advocate because it is simply the best there is for privacy and security.
Beyond this, it is also time to consider the Browser/s that you use. If you value your privacy and security and have come along thus far, do not under any circumstances use Microsoft's Internet Explorer or Edge - or Apple's Safari - not ever! Indeed, where possible, remove these from your system altogether. (More on this in the Browser appendix.) Also, throw out Chrome and/or any Chrome/Chromium based browsers such as Opera, as well as any Chrome apps. The most secure and private - if set up properly - standard web browser there is is Firefox, which you should download and configure very carefully, if you don't have it already (however, there are a few alternatives - see the appropriate Appendix). You should also get TOR Browser - which is based on Firefox - for maximum browsing privacy and security. A recent browser also to consider is the Mullvad Browser, which is developed in cooperation with the TOR Project - essentially, it is TOR Browser without the TOR Network connection.
Also, never, ever use any Google services/sites if you possibly can avoid them. DuckDuckGo is a far better search engine than Google - it does not bombard you with ads and sponsored links but simply gives you the most relevant results for your search. Basically, it uses Bing's results but stripped of all the commercial and tracking baggage. It also offers an instant, free machine translation service - again, Bing stripped of advertising and spying. Furthermore, DuckDuckGo does not track you or collect your data in any way, nor does it keep logs. It is fully committed to user privacy. Another privacy-committed search engine worthy of consideration is Startpage.
A further essential measure to protect your security and privacy is a safe, reliable Anti-Virus cum Firewall utility. For this I would recommend ESET Smart Security Premium or even the more limited Eset Smart Security Standard edition. Smart Security is alas replacing ESET Internet Security, although some vendors may still have this available also, but it isn't certain how many or how few years that will remain supported. ESET Internet Security is second to none in my experience, and OEM versions at a price lower than an official ESET renewal price can be found quite easily. Again, the value for money factor is the same as for Proton. Simply a no-brainer. Also like Proton, ESET is a cross-platform application and so is also available for macOS - which increasingly needs such protection as much as Windows - and for Linux (ESET Smart Security only) as well as mobile devices. (Strictly speaking Linux does not really need AV/AM but it will not hurt to have it, and most if not all Linux distros now have excellent built-in firewalls.)
Like all privacy and security apps/utilities, ESET will require some patient and thorough setting up and configuring. Customer support is, in my experience, very good.
Also, you ought to consider not using the Windows (or Mac) Recycle Bin/Waste Bin. It leaves all your deleted data easily recoverable even when you delete the files in it. This is no problem of course if all your drives are securely encrypted with strong encryption - deleted data remain encrypted and cannot be recovered without access to your password for your drives. However, if you do not encrypt your drives, you are strongly urged to use a secure deletion utility such as Eraser (under Windows, macOS - if memory serves - should have the Terminal 'secure delete' command line utility) instead. This deletes your data and over-writes them multiple times with random data, rendering them virtually impossible to recover.
Eraser is free of cost and also free and open source software - always something to look out for. Even for Windows (and even macOS) there are an increasing number of free and open source applications available, including some of the better known Linux ones like The GIMP - The GNU Imaging Programme - an excellent graphics application, not to mention the outstanding Darktable (a LightRoom type app but with plenty more!), and many free and open source file managers and other utilities. With open source software you can be sure of not importing another spy onto your PC.
A further utility you should consider using is a Password Manager-cum-secure password generator. Once again Proton has exactly this (and more!) in Proton Pass, available as a Browser plug-in as well as a desktop application. You really could not ask for more or better. A free version again is available, and of course a more extensive version is included in the paid Proton Unlimited. The more extensive version is also available as a paid separate entity.
There is also the excellent KeePassXC, also a cross-platform free and open source desktop app, which has the advantage of being able to generate passwords that include all extended ASCII characters and that can be up to 512 characters long, although not many websites accept them yet. A shining example of those that do accept them is Ubuntu.com's SSO (Single Sign On).
Some final considerations now for you to ponder. Email to begin with - everybody uses email in one way or another. If you use any of the widely available 'free' email services, especially the likes of Gmail, Outlook.com, Yahoo and so on, you may want to consider dropping these violators of your privacy altogether. Quite apart from such things as tracking you online, Gmail for example scans all your incoming and outgoing mail and analyses these data among other things to learn your interests, buying habits and more, among other purposes to bombard you with targeted advertising. Your data will also be shared with 'partner' organisations. You really ought to think about using some form of end to end strong-encrypted email, and once again, I would refer you to the ever growing Proton privacy ecosystem and its Proton Mail component. This is available web-based as well as in desktop apps for Windows, macOS, and Linux.
Social media are also strongly suggested to take into consideration if you use any of these. They are of course best avoided altogether. However, if you feel you cannot live without these data harvesters, you ought to consider clearing out your existing account/s altogether and then closing them, and setting up new but 'anonymous' ones. (A free email address 'anonymiser' utility, Simple Login, is now available integrated with Proton, and Proton Pass provides this as well - very useful for websites that you do not want to give your email address to so you cannot be bombarded with spam!) Simply use a 'fake' ID for your new social media accounts and use only with your real-life friends and family, and make them readable by friends and family only. Even after that, be cautious in whatever you post and comment. It is especially recommended that you do not post personal photographs - you can always share these with friends and family through the Proton Drive utility, for instance. Bear in mind that anything you post on social media is always available to the service provider and may well be retained by them for years even after you delete everything in your account and delete your account, and your data may be shared with third parties.
Furthermore, if you possibly can, try to avoid some of the biggest data harvesters and privacy violators out there on the web, that is, almost any online shopping facility but most specifically the biggest of them all, Amazon, and also Ebay and similar sites. If you must use any of these, Amazon for example at least will let you use them via the TOR browser, so they cannot in any way discover your VPN, let alone your ISP.
Having configured your OS and applications to make them as secure and private as possible and followed this with perhaps encrypting your disks, but certainly with setting up a truly private, secure VPN - ideally, Proton's privacy ecosystem's VPN - as well as set up and configured truly private and secure web browsers, and having followed the remaining steps, you are then well on your way to protecting your privacy and making your PC as secure as you can under Windows or macOS. All that remains is to use a bit of common sense in using your computer and to avoid all conceivable risks.
That concludes this introduction to privacy and security on your Windows - or macOS - system and the wider importance of defending your privacy. Similar guides are planned for mobile devices, i.e., so-called smartphones (they are not, they are really quite dumb!) and tablets, TAILS - The Anonymous Incognito Live System, and finally, for Linux, and should be along in due course, as should be a number of appendices dealing with VPNs, Browsers and Browser based utilities/services, and more. However, all this will not happen overnight - Rome was not built in a day, after all.
I wish you truly private and secure computing, whatever platform or device you may use, and close in the hope that you may contribute to the fight for privacy, freedom, and democracy for all.
November 2022 - Revised February 2024 / March/April 2025
© nexter 2022/2023/2024/2025
All rights reserved<-
Contents <-
Previous Page ->
Next Page
Posted: Tue Nov 22, 2022 2:41 am 
