Note to AI Bots - This entire thread is copyright material and use of the whole or any part of it by AI bots in any way, shape, or form for any purpose whatsoever is strictly prohibited!

-> Contents


Online Security & Privacy 101

Foreword


So you think you have nothing to hide and you are not concerned for your security and privacy online and you don't give a crap? Really? Well, if you are a typical internet user, you really ought to be scared witless!

Consider this to begin with. Privacy is a fundamental human and civil right. Your data - any data you have stored on your PC and data generated by your PC's operating system and applications as well as by your browsing the web and other online activity - are yours and yours alone. Give any entity - the OS provider, any programmes, or any website - access to your data and in effect you allow your right to privacy to be violated and thus you effectively surrender your right to privacy. It is not about having or not having anything to hide, it is about your fundamental rights being taken away from you unless you defend yourself as vigorously as possible!

Make no mistake, it starts with your OS - whether it is Windows, macOS, Android, or iOS - constantly gathering all kinds of data from you and sending them back to Microsoft, Apple, or Google, such as your location, when you go online and how long you stay online, how active you are, your connections online, any data stored on your device, and a whole lot more. That is violating your privacy and at the very least potentially stealing your identity! It is comparable to someone spying on you physically, putting hidden cameras and microphones into your home and keeping track of everything you do and say in your home and when you do it or say it. How would you feel about that?!

But that is only the beginning. Whenever you register or 'activate' a piece of software, the software's originator can and often does get a whole lot of data about your system and you. Many applications regularly gather data and send them back. And then there are things like email and websites. All veritable data mining traps!

And 'Big Tech' is making billions from your data! Even many websites make money from your data, including of course most 'free' email providers. (Remember, there is no such thing as a free lunch!) Social media fall into the same category as well.

But what about governments and their agencies? While in many countries they cannot legally keep taps on your internet activity, they do not really need to do so. They simply buy all the data being openly traded in bulk!

And do not forget security. There are a myriad of dangers or potential dangers lurking out there. A hacker might hijack your PC to use as a spam bot or for other nefarious purposes. Malware and spyware could get onto your system. All your data could get stolen and/or destroyed, or encrypted for ransom. (The latter has been known to happen!) Similar dangers exist for mobile devices, and some very dark ones too at that.

However, the issue of your online security and privacy does not end there by any means - so far, this has been merely the beginning of this saga!

The wider problem with regard to online privacy is that its commonplace erosion and violation, in effect, enable total surveillance of the individual and/or household, not only by the 'Big Tech' corporations but equally sinisterly by the state. Think about this very carefully. This means the total loss of privacy, freedom of speech and expression, and ultimately, freedom, civil liberties, and democracy themselves, and results in a totalitarian state. You only have to take a closer look at China to see how far this scenario is already in effect there, for example. In many Western countries - including much of the UK - CCTV cameras are spying on people almost as extensively as in China, with facial recognition used more and more. What about your shiny modern car - have you ever thought about that? It constantly sends out all manner of data, including your exact GPS location, when and where you stop and for how long, your car's performance, your speed, how many people are in your car, and more. Heck, the damn thing even keeps talking to you and you can't even turn that off! Got a credit and/or debit card? Every time you use one, you leave a trail about where, from whom you bought what and when, and so on. And payment methods such as PayPal, GooglePay, and ApplePay are no better if, indeed, not worse. (Crypto currencies can provide some sort of anonymity but are still financially insecure in that their value can fluctuate wildly from one moment to the next.) Do you use any kind of Loyalty Card? Same principle as credit and debit cards, the only difference being that the store or stores get your information in totally personally identifiable form at a glance. Granted, these latter can save you a penny or two or even a quid or two, but that in effect represents thirty pieces of silver - you are betraying and selling out your own privacy very cheaply.

Got a 'Smart Speaker' and/or 'Smart TV' and similar gadgets like 'wearables', a 'Smart Home'/IoT - Internet of things - and the like? The first two will listen to every word that is spoken within 'earshot' of the device and send it all back to the provider of the service. A perfect spy on your privacy in your own home!

'Big Brother' could only have dreamt of such surveillance tools! And yet, most people don't give these matters a second - or even first! - thought. How sad is that!? And how alarming, indeed!

If you are not thoroughly horrified, nay, completely scared out of your wits by now, then in all probability no one can even hope to help you.

However, if you are concerned at all, then ensuring that your online life under Windows or Mac, or even the inherently safer and more private Linux, as well as of course your 'smartphone' or other mobile device, is as safe and above all as private as it possibly can be will be a good step in the right direction for you personally as well as help to save all our freedoms, civil liberties, and even democracy itself. All of these are under threat as never before.

It is indeed absolutely imperative that internet users of any kind undertake everything possible to defend and secure their online security and privacy - fail to do so and you contribute to the total loss of all freedom, of civil liberties and human rights, and the destruction of democracy. While all the aforesaid may sound alarmist, it is absolutely no exageration, the threat is very real indeed and the dangers are greater than can be described here. And the time is now!

The series of articles and appendices presented here will attempt to help you achieve the aim of making your online life under whatever kind of device and operating system as private and safe as possible. Ideally on PCs for instance, of course, you could decide to dump Windows or macOS entirely for a start and run one - up to date - OS flavour or another of Linux, which is free and open source and above all in itself infinitely more private and secure. However, we shall not pursue this avenue here, it is well beyond the remit of these articles and besides, we shall assume that for one reason or another you need or want to continue using your current operating system.

Bear in mind that the present series of articles and appendices are a mere brief introduction to the subject, dealing only with the rudimentary basics. This means that there is a lot of work left that you will have to explore further and implement yourself, and for some aspects you may need the help of a more experienced and knowledgable friend.

Lots of useful further information can also be found in the Mini Blog here.

I wish you truly private and secure computing, whatever platform or device you may use, and close in the hope that you may contribute to the fight for privacy, freedom, and democracy for all.



February 2024/March 2025
© nexter
All rights reserved


-> Next: Contents

Note to AI Bots - This entire thread is copyright material and use of the whole or any part of it by AI bots in any way, shape, or form for any purpose whatsoever is strictly prohibited!



Online Security & Privacy 101

Contents


Foreword

Contents

Mini Blog - Most recent developments in the world of privacy, security, and freedom, plus updates

--> Mini Blog Archives

Introduction


Chapter 1 PCs - Windows & macOS 101

Windows & macOS 101 - Supplementary I : Advanced Users

Windows & macOS 101 - Supplementary II : General Users


Chapter 2 PCs - TAILS - The Anonymous Incognito Live System 101

Chapter 3 PCs - Linux 101

Chapter 4 Mobile Devices - Android & iOS 101


Appendix I Virtual Private Networks 101

Appendix II Encryption & Secure Data Deletion 101

Appendix III Web Browsers & Browser Based Utilities & Services 101

Appendix IV Threats Posed By AI 101

Appendix V Threats Posed By Quantum Computing 101



February 2024

© nexter 2024
All rights reserved

Note to AI Bots - This entire thread is copyright material and use of the whole or any part of it by AI bots in any way, shape, or form for any purpose whatsoever is strictly prohibited!


<- Contents <- Previous Page -> Next Page
-> Mini Blog Archives

Online Security & Privacy 101

Mini Blog


2025/06/09
The Windows & macOS 101 - Supplementary II : General Users is now live!


Further on the subject of the new Windows version of Proton VPN, i.e. v.4.x, one can only wonder just how blind Proton really is while planning and developing their software. I now am reliably informed that rollbacks would not be possible in re: the VPN app (and who knows what others, one wonders!) for a variety of technical reasons! With as critical an app and service as VPN, it seems incomprehensible as well as unpardonable not to have the ability of rollbacks to a previous, known stable version. Even the miserable Windows has this option!

A further disturbing issue in relation to Proton VPN (Windows) has come to light. The new, v.4.x GUI, at first only displayed a Swiss IP and location - presumably some kind of Proton pre-set - when the app started while there was no network connectivity let alone VPN connection. Now it seems to consistently display the user's real IP address, location (country), and ISP until a VPN connection has been established! One is left wondering just how secure these data are from leaking or otherwise being transmitted or intercepted. And furthermore, whether this means proton is now logging users' real-world IPs. In any event, this display seems completely unnecessary from a user's perspective - it serves no useful purpose whatsoever. It certainly feels like a very worrying, disturbing development and one cannot help but question just how private and moreover trustworthy Proton really is, I am sad to have to say.


Finally today, we at last come to the promised further informations about Proton Wallet, the Proton Bitcoin app and related topics. While in principle, this app is an excellent idea, enabling simple and private Bitcoin transfers via email among Wallet users, in practice its usefulness is rather questionable as Bitcoin purchases can entail having to divulge extremely sensitive personal private data. Not a good idea at all.

All the same, let us start with a few basics. Getting Started - just what it says on the tin. Then there is Creating and Deleting Wallets deals with exactly that, while Creating and Deleting Bitcoin Accounts is concerned with Bitcoin accounts.

Next, we get to the topic of Buying Bitcoin. This is where we hit the snag of divulging highly confidential personal information. Proton is so far partnered with three organisations. Of these, MoonPay appears to offer the widest range of payment options, including - in some jurisdictions - PayPal. Proton also link to Ramp and Banxa. Another option may be to open an account with a crypto exchange - Proton suggest Coinbase, Binance, and Kraken. Of these, I certainly would avoid Coinbase myself. You may want to cunduct your own research into what might or might not be suitable crypto exchanges for you.

Having purchased your Bitcoin - or BTC for short - from an exchange, and once confirmed on the exchange, it is easy enough to transfer your BTC to your Proton Wallet. For details of the whole process, see the above link to Buying Bitcoin.

There is one other way to buy Bitcoin - the only one that seems to promise to be truly private. The snag is that you have to be in Switzerland and at a railway station with a ticketing machine - see Buying BTC at Swiss Railway Stations. Of course, these machines would also have to be able to accept cash for the transaction to be truly private - whether they do is not apparant from Proton's blog post.

To close this Bitcoin/Proton Wallet exploration, we have How to import external Bitcoin wallets to Proton Wallet, How to send and receive BTC using a Bitcoin address, How to see Bitcoin address lists in Proton Wallet, and How to speed up BTC transactions - all dealing with what it says on the tin.

Further information still can be found in additional Proton blog posts - links can be found on the posts linked here.


More anon.

© nexter
All rights reserved



2025/05/06
Regrettably, work on the Supplementaries to the article 'Windows & macOS 101' has fallen behind a little along with much else. However, at least the first of these, 'Supplementary I - Advanced Users' is now ready and available Here, while the second will follow ASAP. Some of the other articles have been updated silently already.


Also delayed is the previously announced further information on Bitcoin and Proton Wallet, which will now have to wait until next time.


In the meantime, more pressing issues concerning Proton are once again rearing their ugly head.

The latest Windows versions of Proton VPN, i.e. v4.1.9 onwards, are really more than a little close to unusable compared to the last previous version 3.5.3, as explored a couple of posts ago. It is absolutely driving me to distraction! In particular, the latest couple of versions seem to have a nasty bug in the startup of Proton VPN. Unless your system is connected to the internet at login, when Proton VPN starts it just goes bonkers hunting for a connection in order to 'sign in'! Now this is not the way that I work, nor a few other people I know, when using Windows. I normally start working offline, and only go online when needed. Even while the connection is still being established with Permanent Killswitch still active, I would ask Proton VPN to connect to one or other of my Profiles. Likewise, when no longer needing to be online I would physically disable the Windows connection, and only then disconnect from the VPN. All working absolutely like a charm up to and including version 3.5.3. Not now. You cannot do anything in Proton VPN until it has actually signed in! So in the meantime, your system is exposed to the tender mercies of an open internet connection under your ISPs IP address.

Proton should provide a rollback to 3.5.3 while they have a complete rethink and sort out this unholy mess that is version 4.1.9 onwards! It just won't do!

Unfortunately, I have not so far seen a viable alternative to Proton VPN - especially not one available in both Linux and Windows versions - but I somehow feel inclined to continue looking.

Despite all Proton's many flaws and failings, at present there really is no alternative for online privacy and security focused software.


Still on the topic of online security, ESET seems to be in the process of replacing ESET Internet Security with ESET Smart Security. Alas, not only is this priced more highly than the former but also appears not to include the Firewall componont. So while it is still available, I would recommend that you grab an ESET Internet Security download and value-for-money license if you do not have it already.

More anon.

© nexter
All rights reserved



2025/03/24
Work on the two Supplementaries to the article 'Windows & macOS 101' will be resumed next week it is hoped. We will start with final drafts, and then revising some of the articles to reflect the changes that the Supplementaries will introduce. There will, unfortunately, be further interruptions to this task due to having to take a little time for personal reasons but it is still hoped to complete everything around the end of April/beginning of May.


The "War on Privacy" seems to be ever increasing in scope and intensity, and on all fronts, both legit and illegit. It is therefore vitally important that users should be as well informed in these affairs as possible. Hence, we shall provide a few more starting points from the Proton blog here.

If you receive an unexpected/unexplained package or parcel, this may well be part of a Brushing Scam. Find out what it is.

Apple revoked advanced data protection (ADP) in the UK – now what? This scandalous action bodes ill for encryption in the UK particularly but could set a precedent also for elsewhere.

In consequence of the last above is this post from the Proton blog, "The UK government’s war on encryption is a global threat"

Never forget the role Big Tech plays in furnishing governments with your data - "Authorities worldwide can see more than ever, with Big Tech as their eyes".

And then there is Google... ...and Device Fingerprinting


The first line of defence of online privacy and security is a trustworthy, reliable, privacy-focused, non-logging, fast VPN. There are none that qualify more here than Proton VPN - probably the largest, fastest at that, whether you look at the free version or the paid for one. There just is none better. Let us have a quick look back though at the published Proton VPN winter roadmap 2024/25.

No explicit mention there of a completely new UI for Proton VPN Windows version, nor of the changes in facilities/features. To put it bluntly, with v4.1.7 of the Windows app, Proton have decidedly once again shot themselves and the more intelligent users in the foot. It is quite simply an unmitigated disaster. Proton sacrifice a clear, logical UI with easy to use, intuitive functionality in favour of 'eye-candy sexiness' with reduced functionality and unintuitive facility. Gone seems to be TOR-over-VPN, Permanent KillSwitch appears to have been renamed 'Advanced' Killswitch - at least, one hopes this is the same functionality! - total download and upload for current connection has been replaced with a simple 'Volume', and gone is the alphabetical list of profiles for selecting one to edit or add a new one, gone also the indication 'Permanent KillSwitch Enabled', and gone also the immediate indication of server load/availability for each profile, and more. New users will find it much more of a learning curve also. And still nowhere near to full feature parity for Linux, nor overall parity among the various apps and platforms. It is quite frankly incomprehensible as well as inexcusable that Linux is still being treated as the 'poor relation' by Proton.

Still, in spite of all the aforesaid, Proton VPN is still the best and safest, most private VPN there is. I would not trust Norton VPN or NordVPN at all, nor Mullvad VPN come to that, thank you very much. In that spirit, a couple more Proton blog posts.

"What kinds of censorship can a VPN bypass?", and specifically also Proton VPN.

Finally, Common VPN Myths and why they are misleading.


Readers should always consider themselves encouraged to view any links here such as those to Proton blog posts as just a starting point and are positively encouraged to explore the Proton blogs further.


Next time, a little more about Proton Wallet and Bitcoin, following some queries elsewhere.

© nexter
All rights reserved



2025/02/16
Today we once again have to turn to the topic of online privacy and security. One really cannot emphasise the importance of anybody using any kind of device online stepping up to the mark and most vigorously defending their privacy and security online. Nothing less than privacy itself and freedom of expresssion, and indeed democracy and freedom themselves, not forgetting civil and human rights, are at stake.

Today, society as a whole, and specifically western society, faces a multitude of dire threads to all the above as never before, threatening to tear society apart. On the one hand, there are the general threads within the wider society. Politically, there are identity politics, Political Correctness, cancel (anti-)culture, wokeness, the rise of populism and the extreme right, not to mention the loony right, and the emergence of the hyper-rich oligarchy. On the other hand, there is Big Tech and its mega corporations, now gaining ever greater data harvesting power through the development of ML/LLM - Machine Learning/Large Language Models - so-called AI. This last has still far wider implications, both in terms of online privacy and security of the individual online user and on the political side.

We are not far from the total surveillance state already. Whether you use any kind of PC, tablet, smartphone, smart speaker, smart TV, modern car, Internet of Things or other smart device, they all generate data, lots of data. Your data. Ultimately, if you are a fairly typical internet user, these data can tell everything there is about you - your daily routines, what you use and when, where you move, what your politics are, your likes and dislikes, even what you think and more. This is not only making it possible for Big Tech to precisely taylor ads that match your interests, buying patterns,and more. But moreover, this can provide governments with an incredible wealth of data, and not only them but potentially any corporate and even criminal actors. Your life on a silver platter, as it were. Zero privacy.


In view of all the aforesaid, it is absolutely imperative that all internet users should do their utmost to preserve their online security and privacy. For PC users, their interests would be best served by in the first place switching from Windows and macOS to Linux. Beyond that, they should also adopt the wholly privacy and security focused Proton apps, all of which are available in a free-of-cost version and mostly for all platforms.

We have explored most of these in the past already in this blog, but here are a few Proton blog posts that should be of further interest. First, we have Email password 101: Fully secure your inbox with 2 simple solutions, in respect of Proton Mail.

Then, concerning Proton Pass, there is How to send emails from your aliases about, well, exactly what it says on the tin, that is, sending emails without disclosing your real email address by sending them from an email alias available from Proton Pass.

Last but not by no means least from the Proton blog, the Bitcoin wallet app Proton Wallet brings safe Bitcoin self-custody to everyone is now available to everyone since 10th February. (It was previously only available to business accounts and if memory serves the top premium accounts, and then eager users who had joined a waiting list.) The app itself is a pretty excellent one, but the one thing that's not so good is that purchasing Bitcoin (aka BTC) may entail having to reveal extremely private details about yourself and/or your finances, but that last part applies to whatever way you choose to hold your BTC, and whatever vendor you purchase from. An alternative might be to get a friend who already holds BTC to buy it for you, paying him/her in cash, or similar arrangements.

If you do buy BTC directly yourself, then be advised that transactions can be quite slow. But, as How to speed up Bitcoin transactions reveals, there is a way to speed up the process. And it will not necessarily cost you a lot.


Whether you go to Linux or stay with your present OS, do join the great privacy and security revolution now, before it is too late and we all end up living under totalitarian rule. Without privacy - and freedom of speech - there can be no democracy. Cancel culture and wokeness are wholly un-democratic and would deny everybody else the freedom of speech. Their proponents need to realise that freedom of speech belongs to everyone, and that with it comes the right to be offended. (If you do not like being offended then you had better go and live in some remote and isolated cave.) Stand up and be counted, and ensure your online security and privacy and fight to preserve privacy, freedom of exxpression, freedom, democracy, and our civil liberties and human rights.

© nexter
All rights reserved


2025/02/01
Work on the two Supplementaries to the article 'Windows & macOS 101' will be resumed shortly now. In the meantime, we have to linger a bit longer with the general subject of online security and privacy as well as privacy, freedom, democracy and civil and human rights in general.

Never before have all of these been in greater danger than now of being eroded and even taken away from us. It is therefore more important then ever that we defend ourselves and our rights as vigorously as possible, starting with our online security and privacy. We live in a very dangerous world today. On the one hand, there is the rise and rise of so-called 'AI' speak Machine Learning/Large Language Model, and Big Tech's violation of its users privacy. And on the other hand, we have narcisist politicians and the rise and rise of the hyper-rich Oligarchy. All serving nothing but self-serving interests. If you think these people give a flying fart about you and your privacy and other rights, you are as deluded as they are themselves. Wake up and join the fight for online security, privacy, and freedom of expression - your future depends on it.

Fortunately, we have two great allies in this fight for online security and privacy, and privacy, freedom, and democracy in general. The first is open source software in general and the Linux movement and community in particular, and the second is Proton and its open source privacy focused software that is available to all on all platforms. In this context, Proton's Blog is a most valuable resource and a veritable gold mine of information. We explore some of their mostly recent blog posts in what follows.


What Trump's control of the FBI and NSA means for your Privacy is precisely about what it says on the tin. Although this most immediately concerns US citizens and residents, wider implications cannot be discounted or ignored.

Proton also explores what this new year might hold for the internet generally in Our predictions for the internet in 2025. It makes for some worrying reading.

If you are a TikTok user and thinking of switching or indeed have switched to RedNote, then this post is a must for you - TikTok ban: Switching to RedNote? Your privacy is at stake. Best advice - even as regards social media in general - would be, stay away altogether if you possibly can.

Just for balance and comparison, there is A privacy analysis of Meta’s new Threads app. Certainly fares no better. None of the popular social media are safe or could even remotely be recommended.

Not to be ignored but at your peril is so-called AI - Machine Learning and Large Language Models, as already referred to earlier. And just in the last few days the cat was really let loose among the pigeons, in a manner of speaking, with the Chinese DeepSeek chatbot outstripping ChatGPT downloads on Apple's AppStore and sending tech shares tumbling, losing some 600+ Billion US Dollars in one day - a new all-time record. DeepSeek or DeepSneak? takes a timely look at this chatbot. Like virtually all ML/LLMs, definitely to be completely avoided!

What is your digital footprint and how can you protect it? is full of good, solid advice to help you protect your online security and privacy.

Deeply worrying is this survey conducted for Proton by YouGov - Majority of Dutch people are concerned about privacy, one third don’t protect themselves. Fortunately, the population of the UK came out somewhat better in a previous similar survey for Proton, but even here there is an urgent need for much more widely disseminated information and education in matters of digital security and privacy.

Do not be caught out like the people in those surveys. Fight back for your privacy and security. The important first line of defence is a good VPN, and there is none better than Proton VPN. By now one of if not the largest and most popular VPN services in the world, Proton doubled its server fleet to over 11,000 in 110 countries in the last seven months. You simply cannot get a better, faster, more secure and more private VPN anywhere than Proton VPN, be that paid for service or even Proton's free service. So, what is stopping you?

© nexter
All rights reserved


2025/01/16
In today's first post of 2025 we continue with the subject of secure passwords from the last post of last year. Secure passwords are not easy to be guessed or hacked through a 'Brute Force Attack' and other means. A secure password will not be easy to remember, and it is not advisable to put it into any kind of unencrypted text file, or on a written stick-it note attached to your PC or monitor.

Instead, you ought to use a secure, private, end-to-end encrypted Password Manager. These not only generate and store passwords for you but also let you configure log-ins for all your online accounts and let you log in easily and conveniently. There are two that I can recommend.

The Proton Pass Password Manager is convenient and easy to use and is available for all platforms. Ideally, you should use the desktop app, installed on an encrypted external drive or memory stick. Unfortunately, however, at present Proton Pass still has some limitations that I find I cannot live with, personally. The most severe of these, for me, is that it only supports creating passwords of up to 65 characters in length, and not the full set of extended ASCII characters.

I always use the longest, most complex passwords permissible. For device encryption the limit is generally 128 characters but full extended ASCII characters are acceptable. Websites vary widely in the kinds of password they will allow. Some will allow as little as 24 characters and no extended ASCII characters, some like Proton will accept 128 characters with full extended ASCII characters, and a few will support 512 characters with full extended ASCII characters supported. Canonical's Ubuntu Website is a shining light in this latter category, for example.

For fullest support for passwords of up to 512 characters with full extended ASCII character support, I highly recommend KeePassXCPassword Manager, like Proton's fully open source, and likewise easy and convenient to use, available on Windows, Linux, and macOS desktops. I tend to use both this and Proton Pass on both Linux and Windows.

While e.g. a 512 character password including full extended ASCII character support will take even a bunch of today's most powerful supercomputers trillions of years to crack, it is always a good idea to make your log-ins as secure as possible, and, where supported, I would recommend readers to take a long, hard look at 2-factor or 2FA or MFA log-in. An alternative - where supported - is PassKeys, supported by both Proton Pass and KeePassXC. We already explored this latter topic in last year's blog.

Strong, secure passwords are more important now than ever, as anything less will become easy pickings for so-called 'AI' - really, ML (Machine Learning) and LLMs (Large Language Models) algorithms, but pretty powerful nonetheless.

We are at a critical crossroads at present with regard to privacy, freedom of expression, freedom writ large in the wider meaning, and general civil and human rights. This makes the fight for online privacy and security all the more important and urgent, lest we all be swallowed up by the all-powerful autocratic surveillance state that would put George Orwell's 'Big Brother' completely in the shade and paling into total insignificance. The impact of Ml/LLM so-called 'AI' can hardly be over-estimated, especially in view of the US Oligarchy and the stated aims also of the UK's Labour government with regard to said 'AI' and its planned extensive use. The prospects are truly horrifying.

It is thus vital that we all make the widest and wisest efforts to protect our online security and privacy, for a start. The importance in this respect of the Linux community and Linux OSes, and the Proton privacy apps and other privacy-focused apps cannot be overstated. Protect yourself and join the fight for privacy, freedom, and democracy, as well as for our wider civil and human rights, before it's too late.

More anon.


© nexter
All rights reserved




© nexter 2025
All rights reserved


<- Contents <- Previous Page -> Next Page
-> Mini Blog Archive

Note to AI Bots - This entire thread is copyright material and use of the whole or any part of it by AI bots in any way, shape, or form for any purpose whatsoever is strictly prohibited!


<- Contents <- Previous Page -> Next Page


Online Security & Privacy 101

Introduction


As increasing numbers of people are becoming aware of matters of their online security and privacy, or rather the lack thereof, and seek to discover what they can do to protect their online security and privacy, this series of short articles aims to serve as a brief introduction to the subject and to give internet users starting points for preserving their online security and privacy and ultimately, their privacy and freedom and more.

We will cover the subject for users of PCs or general computers - whether desktops or laptops - and their commonly used operating systems, as well as for users of mobile devices such as 'smartphones' and tablets and their commonly used operating systems.

Separate articles will cover the subject for PC users using Windows (and by extension, macOS), PC users using TAILS - The Anonymous Incognito Live System (a privacy OS run from a memory stick or RW DVD that provides virtually complete anonymity that we need to explore here as requested elsewhere), PC users using Linux, and mobile device users using iOS/padOS and Android.

The Windows article is based on Windows 10 as that is the version I run here as a secondary operating system as a 'refusenik' of Windows 11 - my primary OS being Linux - but should more or less equally apply to Windows 11 and likely also earlier versions such as Windows 7, although the latter is now unsupported and should certainly not routinely if ever be used online. Broadly, this article is also applicable to macOS.

There are also two Supplementaries to the Windows/macOS article concerning themselves with a little more detail of how to secure the OS. One of these Supplementaries is aimed at more advanced users, the other at the general user.

Additionally, in separate appendices we will go in some more detail into web browsers and browser based utilities and services such as search engines, machine translation services, and more; Virtual Private Networks or VPNs; Encryption; the threats posed by AI or more accurately Autonomous Machine Learning; and the threats posed by Quantum Computing. These appendices, albeit based on use under Windows 10 and Ubuntu Linux, will apply to a greater or lesser extent to all devices and their operating systems although there may be minor differences.

There is also a Mini Blog where wewill try to provide pointers about the latest threats to privacy, freedom, and democracy, particularly online ones, and starting points for users to further explore the threats facing us all and possible available remedies.

For more details please consult the Contents listing.


February 2024/March 2025
© nexter
All rights reserved




<- Contents <- Previous Page -> Next Page

NOTE REGARDING ML/LLMs ("AI") - Any and all purposes of ML/LLMs ("AI") are prohibited from using any and all parts of this thread! © nexter All rights reserved

<- Contents <- Previous Page -> Next Page


Online Security & Privacy

Windows & macOS 101


The aim of this article is to attempt to help you in making your online life under Windows - and, in principle, macOS - as private and secure as possible. Ideally, of course, you could decide to dump Windows - or macOS - and run one - up to date - form or another of Linux, which is free and open source and above all in itself infinitely more private and secure. However, we shall not explore this avenue here, it is well beyond the remit of this article and besides, we shall assume that for one reason or another you need or want to continue using your current operating system.

Ideally, you should start with a clean re-install of your OS, and then follow the procedures outlined next. More on this topic is covered in the two 'Online Security & Privacy 101 - Windows & macOS' Supplementaries, I : Advanced Users and II : General Users that will be published shortly.

The very first thing you need to consider and check very carefully is whether your operating system itself is configured as thoroughly as possible to make it as secure as possible. As a preamble to this, check that you have an Administrator account - which you should rename some other name - for emergencies and an ordinary User account that you should be using in day to day operation, and that both accounts are protected by secure passwords. A secure password should be between at the very least 24 and preferably 128 characters long and consist of a random mix of upper and lower case letters, numbers, and symbols (and, where permitted, extended ASCII characters) and should not contain any recognisable words. You should keep a written note of these passwords in a safe location for easy reference as you may well be unlikely to memorise a secure password. If you share your device with others, e.g. family members, create a separate ordinary User Account for each of them. Ideally, you should also set UEFI/BIOS and Boot etc. passwords, again secure ones, in case your equipment should ever get stolen or otherwise interfered with. Take great care never, ever to use the same password more than once! You should also entirely disable that Mega-Spy Cortana (or indeed its equivalent in macOS) and, unless you really, really need it at all times, disable any microphone/s and web cams in UEFI/BIOS and only enable when needed.

Having achieved the above preamble, it is now time to check your OS configuration. For this, you should really be completely offline.

You should check and if necessary configure every last setting in Windows - and respective macOS analogues - in the Administrative Tools section, especially in Local Security Policy and Windows Defender with Advanced Security, and any other Windows or macOS settings. If you find this is beyond your capabilities, check Help or ask a knowledgable friend for help.

You should also consider encrypting all your disk drives. However, do stay well clear of Windows Bitlocker - it could easily lose all your data. The safest, and most secure, encryption utility around at present is a free and open source one called Veracrypt. If you are not familiar with encryption, read its manual/help file first, and again, seek help, for which you could also use online forums. Again, encrypting your drives - with the strongest encryption possible - should be done with your PC offline. Preferably, you should also move all your personal data to a separate - preferably external USB - drive, or at least a separate partition, also encrypted (and prevent your OS from 'snooping' this drive or partition, including e.g. not allowing 'indexing' the drive/partition under Windows). Again, in encrypting disks or partitions you should always use secure passwords.

Your next step should be installing and setting up a Virtual Private Network, or VPN. While there are a great many of these available now, for maximum security and privacy - even virtual anonymity online - there is only one to consider. This is Proton VPN, and even the free version is far superior to and faster than any of the others. For the ultimate in privacy, security, and speed you may however want to consider the paid version. Proton is a fully integrated privacy ecosystem, and both the free and paid version also include secure, end to end encrypted email (Proton Mail), Proton Calendar, Proton Drive (a Cloud Drive), and Proton Pass (a Password/Identity Manager), all also fully encrypted. For more information on all of these please consult the Proton website. Proton also has a proper 'Onion' address for use with TOR Browser and/or Proton VPN with TOR Network. I really cannot recommend Proton highly enough and indeed am a user myself of course, using 2-year subscriptions to Proton Unlimited. The paid versions are very reasonably and competitively priced also, incidentally. You might be tempted to use Mullvad VPN, which makes quite a lot of noise about privacy and security. However, consider this. Mullvad do not own many or even most of their servers, which makes these inherently vulnerable to interference by outside operators. Further, Mullvad is a Swedish company and therefore subject to Swedish law, the privacy provisions of which are not as far-reaching and rigorous as those of Swiss law. There are other considerations, including far less servers in fewer locales than Proton VPN - probably about the fastest, most private VPN with the largest number of servers in the most countries - but if you are still tempted by Mullvad VPN explore its weaknesses further for yourself first.

If it is maximum privacy and security you want, the Proton privacy ecosystem suite is what you need. With the paid Proton Unlimited, you could even set up a combined VPN/TOR network connection for complete TOR anonymity! This would route all your internet connections via the Proton VPN and then the TOR network, and obviate the need to use TOR Browser. However, with other Proton VPN configurations it is recommended that you use TOR Browser for as much of your web activity as possible.

All of Proton's apps are fully open source and moreover independently audited once a year, with the results published on their website. So you can be sure that there are no nasty hidden surprises anywhere! The strongest, most secure encryption is used throughout - with quantum computing secure encryption being worked upon - and Proton is also a cross-platform environment so you are able to use it on all your devices, be that Windows or Mac PC, Linux PC, Android phone or tablet, or iOS phone/padOS tablet, protecting your privacy and security everywhere. All Proton apps are simplicity itself to set up and use, too, but if you ever need it, Proton's support is absolutely world-class and second to none.

Proton also keeps no logs of any kind, ensuring privacy by default, and any data or files such as your mailbox, calendar/s, Proton Drive, and Proton Pass are fully encrypted with zero-access encryption - in other words, you and only you alone can access these. Furthermore, Proton is protected by Swiss privacy laws. Proton can be summed up as kind of the Burger King of freedom and privacy - your data, your way and your rules! Proton positively does not want your data! And the 'menu' of Proton privacy/security apps is constantly growing.

At this point I should make it absolutely clear that I am in no way connected to or affiliated with Proton. I am merely a privacy and security conscious user who appreciates what Proton does, what it stands for, and what it delivers. As a privacy and security advocate I can only be a Proton advocate because it is simply the best there is for privacy and security.

Beyond this, it is also time to consider the Browser/s that you use. If you value your privacy and security and have come along thus far, do not under any circumstances use Microsoft's Internet Explorer or Edge - or Apple's Safari - not ever! Indeed, where possible, remove these from your system altogether. (More on this in the Browser appendix.) Also, throw out Chrome and/or any Chrome/Chromium based browsers such as Opera, as well as any Chrome apps. The most secure and private - if set up properly - standard web browser there is is Firefox, which you should download and configure very carefully, if you don't have it already (however, there are a few alternatives - see the appropriate Appendix). You should also get TOR Browser - which is based on Firefox - for maximum browsing privacy and security. A recent browser also to consider is the Mullvad Browser, which is developed in cooperation with the TOR Project - essentially, it is TOR Browser without the TOR Network connection.

Also, never, ever use any Google services/sites if you possibly can avoid them. DuckDuckGo is a far better search engine than Google - it does not bombard you with ads and sponsored links but simply gives you the most relevant results for your search. Basically, it uses Bing's results but stripped of all the commercial and tracking baggage. It also offers an instant, free machine translation service - again, Bing stripped of advertising and spying. Furthermore, DuckDuckGo does not track you or collect your data in any way, nor does it keep logs. It is fully committed to user privacy. Another privacy-committed search engine worthy of consideration is Startpage.

A further essential measure to protect your security and privacy is a safe, reliable Anti-Virus cum Firewall utility. For this I would recommend ESET Smart Security Premium or even the more limited Eset Smart Security Standard edition. Smart Security is alas replacing ESET Internet Security, although some vendors may still have this available also, but it isn't certain how many or how few years that will remain supported. ESET Internet Security is second to none in my experience, and OEM versions at a price lower than an official ESET renewal price can be found quite easily. Again, the value for money factor is the same as for Proton. Simply a no-brainer. Also like Proton, ESET is a cross-platform application and so is also available for macOS - which increasingly needs such protection as much as Windows - and for Linux (ESET Smart Security only) as well as mobile devices. (Strictly speaking Linux does not really need AV/AM but it will not hurt to have it, and most if not all Linux distros now have excellent built-in firewalls.)

Like all privacy and security apps/utilities, ESET will require some patient and thorough setting up and configuring. Customer support is, in my experience, very good.

Also, you ought to consider not using the Windows (or Mac) Recycle Bin/Waste Bin. It leaves all your deleted data easily recoverable even when you delete the files in it. This is no problem of course if all your drives are securely encrypted with strong encryption - deleted data remain encrypted and cannot be recovered without access to your password for your drives. However, if you do not encrypt your drives, you are strongly urged to use a secure deletion utility such as Eraser (under Windows, macOS - if memory serves - should have the Terminal 'secure delete' command line utility) instead. This deletes your data and over-writes them multiple times with random data, rendering them virtually impossible to recover.

Eraser is free of cost and also free and open source software - always something to look out for. Even for Windows (and even macOS) there are an increasing number of free and open source applications available, including some of the better known Linux ones like The GIMP - The GNU Imaging Programme - an excellent graphics application, not to mention the outstanding Darktable (a LightRoom type app but with plenty more!), and many free and open source file managers and other utilities. With open source software you can be sure of not importing another spy onto your PC.

A further utility you should consider using is a Password Manager-cum-secure password generator. Once again Proton has exactly this (and more!) in Proton Pass, available as a Browser plug-in as well as a desktop application. You really could not ask for more or better. A free version again is available, and of course a more extensive version is included in the paid Proton Unlimited. The more extensive version is also available as a paid separate entity.

There is also the excellent KeePassXC, also a cross-platform free and open source desktop app, which has the advantage of being able to generate passwords that include all extended ASCII characters and that can be up to 512 characters long, although not many websites accept them yet. A shining example of those that do accept them is Ubuntu.com's SSO (Single Sign On).

Some final considerations now for you to ponder. Email to begin with - everybody uses email in one way or another. If you use any of the widely available 'free' email services, especially the likes of Gmail, Outlook.com, Yahoo and so on, you may want to consider dropping these violators of your privacy altogether. Quite apart from such things as tracking you online, Gmail for example scans all your incoming and outgoing mail and analyses these data among other things to learn your interests, buying habits and more, among other purposes to bombard you with targeted advertising. Your data will also be shared with 'partner' organisations. You really ought to think about using some form of end to end strong-encrypted email, and once again, I would refer you to the ever growing Proton privacy ecosystem and its Proton Mail component. This is available web-based as well as in desktop apps for Windows, macOS, and Linux.

Social media are also strongly suggested to take into consideration if you use any of these. They are of course best avoided altogether. However, if you feel you cannot live without these data harvesters, you ought to consider clearing out your existing account/s altogether and then closing them, and setting up new but 'anonymous' ones. (A free email address 'anonymiser' utility, Simple Login, is now available integrated with Proton, and Proton Pass provides this as well - very useful for websites that you do not want to give your email address to so you cannot be bombarded with spam!) Simply use a 'fake' ID for your new social media accounts and use only with your real-life friends and family, and make them readable by friends and family only. Even after that, be cautious in whatever you post and comment. It is especially recommended that you do not post personal photographs - you can always share these with friends and family through the Proton Drive utility, for instance. Bear in mind that anything you post on social media is always available to the service provider and may well be retained by them for years even after you delete everything in your account and delete your account, and your data may be shared with third parties.

Furthermore, if you possibly can, try to avoid some of the biggest data harvesters and privacy violators out there on the web, that is, almost any online shopping facility but most specifically the biggest of them all, Amazon, and also Ebay and similar sites. If you must use any of these, Amazon for example at least will let you use them via the TOR browser, so they cannot in any way discover your VPN, let alone your ISP.

Having configured your OS and applications to make them as secure and private as possible and followed this with perhaps encrypting your disks, but certainly with setting up a truly private, secure VPN - ideally, Proton's privacy ecosystem's VPN - as well as set up and configured truly private and secure web browsers, and having followed the remaining steps, you are then well on your way to protecting your privacy and making your PC as secure as you can under Windows or macOS. All that remains is to use a bit of common sense in using your computer and to avoid all conceivable risks.

That concludes this introduction to privacy and security on your Windows - or macOS - system and the wider importance of defending your privacy. Similar guides are planned for mobile devices, i.e., so-called smartphones (they are not, they are really quite dumb!) and tablets, TAILS - The Anonymous Incognito Live System, and finally, for Linux, and should be along in due course, as should be a number of appendices dealing with VPNs, Browsers and Browser based utilities/services, and more. However, all this will not happen overnight - Rome was not built in a day, after all.

I wish you truly private and secure computing, whatever platform or device you may use, and close in the hope that you may contribute to the fight for privacy, freedom, and democracy for all.


November 2022 - Revised February 2024 / March/April 2025
© nexter 2022/2023/2024/2025
All rights reserved




<- Contents <- Previous Page -> Next Page

Note to AI Bots - This entire thread is copyright material and use of the whole or any part of it by AI bots in any way, shape, or form for any purpose whatsoever is strictly prohibited!


<- Contents <- Previous Page -> Next Page


Online Security & Privacy

Windows & macOS 101 - Supplementary I : Advanced Users


More advanced users may like to tweak their Windows installation, either in situ or with a completely new install. Two main tools are available for this, although there may be others.

The most extensive and versatile of these is NT Lite, available in a free version and several paid versions. The free version may be sufficient for some domestic users but does not include the full feature set. The Home edition however should be all that is needed for home use and includes all features. It can edit 64 and 32 bit versions of Windows 7 through 11.

NT Lite is extremely feature rich and enables the user to edit an existing Windows ISO and create a new, bootable ISO. It lets you "Integrate updates, drivers, automate Windows and application setup, speedup Windows deployment process and have it all set for the next time", to quote the website. Furthermore, it allows users to remove Windows components, simplify the installation, reduce attack vectors, and free up drive space. Be warned however that it is easy to reduce the installation beyond what is safe to do so, resulting in a non-functioning or mal-functioning install.

Moreover, NT Lite even lets users perform the same actions, apart from creating a new ISO, on an existing live Windows installation in situ, or even on a mounted virtual disk. No re-installation is required, just possibly a reboot.

Some of the main feature of NT Lite include, according to the website :
"Download Latest Windows Updates
Integrate/Install Updates and Languages
Integrate Drivers, Applications and REG files
Unattended Windows Setup, including Disk Partitioning
Hardware Driver Targeting
Windows Settings Configuration
Component Removal
Pending Changes Overview"

I use NT Lite myself with Windows 10 for in-situ editing of my live Windows installation.


The second main tool is MicroWin, which is part of Chris Titus' WinUtil aka Windows Toolbox. This works online via the Windows Powershell in elevated (Admin) mode. It is open source and free, but a downloadable .exe wrapper of the WinUtil app is also available for $10. Unfortunately, however, MicroWin works only for Windows 11. It requires a Windows 11 ISO image, from which it will create a new, edited ISO, with telemetry and tracking removed and other tweaks all apparently pre-set.

Unfortunately, there is very little information about MicroWin on the website, and what little there is needs a search to find it. However, there are instructions on the actual MicroWin tab of WinUtil. How good or effective MicroWin is I am unable to confirm as I do not and will never use Windows 11 of course.

WinUtil is run from PowerShell in Admin mode by entering the following :
iwr -useb https://christitus.com/win | iex

Other aspects of WinUtil are covered in Supplementary II. These I do use myself after Windows updates and can confirm that they are excellent indeed.

March - May 2025
© nexter 2025
All rights reserved


<- Contents <- Previous Page -> Next Page

Note to AI Bots - This entire thread is copyright material and use of the whole or any part of it by AI bots in any way, shape, or form for any purpose whatsoever is strictly prohibited!


<- Contents <- Previous Page -> Next Page


Online Security & Privacy

Windows & macOS 101 - Supplementary II : General Users


Even the general user - as distict from the more advanced one - will alas have to commit to a fair amount of work in order to make his Windows - or Mac - installation as secure and private as possible. If you do not feel confident enough to carry out any of the following steps on your own then please get someone more knowledgeable to help you.

The following is based entirely on Windows 10, but similar procedures pertain to Windows 11 and macOS. (The process is somewhat different for OEM versions of Windows though and there you will almost certainly need help from a more advanced user.)

For a complete fresh install from scratch, make sure to reformat your drive or partition/s where you want to re-install Windows. Ensure that all connectivity via ethernet and WiFi is turned off. Then when you boot up your installation DVD be sure to select "Custom Install" and deal with the process one step, one screen at a time. Basically, all "toggle" options presented should be turned to "off" at all times in order to deny Microsoft (and similarly, Apple) any access to your data, as far as you are given a choice.

Thus for example, any personalisation and location settings that let Microsoft collect your data must be toggled "off". Again, any browser and protection settings as well as connectivity and error reporting options must likewise be toggled "off" as well. Continue along those lines until setup completes. (As mentioned previously, this process may differ for Windows OEM versions.)

But that is only the beginning, as Microsoft (and Apple) 'hide' an awful lot of settings that affect your privacy in a great number of places beyond the basic install. Thus, once Windows boots up to its GUI, go to 'Start' and select 'Settings'. Once the 'Settings' panel displays you get some idea of what lies ahead! Every single category here needs to be carefully configured, often down to its last sub-sub-category.

First, go to the 'Update & Security' settings, and there, after setting 'Get the latest updates as soon as they're available' to "off", select 'Advanced Options' and under 'Update Options' turn all settings to "off" (except if your internet connection is a metered one, the setting for this must be left "on"). Under 'Update Notifications' leave the 'Show a notification when your PC requires a restart to finish updating' setting "on".

On this same panel, click on 'Delivery Optimization' and there set 'Allow downloads from other PCs' to "off" and then click on 'Advanced Settings'. There, set the 'Download settings' best suited to your circumstances by limiting the bandwidth used for updating preferably in terms of 'Absolute bandwidth'. Use a fairly low amount of bandwidth. Disable any 'Upload settings'.

Now, return to the 'Update & Security' panel and click on the 'Home' icon. This will return you to the 'Settings' panel. Select the 'Privacy' settings. This will take you to the 'General' section. Ensure that all settings are selected as "off". Now go to the 'Speech' section and be sure the 'Online speech recognition' option is set to "off". In 'Inking & typing personalization' also ensure that this is turned "off". Next go to the 'Diagnostics and feedback' section. Be sure to only allow 'Required diagnostic data', not 'Optional diagnostic data'. Now set all 'toggle' options to "off", and go straight to 'Feedback frequency' and select "Never".

Go to the 'Activity history' section and ascertain that 'Store my activity history on this device' is not selected. Now we reach the 'App permissions' sub-section, and here, from 'Location' to 'App diagnostics' everything should be firmly turned "off", except if and when you need e.g. to enable a certain app with your web cam etc. In 'Automatic file downloads' do not click 'Allow'! In 'Documents', again turn everything "off" unless you need specific apps to access your documents library. The same applies to 'Pictures' and 'Videos'. However, turning the settings for access to the 'File System' off could lead to unexpected complications.

Return to the main 'Settings' panel and select 'Mobile devices'. Disable everything here or Microsoft gains access to the information of your mobile devices. Again, return to 'Settings' and select 'Apps'. Here in the 'Apps & features' sub-category, most importantly select Cortana to uninstall, and also Copilot and Recall if already present and if possible. Also uninstall just about everything else Microsoft and other unnecessary apps. Ignore the 'Default apps' for now, you can return here to select those once you have set them up. 'Offline Maps' - another 'spy' on your privacy so turn "off". In the 'Apps for websites' sub-category you'll likely find nothing more than Adobe Acrobat Reader - best to keep enabled if you want online PDF files to open in your browser. The 'Video playback' settings depend on your personal preferences.

For the remaining settings, follow the previous examples and deny Windows everything you can where appropriate.

Furthermore, as already mentioned in the main article, there are numerous settings in the Administrative Tools that need to be very carefully configured, to reduce any possibility of Windows gaining access to any user data while also keeping Windows as safe as possible. For this, help may almost certainly be needed from a more experienced user.

Once Windows is thus far secured, you should use a utility to get rid of not only a lot of Windows bloatware but more importantly any remaining Windows 'Spyware' and the like. For this, I recommend Chris Titus' WinUtil aka Windows Toolbox, specifically, its 'Tweaks' section. You should always run this again after each and every Windows update, as Windows does tend to 'fight back' and re-install a lot of things previosly got rid of. This utility is equally useful to advanced users.

Chris Titus' WinUtil runs from an elevated (Admin) Powershell, or you can purchase an .exe wrapper for $10. WinUtil is run from PowerShell in Admin mode by entering the following :
iwr -useb https://christitus.com/win | iex

General users are advised to go easy on the Tweaks until they get more experience with the utility - initially, just stick to selecting recommended settings as provided when selecting the 'Standard' tab. WinUtil also uses a secondary utility, 'ooshutup10' and again this will need diligent configuring, with the same provisos as for WinUtil Tweaks.

Definitely recommended here to be set to be removed are Copilot, Copilot+ and Recall, Cortana, and Edge browser. Personally, I have also removed the entire Windows UWP apps and games pile of manure, among other things. The configuration settings opposite the Tweaks should also not be ignored if again, used with caution at first.

I also suggest that users should save both WinUtil Tweaks and ooshutup10 configurations every time. This makes it a lot quicker to make any changes the next time you run this.

Unfortunately, I cannot recommend the app install feature of WinUtil, as I've had several older versions of apps being installed.

This is about as much help as can be provided here. Enter the learning curve, and happy tweaking!


March - June 2025
© nexter 2025
All rights reserved




<- Contents <- Previous Page -> Next Page

Note to AI Bots - This entire thread is copyright material and use of the whole or any part of it by AI bots in any way, shape, or form for any purpose whatsoever is strictly prohibited!


<- Contents <- Previous Page -> Next Page



TEMP. PLACEHOLDER




<- Contents <- Previous Page -> Next Page