14-step guide to becoming more secure

1. Change Your Web Browser
   
   
   
   The very first step is to change your web browser. Stay away from browsers such as Chrome, which track your every move. Firefox, together with a few extensions, can provide you with a safer and more private browsing experience.
   
   Add ons such as uBlock Origin, NoScript, and HTTPS Everywhere can help you avoid unwanted tracking scripts and non-encrypted traffic.
   
   If you really need to use Chrome for something specific that wont work in Firefox, consider instead using Brave, Vivaldi, or DuckDuckGo, which are based on Chromium, the open-source version of Chrome without all of the Google tracking.
   
   A bit further down we'll show you an even more secure way to browse the web.
   
   next step
   
2. Secure Email Services
   
   
   
   It's time to retire your Gmail, Hotmail, and Office 365 email accounts, which are constantly keeping tabs on you, to serve you relevant ads. Instead, switch to an end-to-end encrypted and open-source email service with either Tutanota or ProtonMail.
   
   You can chooose a free plan for now, and decide later if you want to upgrade to one of their premium plans.
   
   Choose a strong temporary password and write it down on a piece of paper. You can throw away the piece of paper after the next step.
   
   next step
   
3. Password Managers
   
   
   
   Password managers work by generating long random passwords (one per website or service), and locking them all behind a single *master* password. That way you only need to remember one password, and can copy and paste the long passwords anywhere when needed.
   
   Bitwarden is secure, open-source, and available in a web browser, as well as an app on desktop, phone, and tablet. Alternatively, KeePassXC is a solution for you to install locally, if you don't want to use an online service. You can make an encrypted backup of the database file, and use it to restore your passwords in case you ever lose your device.
   
   You can use your new email address from step two to sign up with Bitwarden. Once you have, you can create an entry for the email account with the password you wrote down. Alternatively, have Bitwarden generate a long secure password, and then update the password on Tutanota or ProtonMail's website.
   
   next step
   
4. Strong Two-Factor Authentication
   
   
   
   What happens if one of your login passwords gets compromised? You need to have two-factor authentication (2FA) set up, where you can enter a time-based one-time password (TOTP) from an app. Our recommended password manager, Bitwarden, can generate these for you.
   
   Even better, use a hardware security key such as YubiKey to add an additional layer of security to your accounts. You can also use the YubiKey itself (through their app, called Yubico Authenticator) to generate TOTP one-time passwords.
   
   Be sure to go back and add 2FA for your email account and password manager, using either TOTP or a hardware security key. You may also want to have a backup key that you use only if you misplace your main one.
   
   next step
   
5. Be Your Own Bank
   
   
   
   Use LocalBitcoins or LocalMonero to get XMR or BTC in your area.
   
   Once you have some digital currency, you can use it to pay for services such as VPN and others more anonymously.
   
   For added security, be sure to use a hardware wallet such as Ledger or Trezor. Never keep your cryptocurrency in a third-party wallet. For the crypto to be yours, you must control the private key.
   
   next step
   
6. Wireguard VPN
   
   
   
   Now it's time to start hiding your activity from your ISP (Internet Service Provider). You can easily change your location by choosing from various VPN servers around the world. This has the added advantage of hiding your IP address from all websites that you visit.
   
   You have a right to privacy. In a society increasingly determined to erode that right, keep your online activity, identity, and location private by using a fast, trustworthy and easy-to-use VPN.
   
   Mullvad VPN is the one we recommend, as you can sign up anonymously, they have a simple and reasonable price plan, they support Wireguard – the newest and fastest protocol – and have apps for all platforms. If you're paying for a ProtonMail premium plan (in step two), ProtonVPN is also worth considering, as it becomes cheaper if you pay for them together.
   
   If you want to pay anonymously using Monero (XMR) or Bitcoin (BTC), Mullvad also accepts codes available through ProxyStore. They also sell codes for Tutanota, mentioned in step two.
   
   next step
   
7. Tor Project
   
   
   
   In addition to using a VPN, you can further anonymize your online browsing by connecting through the Tor network. Paired with a VPN, your ISP won't know you're using Tor, and exit nodes on the Tor network won't know your actual IP address.
   
   The Tor Browser is based on Firefox, and aims to make it difficult for you to be fingerprinted based on your browser and device information. Your traffic is encrypted three times as it is relayed over the Tor network. The network is comprised of thousands of volunteer-run servers known as Tor relays.
   
   The Tor Browser prevents someone watching your connection from knowing what websites you visit. Anyone monitoring your browsing habits can only see that you're using Tor, and you look just like any other Tor user.
   
   Guardian Project, maintainers of the Tor Browser, also have a number of other privacy applications worth checking out. Orbot, ObscuraCam, PixelKnot, and Haven are just a few of them.
   
   next step
   
8. Search without being Tracked
   
   
   
   The amount of data already being logged and stored about each and every one of us is incredible. Do we really want to add to that by letting big data-mining corporations know what we are searching for, so they can sell it to advertising companies?
   
   Believe it or not, there are several good alternatives to Google these days when it comes to looking up things on the web. We would suggest setting DuckDuckGo as your default search engine in Firefox, while StartPage is also available as a default in Tor Browser.
   
   Another option worth trying is SearX, while this is also available to self-host if you want the ultimate in privacy.
   
   next step
   
9. End-to-End Encrypted Chat
   
   
   
   WhatsApp is owned by Facebook, and while the chats themselves are end-to-end encrypted, Facebook is still able to store and process metadata, including social graphs of your friends, times and dates online etc.
   
   Signal, Wire, and Threema are some of the best replacement chat apps for FB Messenger, WhatsApp, Hangouts, and others. Element, built on the Matrix protocol, is another good one. If the app isn't open source, you may want to stay away.
   
   If you're using Telegram, nothing is end-to-end encrypted by default, so be sure you're using secret chats. Secret chats are not available on Linux or Windows desktop, only on macOS, iOS and Android.
   
   Telegram also does not end-to-end encrypt any groups or channels, so content can be seen (and moderated) by Telegram, or provided to governments at their request. Therefore we'd recommend using one of the more secure options listed above for any private groups.
   
   next step
   
10. Secure Storage Solutions
    
    
    
    There are several end-to-end encrypted zero-knowledge cloud providers out there such as Tresorit, IceDrive, and Mega. These all give you free storage for simply creating an account, so feel free to sign up with more than one (using long secure passwords stored in your password manager!) to try them out. If you need more storage, or certain advanced features, you may need to sign up for a paid account. You can also pay for some of them using cryptocurrency.
    
    Alternatively, if you would rather manage your data yourself, Nextcloud can help you achieve that. Secure, under your control, and developed in an open, transparent, and trustworthy way.
    
    If you want an additional level of security for your data, you can also encrypt your data yourself locally using VeraCrypt, an open-source disk encryption utility which works on all platforms.
    
    Finally, as a bare minimum, you should ensure your local hard disk is encrypted by default, using Device Encryption (Windows 8.1+), FileVault (MacOS), or LUKS (Linux).
    
    next step
    
11. The Social Fediverse
    
    
    
    It's time to take back our privacy. Social media networks such as Facebook and Twitter are selling our data to the highest bidders, and nobody really knows if that data is being kept safe. There are data breaches on a daily basis. We cannot solely rely on others to protect our own privacy, we also have to do something about it.
    
    We should reduce, or ideally stop, our use of locked-in platforms such as YouTube, Facebook, Instagram, Twitter etc. You can even consider using a tool such as Redact.dev to help reduce your digital footprint as much as possible before you deactivate or delete your accounts.
    
    This doesn't mean you have to completely stop using all social media, though. There are still lots of open-source social platforms out there to give us our daily fixes, but which respect our privacy and don't track us.
    
    Instead of Facebook, try Diaspora.
    
    Instead of Twitter, give Mastodon or Pleroma a try.
    
    Instead of Instagram, try out Micro.blog.
    
    If you want to migrate your YouTube subscriptions to an open platform, or just want to share links with others, try Yewtu.be (called *Invidious*) in any browser, or NewPipe on Android.
    
    next step
    
12. Open-Source Software
    
    
    
    Using proprietary software put us at a higher security risk, as no one really knows what the code is doing behind the scenes. Having the code open source, however, makes it possible for volunteers in the community – anybody, basically – to download it, to find and fix any possible vulnerabilities more quickly, and to ensure there are no "back doors" or code doing anything sneaky with our data.
    
    It's not about getting things for free; it's perfectly fine to pay for open-source apps and services, or to donate, in order to support the developers and their projects. It's about the increased security that comes from the transparency of the apps we give our personal data to, in the course of our daily lives.
    
    So we should try to stop using software and services which are closed source when there are perfectly good open-source (also referred to as FOSS: Free and Open-Source Software) alternatives.
    
    Instead of Zoom or Skype, try Jitsi, which is a fully-featured open-source video conferencing and instant messaging suite.
    
    Instead of YouTube, try PeerTube, LBRY or Odysee.
    
    Instead of Google Maps, try OpenStreetMap. There is an open-source mobile app called Organic Maps available on all platforms, which uses OpenStreetMap data.
    
    next step
    
13. Secure your phone OS
    
    
    
    Now that you've found ways to anonymize your online activity, and improve the security of applications handling your private data, let's look at options for securing your phone.
    
    For iPhones running iOS, while it is thought by many to be the most secure choice as an "out of the box" solution that can be bought on the high street, it also requires putting a lot of trust in Apple with handling our private data. For this reason we recommend not using iCloud for uploading your photos and files, and instead backing up your data using a cable. You should also install and run a VPN, like Mullvad as mentioned in step six.
    
    We also suggest disabling iMessage, to limit its use as an attack vector, and instead use messaging apps like Signal, as discussed in step nine.
    
    For Android devices, there are several custom ROMs you can run which don't use Google's services (and thus tracking and data mining). GrapheneOS is probably the best option, but you can also try CalyxOS and LineageOS for comparison.
    
    This can also be a good option for iPhone users who aren't deeply into the Apple ecosystem, or don't mind a change. For example, picking up an older Pixel phone and running Graphene can be a compelling prospect even for iPhone users, due to the OS's good design, easy usability, and enhanced security.
    
    Instead of using the Google Play Store, you can download apps from alternative places such as F-Droid. Meanwhile, Aurora Store is another place where you can search for and download apps, get details about in-app trackers, spoof your location, and much more.
    
    If you're up for it, there are also phones available which run Linux. PinePhones are fairly cheap and well regarded, and they can run several different flavors of Linux made for mobile. Purism 5 is another. And if you still have an old Nexus 5 laying around you can run Ubuntu Touch.
    
    next step
    
14. Secure your computer OS
    
    
    
    After securing your phone, it's time to consider some options for your computer, be it desktop or laptop.
    
    Whatever OS your computer is using, if you've followed the steps above you will at least be relatively secure in protecting your online activity, including browsing, password use, and the storage of your data.
    
    The most important thing is updates. Make sure you are using the latest version of everything, and that goes for the OS as much as it does for the software you're using. You can set your machine to auto-update so that you don't need to worry about it.
    
    On a Mac, you can also ensure the built-in firewall is activated, and on Windows you can ensure the virus- and malware-detection software is active. However, your machine might still have malware like a keylogger on it, and it can be difficult to detect.
    
    One way to be sure might be to reinstall your existing OS from scratch, only installing the minimum of software, and only from places you trust. There are App Stores on all the OSes that can help with this, as you can be more sure that applications downloaded from regulated App Stores have been checked for most things. Another is open-source software, where the code will have been checked by numerous volunteers.
    
    If there are very personal or private things you want to do, and want to be sure of being secure, there is a way to do so without having to install anything on your computer.
    
    Tails is a portable Linux OS that protects against surveillance and censorship. Shut down the computer and start on your Tails USB stick instead of starting on Windows, macOS, or other Linux distributions. It leaves no trace on the computer when shut down.
    
    Tails uses the Tor network to protect your privacy online and help you avoid censorship. It includes a selection of applications to work on sensitive documents and communicate securely. Everything in Tails is ready-to-use and has safe defaults.
    
    An alternative to Tails that does require installation, but runs on top of your current OS, is Whonix.
    
    Of course, a way to be more sure of being secure, is to install an open-source OS. There are several reasonably secure ones to choose from. Qubes OS and Subgraph OS are both hardened Linux OSes that separate applications completely (but in different ways), so that any single vulnerability in one of them cannot spread to your entire system. They require a lot more work to understand and run successfully, but it results in an almost-perfectly secure system from the start.