I am a proponent of security and privacy, especially related to technology and in an online setting. With that said, here are some things I do to help secure my own privacy and security while helping others to do so as well:
- I only run Linux. Proprietary operating systems cannot be trusted because there is no way to audit what their binaries actually do. Also, some companies have previously acknowledged cooperation with various government intelligence agencies or made decisions that are highly suspect. (Intel ME, NSAKEY or Dual_EC_DRBG, anyone?)
- Encrypt the web! The Electronic Frontier Foundation's HTTPS Everywhere extension for Firefox and Chrome automatically rewrites plain HTTP links to their corresponding encrypted counterparts. Browsing via HTTPS makes it harder for a third party to see what data is being transferred.
- Sign and encrypt emails! I use gpg to digitally sign and encrypt emails. By using public key encryption, each person can have their own unique encryption/decryption key that only they know and can use. Users can also certify other keys as belonging to a person by exchanging signatures. (You can view my policy here.)
- Use two-factor authentication with hardware-backed devices. Using two-factor auth makes it vastly harder for the bad guys to break into accounts, as they need more than just your password. Physical devices can make things even more secure, as it's harder (or impossible) for malware to intercept the actual credentials that only reside in the silicon.
- My personal servers prefer encrypted connections: My email server advertises STARTTLS and attempts to use TLS itself when sending. My web server makes use of only strong, modern encryption and forward secrecy to protect recorded traffic from later malicious compromise of the secret encryption keys. (You can see a SSL report for my site here.)
- I don't heavily use Facebook or other social media sites, since I dislike being the product. (Advertisers and data mining groups are the real users of social media.)
- All disks are encrypted with 256 bit AES to protect their contents if stolen, and the master key has only ever existed in a hardware security device. Linux supports block-level encryption and has a very nice interface through the
Additionally, there are some things I used to do, but cannot any longer due to circumstances beyond my control:
- Brad Spengler took his ball and won't play anymore, which is unfortunate.
Harden the Linux kernel with grsecurity. My servers run kernels that have been patched with grsec to help apply additional hardening. While it's not a silver bullet, it does help reduce the attack surface and makes several classes of attacks much more challenging or impossible.
- Blah, comcast EULAs, so I can't safely run Tor from home. If only there were true competition among ISPs...
I run a Tor relay (stats). The Tor network can be used to help make identifying network users more difficult by bouncing their traffic all over the world. While it is true that Tor is used by people with malicious intent, it is also relied on by activists and whistle-blowers around the world for protection from retaliation.