This is an ultimate privacy guide for general audience with hints for power-users.

Your digital footprint is the trail of data you leave behind when using the internet. It’s like a set of digital fingerprints that can potentially be traced back to you.
This includes:

• Personal information shared on social media
• Browsing history and search queries
• Online purchase records
• Location data from your devices
• Emails and instant messages
• Files stored in cloud services
• and much more

VPNs

A Virtual Private Network (VPN) is a service that helps protect your online privacy and security. It works by creating a secure, encrypted connection between your device and the internet, making it harder for others to see what you’re doing online or where you’re connecting from. While it hides your IP address, the VPN provider can see everything and it requires you to trust them.

A handful of companies own lot’s of “Free” VPNs and one can speculate that they are collecting info to sell or on behalf of someone for something. So avoid that 🙂

Technologies:

OpenVPN: Secure and configurable, operates on TCP and UDP but may be slower due to encryption.
WireGuard: Simplistic, fast, uses modern cryptography but has fewer security audits.
IKEv2/IPsec: Quick connection recovery, ideal for mobile devices, fast but less compatible than OpenVPN.

Free

ProtonVPN: Unlimited bandwidth on three server locations, strong privacy policy with no user activity logs.
Windscribe: 10GB per month free, supports multiple devices, and offers robust encryption.

Self Hosted

Outline VPN: Developed by Jigsaw, this tool is user-friendly and geared towards self-hosting, offering full user control.
WireGuard: Lightweight and fast, suitable for self-hosting with tools like PiVPN.

Paid:

ProtonVPN: Offers advanced features such as Secure Core (which routes traffic through multiple servers), Tor over VPN, and P2P support. Paid plans provide access to all server locations and higher speeds
Mullvad: Known for its commitment to privacy, Mullvad does not require any personal information for signup and accepts anonymous payments, including cash. It supports IPv6 and has undergone security audits.

Password Managers

A password manager is a secure digital vault for all your passwords. It helps you create strong, unique passwords for each of your accounts and stores them safely, so you only need to remember one master password to access all your other passwords

• They can also store other sensitive information like credit card details and secure notes
• Pro Tip – Remembering dozens of complex passwords is a recipe for disaster.

Security Mechanisms:

End-to-end Encryption: Ensures that decryption keys are stored only on the user’s device, not on the central servers, making it impossible for the provider to access the contents.
Zero-knowledge Architecture: The provider cannot access any user data, including passwords and secure notes, as encryption and decryption occur exclusively on the user’s device.

Free:

Bitwarden: Unlimited password storage across devices, user-friendly with strong security.
KeePass: Open-source, encrypted local storage, highly customizable with various plugins.

Self-Hosted:

Vaultwarden: A lightweight, self-hosted version of Bitwarden, allowing you to retain full control over your password data.
KeePassXC: Enhanced KeePass version with better cross-platform support, can sync using Syncthing or Nextcloud.

Paid:

Bitwarden Premium: Features include advanced 2FA, emergency access, and 1GB encrypted file storage.
1Password: Offers user-friendly interface and family sharing.
Proton Pass: Part of Proton ecosystem, integrates seamlessly with other Proton services

If you use an Free Password Manager, use 2FA via a seperate app like 2FAS or Authy

Secure Mail

Secure email services offer enhanced privacy features compared to traditional email providers. They use encryption to scramble your messages, making them unreadable to anyone except the intended recipient.

• This prevents unauthorized access by email providers (for targeting and advertising), hackers, or government agencies.

Email Protocols:

SMTP: Standard for sending emails, secured with STARTTLS.
IMAP: Manages emails directly on the server, ideal for multiple device access.
POP3: Downloads emails for local storage, deleting them from the server.

Free

Proton Mail: 500MB storage, end-to-end encryption
Tutanota: 1GB storage, fully encrypted service.

Self-Hosted

Mail-in-a-Box: An easy-to-deploy, self-hosted mail server that includes everything you need for secure email hosting. It automates many setup tasks but requires maintenance.
Mailcow: A more comprehensive and customizable mail server suite that includes various security features and can be tailored to specific needs.

Paid

Proton Mail: More storage, custom domains, and IMAP support.
Tutanota: More private, more storage, custom domains & priority support.
Fastmail: Focus on usability and integration.

Internet Privacy

• A web browser is the software you use to access the internet, like Chrome, Firefox, or Safari.
• Choosing privacy-focused browsers, extensions, and using email aliases (to hide your real email address) can significantly reduce tracking, data collection and profiling.

Solutions

Browsers

• Firefox: Currently the best option, use Librewolf (Based on Firefox) for even stricter settings and no telemetry.
• Brave: Built on Chromium, Brave blocks ads and trackers by default, integrates Tor for private browsing, and is available for all platforms.

Email Aliases

• Email aliases are alternative email addresses that forward messages to your main email account. They’re like having multiple mailboxes that all deliver to your house.
• Using email aliases is like giving out a different phone number for each service you use, all of which redirect to your main number. This way, if one number starts getting spam calls, you know exactly which service leaked your information and block it
• DuckDuckGo – Free aliases
• Simplelogin – Free version has only 10 aliases, paid has custom domains, multiple mailboxes and unlimited aliases for $30/year

Extensions:

• uBlock Origin: An efficient and powerful ad blocker that also blocks trackers and malware.
• Privacy Badger: Developed by EFF, it blocks trackers based on their behavior rather than a predefined list.
• HTTPS Everywhere: Ensures that your browser uses HTTPS connections whenever possible.
• Decentraleyes: Locally emulates CDN resources to prevent tracking by third-party CDNs.

Search Engines:

• DuckDuckGo: Privacy Focused but can lead to non personalized results as it doesn’t know about you.
• Startpage: Better results than DuckDuckGo and promises to be private
• SearxNG: Privacy-focused metasearch engine that can be self-hosted, does not track users. Can be self hosted

Hardware Security

Hardware security involves using physical devices and encrypted drives to protect your data, it is often overlooked and you should not.
VeraCrypt: Open-source disk and partition encryption.
BitLocker: Available in Windows Pro and Enterprise, provides full disk encryption.
Strong BIOS/UEFI Passwords: Essential for preventing unauthorized booting & firmware modifications.
YubiKey/Similar Products: Offers strong two-factor authentication with support for various protocols.

Secure Messaging

Many popular messaging apps don’t provide strong privacy protections. Messages sent through these apps could potentially be read by the company that owns the app or by hackers

• Messenger, Instagram, Discord & SMS are not secure, they can be read by third party.
• Most people are on WhatsApp & you can’t stop using it, so turn on encrypted backups and the 6 Digit PIN.
• For closed ones whom you can convince, switch to Signal. It’s open source and best (even has protection against Quantum Decryption)

Data Storage

Skip Google Drive and Onedrive if you require privacy and can trade off features and usability
Proton Drive Secure Cloud Storage with End to End encryption
Nextcloud: Self-hosted cloud for file storage with encryption.
Syncthing: Secure file synchronization across devices with end-to-end encryption.

DNS

DNS stands for Domain Name System. It’s like the internet’s phone book, translating website names into IP addresses that computers can understand. Using a secure DNS service can help protect your privacy by encrypting this process.

• NextDNS: Supports DNS over HTTPS (DoH): Encrypts DNS requests to prevent ISPs from tracking browsing habits, enhancing privacy.
• Offers DNS-level network-wide protection, can also block ads, trackers and much more.\
• Adguard DNS – Supports blocking ads and trackers.

Jurisdiction and Privacy

Companies based in Fourteen Eyes countries may have to share data with governments, affecting user privacy.
Also note that Proton has complied with 5000+ legal requests last year, despite being in Switzerland (Not in 14 Eyes)
For ultimate privacy, you have to self host or use such products from companies which can’t have the ability to see your data or IP.

Additional Privacy Measures

1. Regular Software Updates: Keep all your devices and software up to date to protect against known vulnerabilities.
2. Encryption: Use full-disk encryption on all your devices to protect data at rest.
3. Social Media Privacy Settings: Regularly review and adjust privacy settings on social media platforms to control what information is publicly visible.
4. Data Minimization: Only provide necessary information when signing up for services. Use temporary email addresses for one-time signups.
5. Operating Systems: Consider using privacy-focused operating systems like Tails or Qubes OS for sensitive work. If you need Windows, use O&OShutUp to disable tracking and telemetry.
6. Metadata Removal: Use tools to remove metadata from files before sharing them online.
7. Network Security: Use a firewall and consider setting up a Pi-hole for network-wide ad and tracker blocking.

Bonus

• https://www.privacytools.io