- Use an iPod or an iPad without a SIM card
- Use an iPhone
- Do not jailbreak
- Always upgrade to new iOS versions
- Use Brave browser
- Use Signal (iOS + Android)
- Use Wire (iOS + Android)
- Avoid desktop versions
- Optional: use an iPad [Pro] with a smart keyboard
- register Signal w/ a phone (burner, anonymous SIM, etc)
- register Wire w/ an email address (ProtonMail is free)
- Optional: use an iPad [Pro] with a smart keyboard
- Use Conversations w/ OMEMO (Android, unfortunately the only implementation of OMEMO for general use right now)
- Use Coy.im on desktops
- Do not use: Telegram, LINE, Kaokao, WeChat, Viber, Hangouts, etc.
- WhatsApp, Facebook Messenger (Private chat), are acceptible (high security, high surveillance)
- Do not root your device
- Do not enable Developer Mode
- Use a Nexus or Pixel (gets latest patches w/o carrier/vendor barrier)
- Run the latest version, always
- Optional: run CopperheadOS
- Optional: use a flagship Samsung (or Nokia) purchased direct, not through a telco
- These devices tend to get timely security updates
- Don't have a Nexus or Pixel? Install LineageOS (official builds only)
- Run the latest version, always
- Use Brave browser
- Do not enable developer mode
- Use Termux for a console environment
- Use 10 or 8.1, nothing earlier.
- Use EMET
- Do not enable macros. Ever.
- Find and disable Flash
- Install patches and updates immediately
- Enable the firewall
- Disable "signed apps"
- Enable "block inbound"
- Optional: enable "stealth"
- Install Objective-see tools
- Do Not Disturb
- BlockBlock
- KnockKnock
- RandsomWhere
- Oversight
- Enable full disk encryption (FDE)
- Require a password to unlock
- Apply patches
- Use backups. Secure your backups, they contain your secrets.
- Use KeePass, free, cross platform, but clunky UI/UX
- Use 1Password, not free, iOS/macOS, good UI/UX
- Never use a cloud based password manager
- Never enable integration between your browser and password manager
- Enable two factor authentication whenever possible
- Use Chrome
- Use Edge
- Do not use Safari
- Do not use IE
- Do not use Firefox, yet (until they enable sandbox by default)
-
Install
uBlock Origin
-
Install
HTTPS Everywhere
-
Install
uBlock Origin Extra
-
Optional: Install
Privacy Badger
-
Disable Flash (on Chrome you can still right click to play)
- (Self hosted option: algo) - Best
- ProtonVPN offers free VPN service - Ok
- CryptoStorm has a privacy preserving business model - OK
- Use WireGuard, self hosted, still new but very promising - Good
- Use Freedome (iOS, Android, macOS), not free, trivial to use - OK
It might be useful to specify the audience for this, especially if it helps those people clue in that they should really pay attention to this list.
"Apply patches" is tough in practice for most users. "Favor automatic updates" might be the corollary.
Passphrase might be a better term than password. And you might want to specifically mention enabling the lock screen (so many people don't) and using numeric passes rather than swipe patterns.