- Use an iPod or an iPad without a SIM card
- Use an iPhone
- Do not jailbreak
- Always upgrade to new iOS versions
- Use Brave browser
- Use Signal (iOS + Android)
- Use Wire (iOS + Android)
- Avoid desktop versions
- Optional: use an iPad [Pro] with a smart keyboard
- register Signal w/ a phone (burner, anonymous SIM, etc)
- register Wire w/ an email address (ProtonMail is free)
- Optional: use an iPad [Pro] with a smart keyboard
- Use Conversations w/ OMEMO (Android, unfortunately the only implementation of OMEMO for general use right now)
- Use Coy.im on desktops
- Do not use: Telegram, LINE, Kaokao, WeChat, Viber, Hangouts, etc.
- WhatsApp, Facebook Messenger (Private chat), are acceptible (high security, high surveillance)
- Do not root your device
- Do not enable Developer Mode
- Use a Nexus or Pixel (gets latest patches w/o carrier/vendor barrier)
- Run the latest version, always
- Optional: run CopperheadOS
- Optional: use a flagship Samsung (or Nokia) purchased direct, not through a telco
- These devices tend to get timely security updates
- Don't have a Nexus or Pixel? Install LineageOS (official builds only)
- Run the latest version, always
- Use Brave browser
- Do not enable developer mode
- Use Termux for a console environment
- Use 10 or 8.1, nothing earlier.
- Use EMET
- Do not enable macros. Ever.
- Find and disable Flash
- Install patches and updates immediately
- Enable the firewall
- Disable "signed apps"
- Enable "block inbound"
- Optional: enable "stealth"
- Install Objective-see tools
- Do Not Disturb
- BlockBlock
- KnockKnock
- RandsomWhere
- Oversight
- Enable full disk encryption (FDE)
- Require a password to unlock
- Apply patches
- Use backups. Secure your backups, they contain your secrets.
- Use KeePass, free, cross platform, but clunky UI/UX
- Use 1Password, not free, iOS/macOS, good UI/UX
- Never use a cloud based password manager
- Never enable integration between your browser and password manager
- Enable two factor authentication whenever possible
- Use Chrome
- Use Edge
- Do not use Safari
- Do not use IE
- Do not use Firefox, yet (until they enable sandbox by default)
-
Install
uBlock Origin
-
Install
HTTPS Everywhere
-
Install
uBlock Origin Extra
-
Optional: Install
Privacy Badger
-
Disable Flash (on Chrome you can still right click to play)
- (Self hosted option: algo) - Best
- ProtonVPN offers free VPN service - Ok
- CryptoStorm has a privacy preserving business model - OK
- Use WireGuard, self hosted, still new but very promising - Good
- Use Freedome (iOS, Android, macOS), not free, trivial to use - OK
Then you have TWRP anyway and you are vurnabile then.
Samsung supports FDE only on official stock firmware. Knox gets completely disabled when you root or flash custom firmware.