Future of personal security and privacy, upcoming trends.
A few years ago I got into improving my knowledgebase of personal security - theory and tools - but it didn't go much farther than reinforcing everything with 2FA and setting up a password manager, plus setting up a VPN and full disk encryption.
It seems like we're amidst a rising tide of data breaches due to, IMHO, laziness and cheapness on the part of many companies storing personal data.
So, recently I've embarked on my second journey to improve my own security via habits and software and teaching myself. Privacytools has been a super helpful resource. My main lesson this time is to take ownership/responsibility for my own data. To that end, I have switched to KeyPass with yubikey 2FA (still trying to figure out how to get 2FA with yubi on my android without NFC), moved over to Joplin for my note taking (away from Google and Evernote) and also switched to NextCloud for all of my data storage and synchronization. I'm also de-Googling myself, current due-date is end of March when Inbox is shut down.
So my question / discussion topic here, is, what are everyone's thoughts on the future of practical personal security and privacy? More decentralization and self-hosting? That's what it looks like to me. Blockchain tech would be cool for public objects like news articles, images etc. but from what I understand that has zero implication for anything personal. The other newish tech is PGP signatures, which I'm still having trouble implementing/finding use for, but surely that will change.
There is this topic but that ended up just being about encryption which I think is a no-brainer at this point. I'm more so looking for the leading edge trends.
Oh yea, I totally forgot about threat models, it's just so intuitive for me now I do it implicitly.
Do you think, though, that there can be a near-universal threat model that can apply to most people? For example, surely all of us have embarrassing photos (not necessarily nudes) on some cloud / someone else's computer at this point, not to mention the high frequency of data breaches on many popular sites. In this manner, people don't need to really sit down and think about their own personal threat model, just the bare bones (like locking the front door of your house when you leave).
I’m a proponent of James Mickens’s “Mossad / not-Mossad” threat model for this sort of thing.
http://scholar.harvard.edu/files/mickens/files/thisworldofours.pdf
There's a point we reach that we can't do anything sadly because of our surroudings. I can encrypt every message i want, but what for if nobody uses encryption?
What can i do if my entire country is tied to WhatsApp for example? Die alone using Matrix or Signal?
I already deGoogled myself (kinda, i still have google drive, but everything i put there is encrypted), but the next step is almost impossible to implement for me.
Yea, that's my biggest issue - having my contacts adopt secure communication. That's why I'm trying to focus on the practicality. It's a slow and steady uphill battle convincing others to use e.g. Signal.
My hope is that tech like secure messaging becomes the norm for communication
I like the Mastodon model of approaching the platform paradox. Making self hostable software that all the power users can set up, and running a base instance that all the "regulars" can join. All while keeping it interoperable. Some manner of centralization okay so long as the company/person running it are trustworthy.
Yea, I mostly agree with you there. My biggest issue is that trustworthy now doesn't mean trustworthy later. But it seems that it's possible to design safeguards into the platform so that it's not too top-heavy, as I think Mastodon does.
It's definitely a difficult issue, as the only way to know for sure what's happening with your data is to manage it yourself, but not everyone, most people in fact, don't want to be a sysadmin.
I'm definitely taking my own steps towards the self hostable model in that I'm build a suite of my own. Complementary to my other comment, I believe in giving people the power to host it all if they want, while running a pre-hosted version if people just want to sign up.
The first step in that suite is https://github.com/nektro/andesite with many more projects to come.
Wait, so what is that exactly? I'm familiar with terms but a bit naive with respect to the back-end of things.
It's a custom web file server that allows site operators to whitelist access to files/folders through OAuth2 and in a readonly way. You point it at a directory of files you want to share, and then people that visit the site are only given the folder listing provided to them by the site admin.
I have become extremely paranoid online. I use a VPN on my phone and pc. I only message with signal and have forced my close friends to use it (lol). I create new forum accounts every so often and delete all data from old ones. I know a lot of people dont like lastpass but i have no problems with it and use it. I have firefox set up on my phone and pc with privacy extensions and about:config configs. I am almost done degoogling just have to finish switching all my gmail over to tutanota. I deleted my social media. I could go on and on lol.
From what I understand, they're just taking features from Inbox and adding it to Gmail, not sure where they're at with that because I've exclusively used Inbox since it was beta a few years ago.
Depending on exactly how you set it up, it might be as simple as ticking a box when you install your operating system to say "encrypt my hard drive pls".
Maths. The data written to your hard drive is encrypted before it gets written, and unless you know the encryption key (usually a passphrase, but sometimes a physical security key), you can't decrypt the data.
Not by any noticeable amount on a computer manufactured in the last decade.
Depends on how it's set up; I have to enter a passphrase every time I turn on my laptop (separately to my login passphrase), but you could probably set it up so you only have to enter one passphrase.
To add to this, FileVault is preinstalled on every mac-- it's super easy to set up and just slows your computer down for a few hours while it encrypts everything (that's a one-time deal). Besides that, it's mostly set-and-forget, and all you have to do is enter your password each time you boot your computer (so yes, there's one more signon page).
ALSO, if you're using a Mac, please add a firmware password. Without it, anyone can boot your computer into single user mode and create another admin account. It adds zero overhead (unless you're booting into recovery or other disks often, though it's still worth it then) and greatly improves the security of your computer.
Bitlocker is an option, but I think most people here would advise against it (though it is better than using nothing). Look into some of the options on the PrivacyTools.io site that as linked in the topic post.
Check out link to another thread.
Short answer is it's super easy, painless and effective.