User:Vincentule/ModernSecurityProtectionGuide
This guide provides a more complete set of privacy protection solutions for pro-democracy activists, dissidents of authoritarian/dictatorial authorities, trade unionists, and anyone who realizes the value of privacy to individuals.This project has made a lot of references to the blogs ofDigital-Privacy、编程随想,and iyouport.
Concise advice
1. The device with the most serious privacy violation and surveillance is the mobile phone, various proprietary software such as WeChat, Tencent QQ, Alipay, Taobao, Sogou input method, and the National Anti-Fraud Center APP are the main force of such behaviors.We recommend that you use comparable free software instead. Given that the vast majority of people cannot escape the control of the proprietary software mentioned above, you can prepare more than two mobile devices, and only communicate without sensitive content on the device with the proprietary software. The same on a personal computer.
2. Use different nicknames and avatars for each social, video, news and other platform. Especially for platforms in democracies, there must be a clean separation from platforms in authoritarian/dictatorial countries.
3. Do not use uniform and similar passwords on multiple platforms. It is possible to use a password manager, but doing so requires a constant and high level of attention to the security of the password manager itself. In fact, using a good physical password pad is also a good option.
4. Always distrust the clarifications and statements made by various companies after their misdeeds were exposed. Don't trust any company that doesn't do evil.
5. Control your desire to show off on various platforms. The fewer traces left on the network, the safer it is to be tracked.
6. Try not to use the browser's "remember password" function. There are many forensic tools for browsers, and it is easy to extract cookies, browsing records, saved passwords, etc. The "remember password" feature of browsers in authoritarian/dictatorial countries must not be used.
7. Don't think that it is safe to use a virtual machine and use VPN. WebRTC leaked IP, browser and canvas fingerprints, DNS leaks, system time, browser 0days, etc., can all be traced to certain information.
8. Clean up the accumulated information such as emails, text messages, call records, recycle bins, etc. on a regular or irregular basis.
You should not use proprietary software or services
A detailed link explanation of proprietary software has been given above. In most scenarios, you can also simply understand it as software that does not release source code. For example, there are many software in mobile phones such as WeChat, Alipay, etc., and many software in PC computers such as 360 Guardian, Microsoft Office, etc. They are the greatest threat to personal privacy and security.
There are many users who think that these proprietary software can be used safely without granting the various permissions they apply for. This idea is very naive. As long as these proprietary software can connect to the Internet, they can record and report data and metadata generated by various users using the software. At the same time, a personal mobile phone itself is a device full of loopholes, and there are many ways to obtain various information of personal privacy.
Regarding metadata, here is a more detailed explanation. Compared with ordinary data, such as chat records, files stored in the machine, etc., metadata does not have specific data content, but records other information related to these data, such as when the communication is carried out, when the device is turned on and off. When the mobile phone user communicates with whom during which time period, when the user opens WeChat, what functions are used in WeChat, etc. These metadata may seem less valuable than the actual data, but they are still powerful enough to allow authoritarian government surveillance agencies to easily obtain information about a natural person.
We recommend readers to use open source alternatives to the relevant proprietary software, if you have an Android phone, you can install F-Droid Open Source App Store , find and install each kind of open source software. If you have to use these proprietary software for practical reasons (for example, in China, it would be impossible to do anything without the health code function provided by WeChat or Alipay), then installing these proprietary software on a separate device may be the best option at present.