Before you go about trying to implement security and privacy measures, you need to understand what you’re protecting against. This is where threat modeling, also known as risk assessment, comes in. Consider whether your threat model includes mass surveillance programs, such as the NSA’s PRISM and Upstream programs, corporate surveillance, such as Google’s data mining for targeted advertising, targeted surveillance by law enforcement, doxxing, or something else. Most of the technologies and advice listed here can reduce the effectiveness of passive, mass surveillance by government and businesses. Please note that if you are the target of active surveillance, you should consult a lawyer instead of reading this guide.

• Identify assets: What is it that you want to protect?
• Identify adversaries: Who might interfere?
• Identify their capabilities: What kind of resources do your adversaries have at their disposal?
• Identify risk: How likely is a threat? How bad are the consequences?

Find a Virtual Data Privacy Day Celebration

The celebrations below are local hosts, part of The International Association of Privacy Professionals:

Rome, Halifax, Bangalore, Luxembourg, Philippines, Croatia, Transatlantic Data Privacy Day, New Delhi, Dublin, Toronto, Philadelphia, Nigeria, Lisbon, Brussels and Munich, Kansas City, Des Moines, and Omaha, Copenhagen, St. Paul, Montreal

More virtual events based in the US, Canada, and Australia

Locking Down Your Digital Identity

Locking down your digital identity is not only for those who are being harassed—it’s good practice in general. However, if you find yourself being cyberstalked, harassed, or threatened with violence, it's crucial. This list of tips is compiled from resources developed by Jon Jones and Jaym Gates and includes an estimate of the time involved so that you can budget accordingly.

SET UP TWO-FACTOR AUTHENTICATION ON EVERYTHING

• What it is: If you log into a website, two-factor authentication works to ensure that you are who you say you are by requiring two sources of verification. This usually means it sends your phone a text message with a random, one-time-use code to type into the box as a secondary password. People almost always have their phones with them, so this is a simple, reasonable security precaution.
• What it does: Makes it extremely difficult for anyone but you to log into your accounts.
• How long it will take: 15 – 30 minutes, depending on how many accounts you have.
• Will I ever have to do it again? No, but set it up when registering on new websites.

USE A PASSWORD MANAGER AND USE UNIQUE PASSWORDS

• What it is: a piece of software that both creates and manages your strong passwords.
• What it does: Creates impossible-to-break passwords for all your websites, and you only need to remember one.
• How long it will take: 30 – 60 minutes, depending on how many accounts you have.
• Will I ever have to do it again? No, but use your password manager to generate new passwords for you when registering on new websites.

Also, disable your web browser from remembering passwords. It’s not safe. You can view all saved passwords in Chrome instantly in plain text if you have the password to the computer.

LOCKDOWN OLD FACEBOOK POSTS AND ADJUST YOUR PRIVACY SETTINGS

• What it does: Locks down all your privacy settings in Facebook, and hides your old posts so people can’t dig through them.
• How long it will take: 15 minutes.
• Will I ever have to do it again? No, but it’s good to check every six months.

Lifehacker has an excellent, comprehensive guide on this topic.

CHECK THE INTERNET FOR YOUR PERSONAL INFORMATION AND THEN CLEAN UP

• What it does: Finds out what personal information on you is available online so you can take it down.
• How long it will take: 15 to 30 minutes, possibly longer if you go through the manual removal request process.
• Will I ever have to do it again? Yes, about every three months or so to be safe.

Spokeo is a particularly powerful information aggregator. You have to go through and click on each instance to request a take-down, but they will process requests. However, if you submit a large number of take-down requests they may block further attempts. To manage this, start with most recent listings first, and move IPs if possible if they block the one you’re working from.

DELETE OLD ACCOUNTS

• What it does: Delete your old, unused accounts.
• How long it will take: 15 to 30 minutes, depending on how many accounts you have.
• Will I ever have to do it again? No.

If you have any old accounts or profiles online that you’re no longer using, go in and delete them. Remove all your information first and overwrite it with fake information just in case, then delete it.

JustDelete.Me gives you site-specific instructions for closing old accounts as well as information on the relative ease of removal.

CONSIDER USING PSEDUONYMS

• If you need to use social media and register for websites but don’t want to use your real name, try the Fake identity generator.

TIPS THAT COST MONEY

If you have your own domain name(s) consider purchasing whois privacy guard.

• What it does: Hides your home address and phone number from your website’s public records.
• How long it will take: 10 minutes.
• Will I ever have to do it again? No, but it’s a small yearly recurring fee to keep it. When you register a domain name, you generally use your real address. This is a problem, especially because swatting is becoming more popular. It’s incredibly easy to look up, and it’s also incredibly easy to secure it. Plug your URL (and remove the parens) into the following address to how to see what information is available now: https://who.godaddy.com/whoisstd.aspx?domain=(yourdomain.com)

Use a VPN

• What it does: Encrypts all of your communications online to keep you private and secure, and very easily.
• How long it will take: 15 minutes to read about it and sign up.
• Will I ever have to do it again? No, just use the VPN application whenever you’re online. A Virtual Private Network, or VPN, is a way to securely connect to websites online using encryption in a way that’s virtually impossible to eavesdrop on or track. There are a wide variety of companies that offer VPN service. It’s inexpensive ($3 to 5 a month), most of them are good, and it’s extremely easy to do.

The United States and Canada started celebrating Data Privacy Day in January 2008. But these countries were not the first to dedicate a day to protecting data. Europe actually started celebrating Data Protection Day decades ago, after Convention 108 was signed on January 28, 1981. Convention 108 was the first official international agreement that addressed data protection and privacy.

The National Cyber Security Alliance, or NCSA, was responsible for bringing Data Privacy Day to North America in recent years in order to educate consumers on how they can have a safer online presence and show organizations how privacy is good for business. The NCSA allows organizations to sign up as Data Privacy Day Champions and provides its champions with an assortment of resources to help educate their employees on privacy in the workplace and at home.

Take some of the steps recommended below, and take control of your data and privacy.

What to do and how to do it, tips from NYT

Secure your accounts

Why: In the past decade, data breaches and password leaks have struck companies such as Equifax, Facebook, Home Depot, Marriott, Target, Yahoo, and countless others. If you have online accounts, hackers have likely leaked data from at least one of them. Want to know which of your accounts have been compromised? Search for your email address on Have I Been Pwned? to cross-reference your email address with hundreds of data breaches.

How: Everyone should use a password manager to generate and remember different, complex passwords for every account — this is the most important thing people can do to protect their privacy and security today. Wirecutter’s favorite password managers are LastPass and 1Password. Both can generate passwords, monitor accounts for security breaches, suggest changing weak passwords, and sync your passwords between your computer and phone. Password managers seem intimidating to set up, but once you’ve installed one you just need to browse the Internet as usual. As you log in to accounts, the password manager saves your passwords and suggests changing weak or duplicate passwords. Over the course of a couple of weeks, you end up with new passwords for most of your accounts. Take this time to also change the default passwords for any devices in your house — if your home router, smart light bulbs, or security cameras are still using “password” or “1234” as the password, change them.

Everyone should also use two-step authentication whenever possible for their online accounts. Most banks and major social networks provide this option. As the name suggests, two-step authentication requires two steps: entering your password and entering a number only you can access. For example, step one is logging in to Facebook with your username and password. In step two, Facebook sends a temporary code to you in a text message or, even better, through an app like Google Authenticator, and you enter that code to log in.

Protect your Web browsing

Why: Companies and websites track everything you do online. Every ad, social network button, and website collects information about your location, browsing habits, and more. The data collected reveals more about you than you might expect. You might think yourself clever for never tweeting your medical problems or sharing all your religious beliefs on Facebook, for instance, but chances are good that the websites you visit regularly provide all the data advertisers need to pinpoint the type of person you are. This is part of how targeted ads remain one of the Internet’s most unsettling innovations.

How: A browser extension like uBlock Origin blocks ads and the data they collect. The uBlock Origin extension also prevents malware from running in your browser and gives you an easy way to turn the ad blocking off when you want to support sites you know are secure. Combine uBlock with Privacy Badger, which blocks trackers, and ads won’t follow you around as much. To slow down stalker ads even more, disable interest-based ads from Apple, Facebook, Google, and Twitter. A lot of websites offer means to opt out of data collection, but you need to do so manually. Simple Opt Out has direct links to opt-out instructions for major sites like Netflix, Reddit, and more. Doing this won’t eliminate the problem completely, but it will significantly cut down the amount of data collected.

You should also install the HTTPS Everywhere extension. HTTPS Everywhere automatically directs you to the secure version of a site when the site supports that, making it difficult for an attacker — especially if you’re on public Wi-Fi at a coffee shop, airport, or hotel — to digitally eavesdrop on what you’re doing.

Use antivirus software on your computer

Why: Viruses might not seem as common as they were a decade ago, but they still exist. Malicious software on your computer can wreak all kinds of havoc, from annoying pop-ups to covert bitcoin mining to scanning for personal information. If you’re at risk for clicking perilous links, or if you share a computer with multiple people in a household, it’s worthwhile to set up antivirus software, especially on Windows computers.

How: If your computer runs Windows 10, you should use Microsoft’s built-in software, Windows Defender. Windows Defender offers plenty of security for most people, and it’s the main antivirus option that Wirecutter recommends; we reached that conclusion after speaking with several experts. If you run an older version of Windows (even though we recommend updating to Windows 10) or you use a shared computer, a second layer of protection might be necessary. For this purpose, Malwarebytes Premium is your best bet. Malwarebytes is unintrusive, it works well with Windows Defender, and it doesn’t push out dozens of annoying notifications like most antivirus utilities tend to do.

Mac users are typically okay with the protections included in macOS, especially if you download software only from Apple’s App Store and stick to well-known browser extensions. If you do want a second layer of security, Malwarebytes Premium is also available for Mac. You should avoid antivirus applications on your phone altogether and stick to downloading trusted apps from official stores.

The impact of COVID-19 and 2020 on Data Privacy

Data Protection and Privacy Legislation Worldwide

from the United Nations Conference on Trade and Development

Pratt Institute: A Guide to Informed Protest, Surveillance and Digital Privacy Resources

Discussed resources attached

• Surveillance Self-Defense: Tips, Tools, and How-Tos for Safer Online Communication: The Electronic Frontier Foundation — a longtime advocate of online privacy — put together a number of guides on safeguarding your digital communications, each of which can be printed into a one-page wallet-sized foldable pamphlet. Their guides on attending a protest and protecting yourself on social networks are also relevant to users of this guide.
• Protest and Digital Self-Defense: A guide to some of the most important Dos and Don'ts of attending protests with a phone or similar digital device.
• How to Protest Without Sacrificing Your Digital Privacy: If you're a peaceful protester, but you don't necessarily want your participation in a demonstration to follow you around or lead to harassment online, what sort of steps can you take around your digital security? Read more to find out.
• Defend Our Movements: Digital Self-Defense Curriculum, This "knowledge base" links to six separate guides on safely securing your phone, computer, communication, identity, and network.
• Five Tips for Organizers, Protestors, and Anyone Documenting Movements: Given the many opportunities for surveillance and manipulation, how can one responsibly document protests against police brutality? The Blacktivists — a Chicago-based collective of trained Black archivists — offer a few quick tips.
• An Activists' Guide to Archiving Video: Learn how to responsibly create, organize, store, share, and catalog video recordings taken at protests.
• How Do I Prepare My Phone for a Protest? Your cellphone's settings may subject you to surveillance tactics from law enforcement. For those of you unable to leave your phones at home, this article offers a list of steps you can take to minimize your risk.
• Electronic Civil Disobedience and Other Unpopular Ideas: A PDF version of Critical Art Ensemble's 1997 book, with theory, insights, and action steps as relevant now as when they were published over twenty years ago.

Security is a Process, not a Purchase

Security isn't about the tools you use or the software you download. It begins with understanding the unique threats you face and how you can counter those threats.

How do people feel about their privacy and data?

12 Steps for Security from PC Mag

51 Data Protection Resources

Source: Digital Guardian