memex/gharbeia.net/content/posts/drafts/what i learned in ten years of digital security training.org

— title: "What I Learned in Fifteen Years of Digital Security Training" date: 2004-01-01T00:00:00-00:00 draft: true —

## Introduction These is the main lessons I have learned after more than 12 years helping people and organisations improve their privacy and security while using technology

Be ready to learn. ICT is not ready for average people. It still cannot run as easily as a toaster or a washing machine. Accept you will have to do some learning, and it can be fun, empowering, and even profitable.

1. (data) Backups: Your data is all that matters in the end and is the only thing that cannot be retrieved, unless you have backups. Forget about hacking, surveillance and everything else, whatever loss or harm that will come to you is most likely to come from yourself by not being vigilant, from people you personally know, and then finally from corporates and govrenments.
2. (devices) Update your software
3. (devices) Less mobiles, more computers. Safer, but also better for your quality of life. Don't use other peoples devices (or let them use yours)
4. (devices) Consider moving to open-source software if it works for you.
5. (data) Use a password manager, but only after you have a good backup routine
6. (data) Localise: it isn't yours until you are the one who control it
7. (data) Compartmentalise: first identities, then accounts, then software, then hardware and connection
8. (devices) Use browser add-ons
9. (data) Reduce accounts at 3rd parties: a good benefit of using a password manager is you will eventually be able to count how many accounts you have. Do you need them all? What is your reduction strategy?
10. (data) Reduce posting: be privacy conscious/the joys of switching off
11. (data) Reduce trace: Delete/Download your data. Search for your name, be surprised of the results and see if you can do something about it. Data Protection Act and GPRD may help you here.
12. (data) Reduce tools: one encypted messenger, two email accounts, two/one/none social media accounts
13. (devices) Reduce devices and apps on devices.
14. (data) Use a private connection via a VPN
15. (devices) Reduce public Wifi, unless you have a good reason to. Get a mobile router
16. (data) learn to use encryption: but not until you have a good backup regime. Being in Linux or Mac helps make it a less steeper learning curve.
17. Home server: Freedombox, BTC full node, Lightning node, BTCPay server, Jitsi, Calibre, Zotero, Kodi, emergency desktop
18. Keys: Nemonic, Trezor, OnlyKey
19. (data & devices) Now finally you can worry about hacking. First mass surveillance, then phishing and stealing accounts, then intrusive targeted surveillance
20. (data) Be reasonable with your panic levels. Your Targeted surveillance costs A LOT. To your government adversary, you are most likely not worth the cost of using hi-tech instrusive surveillance.
21. (data) Make it safer for everyone, know what you only need to know. Say only what you need to say and trust.
22. Love on the internet: dating apps, LGBT, sex pics, revenge porn…
23. Maybe you want to use the law.

This is a guide for the average person. Activists? Do all of the above first, then let us talk. Get in touch with these people.