You cant hide from cyberspace. Its here and it sees you, and shares with anyone who sees it.
Below are some steps to make your personal data less beacon-light out there
And a few cyber-hygine things worth your effort. This can be a very deep rabbithole, so Ive written them in order of where to start and effort-level.
There will be a Swedish part of this, please try to think about your own similar tools there
urgent settings I recommend for all
1) - - - - - - - -
(set require Authentication apps not just a password as described here)
2) - - - - - - - -
Get an e-ID
For example BankID or Freja ID
3) - - - - - - - -
Ensure you have a digital inbox for all your government papers and bank papers etc.
Im Sweden for example we use Kivra. Its important you research who stands BEHIND this service since you are trusting them with important stuff.
This means people cant as easily order stuff in your name and steal it from your inbo
4) - - - - - - - -
Block changing your physical address without e-ID
(in Swedish, skatteverket adressändring needs BankID)
https://www.skatteverket.se/privat/etjansterochblanketter/allaetjanster/tjanster/sparraobehorigadressandring.4.361dc8c15312eff6fd123f5.html
This means its less easy to change your snail-mail address somewhere else and pretend they are you ordering things in your name, taking bankloans etc.
Enable “force e-ID” at personal-data collectors like places like Klarna.
if possible demand BankID for buying online with a card, or via paper invoice
yes this means blocking those vendors not supporting e-ID and those verifications.
Yes if you check “remember my card” at any place, now is the time start paying attention when you but stuff and enable forcing this for next time. Even better would be to revisit where you buy stuff and do everything now but I know you wont do that.
5) - - - - - - - -
Disable data/choices storage the services you use. For example, for each google email AND find similar settings in any other search, email or other provider
I recommend you set everything to off but even if you dont change anything. Logon and check yourself what’s already there being sold to anyone.
https://myactivity.google.com/activitycontrols
Check it and Disable all
Choose what others see about you
https://myaccount.google.com/people-and-sharing - be aware of what you share
https://www.linkedin.com/psettings/data-privacy
6) - - - - - - - -
Many services include a security and privacy check. They are walk throughs that I suggest you do
https://myaccount.google.com/data-and-privacy
https://help.dropbox.com/accounts-billing/security/security-checkup
https://myaccount.microsoft.com/security-info
7) - - - - - - - -
Check with your phone carrier if they have an options that blocks ordering a new simcard without signing with an e-ID or similar. A common scam is buying a new simcard in your name and then they can reset your accounts using the phonenumber
(That’s also why an Auth APP is way way better than just a phone-number)
8) - - - - - - - -
I also recommend a VPN for privacy, it doesnt help much with security and if you’re not conciously very active with your cookies and other tracking tools VPN doesnt help with privacy either.
the privacy VPN might give is instantly ruined if you are not mindful of how you behave online at all times. its not a just install quickfix. Your actions will betray you.
I use Banhof’s VPN and recommend you to thourogly backgroundcheck who’s VPN you choose.
Hide public information from listing in places it gets mass-copied from
This step doesn’t matter much unless you disable sending your data out from the services described above so do those first otherwise you might find that you bounce back to below places automatically at a future refresh.
Find your local variants as these are Swedish. They are not the only places you need to clean from either.
Note that the services that don’t make it easy for you do it because they don’t want you to opt-out, making them have less data to sell to other people
1)
Call your phone carrier and ask them to NOT share your number for listings.
In Sweden. This is important otherwise it will re-appear below
2)
https://nixa.nixadresserat.se/#/login (BankID
3)
SPAR (BankID)
4)
https://www.statenspersonadressregister.se/master/start/dina-personuppgifter/reklamsparr (företag
5)
https://www.hitta.se/kontakta-oss#ta-bort-kontaktsida (bankID)
6)
https://www.eniro.se/ta+bort/personer (bankID)
7)
fill in below form. You will recieve another form that you need to sign and send in https://upplysning.se/kontakta-oss
https://www.ratsit.se/kontakt
https://www.birthday.se/kontakta
https://mrkoll.se/om/kundservice-publicerade-uppgifter
and countless more, disable as you stumble on them
8)
Set your web browsers default page/search to
https://ecosia.org ,
https://DuckDuckGo.com or similar
9)
OBS im not active on facebook, Instagram and those services.
Please doublecheck your checkboxes there too.
Important Cyber Hygiene that is less quick
1) Verify that your webcam has a physical block, and that it have a microphone that you cant turn of physically. (or none at all, since you mostly will use a dedicated headset that is better)
Make a habit to intentionally block the webcam immediately after meetings, even if its just 30 minutes to the next one. Turn it to face the wall if you don’t have a block
This is to protect you from yourself at a bad time AND more importantly in case someone manage to control your webcam.
2) Verify that you can physically disable your microphone. There are scary tools like
https://github.com/ggerganov/kbd-audio out there
Likewise. Get in the habit of muting physically when you’re not talking.
if you want to be safe, don’t type your passphrase on your keyboard while in a meeting at work cause you don’t know whats around you, or while streaming before hitting the mute 10 second button.
3) Enable encryption on your drives local storage.
If you have the pro version of windows you have bitlocker built it.
Sure from now on you need to type something before every restart but its WAY worth it.
Without this, if your computer gets stolen, anyone can just copy the important parts somewhere else and they have all that is yours.
If you don’t have pro its not fully automatic but stuff exists.
Easiest might be using tools like VeraCrypt or BoxCryptor
VeraCrypt also serves purposes if you for example serve multiple organisations from the same computer and dont want to open at the others site etc.
Ask yourself it its for you too. Make a choice yes or no, don’t wait with it.
1. I recommend you use a postbox for your company snail-mails. If you have one.
This means your home address wont automatically end up on online maps and be displayed to anyone searching nearby for anyone. Or with more wicked intent.
You can find those in a lot of places. I use Postnord.
2. Many suppliers like Telia also have pages on your account that allows you to disable different types of marketing. I suggest disable all that’s not relevant
https://www.telia.se/privat/mitt-telia/mitt-konto#Marknadsforing
Remove your ”ID” emails from newslists etc using tools like
https://joindeleteme.com/privacy-protection-plans
Put a yearly reminder because you need to redo this often.
A lot of services sneak they way back into collecting your data
1) Ensure you actually have multifactor authentication all all your listed services
2) Ensure services only have the synks and permissions enabled that you still use
For example a lot of apps connect to dropbox.
Go here and remove ALL that you don’t know exactly why they need it.
if its important you will get the chance to re-add it again
a. https://www.dropbox.com/security_checkup
3) Disable “Display images” and “Dynamic contents” in your email apps on your phone, tablet, computer. For example in gmail for go to settings, then do each for one account scroll to the bottom and uncheck “Display images” and “dynamic contents”
I also recommend talking to family members and friends about fullmakter and
Some tools lets you help your elderly and such.
Freja e-ID for example lets you preview choices in anothers phone, they decide but they can feel safer knowing you might understand better what they are signing live when they are doing it
Framtidsfullmakt is something like the power of attorney IN CASE OF something happens and you need to make a decision for somemeone elses benefit. For example your spouse gets stuck in a coma in a car accident and you cant even pay your family bills because it was in the spouses name.
Only do it with those you trust long-term but please do it ahead of time.
Also for example banks require their own formats, a signed paper might not be enough
https://www.demensforbundet.se/att-vara-anhorig/lag-och-ratt/framtidsfullmakt/
https://www.swedbank.se/privat/juridiska-tjanster/fullmakter/framtidsfullmakt.html
https://www.telia.se/privat/mitt-telia/mitt-konto/fullmakter
Want to know more?
Create a list of your emails and try each of them here
https://haveibeenpwned.com
Surf here and click ”test”
https://coveryourtracks.eff.org
https://www.imy.se/verksamhet/kreditupplysning/
Cert.se’s megamap of known infected computers right now.
please note that most infected computers are unknown, thus not counted
Dark Patterns
https://www.linkedin.com/posts/katharina-koerner-7311b2105_dark-patterns-in-person-data-collection-ugcPost-6929465534149251072-Zu7E
darkpatterns.org The term dark patterns was coined in 2010 by Harry Brignull, who launched darkpatterns.org, and defined DP as “tricks used in websites and apps that make you do things that you didn't mean to, like buying or signing up for something."
I suggest disabled tracking using no-script
My setup is also like this
TODO: This section is not created yet.
Basically I use 4 web browsers. And yes I know you can use containers in Firefox nowadays but I’ve done this since forever.
Browser 1 - Brave.com - for my work email, and work related
browser 2 - Chrome - for my podcast emails, and those stuff
browser 3 - XXX For our family calendar and those stuff
browser 4 - youtube autologin no ads
browser 5 - Webserach ecosia.org and all “just browsing" independent
Using Lastpass to share passphrases between them etc.
All of them delete all at exit
Multiple browsers also are handy due to you ONLY allow mic & webcam in the browser you actually MIGHT use for connecting live with others. You don’t need them for your async work. mind your permissions needed.
Multifactor auth reminders. Have you enabled it for these services?
https://www.linkedin.com/psettings/two-step-verification
( I use Microsofts Auth App since it keeps the process within one organisation, no point in sending activity data elsewhere)
Dropbox? Microsoft? Google?