how 2 be safe on the internets
By: Eleanor Opossum (find me on the twitters)
Alight, serious time for a moment. This is a guide with some basic information regarding privacy on the internet. IT IS NOT an "end all be all" to internet privacy and safety. I am not perfect, nowhere near it in fact. However, I do know more about internet privacy and safety than the average bear, well, at least I like to think that I do. Anyway, this guide will cover (what I think are at least) the basics of being safe on the internet. This guide will cover things like recommended browsers and extensions, recommended alternatives to popular sites and services, recommended software, and more (probably?).
- General Information
- The Basics
- Social Media
So, you wanna learn how 2 be safe on the internet? Well, there are a few simple tips you can follow. The information in this section my guide is basic info that will apply to one (or more) of the following sections.
These are just some basic tips that apply to almost every website on this beautiful series of tubes known as the internet.
The Most Basic of Basics
One of the most important of these basic rules is, NEVER REUSE PASSWORDS! Why? Because if someone is able to get into just one of your accounts for anything, and they know another one of your usernames (or you reused a username (which is fine, most of the time anyway)); they can get into any of your accounts. If remembering a bunch of different passwords sounds inconvienent (or you're neurodivergent like me and have a really hard time remembering things), head on down to the INSERT LINK HERE 'Password Managers' section of the 'Apps n' Programs' section.
Passwords and You
You're probably using more than one password for things already right? If you are, good. If not, click here. Okay, so what if I told you, without knowing them at all, that your passwords probably suck eggs. If you're not using a password manager, or they're under like 20 letters long; they suck eggs. Fear not! Ye of egg suckling passwords! There is a better way! (actually more than one, but only one will make the cool kids stop laughing at you)
But Moooooom, I Don't Wanna Use a Password Manager
*slaps you with a trout*
Don't sass me young $INSERT_PROPERLY_GENDERED_TERM_HERE!
You will use a password manager,
YOU. WILL. LIKE. IT.
*wipes fish residue off of hands*
Now, where were we sweetie?
Oh! Right! Password Managers, you should use one. I'll talk more about those later in the apps section. But for now...
When I can't use a password manager for a password (like the password manager's password("Yo dawg..."), or if I'm making a throwaway account, or feeling lazy); I like to use something I call 'compound passwords'. Like the meme above suggests, they're passwords made out of passwords. I have accumulated a lot of passwords that I used to use for different things over the years. And after reading the 'correct horse battery staple' comic, and hearing some uber nerd say that that's still vulnerable dictionary attacks or something; I decided to start using these (because I was a teenage dumbass who didn't know what a password manager was).
Let's say, for the sake of argument, that I have a password. Ok, and if I have a password, I probably have more right? Then hypothetically speaking, I'd have more than one password. Now; lets say that I need a new password, but 'no thoughts, head empty'; I can't remember a new one. Now that we've established that I can't remember a new password, yet I need a new password, we have a problem. Am I not correct? So, what am I going to do? I'm going to make a new password out of the old password, so for example, I have the passwords "a0cFeet", "dry_W1f3", and "w3t4$$pw".
So, hypothetically speaking, I could combine them. And that would give me 12 new passwords, from combinations of them!
- and so on...
Now, this is not a replacement for a password manager. But it's better than nothing.
Stranger Danger! Stranger Danger!Hey kid, want some candy?
Not that kind of stranger danger; well, sorta. It's complicated. Kinda. I think. While some of the following basic advice applies here. There's some more nuance and edge cases that I'd like to go into some detail about.
TW:The following section concerns some sexual things
It's about 'Fetish Mining'; basically seemingly innocent requests for things that are non-sexual to most people, but are very sexual to some people.
If that makes you uncomfortable, or you're not in the right headspace, click here to skip to the section after that one.
Summarized from this Twitter thread and my own elaborations from there.
At its core, fetish mining is asking for seemingly innocent things that are sexual for some weird group. Some of it can seem lolSoRandom to an outsider, like giantess fetish, or the many subreddits about Taylor Swift's non-inherently sexual body parts. A really good example would be the whole Sam and Cat feet pics thing back when that show was still airing. (fuckin' "Dirty" Dan "the man with the plan to get her in the van " Schneider).
If you're reading this guide, I'm going to assume that you're terminally online; or at least really fucking close. So you know that feet and armpits and other non-genital body parts can be considered sexual. So the above examples probably don't surprise you.
If you clicked to view that Twitter thread above, you probably saw some more obvious examples like feet stuff or asking someone to try on or wear specific kinds of clothes. But the rabbit hole goes deeper. It gets weird. Real weird. Sometimes even involving children.
how to know ur being mined
- If they won't stop asking
- If they're trying to make it seem innocent or losorandom; when you don't feel that way about the thing
- Basically if they're acting kinda like Ben Shapiro in the 'Ben Shapiro asking for AOC feet pics' meme.
- Don't give out any personal information. Personal information includes things such as legal name, address, location, government issued-ID numbers, etc.
- Try not have any connection(s) between any of your online accounts.
Exceptions to 'Moar basics!'
- In rare occassions, you might want to give out some level of personal information. It could be as part of the sign up process to some service, or an online friend might require it for something. Before you do, make sure that you 100% trust that person or service and make sure that you are giving a minimal amount away. Only ever give out the bare-minimum amount of personal information required for something! Or better yet, just make shit up! It's the internet, no one cares yo!
- Sometimes, you may want to have connections between accounts. And that's fine. I have this website connected to my Twitter account. And I have some other connections there. What you need to be careful of is making sure that you can only be connected in a way that you want to be connected. As a general rule of thumb, try to not reveal something on one account that you would not revealed on another. In esscence, treat multiple connected accounts as one big account that is cross-service, regardless of it actually is or not.
Change ur Search Engine
If you're using one of these search engines, you should
probably definitely switch to a different
Bad Searchy Bois
- Speedy Pete's Internet Directory
Good Searchy Bois
All of the 'Good Searchy Bois' don't track you. But they all have different features that might be worthwhile to you for one reason or another.
- DuckDuckGo: I use this one. It has '!bangs' which
let you search other search engines from it.
Which comes in handy
I'm so fucked upquite often. Uses Bing and Yandex results.
- Searx: A search engine that searches other search engines and combines the results. It's really cool. It's also a software that you can run on your own VPS if you want to run your own search engine for extra nerd-cred. The main project site has a list of public instances and more info.
- Qwant: Independent and French!
Like a certain cool cat in the LLL.... Their thing is that they don't depend on anyone else's indexers and results.
- StartPage: Its standout feature is something that they call 'Anonymous View', which lets you view webpages in a proxy through their services. It's pretty neat. HOWEVER, they were bought by an advertisting company earlier this year, soooo....
You need to be careful about the content of your images. Try and keep identifying things out of your photos, like anything that might give out where you live or your identity.
You want to be careful of mirrors or any reflective surface that might be in a picure you take. Why? Because they may reveal stuff you don't want to be revealed. Basically, just be wary of your surroundings. You can never be too careful. Like even your own eyes can count as a reflective surface. You don't need to be uber paranoid about that. The stalker used multiple videos all taken in the same place. He also used other things like angels of light from the windows and the time of day the videos were taken. But it's something to keep in mind.
Mettaton, metadata, and YOU!
they're only here so the section title makes sense
But not only that, pictures aren't just pictures. They have
this other stuff in them called EXIF data. EXIF data has a
bunch of details of the picture, like the type of camera,
camera settings, the time the photo was taken, etc. On
smartphones, that can also include the location where it
was taken. So if you're posting pictures from your
phone; you'll either want to turn off saving the location in
your EXIF data, or use an app to strip it before you upload
it. Some sites automagically strip it, but most sites run
closed source code on the backend, so you can't really trust
'em. On Android, you'll want to use an app to strip the EXIF
data before you upload pictures from your phone. There are a
few open source apps on Android that can do this on F-Droid
(an open source alternative appstore that only has open
ImagePipe, the tool I use for this
Number 15: Burger King Foot Lettuce
The last thing you want on your Burger KingTM burger is someone else's foot fungus, but as it turns out, that might be just what you get.
In all seriousness, the "incident" is actually a good lesson as to why you should always remove the EXIF data from photos you upload to social media from any and all devices you have that are capable of location thingies (hey look! scroll up and there's an app that does that!).
The gist is that people on 4chan noticed that the person didn't strip the EXIF data from the infamous image; and they were able to find which Burger King they worked at by using the lat/long coords from the EXIF and looking for nearby Burger King's on Google Maps.
The social media section is gonna be pretty dense; the basics and password stuff apply here too, but most social media isn't worth it. While social media is technically free (as in beer) to use, the real cost is in giving up your personal information.
Most social media will take any and all personal information or other data that you feed into it and sell it. to advertisers or even government intelligence agencies, foreign or otherwise.
The Magical Cost-Benefit Analysis of Social Media
TL;DR: If you have to use your legal name or provide any other information like that to use the site, it's not worth using. Basically, Facebook.
Before signing up for any social media service on the internet, there are a few questions that you should ask:
- What information do I need to give?
- What benefit will I get for signing up for this service? Will it make my life better?
In esscence, is what you're signing up for worth it? As in, is giving up control of that amount of personal information and/or data worth what you're getting out of signing up for that site; and, if possible, how to minimize the amount of information that you're giving to that particular site.
So I use Twitter (as shown by the link by my name near the top of this page). It's a social media site that runs closed source code on the backend and is "free" to use. But as we now know, nothing is free; it takes some of my personal information as payment, along with trying to show me ads.
What I asked myself before I signed up was, "What am I gonna get out using this site?"; my answer to myself was "Learn about Minecraft updates more fasterer" (I was 15 when I made my account okay). All they wanted, at the time, was an email, a username, and a password. I made sure to use an email that wasn't connected to my legal name, because I didn't (and still don't!) want them to know that; a password that I didn't (and still don't!) use anywhere else; and a username that was connected to my online persona, but that wasn't connected at all to my legal name.
And all of that was worth it to me to give up. It's still worth it to current me too. It's actually more 'worth it' now than it was then since I have met some really amazing people that I wouldn't be aware of otherwise if hadn't started using Twitter.
for recommened Android phone apps,
click here. (I can't do iPhone since
I haven't owned one since Obama was drone bombing kids in
the middle East). (I do have an iPad, but I only have VLC
and a comic reader for
(Panels if you're wondering))
Just assume your phone is spying on you
Unless you have a phone running something like PureOS or GrapheneOS; you can assume that advertising companies are spying on you. And if it's connected to a cell network, you can assume that US Govt (if you live in the US or an allied country) is spying on you through it.
Minimizing the Spying
Android: You can install a custom ROM, like
LineageOS or GrapheneOS and not use Google services.
But not all phones can use those.
One other thing that you can do is use mostly open-source apps. And there's a special store that's only open-source apps that aren't sending your info to some ad company. F-Droid, Foxy Droid.
(They use the same backend, but I like Foxy Droid as a frontend better)
iPhone: hahahahaha no
- 'Normal' Phones: You can't really do anything to lock it down; but you can't really do anything that'll generate data that's useful either; well, that also doesn't apply to other phones either. Due to the nature of how cell phone systems work.
- Blackberry: Follow the Android stuff. Blackberries are literally just Android phones nowadays. There probably aren't custom ROMs for any of these tho.
- Windows Phone: click here.
One of the best options for preserving your privacy is to use an operating system that respects your privacy and doesn't treat you like a child.
That means running Linux or a BSD (or Haiku or PonyOS). But, if for some reason you have to use Windows, I will still talk about strategies to minimize the privacy loss that is inherent with using Windows. (macOSTM is also about as bad as Windows, but at least it's Unix-like).
...Actually I'd like to interject for a moment...
WARNING: linked wiki is ran by dudes from 4chan.
How 2 Choose You a Linux
Ubuntu: babby's first Linux. Has a reputation for
being really easy to use. Lots of common software like
Discord is easier to install here. The built-in software
center (app store) exists; I've never used it. Has all
the CLI stuff too.
However, if you care about things like being fully anti-capitalist, it should be noted that Ubuntu (and by extension, everything based on it) is developed and maintained by Cannonical Inc; a for-profit company.
Also, they used to have a really sketch thing going on with Amazon (that small company run by "mai name" Jeff Bezos)
- Mint: babby's 2nd linux. Ubuntu but green and French. Also has a saner, more Windows-like default user interface. They've had some security issues in the past, but they've been ironed out. Everything about Ubuntu applies here too!
Debian: What Ubuntu and Mint (and Kali) are based
off of. Arguably the stablest Linux. I like it. It's
what I run on my homeserver and what I used to run on
my desktop and laptop. Developed and maintained by
Fedora: *tips fedora* M'lady. Uses a different
package ecosystem than those above. More bleeding edge
than any of them too (basically, has newer versions of
things that might not have all the bugs ironed out yet).
Basically the free community edition and public beta of
Red Hat Enterprise Linux.
It's what I use on my desktop at the moment.
Anti-capitalist warning: it's developed and maintained by a for-profit company, RedHat.
Arch: Linux distro that prides itself on
minimalism. It has a stigma of being complicated and
hard to use, but as you learn more and get used to the
intricacies of Linux; you'll start to wonder why it has
Namesake of the ArchWiki, the greatest source of Linux
documentation available anywhere. (I'm on Fedora and I
still use the ArchWiki to find documentation on things).
I really like it. If I had a seal of approval, I'd put
i use arch btw
- Something else: There are more Linux distros than the ones that I listed. Most are variations of those I listed above. There are a few other cool distros that do things differently and are independent; but documentation and software support for those is usually incredibly lackluster compared to what you'd find if you were to use any of the ones listed above.
Some words on BSD
While I really like the design philosophy of the BSD ecosystem, I don't use it myself since hardware and software support isn't all there*. OpenBSD and FreeBSD are the two biggest and most important distros of BSD. OpenBSD is more focused on privacy and security; while FreeBSD is basically the sanic of operating systems. There's also NetBSD; which can run on toasters.
The Legendary NetBSD Toaster
your argument is invalid
am I even allowed to invalidate my own argument?
But if you have to (or worse, want to). I'll write a bit about how to make it (somewhat) less bad
File: laugh.png (364KB, 401x449)
>they use Windows
yes i know that /g/ uses yotsubaB...
Blackbird: Disables pretty much all of the spying
in Windows; but breaks quite a few things since
the spyware is so ingrained into the OS. I personally
don't use it; but I've heard good things.
O&O ShutUp10: Disables less of the spying than
the above. It's what I use. Doesn't seem to break
anything besides Cortana and OneDrive; but you shouldn't
be using those anyway.
linkle linkle little star
TronScript: Does a bunch of stuff; but also does
virus scans and other things; so it takes a while to
run. I like it. It's just slow as fucck.
Open Source, which is a bunch of points above the others however!
Make It Even Less Shit
but still kinda shit ngl
Things that make using Windows less painful and also help preserve your privacy.
- Open-Shell: A start menu replacement. Tired of the ads, sluggish-ness, and flashy-ness of the standard Windows10 start menu? Then use this. The search in it doesn't spy on you and doesn't search the web at the same either. It's what the start menu should be. Link
- 7-Zip: It opens any type of archive you throw at it. Supports multipart archives. Also supports creating password-protected and encrypted 7z archives. Link
- Notepad++: Notepad, but with a bunch of extra features that are useful, like tabs and syntax highlighting. The best bare-bones text editor if you're stuck on Windows. Link
- Sumatra PDF: A PDF (and eBook,CBZ,CBR,DjVu) reader. It's on things that aren't Windows too; but its the best option on Windows. Basically, Adobe Reader that doesn't spy on you. Link
JK! Gonna talk about recommended phone apps here. All of these are for Android; and most are on F-Droid. Some might have PlayStore versions with Google Analytics and shit added. Others might have a faster update cycle if you get them right from the source. (not actually compiling and building the app yourself; normally just downloading from the 'Releases' on their git repo or CI service).
- F Droid: A free and open-source app store! Has
only that don't spy on you. Most recs in this
guide will come from here. You don't need the app to
get apps from the F-Droid repository; but it helps with
updating. Also, alternative front-ends are a thing too!
- Firefox: Firefox, but Android now!
F-Droid Version (Fennec)
- Simple Gallery Pro: A gallery app. It lets you
look at your pictures. It also has some rudimentary
editing capabilities. But it doesn't have weird facial
AntennaPod: A podcatcher app. You can subscribe
to and listen to podcasts from it. I like it because the
app itself has no ads (podcasts still might), its free,
and it doesn't spy on you.
VLC: The great VLC player! Now on Android. I use
it to watch
pornvideos on my phone (and iPad). I also use it as a music player on my phone since it's the only player I've found for Android that can play OPUS files.
F-Droid | Playstore
- Imagepipe: Lets you edit images. But more
importantly, lets you strip the EXIF data before
you upload pictures anywhere for maximum safety.
- NewPipe: Youtube with background playback, no
ads, and minimal Google spying. You can't sign into an
account with this app. But there's no ads before,
during, or after any videos. Also background playback.
I use it to fall asleep to AGDQ vods every night.
Also supports PeerTube and Soundcloud!
Github Releases Page
Just a list of programs I like and recommened and also why. There might be better choices for things, but these are what I use and like.
DOOM emacs: The best text editor evar. The learning curve is high, but once you get used to it, you'll never want to use anything else. I wrote this whole guide in it! DOOM is a bunch of sane defaults and modifications to the standard emacs EVIL (extensible vi layer) mode. It has its own set of scripts to maintain the special DOOM configs along with regular emacs MELPA (Milkypostman's Emacs Lisp Package Archive) packages.
I just really like how it works; it matches my brain with its weird mish-mash of vi-like and emacs-like bindings for everything just meshes really well with my mind.
It also doesn't have any creepy and evil telemetry like
Micro$oft VS Code and it's not expensive af like
Notepad++ is really good too if you're a loser who has to use Windows for some reason.
GIMP: GNU Image Manipulation Program, like photoshop,
but free. I use it to make memes. I also used it to
edit the Clefairy-line images used throughout this site.
It doesn't have any of the weird spying or licsencing bullshit that the Adobe creative suite has. It just worksTM
Libre Office: It's an office suite. I can't really
say more than that. It's free and doesn't spy on you like
the Micro$oft bullshit does. What more do you need.
link link link
Passwords n' Security
KeePass XC: A password manager that's open source
and not tied to any cloud or non-free services.
While it won't autotype or auto-suggest like other
options; it's open source, so it's not backdoored by
some government; and it's not tied to some third party
cloud server. It can also handle generating 2FA codes
for services that allow TOTP (Time-Based One-Time
Password) tokens. (but it's better to use a separate app
or device for that)
link to site
(if you're on Linux/BSD; it should be in your package manager)
GNU Privacy Guard: Encrypts and decrypts text and
files. Really useful for adding encryption to anything.
I use it to encrypt tarballs and zips of things before
I upload them anywhere for storage or sending things to
idk how to use it on windows, but on linux and mac, I just use it on the command line.
The only web browser you should consider using on any platform is Firefox. (Well, there are a few other decent options on GNU/Linux or BSD, but if you're on one of those, you probably know about as much as I do about privacy, if not more, lol)
Unlike Chrome (ew), Vivaldi (this is a DeBussy household),
Opera, Safari, Samsung Internet, or whatever. Firefox
doesn't spy on you! And unlike Brave, it's not made by a
guy who was fucking fired from Mozilla (the cool
people who make Firefox) for being homophobic!
just read the mans wiki page to get a quick rundown
which is worse
also, Firefox has the cutest mascot of any browser
look at his little feeeeets <3 <3
link to download
- uBlock Origin: ad blocker that's open source and not developed by a sketchy company.
- Privacy Possum: Fork of PrivacyBadger from a former developer. Has a more anti-capitalist mission statement than PrivacyBadger. Their main goal is make it more expensive for companies to track you, along with maintaining user privacy.
This site has more information on browser extensions than I do. I just wanted to list the ones that I deem to be the most important through my completely arbitrary and made up standards.
The most important piece of info is this: Third-party VPN services do not enhance your privacy at all! At least on a known safe network, like the one in your house or apartment. They can protect from stuff like MITM (man-in-the-middle) attacks at like a coffee shop or something, but they won't make you any safer at home. In fact, a ssh-tunnel or VPN that you run yourself out of your own server (like a rented VPS or an old laptop at home) provides the same amount of protection for free in the case of an old laptop or ssh-tunneling to home. And if you rent a VPS and run your own VPN from there, you get more protection!
In my opinion, the only reason to use a third-party VPN
service is to prirate shit without getting annoying
"copyright" letters from your ISP. That's it. That's
literally the only reason I subscribe to and use one.
I personally use PrivateInternetAccess, but only because I'm
broke and bought a 2-year subscription when I wasn't and
they were a decent company at the time. Their new owners are
100% not to be trusted at all.
I plan to switch to either Mullvad or ProtonVPN when my subscription runs out.
Providers You Should Avoid
NordVPN is bullshit.
Nord has been breached . And they have some really scummy Youtube ads.
- Private Internet Access is also bad. They were sold to a marketing company. That is all.