PRIVACY PRACTICES & DIGITAL SAFETY
An educational reference for understanding and implementing digital privacy measures.
The Layered Approach to Privacy
Digital privacy is not achieved through a single tool or technique. Effective privacy protection requires a layered strategy combining multiple complementary practices. Each layer adds resilience, ensuring that if one measure fails, others remain in place. This guide covers the fundamental layers that form the foundation of any reasonable privacy posture.
Threat Modeling Fundamentals
Before implementing any privacy measure, it is essential to understand your specific threat model. A threat model identifies what you are protecting, who you are protecting it from, and how likely various risks are. For most researchers and journalists, the primary threats include mass surveillance, targeted monitoring by adversaries, data brokers aggregating personal information, and credential theft. The appropriate privacy measures depend entirely on the threat model you face.
Threat modeling frameworks such as those published by the Electronic Frontier Foundation provide structured approaches to assessing risk. The key questions to answer are: what data do you need to protect, who might want access to it, what resources do they have, and what happens if they succeed.
Password Hygiene and Management
Weak or reused passwords remain one of the most common attack vectors. The principle of unique, complex passwords for every service is non-negotiable for anyone serious about digital privacy. Human memory is not suited to managing dozens of unique credentials, which makes password managers an essential tool rather than a convenience.
A password manager generates and stores strong random passwords encrypted under a single master password. Open-source options such as Bitwarden and KeePassXC allow users to audit their credential hygiene, identify weak or reused passwords, and generate replacement credentials. Combined with browser integration, password managers make strong security practical for everyday use.
Two-Factor Authentication
Two-factor authentication (2FA) adds a second verification layer beyond the password. Even if an attacker obtains your password, they cannot access the account without the second factor. The most common 2FA methods include time-based one-time passwords (TOTP) generated by authenticator applications, hardware security keys (FIDO2/WebAuthn), and SMS-based codes.
Hardware security keys offer the strongest protection because they are resistant to phishing. The FIDO2 standard ensures authentication only occurs against the legitimate website, preventing credential theft through fake login pages. For most users, enabling TOTP via an authenticator app on every account that supports it represents the minimum acceptable baseline.
Encryption Fundamentals
Encryption transforms readable data into ciphertext that can only be deciphered with the correct key. Understanding the basic categories of encryption helps in selecting the right tools for specific use cases.
Encryption in Transit
Transport Layer Security (TLS) encrypts data as it travels between your device and a server. This is what HTTPS provides. TLS prevents eavesdropping on network connections and is the baseline for any modern web communication. Always verify that sites use HTTPS and consider browser extensions like HTTPS Everywhere for additional protection.
Encryption at Rest
Full-disk encryption protects data stored on a device in case of physical theft. VeraCrypt and LUKS provide robust full-disk encryption for desktop systems. Mobile devices typically include built-in encryption that should be enabled by default. File-level encryption allows protecting individual documents using tools like GnuPG (PGP) for email and file encryption.
End-to-End Encryption
End-to-end encryption (E2EE) ensures that only the intended recipient can decrypt a message. The service provider cannot read the content even if compelled. Signal and the latest versions of WhatsApp implement the Signal Protocol for E2EE messaging. For email, PGP provides end-to-end encryption but requires more manual key management and does not protect metadata.
Recognizing and Avoiding Phishing
Phishing attacks trick users into revealing credentials or installing malware by impersonating legitimate services. Modern phishing campaigns are increasingly sophisticated, often replicating login pages exactly and using social engineering to create urgency. Key indicators include unexpected requests for credentials, mismatched URLs, poor grammar, and unusual sender addresses.
Technical protections include email authentication standards (SPF, DKIM, DMARC), browser-based phishing filters, and hardware security keys that prevent credential reuse on fraudulent sites. The most critical defense is a skeptical mindset: verify requests through independent channels before responding.
Operational Security Basics
Operational security (OPSEC) extends beyond technical tools to encompass behavior and habits. Reducing your digital footprint means minimizing the data you expose publicly. Use separate identities for different contexts, avoid posting personal information on public forums, and be mindful of metadata in documents and images.
Regular privacy audits help identify exposure points. Review third-party app permissions, check which services have access to your data, and remove unused accounts. Services like haveibeenpwned.com allow checking whether your credentials have appeared in known data breaches.
Browser Privacy Configuration
Standard browsers transmit substantial amounts of identifying information through fingerprinting, cookies, and connection metadata. Privacy-focused browsers like Firefox (with hardening) and Brave reduce this exposure by blocking trackers, randomizing fingerprint parameters, and isolating site data. The Tor Browser provides the strongest privacy guarantees by routing traffic through the Tor network and enforcing strict fingerprinting protections.
Essential browser privacy measures include blocking third-party cookies, disabling telemetry, using privacy-respecting search engines, and clearing browsing data regularly. Browser fingerprinting can be checked through services like Panopticlick to evaluate how identifiable your configuration is.
Further Educational Resources
We encourage continued learning through reputable organizations focused on digital privacy:
- Electronic Frontier Foundation (EFF) — Surveillance Self-Defense guides
- Tor Project — Official documentation on anonymous communication
- Freedom of the Press Foundation — Digital security training for journalists
- Open Web Application Security Project (OWASP) — Web security best practices
Related Pages
Explore our History of the Darknet for context on anonymous network evolution, or browse Privacy Tools for verified software recommendations.