Raven's list for Digital Safety

This is a rework of my old guide on digital safety. So many things have changed in the tech world (for much worse) that I felt an update was needed.

Nothing is sponsored here.

Tech Dystopia

We need to change some of our habits regarding tech use.

Why?

Because big corporations and the ultra-wealthy should not have control of social media.

Because Meta is in Trump’s/Elon’s pocket.

Because these big companies are targeting us with advertising and using our data for bullshit AI programs.

Because these platforms are full of brain-rot and misinformation, no longer facilitating connections in a healthy way.

Because we deserve a free and open Internet.

Phones

Use mobile devices that can run GrapheneOS. Currently the best option is the latest generation Google Pixel devices. You can also run the stock OS on Pixels if necessary, but note that privacy issues can be an issue depending on your threat model. I recommend buying directly from Google. You’ll want to buy it carrier-unlocked. If you’re less technical or just switching from Apple devices, run the stock OS for awhile to get used to Android, then switch to GrapheneOS.

Computers

With Microsoft rolling out the AI screenshot tool Recall, we need to leave Windows. Apple devices are okay, but the hardware is expensive and not user-upgradable.

So what to use?

Fedora Linux should be our main operating system.

Setup your Fedora system with encryption (checkbox in the installer).

Framework laptops/desktop should be our main computers as they are all user repairable and receive firmware updates.

Communication and Social Media

All of our baseline communication with others should be private.

The best way to do this is to use Signal Messenger.

Signal even has a stories feature so you can keep up with everyone (it can be turned off if you don’t want it).

Sending SMS/RCS is like sending a post-card in the snail mail. Anyone in the chain can read it.

Also, Apple controls the keys to iMessage (if you still happen to be on iOS).

Signal is non-profit, has many awesome features and is cross-platform (can be used on Desktop too!).

Install Signal by going here

The president of Signal gave a great keynote talk at South by Southwest this year that goes more into why you should use Signal.

We need to leave Meta products.

Insta, Facebook, Whatsapp all of have great replacements.

For DMs, stories, video chats, groups, etc. use Signal and setup a username/link and share it with others to connect easily. Just be careful who you add to your group chat ;-)

For a public social media presence, use Mastodon. Mastodon is much better than Bluesky because it is non-profit and federated, meaning no billionaire or crypto-bro can fuck with it. For an IG Reels and Tiktok replacement, loops.video is in alpha-testing, so something to look forward to in the future.

Also consider setting up a website like this one. It can be done very simply. Buy a domain and put up a static site. Make it the go to spot where people can see what you’re up to (and your links to things).

Email

Email is not private and should never be used for private communications. This also goes for “private” email services like Proton, Tuta, etc. My main recommendation for email is still gmail, but if you want to be off of Google, I recommend Fastmail and Tuta. Check into those providers and see what will work for you and your use-case.

Multi-factor Authentication (2FA)

Use Yubikeys made by Yubico. Get 2. One of the USB-C Security Keys, and one of the Yubikey Bios. The bio will be your backup. Keep it in safe place. Setup all services that support passkeys and security keys with them.

Browser

Prefer Chromium based browsers. Use Chromium on Fedora (or if you really need it, you can use normal Chrome as well) as your main desktop browser, Chrome on stock Pixel, Vanadium on GrapheneOS, and the Tor browser if you need anonymity (don’t use a VPN for being anonymous, and make sure to follow all of the Tor project’s warnings).

Adblocking

Prefer a DNS based blocking approach. Ideally, this happens on the router for your home network through something like pfBlockerNG on a device running pfSense. But that is a more advanced project, so instead you can either change your DNS on your ISP’s provided router or do it on a device/browser basis.

I recommend using AdGuard DNS (option 2 on that page), or NextDNS.

Pixel hardware has support for this out of the box.

Go to: Settings --> Network and Internet --> Private DNS

Select "Private DNS provider hostname"

And enter the URL from Adguard: dns.adguard-dns.com

Or the URL provided for NextDNS and select "Save"

On desktop, the best option is still Ublock Origin Lite (even with the ManifestV2/3 drama).

Note, that you will likely have a unique web-browser fingerprint by using extensions.

If you want to improve browser fingerprinting, don’t install any browser extensions and only use DNS based blocking instead.

Passwords

Use a combo of Bitwarden, Chrome Passwords in stock Chrome, and CSV import/export in Chromium.

Make Bitwarden your main.

Generate a strong passphrase for you password manager, your email, and your login to your computer.

For a phone PIN (ALWAYS have a phone PIN!!), consider using a 10-sided die to come up with at least an x-digit passcode. Longer is generally better. The reason reasonably short numeric passcodes on phones are safe has to do with the behind the scenes cryptography and passcode-lockouts after wrong guesses.

Alphanumeric passcodes on phones may be even safer, but they aren’t as easy to work with.

Search

Use DuckDuckGo.

Notes and docs

• Standard Notes is an amazing encrypted notes service that supports exporting your notes in a variety of formats so you’re not locked in. You could replace a lot of usage of Google Docs with Standard Notes if you’re not sharing the files.
• I still use Google Docs for non-private files or files I need to share with others, but there are alternatives.
• Markdown is a great way to format notes in plaintext.
• You can then store those markdown files in a Git repo (whether just locally or on Github depending on your needs).
• Cryptpad offers an alternative to Google Docs/Sheets/etc where folks can edit all together.
• If you want your file to be public, you could host it on your website.
• If you want to send files to someone, you can use Onionshare or wormhole.app.

Cloud storage

• For backups, I recommend using Pika Backup which uses Borg to create backups. You can then choose a local drive or a remote service that supports Borg.
• I still use Google Drive for some things, but Tresorit is my main recommendation for cloud storage specifically.
• You can also have a server or NAS at home (just on your local network) or accessible via Tailscale that hosts your files or backups.

Basic Security and Privacy Considerations

• Get notified about account breaches.
• Stop using devices that no longer receive updates.
• Avoid doing personal stuff on work computers, use your phone instead.
• Back. Up. Your. Shit. Do not pay for ransomware.
• Be careful about what content you post that includes your face and be mindful where you show your face in public, as facial recognition software has approached a highly dangerous era of accessibility.
• Beware of common scams or emails/links that contain malware like:
  • Sextortion scams
  • Cryptocurrency scams
  • Phishing attempts
  • Spam
  • Government impersonation attempts
  • Shortened links that don't go where they should
• Understand what stalkerware is and how to avoid it.
• Verify who people are, as people can fake and try to convince folks who they are in a process called social engineering.
• Know how to temporarily disable biometrics on Android and on iOS/iPadOS.
• Consider using a service that tries to remove your personal information from the web or doing a DIY approach to this.
• VPNs are usually not the tool you want for privacy.
• Public WiFi is usually totally fine
• The security tools and devices that ordinary folks have access to, allow for more power to the people than ever before. At the same time, those opposed to progress seek to limit tools and rights (and even books) that empower worker organization, law enforcement accountability, reporting on the conditions of animals in factory farms, the right of LGBTQ people to exist, and the right to protest. It is my hope that the tools in this list will help folks stay safe as they use their voices to stand against hate, discrimination, and oppression.