infosec in 2025

[gorzek]

I'm gonna do my part to help people secure their data in 2025. If your first thought is, "What's the point?" don't think that! Being conscientious about your data privacy is always worthwhile, even if it seems like a losing battle sometimes.

So here's the stuff I recommend, and remember, you don't have to do all of these, but any you can do or are willing to do, do them!

• Use Signal. Get rid of WhatsApp, FB Messenger, stop using SMS/MMS/RCS, etc. Use Signal. It is the only end-to-end encrypted service with cryptographic proof that the company cannot read your messages. For extra privacy, set it up so that your messages disappear after a length of time, so if your phone or someone else's phone is compromised, at least there won't be a huge amount of data on you.
  
• Get off social media. I realize this isn't feasible for everyone, but limiting your "attack surface" of platform accounts means adversaries have fewer ways to reach and exploit you.
  
• Only use a passcode or unlock pattern on your phone. DO NOT use a fingerprint or face scan. The latter two can legally be forced from you to unlock your phone.
  
• While we're at it: for the love of god, don't ever bring your phone to a protest or any other kind of direct action. If you must, obtain and use a burner. (Also, don't take pictures of people's faces if at all possible.)
  
• Don't use Windows. I know, I know, "here he goes with the Linux shit again," but that's for good reason. Windows is 100% phoning home about you, constantly, sharing fuck knows what data about you, especially now that they are baking Copilot into everything. You simply have zero privacy if you are using Windows. Linux is easier now than ever, especially if you go with one of the beginner-friendly ones like Ubuntu. I promise there's nothing you can do on Windows that you can't do on Linux, though the way you do it may be very different.
  
• If you have a Google account, sign up for Advanced Protection. It's free. Get yourself two security keys (Titan keys or Yubikeys or whatever). Keep one in a firebox or a safe.
  
• Even if you use your Google account a lot, you don't have to use Chrome. Use Firefox or Opera or any other privacy-focused browser. Chrome is pretty much the worst offender in letting companies spy on your browsing, not least because Google makes most of their money off of ads.
  
• Use an ad-blocking solution like a Pi-Hole.
  
• Make sure you have a good internet router and keep the firmware up-to-date. Also review the security settings, make sure it's as locked down as possible. (If you need guidance on this, I can help.)
  

I am sure I am forgetting some things. Please offer your own suggestions, too!

[FrodoSwaggins]

These are all great suggestions. I have a lot of thoughts about the Linux issue, but everything you've said is correct: Microsoft is not your friend and Windows is spyware at this point. Am I switching to Linux tomorrow? No, but it gives me food for thought on how much computing I actually need to do and on how many devices.

One thing that I would emphasize is that its essential to understand your own information footprint. What's available about you online? Chances are, the answer is "everything," but if you are aware of specific information you can work to get it taken down.

How to find your information footprint (and a few things you can do about it):

1. Google - Search all variants of your name, family members' names, and address on Google. Then search it on Bing. Set up an alert at https://alerts.google.com for these sensitive search terms. I've had mixed results with Google Alerts, but it's better than nothing.
   
2. Results About Me - Use Google's Results About Me too ( https://myactivity.google.com/results-about-you? ) - This tool will not only find information about you online more reliably than Google Alerts, it also gives you a one-click option to request removal from Google's Search Results. The information will still be online, but if Google agrees, it will remove it from results at least.
   
3. Consumer Reports PermissionSlip - Consumer Reports released an app called PermissionSlip that automates marketing data opt outs for you (deleting your data from Home Depot for example). PermissionSlip is still free to install, they've had some confusing marketing about their move to a freemium model, but I can personally confirm that as of this month its still doing its job and offering free opt out services: https://www.permissionslipcr.com/
   
4. FastPeopleSearch - There's a thousands data broker websites like this that sell access to your address history and phone data. Fast People Search is one of them. Search your name here: https://www.fastpeoplesearch.com/ -- Opt out here: https://www.fastpeoplesearch.com/removal/search - Do your entire household or this is pointless.
   
5. Whitepages - White Pages is another data broker. Search your name here: https://www.whitepages.com/ -- Opt out here: https://www.whitepages.com/suppression-requests
   
6. Opt Out Prescreen - From the website, "OptOutPrescreen.com is the official Consumer Credit Reporting Industry website to accept and process requests from consumers to Opt-In or Opt-Out of firm offers of credit or insurance." -- https://www.optoutprescreen.com/
   
7. DMA Choice - Opt out of direct mail marketing online using this service: https://www.dmachoice.org/
   
8. Network Advertising Initiative Consumer Opt Out - https://optout.networkadvertising.org/?c=1 This page adds a bunch of cookies to your device, but they're special cookies intended to opt you out of personalized online advertising and monitoring. It does no less and no more than that. Does it work? Who knows, couldn't hurt at this point. Repeat this process on every device you use, possibly with every browser you use.
   

Rather than try to provide an exhaustive list of resources and invariably get things wrong, I'll just advise that the Electronic Frontier Foundation makes a living, nay, a pursuit of helping people protect their privacy. Their website Cover Your Tracks has a ton of interactive tools to help you understand how insecure your browsing is and how you can secure it better: https://coveryourtracks.eff.org/

If you want to look at a resource that very nearly is exhaustive, consider the Awesome Privacy List on Github for privacy focused tools:
https://github.com/Lissy93/awesome-privacy/

And comparably, the Awesome OSInt List for 1,001 ways to find info about yourself online:
https://github.com/jivoi/awesome-osint?t...me-ov-file

There are many resources online for victims of doxxing, which also may be of use to you. Here is one such page from City University of New YorK:
https://www.cuny.edu/about/administratio...c7e57-2bcc

And as a bonus, Opt Out Guides from Delete me:
https://joindeleteme.com/blog/opt-out-guides/

[antipelican]

I am curious about browser fingerprinting. There are lots of websites that will give you reports on how easily identifiable your browser is, but beyond the basic changing certain setting in Firefox, I'm coming up short on how to make sure that my fingerprint is less identifiable . Running the tests on coveryourtracks.eff.org and browserleaks.com just gives me info about what might be identifiable, but not how to fix it.
For reference, I use a paid VPN and generally use Firefox with setting changed to (theoretically) make me less identifiable. I will sometimes use Tor. I never access the web without at least the VPN, change what servers I connect to frequently, and have a killswitch so that hopefully an error doesn't cause my location to leak, but it's hard to understand how difficult this actually makes me to track considering fingerprinting seems to pull data not connected to VPN status but rather my hardware settings.

[gorzek]

I am curious about browser fingerprinting. There are lots of websites that will give you reports on how easily identifiable your browser is, but beyond the basic changing certain setting in Firefox, I'm coming up short on how to make sure that my fingerprint is less identifiable . Running the tests on coveryourtracks.eff.org and browserleaks.com just gives me info about what might be identifiable, but not how to fix it.
For reference, I use a paid VPN and generally use Firefox with setting changed to (theoretically) make me less identifiable. I will sometimes use Tor. I never access the web without at least the VPN, change what servers I connect to frequently, and have a killswitch so that hopefully an error doesn't cause my location to leak, but it's hard to understand how difficult this actually makes me to track considering fingerprinting seems to pull data not connected to VPN status but rather my hardware settings.

What you're doing sounds pretty reasonable already.
One thing you might try is this addon: https://addons.mozilla.org/en-US/firefox...ontainers/
You can just spin up a new "account" constantly and it'll have fresh data and fingerprinting will be far less effective.
Be sure you've turned on Resist Fingerprinting: https://support.mozilla.org/en-US/kb/res...erprinting
This randomizes a number of settings that are used for fingerprints.

[FrodoSwaggins]

Firefox as a company / org has had major issues of late and may not be around much longer. Opera is really suffering for marketshare. So what IS the most secure browser? What's the best browser for privacy? Is that the same thing?
Every criticism you lob at Chrome is almost certainly true, but it may also have the best security updates of any browser due to its massive funding.
Also, VPNs. What's the best paid VPN? I would assume it would be a VPN legally and physically based in an EU country with strong privacy laws and consumer protections. Thoughts?

[gorzek]

Firefox is still the best one that isn't owned by a company bent on harvesting your data and selling it to advertisers. OK, Opera would also be good!