Most people should use their phones and avoid Desktops when possible because phones are far more secure than desktops as they were designed with strong sandboxing, per-app hardware permissions, modern exploit mitigations, verified boot, and more.

Google Pixel phones are the only phones you should buy as they are the only secure phones. They have full verified boot, use the custom Titan M2 chip, and more. Do not even think about buying a different phone (except maybe an iPhone).

Reading Material: https://source.android.com/security/features https://source.android.com/security https://privsec.dev/os/android-tips/ https://madaidans-insecurities.github.io/android.html https://madaidans-insecurities.github.io/linux-phones.html https://support.google.com/android/answer/7663172?hl=en&visit_id=637368692303073503-4208188940&rd=1 https://wonderfall.dev/fdroid-issues/

Desktops were not designed with security in mind. However, some operating systems including Windows 11, macOS, and ChromeOS are less bad at this. Most people should avoid using desktops when possible and use their phones instead.

Linux by default is not secure and requires a lot of hardening and constant maintenance in order to use safely. For this reason, Linux should only be used by professionals and system administrators that understand the risks of using it and are willing to dedicate a lot of time into hardening and maintaining their system.

Reading Material: https://madaidans-insecurities.github.io/linux.html https://privsec.dev/os/linux-insecurities https://privsec.dev/os/desktop-linux-hardening/ https://github.com/beerisgood/Windows11_Hardening https://github.com/beerisgood/macOS_Hardening

Use Chromium browsers only (the only exception being Tor Browser as it is required to safely access the Tor network). Chromium browsers provide the strongest sandboxing and exploit mitigations. Site isolation is a feature in Chromium and Firefox browsers that separates each website into an isolated sandbox so that websites can't access eachother's data or resources.

You should never install any browser extensions. Browser extensions have privileged access in your browser requiring you to trust the developer. They also make you stand out thus reducing privacy. Adblocking is a form of enumerating badness and not a viable approach to blocking tracking. Google Chrome and Microsoft Edge will enforce Manifest V3 and end support for Manifest V2, which is good for privacy as it restricts what Adblockers can do.

The sane approach to preventing browser tracking would be to use a VPN to hide your IP address and mitigating fingerprinting by using a common browser with no browser extensions on a common operating system. Block third-party cookies to prevent cross-site tracking and clear cookies and site data on exit to prevent persistent tracking. If you wish to have privacy from Google, you can disable telemetry in chrome://settings.

Reading Material: https://madaidans-insecurities.github.io/firefox-chromium.html https://grapheneos.org/usage#web-browsing https://www.ranum.com/security/computer_security/editorials/dumb/ https://fingerprint.com/blog/disabling-javascript-wont-stop-fingerprinting/

Google's search index has better filtering and spam protection to prevent users from clicking on malicious URLs. For this reason, it's advised to use a search engine which primarily uses Google results. You should not use SearX or SearXNG.

Reading Material: https://discuss.privacyguides.org/t/remove-searxng/124

If possible, you should convince your friends and family to use a more secure messaging app instead of SMS, iMessage, or WhatsApp. If you are unable to switch to a more secure messenger, you should use your phone's default SMS app.

Reading Material: https://www.securemessagingapps.com/ https://www.privacyguides.org/real-time-communication/communication-network-types/ https://www.privacyguides.org/real-time-communication/signal-configuration-hardening/

Email was not designed with privacy or security in mind and should only be used when required (such as registration for websites). It's a good idea to use webmail instead of a third-party mail client since websites in a browser are much less privileged than native apps and have less attack surface. However, webmail may contain ads and malicious JavaScript, so using a mail client that supports OAuth (such as Windows Mail or Apple Mail) may be better for some threat models.

Reading Material: https://latacora.singles/2020/02/19/stop-using-encrypted.html https://latacora.micro.blog/2019/07/16/the-pgp-problem.html https://improsec.com/tech-blog/email-security-pitfalls https://twitter.com/DanielMicay/status/1145264664315604992 https://proton.me/blog/cryptographic-architecture-response

A VPN does not add security nor does it make you anonymous. Your VPN provider can see all of your traffic and there's no way to verify that a VPN provider doesn't log. A VPN does two things: it hides your browsing activity from your ISP and it hides your true IP address from websites you visit.

Mullvad is not recommended as they do not support 2FA. Because they use an account number system in which a random number serves as both the username and password, Mullvad accounts are incredibly easy to hack.

Reading Material: https://privsec.dev/knowledge/commercial-vpn-use-cases/ https://gist.github.com/joepie91/5a9909939e6ce7d09e29 https://madaidans-insecurities.github.io/vpns.html

You should always use different passwords for every website. Always generate long 32+ character passwords with a random combination of letters (uppercase and lowercase), numbers, and symbols.

Always use 2FA on all websites. Prefer authenticator apps and hardware keys (such as Yubikey) and only use SMS or Email when no other option is available. If a website or service does not offer 2FA, do not register for it.

Reading Material: https://www.privacyguides.org/basics/multi-factor-authentication/

Make sure your provider supports end-to-end encryption. Otherwise, use a tool like Cryptomator to encrypt your files before uploading them to the cloud.