Why “Compartmentalisation” is the key to protecting your online privacy…

The Definitive Guide To Taking Back Control Of Your Online Identity

So, you want to learn how to best protect your online privacy without going crazy. If you still value your privacy in 2019 and would like to take back complete control of your privacy, then you’ve come to the right place.Over the past 3 yearsPrivacy Hive have been developing what could be considered the best privacy strategyand Privacy Protection Software for online browsing.

Striking the right balance between convenience and security.It’s not necessarily about the tools and apps, it’s about a process we call privacy by compartmentalisation.Among the top researchers in cybersecurity, compartmentalization is considered to be the most effective way to protect information assets.It stems fromthe assumption that any system ,no matter how secure will eventually get breached.Nothing is perfectly secure and time is always on the side of the attacker.This strategy applies even more so to average users.In order to function in a modern, internet driven Society you have to give up at least some information. The goal of privacy by compartmentalisationis to take control of who gets access to what information and prevent adversaries from getting access to the whole package but only to the information necessary to deliver a desired function the easiest way to understand this is to simply consider how you don’t want some information about what you do with your friends or in private to be known to your employer or business partner, today we at Privacy Hive will teach you how to engage in both activities and prevent adversaries from either side from learning about them.‍

***Get our FREE 7-Step Checklist For Maximising Your Online Privacy — www.privacyhive.com

Privacy by compartmentalisation is very simple, you will create virtual compartments whereby you concentrate carefully separated pools of data. Each compartment will revolve around a different sphere of your identity, the more security you desire, the stronger the walls between your compartments will need to be.You will build the first compartment for your personal ID to separate your business email and work-related activity from the rest of your online presence and the second compartment is for your social media so that you keep those advertising Giants away from your digital life outside of their platforms the third compartment is for your private identity where most of your light browsing, news reading, watching YouTube and making online purchases.When you become familiar with this practice you can build more compartments but this is what we will start with.The goal is to minimise the possibility of linking one pool of data to another if somebody knows your professional identity they wouldn’t be able to figure out what you do in your social or private spheres and likewise even if information from your private sphere falls into the hands of the adversary they wouldn’t be able to tie it back to your real identity and adversary doesn’t have to be someone with hostile intentions it’s simply anyone who can or wants to get access to your information, it can be your service provider the government health insurance company, employer, friend, neighbour, hacker or your spouse.

Why do you need to compartmentalise?Because modern technology can use a combination of cookies tracking scripts advertising ID’s and advanced AI to collect data from across multiple channels from mobile to desktop across different platforms and apps online and offline without compartmentalisation each time you visit a store , open a website or install an app, you’re giving up your entire record from the past into the future.So how do we build compartments?By completing maximum possible separation in choosing our providers and who gets to see ourdata.For this reason we are going to get out of the ecosystem trap because that forces us to put all our eggs in one basket.We don’t want to entrust one provider with everything we do that means in each compartment we are going to use different software from different providers where possible and make sure we limit and block as many tracking attempts as functionally feasible.

Compartment #1 — Professional Identity

Let’s build the first compartment professional identity.This is where you want to put all your real name, real identity, work or business related activities.Each compartment is going to have its own browser the first one and the most recommended is privacy-hardened Firefox.

There are some mandatory Add-ins to install as well as tweaking some settings to hardcode privacy into the browser itself; the simplest way is to install four privacy extensions:

• Ublock origin
• Https Everywhere
• DecentalEyes
• Cookie Autodelete

There are other extensions available but this combination will do everything we need.UblockOrigin will help you block ads and trackers but we will use in a slightly advanced mode to build better walls around our our professional browser.We need Cookie Autodelete to delete cookies that can track us across website and sessions. Make sure you said Auto clean to be enabled and harden some settings if you want.Both https everywhere and Decentraleyesare more-or-less install and forget, so we’ll leave them for now.

Change Firefox settings so that you always browse in private mode and set up content blocking. This means goodbye to the browsing history but it’s necessary if you don’t want your browsing habits to be tied to your real identity use bookmarks to remember websites to visit later and acquire the habit of closing your browser frequently to delete all the cookies and trackers planted on your device by websites visited. You can also go to “about config”and hard-code some privacy setting into Firefox.You’ll find all of these on the privacytools.io website.For Ublock origin,we recommend to use it in median mode and block scripts — go to the dashboard and check the box for “I’m an advanced user” check all privacy settings and also disable JavaScript.Open Ublock origin menu and turn the rectangles next to the third party scripts and third party frames, red and hit the padlock next to “I can’t remember your changes” By doing this, we just gave Ublock origin a global rule to block requests that are not coming from the first party domain.That is the domain you see in your URL bar.Sometimes you might have to enable Javascript to bring a website function only back in the bottom right corner of the menu click the icon that says enable Javascript on this site, hit the padlock and reload the website.In rare cases you might have to enable third party request as well as.The quickest way to unblock a website is to just give Ublock Origin a local rule by turning rectangles for third party requests in the third column grey.When you hit padlock UblockOrigin will remember to allow third party requests for this specific website but it will keep blocking them everywhere else.

If you need to use email an email from gmail, yahoo or other major provider, then make sure you move this to another privacy friendly client. The best ones out there are Thunderbird and Claws. Even though FireFox and ThunderBird are known for respecting privacy, they are both provided by the same organisation “Mozilla” so you may wish to turn to Claws for added data protection. The best open source mobile client is K-9 . Followed by Fair-Email. It’s good to separate your email accounts from your Browser, entirely. It allows you to be connected to your accounts, while using FireFox to browse the web without having it tied to your identity.

Remember, if you’re still logged in to your email through your browser, a website could still track you through real-time cookies that get paired to your email account, which is why you have to close your browser frequently.Change your default browser to DuckDuckGo or Start page to pool Google results more privately.On mobile devices use DuckDuckGo browser app.Make sure you don’t do anything professional identity compartment that’s not related to your professional activities.That means use this browser only for work related stuff and nothing else.For a work email I recommend Protonmail. The paid for version gives you extra features and an ability to use it with an Email Client or you can just use their free mobile app.

Transitioning to a new email address is easy, just set forwarding of all emails from your old address to a new one and each time You respond to your contacts, they will immediately know your new email.Good alternatives for a professional meeting messaging and video conferences Wire and Jitsi.

Compartment #2 — Social Identity

Building the second compartment is easy, we’re going to create a new Firefox profile for desktop with the exact same settings and Add-Ins, simply go to “about profiles,” create a new profile and name it social identity.You can also rename your default profile to professional identity.Open Root directory and copy all the files from your default profile to your social profile if you want to be extra sure and none of the browser data are shared you can manually change all the settings.Again you will use this profile only for social media accounts except for YouTube.If you want to step it up you can disable all third party request globally this is where I would recommend applying more granular tinkering and only allow scripts specifically for each social site; for example — only allow Reddit scripts for Reddit Facebook for Facebook etc Remember that all your likes, shares , comments and views will be recorded, stored and sold forever.

How you use your social media is not always up to you though, when you install mobile apps these are able to pull insane amounts of data from your phone, including: your location ,biometric data, files, messages, contacts and media.One way to mitigate this is to sandbox web versions of your social media sites to do an app like Privacy Hive orWeb Apps. Both of these gives each social media site its own sandbox, where a site runs with all third party party requests, scripts and cookies,blocks with forced encryption and illuminated reference if you want to use social media it’s important to keep them in a separate compartment and re-evaluate how much information you’re willing to trade for the benefit you received from using them.Never browse the web or do anything on the same browser dedicated for a social media on your phone set up Firefox Focus or Firefox Klarto use as your default browser for opening links.It is also crucial that you don’t use any other professional or real name emails on your social media as using them makes you more vulnerable to hacking through social engineering.

Set up random looking email Tutanota. Tutanota has nice desktop and mobile apps so you can use it without ever having to access email through your browser. One exception would be Facebook, as Protonmail has partnered with Facebook to allow PGP notification encrypted emails, which is a useful security enhancement, just don’t use work email and instead set up a Protonmail account, solely for Facebook use.

Almost all Social Media sites will request your phone number. The only reason they want this, is in order to discover all of your social contacts, so that they can analyse your social graph. To mitigate this, the best practice is to get a burner phone. A burner phone is a regular brick phone from back in the day. Use one that doesn’t use Wi-Fi or GPS and top it up, solely with cash on a pre-paid SIM card. It will only serve to give social media a number, that is not tied to your own identity and your contacts.

This shouldn’t cost you more than $20, altogether.If you want to keep your social media I would at least recommend to ditch their messaging apps and instead use the app “Signal”.Signal works with your phone number but all your chats, voice and video calls are end-to-end encrypted by default.Signal also doesn’t record your contacts, conversation list, location, user data and sender information.On Android you can also set it to handle your SMS, you don’t have to give signal your phone number it can be any number as long as you have the means to receive the verification code.

Compartment #03 — Private Identity

The last compartment will build today is for your private identity.This is where everything you do in private belongs:Your general browsing, watching YouTube videos, reading news and even your online purchases.The best way to keep your browsing record is to become anonymous, the most competent tool for this is Tor browser.Tor is also available on Android as a two-step solution with Orbot, to route traffic through Tor network and “OrFox” to browse the web through Tor. Any Android app, can be re-routed from Tor,viaOrbot if they support it, an iOS version of Tor browser is Onion browser but it’s not part of the official Tor project so be aware.

Implementation of tour is much safer on desktop infrastructure rather than mobile you shouldn’t expect the same level of anonymity on mobile because your computer doesn’t connect to a cellular network or GPS. There is only one strict rule to never break while using tor and that’s to never change any default settings and never install plugins, themes or extensions.Just use it as this — the only two things you are encouraged to change are the Tor network settings incase Tor is blocked by your ISP or the government.

It is recommended that you gradually learn to operate in the safest security level.This will disable JavaScript by default.Here you have to learn how to operate no script to re-enable JavaScript when you need .All you have to do un-brake specific scripts is to move them from untrusted to trusted levels.On more complex websites you might have to do that multiple times to regain the required functionality.Online anonymity is a different concept than online privacy but here we use Tor to compartmentalize our basic searches like browsing and news reading and we’re also recommend to use tor for preliminary research when you want to buy things.When you choose a product to buy just copy this link and open it in regular Firefox to finalise your purchase.

As a side note, avoid using your professional or social media email for online purchases. Instead, create a new account with Mailfence, that doesn’t have your real name. By creating a separate email address, just for purchases, it will make it harder for advertising alogrithms to crawl through your purchasing record. Using Tor with your real name identity, is a waste of time and it gives you little benefit. If watching YouTube videos is a big activity for you, then we would recommend Chromium-based web browser. This can be Brave or Vivaldi.In my recent experience I found that that that Vivaldi can be better configured for privacy protection using the same Four Horsemen of privacy extensions.Under privacy settings for Vivaldi, make sure to opt out of Google safe browsing and keep your browsing history for “session only” so that all browser data is deleted after it closes.

Next, block third party cookies and disable web RTC leaks.

The Final Step : Building The Walls.

Now once you’ve built your compartments, the rest is a matter of building strong walls.One key step to secure your identities against hackers.A good enhancement is to have a unique and strong passphrase for each online account.

I recommend using KeePass XC or orBitWardento generate complicated passwords and store them securely if you want you can use it with a browser extension to manage your passwords and handle autofill. Passwords are useless without two Factor authentication, however SMS verification is not secure anymore. Instead, you need to use either an authenticator app like free and open source “FreeOTP“or use an authentication key. The best authentication solution is currently provided byNitrokey.You can use Nitrokey Pro for one time passwords and NitroKey Fido for universal two-factor authentication.

Another way to make sure your walls are strong, is to choose providers that are transparent and respect your freedom. You should start migrating to free and open Source software wherever you can :

Adobe Photoshop and illustrator have alternatives in GIMP and Inkscape Microsoft Office can be easily replaced with Library Office. The best Cloud storage and syncing solution is provided by NextCloud. Contacts and calendar can also be synced with Esync to find more open source alternative apps, F-droid is a fantastic replacement of Google Play Store for a free software repository. Use it to find privacy enhancing apps, just look for free software alternatives to replace your proprietary apps.

Now tht you have properly separated your identities from your online presence and carefully selected and segregated your service providers there are two things that connect the dots about you, these are — your IP address and your device.

Partially we’ve already addressed IP problem with Tor browser . Tor network makes your IP address untraceable, however Tor is not useful with online accounts, high media content like watching YouTube videos , or can also be harmful for online banking & financial activities. This is where the “VPN Threat model” becomes useful. After you have taken steps to compartmentalise your digital self,a reputable VPN can be helpful at masking your IP address and hiding your browsing habits from your internet service provider.Unfortunately using a VPN requires a lot of trust so there is no single provider to recommend. In turn, you should perform your own research and choose what works best for you.As a general rule -don’t use free VPN’s and don’t subscribe to providers who are connected with the “Five Eyes” surveillance Alliance countries.

A good source to source different VPN providers is-“Thatoneprivacysite.net”.

All of your compartments are still carried by a single boat.Technically you have at least two internet-enabled devices but one is usually just a copy or an extension of the other.When you’ve set up your mobile and personal computers with strong compartmentalization, you’ve eliminated your attack surface to your devices .

Chances are you’re either using Windows, Mac OS, Android or iOS.Your next big goal should be to replace these ecosystems with platforms that are open and respect your freedom of fully owning your software and having total control of your data. This is easier to do on desktop as opposed to mobile. Linux has come a long way over the past few years.

It is becoming a viable choice for an increasingly wider scope of people. Black Magic Design is killing Adobe’s grip on creators, by porting versions of their Fusion and DaVinci Resolve Software to Linux for free. LightWorks also provides a professional video editor for Linux. Linux is a diverse platform providing no single unified operating system but a plethora of different combinations Kernels, Desktop environments and application packages it allows for a healthy digital environment that is sustainable long into the future. The scope of Linux and it’s many advantages is a bit beyond the scope of this article, however in the mean time we highly recommend you add an additional layer of security to your 3 compartments by installing our desktop or mobile solution for enhanced online privacy — Privacy Hive. Privacy will provide that final, essential layer of protection allowing you to keep your personal information safe from malicious software and internet fraud. Privacy Hive will keep your entire system in check by detecting malicious threats in real-time across all of your devices whilst stopping advertisers from tracking your behaviour between your private compartments & your browser. Download Privacy Hive today and keep your private life… Private!