,
34 tweets,
18 min read
Read on Twitter
A Guide on Privacy and Security (Online + Bitcoin)
1/ This guide will cover what steps to take and link to resources explaining how to take these steps.
I noticed while falling down the Bitcoin and Cypherpunk rabbit hole that there are a lot of great guides out there, but no good summary of steps to take. Hope this helps.
I noticed while falling down the Bitcoin and Cypherpunk rabbit hole that there are a lot of great guides out there, but no good summary of steps to take. Hope this helps.
2/ VPN
There is no best VPN, but you can use this website to find a good one for you. Most are fine just make sure you never connect to the internet without it (Kill-Switch).
thatoneprivacysite.net/choosing-the-b…
There is no best VPN, but you can use this website to find a good one for you. Most are fine just make sure you never connect to the internet without it (Kill-Switch).
thatoneprivacysite.net/choosing-the-b…
3/ VPN - Advanced
Setup a VPN-Router so everything uses your VPN by default. You will probably need a special router for it and the setup is not easy, but it's the best way to use a VPN.
thebestvpn.com/set-up-router-…
Setup a VPN-Router so everything uses your VPN by default. You will probably need a special router for it and the setup is not easy, but it's the best way to use a VPN.
thebestvpn.com/set-up-router-…
4/ Browser
Don't use Google Chrome. Use either @firefox or @brave for your daily browsing. The transition from Chrome to Brave will be easier since they are both based on Chromium.
You can read this article for further information.
restoreprivacy.com/secure-browser/
Don't use Google Chrome. Use either @firefox or @brave for your daily browsing. The transition from Chrome to Brave will be easier since they are both based on Chromium.
You can read this article for further information.
restoreprivacy.com/secure-browser/
5/ Browser - Advanced
For everything you want to be as private as possible use @torproject (TOR). You can use it for all of your browsing, but the features that make it private also make it a little inconvenient to use.
For everything you want to be as private as possible use @torproject (TOR). You can use it for all of your browsing, but the features that make it private also make it a little inconvenient to use.
7/ Browser Extensions - Advanced
For even more privacy in your daily browsing use @noscript
This one needs some tweaking, but it's not that difficult just follow the guide and you'll get used to it.
ghacks.net/2016/03/25/nos…
For even more privacy in your daily browsing use @noscript
This one needs some tweaking, but it's not that difficult just follow the guide and you'll get used to it.
ghacks.net/2016/03/25/nos…
8/ Search Engine
Don't use Google. Good alternatives are
@DuckDuckGo
@Searx_engine
@StartPageSearch
restoreprivacy.com/private-search…
Don't use Google. Good alternatives are
@DuckDuckGo
@Searx_engine
@StartPageSearch
restoreprivacy.com/private-search…
9/ Google Services
Best practice is to not use any of them. There are a lot of great alternatives out there. If you don't want to take that step you should at least have a Google account that can't be linked to your real identity.
link.medium.com/1xIcntEETW
Best practice is to not use any of them. There are a lot of great alternatives out there. If you don't want to take that step you should at least have a Google account that can't be linked to your real identity.
link.medium.com/1xIcntEETW
10/ Anonymous Phone Number
You'll need one to create accounts that can't be linked to your real identity. Depending on your country it's difficult to get one without showing your ID to someone. If that's the case use virtual numbers like @NumberProxy and pay with Bitcoin.
You'll need one to create accounts that can't be linked to your real identity. Depending on your country it's difficult to get one without showing your ID to someone. If that's the case use virtual numbers like @NumberProxy and pay with Bitcoin.
11/ E-Mail
Again don't use the Google service. Good alternatives are @ProtonMail @TutanotaTeam , but there a lot of other great ones as well. (You can also run your own mail server)
Also you should use a temporary E-Mail for unimportant stuff.
restoreprivacy.com/secure-email/
Again don't use the Google service. Good alternatives are @ProtonMail @TutanotaTeam , but there a lot of other great ones as well. (You can also run your own mail server)
Also you should use a temporary E-Mail for unimportant stuff.
restoreprivacy.com/secure-email/
12/ Passwordmanager
Using something like @dashlane @LastPass @1Password is better then not using anything but you're still trusting a third-party. That's why I don't recommend using any of them.
Don't trust verify.
Using something like @dashlane @LastPass @1Password is better then not using anything but you're still trusting a third-party. That's why I don't recommend using any of them.
Don't trust verify.
13/ Passwordmanager - 2
I recommend a setup where you create master and subkeys. You then store your subkeys on a @Yubico and use these to encrypt/decrypt your local password storage. This might sound difficult, but it's really not once you do it.
I recommend a setup where you create master and subkeys. You then store your subkeys on a @Yubico and use these to encrypt/decrypt your local password storage. This might sound difficult, but it's really not once you do it.
14/ Passwordmanager - 3
This setup is explained beautifully by @HillebrandMax in these amazing videos.
The videos explain in detail every step on the way to the full setup.
youtube.com/playlist?list=…
This setup is explained beautifully by @HillebrandMax in these amazing videos.
The videos explain in detail every step on the way to the full setup.
youtube.com/playlist?list=…
15/ 2-Factor Authentication (2FA)
Always use 2FA when possible. Backup you 2FA codes in the case you lose your device with Google-Authenticator on it. You can also use your @Yubico for 2FA.
The setup depends on the website, but for most you find it under "security" options.
Always use 2FA when possible. Backup you 2FA codes in the case you lose your device with Google-Authenticator on it. You can also use your @Yubico for 2FA.
The setup depends on the website, but for most you find it under "security" options.
16/ Operating System (OS)
Windows is a nightmare and MacOS is not much better.
If possible switch to a Linux distribution like @debian
For really important stuff (your PGP/GPG setup) use @Tails_live booted from a USB.
Windows is a nightmare and MacOS is not much better.
If possible switch to a Linux distribution like @debian
For really important stuff (your PGP/GPG setup) use @Tails_live booted from a USB.
17/ Operating System (OS) - Advanced
The most private OS is @QubesOS .It's really difficult to use and probably overkill for 90% of the people.
The most private OS is @QubesOS .It's really difficult to use and probably overkill for 90% of the people.
18/ Metadata
Removing Metadata form your files (especially pictures) is really important and often overlooked. Use the software available for your system to clean every file you plan on uploading (especially on social media)
Removing Metadata form your files (especially pictures) is really important and often overlooked. Use the software available for your system to clean every file you plan on uploading (especially on social media)
19/ Bitcoin
First securely install and verify @wasabiwallet . It's going to be used to anonymize your UTXOs.
(Unspent Transactions Outputs = your "coins")
You can also use @SamouraiWallet for this step, but I recommend Wasabi.
First securely install and verify @wasabiwallet . It's going to be used to anonymize your UTXOs.
(Unspent Transactions Outputs = your "coins")
You can also use @SamouraiWallet for this step, but I recommend Wasabi.
20/ Bitcoin - 2
If you need additional help with Wasabi check out this amazing documentation.
docs.wasabiwallet.io
If you need additional help with Wasabi check out this amazing documentation.
docs.wasabiwallet.io
21/ Bitcoin - 3
Now you can use CoinJoin to increase the anonymity set of your UTXOs to a sufficiently high level
Now you can use CoinJoin to increase the anonymity set of your UTXOs to a sufficiently high level
22/Bitcoin -4
It's really important that you learn about Coin-Control otherwise all this mixing will be useless and you will de-anonymize your UTXOs again.
Most important lesson: Don't reuse addresses!
link.medium.com/C6hvD88E7Y
It's really important that you learn about Coin-Control otherwise all this mixing will be useless and you will de-anonymize your UTXOs again.
Most important lesson: Don't reuse addresses!
link.medium.com/C6hvD88E7Y
23/ Bitcoin - 5
The best hardware wallet for long term cold storage is @COLDCARDwallet . Never connect it to a computer and you are really secure.
Setup and Backup are really not that difficult.
The best hardware wallet for long term cold storage is @COLDCARDwallet . Never connect it to a computer and you are really secure.
Setup and Backup are really not that difficult.
@matt_odell 25/ Bitcoin - 7
For maximum security always keep your Coldcard and wasabi wallet updated.
For maximum security always keep your Coldcard and wasabi wallet updated.
26/ Bitcoin - 8
To store your now anonymize "coins" on the coldcard just follow this video by @HillebrandMax step by step and
you are done.
To store your now anonymize "coins" on the coldcard just follow this video by @HillebrandMax step by step and
you are done.
27/ Bitcoin - 9
I recommend you use @blockplate or Steelwallet for storing your seed. They are easy to use and make this setup really resilient.
blog.lopp.net/metal-bitcoin-…
I recommend you use @blockplate or Steelwallet for storing your seed. They are easy to use and make this setup really resilient.
blog.lopp.net/metal-bitcoin-…
28/ Bitcoin - Advanced
Using multisig makes the setup even more secure, but to date there is no really easy way that doesn't damage your privacy. The only good way to do multisig is using @ElectrumWallet while running your own personal Electrum server.
Using multisig makes the setup even more secure, but to date there is no really easy way that doesn't damage your privacy. The only good way to do multisig is using @ElectrumWallet while running your own personal Electrum server.
29/ Further Resources
This is a great read for anyone not only concerned with online privacy but with "real life" privacy as well
@lopp
blog.lopp.net/modest-privacy…
This is a great read for anyone not only concerned with online privacy but with "real life" privacy as well
@lopp
blog.lopp.net/modest-privacy…
30/ Further Resources - 2
Everything @WorldCryptoNet uploads on their youtube channel. Especially all videos by @HillebrandMax
Everything @WorldCryptoNet uploads on their youtube channel. Especially all videos by @HillebrandMax
31/ Further Resources - 3
The amazing curation of Bitcoin resources by @dergigi also has a nice section on privacy.
dergigi.com/bitcoin/resour…
The amazing curation of Bitcoin resources by @dergigi also has a nice section on privacy.
dergigi.com/bitcoin/resour…
32/ End
Thank you to everyone producing amazing content and educating people for free. Hope this thread helps new people that come into the Bitcoin space.
Be safe.
Don't Trust verify.
Thank you to everyone producing amazing content and educating people for free. Hope this thread helps new people that come into the Bitcoin space.
Be safe.
Don't Trust verify.
Hope some people can share this and help new people in this space.
cc @PeterMcCormack @americanhodl4 @wiz @udiWertheimer
@kixunil @notgrubles @danheld @MrHodl @dergigi @bitstein @6102bitcoin
@giacomozucco @nopara73 @HillebrandMax @nvk @hodlonaut
Thank you.
cc @PeterMcCormack @americanhodl4 @wiz @udiWertheimer
@kixunil @notgrubles @danheld @MrHodl @dergigi @bitstein @6102bitcoin
@giacomozucco @nopara73 @HillebrandMax @nvk @hodlonaut
Thank you.
