Personal Privacy Setup: Audit Checklist

1

I want to audit my personal privacy setup right now: Analyze the different software and services I use and decide if they’re fitting of my changed threat model.

Does anyone have a list of software/services that I use to check when auditing my privacy right now. Ex:

Check your email service, browser, searching engine, cloud storage, etc.

Anyone have a list like that of things I can check where my data is being collected and used?

2

It is unclear (to me) what you are asking fo here. I think you may be going about this in a reversed order. I think it would make more sense if you make a list of the services you use, so that you (or we) can analyze places where you can improve. You are the only one who knows what you currently use, and what your threat model is. Without knowledge of both of those things, it would not be possible to give good recommendations.

If you are looking for general recommendations, I’d suggest you take a look at PrivacyGuides.org

edit: I would also recommend not focusing solely on software/services. This is what gets all the attention, but its as important or more important that you adjust your habits, mindset, and usage patterns, and grow your awareness and knowledge with respect to privacy and security. Probably I’m preaching to the choir and you already know this but I just wanted to explicitly mention it since often it is left out of the conversation.

3 Likes
3

I’ve compiled the recommendations from PrivacyGuides and thenewoil.org and here’s the gist :

  • Optimize device’s privacy settings.
  • Encrypt your devices.
  • Non-admin user session.
  • Backups.
  • Remove unused files and apps from devices.
  • No IoT.
  • Content blocker (DNS, VPN).
  • “Become less dependent on your phone. For example, if you’re going to the grocery store like usual, you already know where it is. Leave the phone at home and take a shopping list written manually on a slip of paper”. says The New Oil.
  • Lying about your information.
  • Think about what you share on social networks. “You should view every website as a data breach waiting to happen.” says The New Oil.
  • Payment masking (I dont’ do).
  • Delete unused accounts.
  • No antivirus

Apps and services :

  • Email aliases
  • Password manager with different and strong passwords
  • 2FA
  • Frontends for social networks (YouTube, imgsed.com,…)
  • Navigation
  • Cloud storage (I don’t have cloud storage).
  • Note taking
  • Microsoft office alternative
  • Calendar
  • E-mail
  • Messenger
  • Search engine
  • Browser

Like @xe3 said, it would make more sense if you make a list of the services you use, so that you (or we) can analyze places where you can improve + do not focusing solely on software/services.

2 Likes
4

I think I know what you meant in your initial post.
Correct me if I’m wrong but I think you want to try to find information from the outside looking in.

That can actually be a very useful practice to make sure that you did not forget something obvious like removing a profile picture or delete an account. Just note that this only applies to the “privacy from individuals” section of a threat model. Obviously that does not apply to the “security” or “privacy from companies” aspects of a threat model.

I sometimes ask my friends to start “from scratch” and try to find information about me. I found out that I had a few social media account that I forgot to delete so my friends were able to find a lot of info about me.

I suggest using OSINT tools. There are a lot of good ones out there but a simple search with multiple search engines is a good start.
You can also use reverse image search, the wayback machine and google advanced search to narrow your search to something more specific.

Hope this helps!