Blog

A Privacy & Security Toolkit

The tools below can immediately improve your overall Privacy and Security posture, are easy to setup, and mitigate the majority of risks we take with our data online.

  1. Purpose
  2. The Stack
    1. Layer 0
      1. VPN
      2. DNS
      3. TOR
    2. Layer 1
      1. Brave
      2. Firefox
      3. TOR
    3. Layer 2
      1. LastPass
      2. 1Password
      3. 2nd Factor Authentication
    4. Layer 3
      1. Email
      2. Messaging
      3. Search
      4. Social Media
  3. Ultimately
  4. More Resources

Purpose

When thinking about privacy & security for your devices that connect to the internet or the data you generate while you’re online, it’s important to understand that a single solution doesn’t exist, nor will it ever.

As technology evolves overtime and innovations are adopted widely around the Internet, the way we interact with the technology changes as well. It’s an individual’s responsibility to remain vigilant and spend some time considering the risks they may be taking when trying out a new app, or creating an account on a website. Unfortunately, for some individuals, the networks available to them are censored and hostile so they must consider protecting their location information or browsing history when conducting research or journalism.

Fortunately for us, technology is a great problem solver and many of these risks have already been mitigated by very common & simple tools that allow us to browse the internet in confidence.

With a little knowledge and a few tools we can be 100 time safer on a public wifi network while reviewing intimate finance or health documents. We can do research unhinged by social norms or taboos and journalism without fear of repercussion. Identity Thieves can remain at arms length, unable to use the most basic tactics.

Privacy and Security online is the ultimate expression of Personal Digital Sovereignty. Use the stack to get yourself up to speed and protected quickly and safely.

The Stack

Layer 0 (Network Security)

Your network security can be the single point of failure for your entire Privacy and Security Posture. If the data you transmit is over a compromised network, then it doesn’t matter how strong your password is, or how private your browser may be.

VPN

VPN stands for Virtual Private Networking. This technology routes all your Internet traffic through an encrypted tunnel to another network or gateway device before connecting you to the Internet. This removes your need to trust the network you’re directly connected to, but forces you to trust your VPN provider. There are some solid providers out there, but we use our own.

A VPN protects you by hiding your IP Address from websites you connect to, which hides your Geo-Location by IP Address, and encrypts your traffic so anyone on the same network as you (hackers, ISPs, Govt.) can’t see what websites you’re visiting. This also helps you remain anonymous on the websites you connect to, but only if it’s the only information you’re providing them.

VPN services are the only thing on this list that will cost you a little money. Beware free VPN services as they’re probably making money in other nefarious ways. However, the services provided are generally worth the cost. Our VPN plans start around $2/mo with a 12 month subscription.

DNS

DNS stands for Domain Name Resolution and is a basic Internet service that translates domain names like facebook.com and google.com to IP Addresses that computers connect to. Anyone with access to the DNS service you use could see what websites you visit by your computer’s DNS requests. A Private DNS service doesn’t log your requests, protecting the privacy of it’s users.

These services cost very little to provide and can often be found for free. Again, do the necessary research to make sure you’re going with a trusted provider.

Skylaski.com operates it’s own free to use Private DNS servers that follow our No-Log Policy. If you use our VPN, then you’re already using our Private DNS.

TOR

TOR will be mentioned more than once as it is actually a few different things. At the network level, TOR uses Onion Routing to route your traffic over an encrypted connection across random relays, potentially around the world. This is probably the most secure and anonymous routing protocol in existence. Not only is your IP Address hidden by 1 proxy like a VPN, but is encrypted independently across 3 or more proxies chosen at random.

Layer 1 (Browser)

Once your device is connected to a secure network, you should remain vigilant when using apps or software that use the Internet as well. Try to choose from well known publishers and make sure you keep everything as up to date as possible.

However, the tool everyone needs to browse the internet is a Web Browser. Most Browsers provide a good selection of privacy and security options, which should be explored in depth if you choose to use them. Below are some Browsers that have been developed with privacy as a priority.

Brave

Brave is a fairly new browser that places Privacy first, and uniquely leverages another new technology called Blockchain to attempt to pay users who choose to view ads and content creators who generate a lot of views.

Firefox

Firefox is a Mozilla Browser that has been around for a very long time. The project has pioneered many innovations in the browser space and continues to do so. Firefox has more recently placed a heavy emphasis on user privacy and security and has delivered an amazing Browser.

TOR

TOR is at it again. The TOR Browser is a Complete Anonymity focused browser that has the TOR Onion Routing protocol built into it. It can be run as a standalone Browser on most devices today and makes accessing Onion Services (Anonymous Websites) as easy as possible. You can also browse the normal internet using the TOR Browser and network as well, though the experience will be noticeably slower.

Layer 2 (Access)

Once you have your network and the browser you’re going to use to access it. You’ll need your username and passwords to access any services online like your bank or email account.

Most people store these in their head. While the skill itself is useful, it’s a bit impractical today considering every website we visit wants us to make an account. The only way to successfully access every site would be to use one or two passwords for hundreds of sites.

On top of that, these websites are constantly getting hacked and user information is dumped onto the dark web for sale on the cheap. The chances of having your account information somewhere on the Dark web today is high. The only protection against this reality is to use a different password for every single website you visit. This way, if your mechanic or other favorite online merchant gets hacked, only your account with that website is compromised.

This would not be possible without Password Managers. Not only do they remember passwords for you, but they can generate secure passwords when you’re creating an account, as well as auto-fill almost every potential form you come across making it easy to enter those super secure passwords we can’t remember. There are a handful of password managers on the market and if you’d like to know more check this out. Here are our recommendations.

LastPass

LastPass is probably the best bang for your buck, considering it’s absolutely FREE! Comes complete with all the features needed to be successful switching to using a password manager and sticking with it. Easy to use and has browser extensions and a mobile app.

1Password

1Password is another absolutely amazing password manager that will make sure your transition is as seamless as possible. Stop using sticky notes or precious memory to store your passwords. 1Password also has all the browser extensions you need and an app for mobile use.

2nd Factor Authentication

It’s worth mentioning that most places you are forced to have a password online also provide the option for 2nd Factor Authentication. These are services like; sending you a text message with a unique code before logging in, or asking for a code from an authenticator app, or physical security key.

No matter, what options are offered for 2nd Factor Authentication. Choosing at least one of them increases your account security immensely. Even if your password is stolen or leaked on the Dark Web, if 2nd Factor Authentication is enabled your account is still safe.

Make sure you check all your major accounts and ensure 2nd Factor Authentication is enabled. This can really save you in the long run.

Layer 3 (Services)

Choosing the right services for things like Email, Messaging, Search, ect can go a long ways towards ensuring your data is protected. We often don’t get to choose the tools we use to communicate with everyone, but when necessary these tools serve a huge purpose.

Email

ProtonMail is an email provider that offers a small inbox for free and automatically encrypts all email by default. A great provider of secure email.

Mailvelope is a nifty Browser extension that can manage PGP (Email Encryption) keys and auto-encrypt your email, even when using another web-based email provider (Like hotmail or gmail). Encrypt your regular email with Mailvelope.

Messaging

Signal is an open source, end-to-end encrypted messaging app that works on both Android and iOS as well as some desktops. Message your contacts securely as individuals or in groups, verify their identity and video chat.

DuckDuckGo is a privacy focused, complete search experience with apps and widgets for your phone as well as a privacy browser. No more “personalized” search results.

Social Media

Minds is one of the most unique platforms to come along in a long time. A complete social media platform with groups and blogs and all sorts of media, Minds runs on the Ethereum Blockchain, leveraging it’s own token to generate value for content creators and viewers alike.

Ultimately

The responsibility is on the user today to protect themselves while online. Your privacy and security are paramount to your Personal Digital Sovereignty.

This is just a beginning. These are the basics. The stack itself can and will change shape and take on new meaning as technology evolves.

There is also a compromise. As users we all live under unique circumstances. It might not be possible to completely remove Google or Facebook from our lives, but we can exercise the choices we do have on those platforms as well.

Most of our privacy and security is in this space, the settings. Today most of those settings default in the favor of those who need our data. Check them out, make sure they’re right for you.

More Resources

This is a never ending journey. To continue the path we highly recommend you check out the “Surveillance Self-Defense” guides hosted by the Electronic Frontier Foundation.

There are also some additional resources at our Forums.

Disable Personalized Ads and Reset Your Advertising ID

Recently Wired published a great article titled ‘A Simple Way to Make It Harder for Mobile Ads to Track You‘.

This short little article is really worth a read, especially today when more and more of our lives happen online, the invasion of privacy online is full on!

Not only is this creepy, but advertisers are operating in spaces normally heavily regulated to protect the innocent like our children. On the Internet, there is a general lack of regulation. Most of us have already agreed to a Privacy Policy or Terms of Service on one of the many FREE platforms online today.

Fortunately as consumers, we are beginning to see more and more options open up to us to make our own choices on what happens to our data on these platforms.

To help prevent unwanted advertising, behavior tracking, and help improve your privacy overall, it’s important to dig into the Privacy options of every piece of software we use.

On Android and iOS phones today, you can disable or minimize personalized ads as well as reset your advertising ID which is used by companies like Google and Apple to profile you.

From the article;

“”

To do it on Android, go to Settings > Privacy > Advanced > Ads and toggle on Opt out of Ads Personalization. On iOS, navigate to Settings > Privacy > Advertising and toggle on Limit Ad Tracking.

If you don’t want to stop ad tracking altogether—you’re getting ads anyway, might as well be relevant—you can navigate to those same screens and tap Reset advertising ID on Android or Reset Advertising Identifier on iOS to cycle your ad ID and essentially force advertisers to start a new profile on you. Android actually shows you your (very long) alpha-numeric ad ID at the bottom of this screen and when you initiate a reset you can watch it change. A clean slate never hurts.

“”

To learn more about these options check out the entire article.

Google has even more options to help improve your privacy and security as well. For more details on how to harden your google profile check out this article.

3 Reasons to Use a VPN on Your Phone

#1: Privacy and Anonymity

A VPN works by routing all your devices traffic through a secure tunnel to your VPN provider. This prevents your ISP or governments from seeing what websites you’re browsing to by encrypting all your traffic to the VPN provider.

A VPN also hides your originating IP Address which can be linked to your physical location. This prevents the websites your visiting from knowing your original IP address.

#2: Security

When traveling or using public WIFI hotspots the network your connected to could be compromised by hackers or anyone on the network. When using a VPN, all your traffic to and from the internet is encrypted so anyone on a public network who tries to see your traffic will only see random characters. They won’t be able to see what websites your visiting or any data you share with those websites.

#3: Changing Your Geo-Location

Most VPN providers like Skylaski VPN offers multiple locations around the globe to connect and route your traffic through. This allows you to trick most websites, making them think you actually live in those areas.

So if you need to download an app thats only available in Asia, you can connect through your VPN provider’s Asia location to get the app.

Also, this will let you watch a lot of content from providers like Netflix that is only available to specific regions of the world.

How To Refer a Friend

Your Skylaski VPN account comes complete with a slick referral program that allows you to get an additional month of VPN services FREE when someone signs up for a VPN plan using your referral link.

Where is your referral link you ask?

It can be found in a few places. First login and visit your account page.

Then, you can find your personal link in the top menu under ‘My Account’ or at the bottom of the page under ‘Account Management’.

Clicking on either one generates a pop-up where you can get your unique URL and/or share it directly a few different ways.

If you’re mobile, this will pop-up your phones native share feature.

Your Favorite App is Probably Sharing Your Location with The Government

Over 500 commonly used apps, infecting hundreds of millions of phones all over the world, have an SDK built into them created by a company called Anomaly Six. According to the Wallstreet Journal this company is selling all the location data they’ve collected to the US Government.

This kind of surveillance is especially concerning since its almost never disclosed in the app’s Privacy Policy.

Third party SDKs and APIs installed in commonly used apps was always an issue. Sometimes its incredibly valuable when there is a synergy between two services online, but most of the time it’s just used for collecting data.

Our VPN can help mitigate your phone from connecting to well known trackers and malware publishers, even if they try to do so through a backdoor in common apps.

Check it out!

NSA Recommends Using a VPN

Recently the NSA released some guidance on how to limit the amount of location data you expose while you’re online or using your phone. Among a lot of solid tips was to use an anonymizing VPN service you trust as much as possible.

Even if your location service on your phone is turned off, and your gps antenna disabled. Your location can be derived various of other ways, one of them being your IP Address. A VPN can mask your actual IP Address while online to help mitigate this risk.

Our VPN service not only encrypts your connection to the internet through the fastest, most secure VPN technology available, but blocks trackers and malware publishers protecting you from the most common tactics.

Check it out!

Aggressive Advertising

It’s easy to see tech companies as a monolithic villain in the battle over consumer privacy. But in fact, there are countless tech companies, like mine, that believe that people have a fundamental right to avoid being put under surveillance and that it should be easy for them to exercise that right.

Gabriel Weinberg – https://www.nytimes.com/2019/06/19/opinion/facebook-google-privacy.html

What a great quote.

Unfortunately, the majority of the tech companies that matter don’t consider what they’re doing as ‘surveillance’. The argument generally heard is that through abstraction of the mass amount of data privacy is maintained. Through looking at groups of individuals and their data, instead of the individuals themselves, no one’s privacy is being violated because the data is anonymized.

Unfortunately its not the identity of information that has the undesired impact, but the detailed level of knowledge that leads to intimate feelings of a privacy violated. Intricate patterns in our behavior are elevated in a completely objective view through data. This allows those who can see and understand the data, a deeply intimate insight into human nature.

Some might argue that this knowledge puts the data owners at an advantage over individuals who might not be fully grown or educated enough to think critically about the world around them.

That aside, it still leads to creepy advertising and ultimately removing freedom of choice on the part of the individual.

This distinction between Big Ad Tech and everyone else in tech is important to keep in mind as policymakers consider new regulations intended to protect consumers’ privacy. Executives of these big companies may individually make public statements welcoming federal regulation, but in practice they are doing everything they can to weaken existing laws and shape new ones in their own interests. This strategy is very obvious to the rest of us in the tech industry. And it’s essential to get these privacy laws right today, so that people have the opportunity to opt outClose X of online tracking now.

https://www.nytimes.com/2019/06/19/opinion/facebook-google-privacy.html

In an Opinion piece on the New York Times, the author suggests the potential implications of blindly submitting to such surveillance. Advertising is totally possible without tracking people across the entire internet. A lot of tech companies are doing it already and fighting against certain influences to create laws that continue to eliminate choice from the market.

The author continues to explain the options companies have for advertising online and the proven effectiveness of alternative options to the ‘behavioral’ advertising which tracks your activity all over the internet.

Ultimately there is even evidence to suggest something like ‘contextual’ advertising can be profitable.

Skylaski VPN will continue to block common trackers and malware publishers for the foreseeable future. If you’re curious how a VPN can help protect your privacy, check out our Features & Plans.

Free Private DNS

1. 35.226.146.85
2. 35.224.238.118

These are Skylaski.com’s Free to Use Private DNS Servers.

On the Internet DNS is the service that translates common names to digital destinations. Without this service, we would have to memorize the numbers of every place on the internet we wished to go. With the service, we also gain a lot of load balancing and traffic management capabilities.

DNS is essentially your first stop on the internet everytime you look something up. It quickly becomes a log of all your activity while online. While it doesn’t know what you’re searching on Google or emailing a friend online, it knows what websites you visit and when.

It’s important that the provider of these services protect their user’s privacy rights. This is such a fundamental service that it’s no harm to Skylaski.com to provide it for free of use to all whom may need it.

Understandably, this service is not readily available everywhere and thats why it exists. If you already use Skylaski VPN you don’t have to worry about this at all.

Setup

Depending on how you’re connecting to the internet setup will be different. Generally speaking you need to find the interface for changing which DNS servers your device/client uses.

Setting up private DNS is becoming more and more common however, so a lot of applications allow you to control this manually. Below are some articles that can hopefully get you started.

  1. Android
  2. iPhone
  3. Windows
  4. Mac

Why You Should Use a Password Manager

These days every website you visit requires you to setup an account. Every single one wants to remember who you are and attempt to personalize the experience as much as humanly possible. The point is clear, you’re using passwords everywhere you go on the internet.

This becomes a big issue because you honestly can’t trust everyone with securing your passwords. Big data leaks happen all the time and often to companies and websites we would normally assume completely responsible with things like our money or identity. However, on the Internet nothing is guaranteed.

So having a strong password, one that is very difficult to guess is important, but if the people you trust the most can lose these passwords and allow them to be sold on the dark web, then all it takes is for one of them to slip up and potentially every account you ever created is at risk.

That’s where password managers come in. While there is a lot of value in remembering all your passwords in a secure location that can be recovered if someone steals your little notebook of passwords, there is even more value in generating secure passwords efficiently so that you never use the same password twice.

This way, if your laptop is stolen, or your little book of passwords goes up in flames you can recover your passwords. Also, if your bank, school, work, or favorite forum gets hacked and the passwords leaked on the Dark web, all your other accounts are safe and secure.

Choosing a Password Manager

Password Managers inherently need to be secure. Always do your research and try to find a solution recommended by security professionals you trust.

With that in mind it’s also important to get the features you need to ensure you’ll use your password manager as much as possible. If you aren’t going to use your password manager, then it’s not going to protect you and becomes a potential liability more than anything else.

Extensions & Apps

Password Managers need to meet you where you’re at. Whether that is on your laptop, desktop, phone or tablet. Make sure you choose a manager that has extension for the browsers you use & apps for the devices that need them.

Generating Passwords

Make sure your password manager can generate passwords for you, on the spot, easily AND remember them all at the same time. Remember, this is the real value of a password manager as it obfuscates the attack vector that is your password. If you’re not using a unique password for every website then a password manager can’t help you when the password you are using winds up for sale on the dark web.

Auto-Fill

If your password manager checks the first two boxes then this one is essential. If you’re using a strong, unique password on every website and app you use, then it’s going to become VERY tedious if you have to copy-paste every password from your vault into these forms every time you open your browser. This might get so annoying you’ll stop generating unique passwords, or worse, stop using the password manager altogether. Make sure your password manager can Auto-Fill these forms for you or at least make it very easy to copy what you need to your clipboard for pasting.

2nd-factor authentication

Anything that consolidates and protects your passwords must support 2nd-factor authentication. These days 2nd-factor authentication is the strongest method of authenticating users on the Internet and any application that doesn’t support it is putting it’s users at a huge disadvantage.

Let’s say your passwords do get leaked and sold on the dark web. If your accounts have 2nd-factor authentication enabled, even if the bad actor tries to use your password, they will still need that 2nd authentication method to get into your account. This gives you plenty of time to change your password if you become aware of such an event. You should be enabling 2nd-factor authentication on every account that offers it period, but 100% on your password manager.

Storing Other Notes

Some password managers, especially the ones that are highly integrated and come with auto-fill, allow you to store more than just passwords. This can be convenient if you need to write something down behind lock & key like and Address, or Credit Card information. Even better if you’re using your password manager to store the recovery keys to your accounts that use 2nd-factor authentication. Once you get familiar, there are all sorts of things you might want to keep encrypted. In the past we might encrypt specific files on our hard drive, or the entire hard drive, but its generally more secure behind a solid password manager.

sharing passwords

Some passwords you might need to share with others. This is very handy for system administrators or families. This can be handy, but not a common case so generally password managers don’t offer this for free. It’s also usually assumed the recipient also has an account with the same password manager.

Other Features

There are a lot of other features a good password manager might offer. LastPass for instance, provides free security audits where they provide a report of your passwords, their overall strength, time since last updated, and a list of accounts that might have been involved in data breaches.


Currently Skylaski.com recommends LastPass & 1Password. Both solutions are trusted by professionals and are widely used as well as have all the features we discussed above.

Don’t be a #digitalserf Secure your passwords today!

Optimize Your Google Account for Privacy & Security

These days it’s almost impossible to operate in our modern, digital economy without an account with Apple and/or Google.

In this article we’ll help you ensure your Google account is setup to maximize security & privacy as much as possible.

Security

The first step is to browse over to https://myaccount.google.com/

Once logged in you’ll want to select the ‘Security’ tab to the left.

From here feel free to take the ‘Security Checkup’, but be sure to setup a secure password as well as 2-Step Authentication.

The most important thing here is 2-Step Verification. Google supports a number of methods for 2-Step verification. They can send you a text, notify your phone via Bluetooth, setup an authenticator app. However, the most secure option is a physical security key. These will run you about $40 and are the most secure option.

2-Step verification is important because even if someone gleans your password, they still won’t be able to log into your account without access to your 2nd security key.

Privacy

Google and Apple are notorious for tracking everything you do, and by default that is mostly true. However, with Google its easy to turn off most of this.

You can get to these settings via the ‘Data & personalization’ tab.

On this screen Google provides you detailed controls over your data.

I highly recommend taking the ‘Privacy Checkup’ and going through each step in detail. Through this checkup you can delete all your Google account history and configure google to continue to do so on a regular basis. You can turn off Ad Personalization, Location History, Web & App History, Youtube History, and control what applications have access to your data.

Personal Information

The last thing we want to do is make sure we’re only sharing the personal information we want to.

Click the ‘Personal info’ tab and scroll to the very bottom. There you’ll see the link to choose what other people can see about you.

The options here aren’t as configurable as the others, but at the very least you can be aware of what’s shared and anonymize anything you may need to.

Ultimately you should always be aware of what your options are. These days a Google account is practically a necessity, but you do have options to prevent it from becoming a liability.