1. Using Windows 10 with Local account and not with Microsoft Account.
Using Windows 10 PC/Laptop with your Microsoft Account can be dangerous. Logging into your Windows 10 PC/Laptop will become difficult if your Microsoft Outlook/Live Account gets hacked. Using Windows 10 with Local account is the best solution to be safe from getting your Windows 10 PC/Laptop locked down.
Benefits of Local Account:
- Is more private
- Always works, regardless of Internet connectivity
Note: If you're not planning on using the Windows Store or any of the apps, avoid a Microsoft Account at all costs.
2. Change all passwords every 6 months
New strong passwords must be generated using password generators for all online accounts. Strong and long passwords are not easy to remember. Password Managers like Bitwarden, LastPass, 1Password and others can be used to stored passwords securely, locally and on the cloud.
DashLane Password Generator
- KeePassXC: Free Open Source Password Manager
3. Encrypting important data using VeraCrypt for local and online use
VeraCrypt is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file or encrypt a partition or the entire storage device with pre-boot authentication.
Important photos, documents, and financial documents must be encrypted using VeraCrypt to keep the data safe from Ransomware attacks.
4. Controlling Windows 10 Privacy, Telemetry and Tracking
- Using O&O Shutup10 to disable Windows 10 Telemetry and Tracking
- Using Windows 10 Debloater to remove bloatware's from your copy of Windows 10
- Deleting Telemetry and Tracking services from Windows 10
sc delete diagtrack and
sc delete dmwappushservice. To execute the commands, Run CMD As Administrator and type both commands one by one and press enter. Remember to run these two commands after every Windows update.
5. Free Complete PC Clean-up using BleachBit
BleachBit is a free and open-source disk space cleaner, privacy manager, and computer system optimizer.
Free Complete PC Clean-up can be accomplished by using BleachBit instead of using a paid software like CCleaner. BleachBit will clean-up browser cookies, history, visual studio cache and more.
6. Using Firefox Browser with Helpful Add-ons
- HTTPS Everywhere: Encrypt the web! HTTPS Everywhere is a Firefox extension to protect your communications by enabling HTTPS encryption automatically on sites that are known to support it, even when you type URLs or follow links that omit the https: prefix.
- Poper Blocker: Using Poper Blocker to block annoying popups, popunders & overlays in an easy & effective way.
- uBlock Origin: Using uBlock Origin to block ads, tracking, malwares and much more. uBlock Origin can remove any unwanted HTML elements like div, iframes, images from any website. This feature of removing unwanted block of HTML is called Cosmetic Filtering. uBlock Origin provides an element picker to select elements to remove them from the DOM(Document Object Model).
7. DOT(DNS over TLS) + Pi-hole(Network-Wide Ad Blocking) + Stubby DNS
1. DOT(DNS Over TLS)
DNS over TLS (DoT) is a security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol. The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks.
Cloudflare, Quad9, Google are providing public DNS resolver services via DNS over TLS.
DOT keeps the DNS request safe from getting tampered over the wire. Though, with Encrypted DNS ISPs can still see what websites we visit with the help of SNI(Server Name Indication). Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate.
Cloudflare has created ESNI(Encrypted SNI). You can read more about Encrypted SNI
2. Using Stubby DNS Resolver + Cloudflare DOT DNS over TLS
'Stubby' is an application that acts as a local DNS Privacy stub resolver (using DNS-over-TLS). Stubby encrypts DNS queries sent from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy.
3. Network-Level Ads, Malware, Spam Blocking with Pihole on a Raspberry PI
Pi-hole is a DNS sinkhole that protects devices from unwanted content, without installing any client-side software. Pi-hole provides Network-wide ad, malware, spam blocking via your own Linux hardware like a Raspberry PI 3B+.
4. Pi-Hole Blacklist: TLDs(Top Level Domains) that spread viruses and malwares
Note: This is a customized blacklist for my own personal use as I don't visit websites with these TLDs. Some of these TLDs are very famous for spreading viruses, malwares and ransomwares over the internet.
5. Important block lists in Pi-hole
8. WireGuard VPN + Pi-hole + Unbound DNS + Root Name Servers
1. WireGuard VPN
WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.
2. Unbound Recursive DNS Resolver with Root Name Servers
Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. Unbound DNS can be installed along with Pi-hole and Root Name Servers.
A root name server is a name server for the root zone of the Domain Name System (DNS) of the Internet. It directly answers requests for records in the root zone and answers other requests by returning a list of the authoritative name servers for the appropriate top-level domain (TLD). The root name servers are a critical part of the Internet infrastructure because they are the first step in translating (resolving) human readable host names into IP addresses that are used in communication between Internet hosts.
3. Encrypt your internet traffic using a VPN with no DNS leak
WireGuard VPN + Pi-hole + Unbound DNS will allow you to encrypt your internet traffic and especially with Ubound DNS and Root Name servers we save ourselves from the issues of DNS leak.
After every VPN setup please make sure to test for DNS leaks.
Good websites for DNS Leak Test: