Author: @karpathy, co-founder of @EurekaLabsAI; compiled by: zhouzhou, BlockBeats

Editor's note: This article introduces some basic skills to improve computer privacy and security, covering password managers, hardware security keys, hard disk encryption, biometrics and other protection measures. It is recommended to use security tools such as 1Password, YubiKey, Signal, etc., while emphasizing the use of unsafe smart devices, use privacy-protected browsers and search engines, and adopt VPNs and ad blocking tools. The article also recommends protecting personal information and achieving digital security through virtual credit cards, email management and network monitoring.

The following is the original content (the original content has been compiled for easier reading comprehension):

Basically, you can do some simple things to improve the privacy and security of your computer. This article covers some such content.

Once upon time, I will be reminded of the huge fraud mechanisms of the Internet, which has rekindled my pursuit of daily computer privacy/security and basic digital hygiene. The problem starts with some major tech companies that have an organization that builds your comprehensive profile to make money directly through advertising, or sell it to professional data brokers that will further enrich, deanonymize, cross-reference and resell data.

The inevitable and frequent data breaches will eventually aggregate your information into the black market archive, nourishing a huge underground spam/scam industry, including hacking attacks, phishing attacks, ransomware, credit card fraud, identity theft, and more. This guide is a collection of some of the most basic digital hygiene tips, starting from the most basic to some slightly more detailed suggestions.

Password Manager

Your password is your "first factor", that is, "things you know". Don't be foolish about setting new, unique, and complex passwords for each registered website or service. Combined with browser extensions, they can be created and automatically filled in very quickly. For example, I use and like 1Password. This prevents your password: 1) easy to guess or crack, 2) Once leaked, the door to many other services is opened. In return, we now have a centralized place to store all the first factor (password), so we have to make sure it is thoroughly protected, which leads to...

Hardware security key

The most critical services in your life (e.g.Google or 1Password) must be reinforced by an additional "second factor", i.e. "What you have". An attacker must have both of these factors in order to access these services. The most common second factor in many services implementations is the mobile number, and in theory you will receive a text message with a PIN code that is verified in addition to the password after entering.

Obviously, this is much better than not having a second factor, but using a mobile phone number is known to be very unsafe because of SIM card swap attacks. Basically, the attacker finds that he can easily call your cell phone company, pretend it is you, and asks them to switch your cell phone number to a new phone they control. I know this sounds totally crazy, but that's it, and I have a lot of friends who are victims of this attack.

So, buy and set hardware security keys—industrial-grade protection standards. In particular, I like and use YubiKey. These devices generate and store private keys on device security elements, so the private keys will never appear on general-purpose computing devices like laptops. Once you set up these devices, the attacker not only needs to know your password, but also physically has your security key to log in to the service.

Your risk is reduced by about 1000 times. Buy and set 2 to 3 keys and store them in different physical locations just in case you lose one of them. Security keys support several authentication methods. Check out the "U2F" in the second factor setting of your service as the strongest protection. For example, it is supported by Google and 1Password. If you have to use "TOTP", please note that your YubiKey can store TOTP private keys, so you can easily access the PIN code to access your phone via NFC through the YubiKey authenticator application.

This is much better than storing a TOTP private key in other (software) certified applications, because you should not trust a universal computing device. This article is not going to explain in depth, but basically, I highly recommend using 2-3 YubiKeys to greatly enhance your digital security.

Biometrics

Biometrics are the third common authentication factor ("Who are you"). For example, if you are an iOS user, I recommend setting FaceID in almost every place, such as accessing apps like 1Password.

Security Question. Dinosaur companies are fascinated by security issues (such as "What is your mother's maiden name?") and force you to set them up from time to time. Obviously, these questions fall into the category of “things you know”, so essentially they are passwords, but for scammers, these questions can be easily found on the internet and you should refuse to participate in this ridiculous “safety” exercise. Instead, treat security questions as passwords, generate random answers for each question, and store them in your 1Password with your password.

Disk encryption. Always make sure your computer is encrypted using disk. For example, on a Mac, this completely brainless feature is called "File Vault". This feature ensures that if your computer is stolen, the attacker cannot obtain the hard drive and access all your data.

The Internet of Things

is more like @internetofshit. Try to avoid using "smart" devices, which are essentially extremely unsafe, internet-connected computers, collect large amounts of data, and are often hacked, while people willingly put them in their homes. These devices have microphones that send data back to the parent company regularly for analysis and “improve customer experience” haha, OK. For example, when I was young and naive, I had purchased a CO2 monitor from which it asked for all my personal information and accurate geographic location before telling me about the CO2 content in my room. These devices are a major vulnerability to your privacy and security and should be avoided.

Message delivery. I recommend Signal instead of SMS because it encrypts all communications end-to-end. Furthermore, it does not store metadata like many other applications (e.g. iMessage, WhatsApp). Turn on the message disappearance feature (for example, the default 90 days is a good choice). In my experience, the message disappearance function is an information vulnerability and has no significant benefits.

Browser. I recommend using Brave browser, which is a privacy-first browser based on Chromium. That is to say, almost all Chrome extensions can be used directly, and the browser experience is similar to Chrome, but no Google can fully grasp your entire digital life.

Search engine

I recommend Brave search, which you can set as the default search engine in your browser settings. Brave Search is a privacy-first search engine that has its own index, unlike Duck Duck Go is actually a skin of Bing and has to do some weird collaborations with Microsoft to compromise user privacy. Like all services on this list, I pay $3 a month for Brave Premium because I prefer to be a customer rather than being a commodity in my digital life. I found that, based on experience, 95% of search engine queries are very simple website queries, and search engines basically act as a small DNS. If you can't find what you want, just add "!g" before the search query and you can jump to Google.

Credit Cards

Cast new and unique credit cards for each merchant. There is no need to use the same credit card on multiple services, which will allow them to "associate" your purchases on different services, and it also increases the risk of credit card fraud, as service providers may disclose your credit card number. I like and use privacy.com to mint new credit cards for every transaction or merchant.

You can view all consumption through a great interface and receive notifications for each card swipe. You can also set spending limits per credit card (e.g., $50 per month, etc.), which greatly reduces the risk of you being charged unexpected fees. Additionally, through privacy.com's card, you can enter a completely random name and address when filling in your billing information. This is very important because there is no need to let random Internet merchants know your actual address. Next, let’s talk about...

Address

Most random services and merchants do not need to know your actual address. Use virtual mailing services. I currently use Earth Class Mail, but to be honest, I'm a little embarrassed, so I plan to switch to Virtual Post Mail because it has a stronger commitment to privacy, security, ownership structure and reputation. In any case, you can provide an address that they scan and digitize after receiving the email, you can quickly view it through the application and decide how to deal with it (e.g., destroy, forward, etc.). In this way, you can not only obtain security and privacy protection, but also enjoy considerable convenience.

Email

I still use Gmail because it's so convenient, but I'm also starting to use Proton Mail in part. Meanwhile, there are some ideas about email. Never click on any links in the email you receive. Email addresses are very easy to forge, and you can never be sure if the email you receive is a phishing email from a scammer. Instead, I'll manuallyGo to any service you are interested in and log in from there.

In addition, it is recommended to disable image loading in email settings. If you need to view the image when you receive an email, you can click "Show Image" to view it, and there is no problem at all. This is important because many services track you by embedding images - they hide the information in the URL of the image, so when your email client loads the image, they can see if you have opened the email. There is no need to do this at all. In addition, scammers often hide information by obfuscating images to avoid being filtered into spam by the mail server.

VPN

If you want to hide your IP or location, you can do indirectly through a VPN. I recommend Mullvad VPN. I turn off VPN by default, but choose to enable when dealing with services that I don't trust for more protection.

DNS-based ad blocker. You can block ads by blocking the entire domain at the DNS level. I like and use NextDNS, which blocks all kinds of ads and trackers. For advanced users who like to toss, pi-hole is a physical alternative.

Network Monitoring

I like and use The Little Snitch, which is installed on my MacBook. This tool allows you to see which applications are communicating, how much data is transmitted, and when, helps you track which applications are on the "call master" and understand their frequency. If an application has too much traffic, it is suspicious and may need to be uninstalled unless you expect this kind of traffic.

I just want to live a safe digital life and build a harmonious relationship with products and services that only reveal necessary information. I want to pay for the software I use so that incentives and interests are consistent and that I am always a customer. This is not a trivial matter, but it can be achieved with determination and discipline.