I'm a fan of DBAN for obliterating everything if you aren't able to actually physically destroy the media.

https://dban.org/

There is a free version, and licensed (if working in a business environment that requires recordkeeping for compliance)

Its writes the shit out of the drive, so may not be the best option on an SSD that you plan to keep or re-use.

The thing is, those are most likely not issues from Microsoft's perspective, they're intentional, therefore they are probably never going away. The fact that some recent Win7 and Win8.1 updates have brought the same concerns with them is even more evidence to that.

A couple of people have come up with ways to disable Microsoft's tracking, though. Check out this github repo.

Why not just use a Windows 10 Compatible USB fingerprint reader?

Mine is plugged in 100% of the time, to the USB extension on my Keyboard, once my fingerprint is read (even first time on boot) it is about 1 second before my desktop is ready for use.

(I can't vouch for the exact below product, but something similar).

Amazon Win 10 USB Fingerprint Reader

Actually, if you are using Windows, you will be fine with the Apps that are onboard. Except Firewall, which there are more fine-graned and userfriendly alternatives out there, it doesn't make sense to buy AV software. The detection rates of Defender are not that bad anymore and enough for common threats.

Best you can do is educate yourself about attacks and be attentive when downloading and opening attachments. If you really need to scan something, install the virustotal uploader, which allows you to upload a file to virustotal and scan it with several AVs and other tools. This gives you more details on how trustworthy the file is.

As for VPNs: It really depends on what you want to achieve here. VPNs have been all over Youtube etc with a lot of misinformation spread around. A VPN will not make you safer per-se. In fact, a poorly chosen VPN might actually be harmful. What you do when using a VPN is shifting traffic and thereby trust: Without a VPN, the data you are sending is transferred via your ISPs network and they might analyze that traffic. Using a VPN sends your traffic to the VPN provider, where they can see what you are doing. In some cases, a VPN is a good choice: e.g. when using a public Wifi. Here, the provider of the Wifi is your ISP and they could minitor your traffic - hence a VPN protects you from the potentially untrustworthy eyes of the Wifi provider. On the other hand, a VPN provider that is misbehaving and collecting data, might actually be worse than a public Wifi or your local ISP.

That being said, a VPN is handy for many other things other than security, so if you have use for geo-unblocking etc it might be worth it. Some personal recommendations are:

• SurfShark (personally use this)
• Mullvad
• NOT Nordvpn

Cheers!

There have been several password leaks on Facebook recently.

Change your password, and if you reused it change it everywhere else. Also consider using a password manager.

Have a look here at OpenBSD's commitment to security -> http://www.openbsd.org/security.html

I have never used Qubes but it looks like a one-trick pony. To really secure an OS you need a good development process, no single technology is going to solve all of the worlds security problems.

> You need:

Your old Android phone with Google Authenticator codes The latest version of the Google Authenticator app installed on your old phone Your new phone On your new phone, install the Google Authenticator app. In the app, tap Get Started. At the bottom, tap Import existing accounts?. On your old phone, create a QR code: In the Authenticator app, tap More More and then Transfer accounts and then Export accounts. Select which accounts you want to transfer to your new phone, and then tap Next. If you transfer multiple accounts, your old phone may create more than one QR code. On your new phone, tap Scan QR code. After you scan your QR codes, you get a confirmation that your Google Authenticator accounts have been transferred. Tip: If your camera can’t scan the QR code, it may be that there’s too much info. Try to export again with fewer accounts.

Here's a link.

You don't say whether your facebook password is unique.

If not - hundreds of websites are hacked every day and leaks given out just as often. That's why you need separate passwords.

Check out this website; https://haveibeenpwned.com/

>Some sites show me the vpn ip but multiple sites show my real location, isp and ipv6 ( but no ipv4 at all).

If the sites show your real IPv6 address, then you have what's called an "IPv6 leak", the reason is that Protonvpn doesn't support IPv6. Two years ago they planned to support IPv6 in the future, but that future apparently isn't here yet.

https://protonvpn.com/support/prevent-ipv6-vpn-leaks/

I fed the URL to URLQuery, which showed no alerts for the site. However, as I noted in my edited post description (above), robtex.com tracks this website to... https://www.robtex.com/dns-lookup/brutegenie.com#analysis

:-)

PGP stands for Pretty Good Privacy.

It's a public key encryption system, see https://en.wikipedia.org/wiki/Public-key_cryptography

It does not make you anonymous. It secures your communications and allows you to sign/crypt/decrypt/verify files.

How to get started: https://www.gnupg.org/download/index.html

Your PC cannot be accessed through unsecured WiFi connections, with the notable exception of certain (patched) exploits as well as extremely rare 0day exploits. This should be the out of the box configuration in Windows or Linux.

However, your credentials and what not can be accessed by any eavesdroppers if the website you're visiting does not have HTTPS or SSL/TLS. So, it actually doesn't really matter unless you need a wireless home network.

Your phone can be similarly secured with the use of a VPN app like ProtonVPN.

The fact that this breach happened to Torguard and VikingVPN confirms that it was the fault of the server providers, not NordVPN. And no user data was leaked. What really happened is that this "hack" confirmed that they don't keep logs and are pretty secure. They even have plans to improve their service like no other VPN.

But ultimately it's true that VPN's aren't really a security tool, but for getting around geographical restrictions. And you shouldn't use a VPN with Tor anyway. So yeah, get Nord if you need more content on Netflix or if some video game is blocked in your country.

Besides Tor (which will be incredibly slow) there are a number of cheap paid VPN services you can buy and install directly on your computer that nobody can stop you from buying and using.

I like Private Internet Access. Give them encrypted data to examine and laugh at how much of their time will be wasted trying to figure out what is going on.

There are technical measures to block these on the network, but I highly doubt you have this capability at home.

Seems like everyone is giving you the "security" like your being tracked by the CIA, r/ComputerSecurity needs to learn how to threat model.

1. Install linux. This isnt needed but if your open to linux, it will be more secure and private than windows. Ubuntu and linux mint are great options for beginners.

2. VPN, private internet access is having a sale for roughly $20 dollars for a 1 year vpn subscription. If you are going to torrent just pay with a pre paid card or bitcoin. A vpn isnt anonymous no matter how much they advertise it. IPVanish seems pretty good.

3. Tor download the tor browser, this browser uses the tor network to anonymize your internet usage. If you are ever about to search something and you want your ip address hidden, use this. If you want super anonimity you can use tails.

4. No google. Use for search engine. for email. Google isnt nice to privacy.

5. Keepass for password management, you can generate passwords and just cut and paste them in. A different password for each thing is very secure.

See thats all you have to do. Just dont be stupid.

IMHO you don't need 3rd party antivurus.

• Keep Windows scrupulously up to date. Run Windows update daily.
• Keep the built-in Defender and Firewall.
• Don't use MS internet software, not even Media Player. Use FOSS apps, because they're generally more secure. Check ninite.com for a selection of add-free freeware.
• Regularly run Disk Cleanup, & always do a 2nd run and clean up system files.
• Run ``CHKDSK /F`` every so often, maybe once every 3 or 6 months.

This obviates the need for any 3rd party cleanup tools, too.

Oracle's Solaris support site says the default password hash algorithm is crypt_sha256 so that's probably the best thing to assume unless you definitely know different.

Have you tried 'John the Ripper' on it ?

See: http://docs.oracle.com/cd/E23824_01/html/821-1456/secsys-15.html and http://www.openwall.com/john/

Google "Group Policy": there are all kinds of restrictions you can set there that improve security, but it's not something to go mucking about with -- you need a good reference.

But really, if your roommate can Google and is reasonably smart, don't let him have physical control of your laptop. Physical control and it's all over.

Though you can make it harder on him by:

• Using TrueCrypt^1 to protect your boot partition
• Keeping a good, clean backup set so you can easily undo anything local he might do
• using a "decoy OS". One way to do this is to have a Windows install on your hard drive, but boot from one on external media; another is to use TrueCrypt with hidden partition. Look for "Deniable OS"

You're probably better off keeping your laptop physically locked somewhere your roommate won't want to break into.

If all that he does is use the Web, you may want to consider wiping the drive and then installing CloudReady, which is based on Google's Chromium (Chrome) OS. It's limited to web-based apps only, so the worst thing that he could do is install some shady extension from the Chrome Store, and even then it would be easy to remove.

Another really cool option is Cryptomator one advantage it has over tools like Veracrypt is that it isn't all stored in one huge block file. Each file lives in it's own encrypted container so if you're using it with a cloud storage service that syncs with your computer you don't have to re-upload the entire encrypted volume, just the encrypted file that was added or changed. It's all open source, and is available for Window, Mac, Linux, iOS, & Android.

Or cryptomator https://cryptomator.org if you are encrypting any cloud drive directory (Google Drive, Dropbox, and the like) all files are encrypted in their own individual container so if one file changes you only need to upload the corresponding encrypted container instead of having to upload the entire truecrypt/veracrypt volume.

BTW, truecrypt hasn't been in development for a good while now but the fork of that project, veracrypt is still going strong.

It's been reported that unroll.me sells your data to uber. So while this will work it's not the best idea.

There is an open source program that is similar to unroll.me however: https://github.com/labnol/unsubscribe-gmail

If you dont want to trust Microsoft's built in on 10 then BitDefender is the best in real world tests. The free has the same engine and definitions as the paid version, with far less control.

As for a VPN ExpressVPN isnt to bad, little pricey.. tunnel bear has a free option to test and very affordable... and PrivateInternetAccess PIA is another possible contender.

best antivirus is usually the built-in protection, just run your updates.

EFF - Why Public Wi-Fi is a Lot Safer Than You Think:

If you’re worried about the hotel WiFi, you can try to use your own Cellular Data connection, or you could use a VPN such as ProtonVPN, RiseupVPN, or Mozilla/Mullvad VPN, etc.

For privacy-related matters, this is a pretty good resource:

>Went from no VPN to AnonymousVPN, and then later to iVPN.

I don't particularly like VPN apps. They're handy is you want to, say, circumvent a geo-block, but really don't do much for your security or privacy (I mean, you're entrusting your data to a third-party which may or may not be any more trustworthy than your ISP). I much prefer home-brewed solutions.

Is it a Macbook or Windows laptop?

Mac has Sleepwatcher, Windows requires a solution like this: http://superuser.com/questions/84442/trigger-task-scheduler-in-windows-7-when-computer-wakes-up-from-sleep-hibernate

What about the
Apricorn Aegis Padlock 500 GB USB 3.0 256-Bit AES XTS Hardware Encrypted Portable External Hard Drive

https://www.amazon.ca/dp/B007JGB0BQ?ref\_=cm\_sw\_r\_cp\_ud\_dp\_43VYTXZ94CE0N5K4V67A

Install EMET, and make sure it is configured to protect the apps your father uses. (By default it handles Microsoft's software and Adobe, but I turn it on for Firefox, Chrome and a few others)

http://blogs.technet.com/b/srd/archive/2015/03/16/emet-5-2-is-available.aspx

Here is a guide to configuring it.

http://www.ghacks.net/2015/09/28/advanced-microsoft-enhanced-mitigation-experience-toolkit-emet-tips/

Nailed it! Came here to suggest BitLocker as well.

BitLocker will keep the physical HDD/SSD safe should the computer get stolen or someone attempts to hook up unauthorized USB devices to copy data to. BitLocker will lock the drive up to prevent data theft.

https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview

I'm very happy with https://windscribe.com/ Also had a good experience with https://protonvpn.com/ I think both have free tiers, so you can try before buying.

I don't think most ISPs block VPNs, but some LAN routers (e.g. in hotels) are set up to do so, and some web sites block traffic from VPNs. They could block based on lists of VPN server IP addresses, or (in the case of the router) by blocking ports used by some VPN protocols.

My main bank told me that VPN use might set off fraud alarms UNLESS I had 2FA enabled on my account. I do have some form of 2FA on all my bank accounts, and they all work through VPN.

A couple of reputable VPNs are https://protonvpn.com/ and https://windscribe.com/ , and I think both have free options. So you could try free for a week or a month, and change to paid if you hit a limit.

As was said by u/Inadover, Bitwarden. It's open-source so nothing sneaky is going on. Reliable and works across multiple platforms. I have it on desktop and on iOS and it works great. Totally free if you want, or $10/YEAR to support an amazing password manager. It really is the best one IMO.

Rootkit Revealer. http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

It will flag up some stuff that isn't suspicious in itself, but much of it will be self evident. If you need a hand looking through the output, people here can probably make sense of it.

Honestly though, if you have genuine reason to believe there might be one, you may as well reinstall.

Also, write down the bugcheck code and any memory location values from the BSOD. Even just googling them can give helpful info.

Take a look at protonmail.com/support/knowledge-base/reset-password for an example of what a reset looks like with a company that encrypts your data so they can't access it. (Note: I like PM and am a paying customer, but I'm just using them here as an example because they have good documentation.) The fact that with AirTable you can regain access to your data after a password reset email, along with the privacy policy excerpt below (as well as other parts) tells me they definitely can access all your content, only limited by their promise that they won't unless it's "really really important." Which of course means data can be leaked, either through incompetence or malace.

From https://airtable.com/privacy

Use of Content

Notwithstanding anything else in this Privacy Policy to the contrary, we will not use or access your Content except in the following cases: for providing the Services to you; ...

where compelled to do so in response to lawful requests by law enforcement or government regulators;

where necessary to ensure the stability and security of the Services and our systems (e.g., where we have reason to believe specific Content is degrading server stability); and where necessary to protect the rights, privacy, safety, or property of you, us, or others.

(Bold added for emphasis)

Sounds like malware. A virus would be stealing your credit card or encrypting your harddrive or turning your computer into a part of a botnet.

1. spybot search&destroy is pretty damned good at getting that malvertising.
   there's still a free non-commercial option...
   You'll need to set it to do a scan at boot-up. Otherwise the malware will (probably) live in memory or somewhere and reinfect.
2. i still like clamwin antivirus because it's free and open source... but that won't get everything unless you run it on a bootable usb (ideally created with another computer)
   
3. and for that level of cleaning, i'd suggest https://www.hirensbootcd.org/ free, bootable usb, has anti-virus/ windows repair stuff.
   

p.s. i haven't used option 3 in a long while, it was redone recently but it was great for years... also fairly novice friendly.

Nuke'n'pave, do not trust the system. Disconnect it from the internet, backup important files, and "reformat", reinstall Windows from scratch. Before copying anything from the backup scan it with another system.

You can use Hiren's bootcd to safely scan/investigate the backup drive prior to restoring files.

Well, First something I should have said yesterday: the proper subreddit is /r/techsupport, this subreddit is more for discussions of computer security :)

That being said, I can give you some pointers. And yes, it can have gotten personal data, it doesn't look like fbphotozoom does so directly, but looking it up suggested that it's usually carried in with something else, and as that's an unknown at this point, that malware could have lifted your passwords or other data.

You already use a not-IE browser, which is good as ie still has the most targets and so is the most targeted browser. To protect yourself, go here:

https://ninite.com/

which is a quick tool to cover multiple common free installs. You may then select one of the following: AVG, Avast, Avira, and Super. Then select Everything else under security. This will cover you with MSE + 1 other anti-virus, and then overlaps with different flavors of anti-malware. Those four that I named will tend to fight each other a bit more than the others will, and are already redundant if you have MSE on, so you don't need more. (there is a point of diminishing returns, and rapid build up of your computer bloating).

If you want to develop further more-secure habits, I strongly recommend either foxit or sumatra for use as your PDF reader (as adobe can be attacked in various ways much like IE can), Open Office or Libre Office for doing your word processing with, and VLC for watching downloaded videos.

Oh, and while i have not personally used it, I have heard good thinks about Kaspersky. If you buy them, you would NOT download AVG, Avast, Avira, or Super. And don't forget to always keep your windows updates current! :)

Never used it, but peerblock may be an option to try.

Honestly, pfsense or perhaps even using Linux/OpenBSD directly as a firewall is probably a better idea. I think those solutions are much better tested and scrutinized.

Assuming you don't want to reformat the computer, you'll want a WinPE build with a recovery tool. Some people use MediCat USB; I use Sergei Strelec's WinPE.

Build a bootable USB with that image (Rufus is a good program for building bootable USBs), boot to that USB and then under the WinPE's Start Menu, you'll see some password recovery tools. I forget what the top one is called, but it works great.

I usually pay $40 per year for Kaspersky. I get the middle package for one machine for one year. Be very careful which package you choose no matter what AV you pick. They're labelled in an unreasonably similar fashion on Amazon so you want to be triple sure.

I personally don't like Defender, mainly because I stick to AV-Test results and every year it fucks something up. Just shell out for something solid like Kaspersky or Vipre.

Protip: Get the free version of Malwarebytes AS WELL AS AN ACTIVE PAID ANTIVIRUS. I'll explain why that's important.

Active antivirus launches when you start the computer and monitors what's going on the whole time. It scans everything that's running and intervenes when something fishy happens. On-demand antivirus runs when you manually open it, and scans only when you tell it to.

Malwarebytes has the best on-demand scanner out there, but their active antivirus sucks. The free version is a must-have. The paid version is just plain worse. Get the free version and set an Outlook reminder or something to scan every month or so.

Don't have more than one active antivirus. They'll piss each other off and slow your computer down. Make sure Windows Defender is deactivated once the new AV is installed.

While you're at it, reboot every now and again. Make sure you use "restart" and not "shut down." Windows 10 has "Fast Startup" which actually means "Fake Shutdown" because Microsoft is assholes. Windows is pretty bad at handing back your computer's resources so the longer you go without rebooting the more likely Windows is to come up with something weird to do instead of its job.

Feel free to PM me with questions. I do IT for a living so I can write out specific instructions.

Hard question as there is no clear number one and often boils down to finding one that is good enough. These guys to regular tests of AVs and compare them to eachother. Check them out: https://www.av-test.org/

Also tested using https://www.spyshelter.com/security-test-tool/

MWB flagged it as malicious upon installation; I marked it as "never report". But when I ran the tool, keylogging worked fine and neither AVG nor MWB reported the keylogging. Clipboard monitoring worked and was not reported.

Then I installed a real keylogger, Spyrix Free Keylogger, http://www.spyrix.com/download.php Neither AVG nor MWB complained as it was installed. Confirmed that it was capturing keys and clipboard, neither AVG nor MWB complained. Did full anti-virus scans with AVG and MWB, neither complained that the keylogger was installed and active. Also scanned with Spybot Search & Destroy (free); not flagged as a threat. Also scanned with Windows Defender; not flagged as a threat.

Thank you so much for such detail advice. > https://haveibeenpwned.com/

It turned out 1 breached site no paste. The funny thing is involved website was hacked 2 years ago, I barely used it and honestly I dont remember using my email on it...

>What does your security warning say?

It says "Security challenge" on all of them. The activities happened once every 30 mins, so I have a feeling it's a bot or an automatic hack program.

On my log-in, it says "Successful sign-in", so I think maybe they couldnt get trough my password. The thing that I want to know most is whether "Security challenge" means they got in or not. But googling was not much of a help. And Microsoft support kept leading me to unhelpful FAQ. So I turned to Reddit for help.

See if it can remove the virus successfully, then run another full scan with Windows Defender, and then download Malware Bytes and run a full scan with that too.

Then go through your PC and:

• Uninstall Flash Player, this is where a lot of junk gets in

• Install Firefox Browser, don't use IE/Edge/Chrome unless you really need to

• Install the uBlock Origin addon in Firefox, this will block ads which is where most malicious stuff comes from

• Make sure Windows is kept relatively up to date

I suggest as well that when using free Wifi to also connect through a VPN, while free VPNs usually aren't the best choice for privacy, this one is still a lot better than just sitting on an open wifi network: https://protonvpn.com/

I use KeepassXC which shares the file format of Keepass but has a different code base. Here is what they have said about these approaches.

https://keepassxc.org/blog/2019-02-21-memory-security/

Here are some free videos that cover all of the Security+ certification objectives. Gives you a good idea of the different topics and what's involved.

If you're looking for a career, the paths fork out into different areas. The broad general security certifications to begin with are CompTIA Security+ and (ISC)^2 SSCP. Those are a great starting point.

From there you can decide if you're interested in forensics (IACIS etc.), ethical hacking (EC Council's CEH certification), and more. But those paths depend on your more specific knack for what you're interested in.

> The actual risk here is wholly dependent on the security of your computer. Is it a private system? In your home? with a good password? Are you running anti-virus? Practicing safe browsing hygiene, fully patched, etc? Then you really have little (if anything) to worry about.

I have a mac without an antivirus. It is an encrypted disk (mac did it) with a complicated password I forgot (Should I learn and remember this?). I forgot because I chose make my OS remember this password. Private system yeah, but sometimes I connect to other servers. I have no home (non stop travel). I practice safe browsing hygiene, never click anything without searching about it first on google. But I installed some apps from non verified developers for small tasks like dimming screen, screen resolution, cleaning the disk.

By password do you mean what I type when I open up my computer? If that password is simple, does that make me vulnerable to remote attacks? AFAIK no because on default computers are closed to remote access.

https://cryptomator.org/faq/security/audits/ These security audits are not good enough or fake?

Trusting a company that exists to store my passwords feels wrong to me. Also LastPass, 1Password and BitWarden are all commercial. When I download their default software, what I get is not source code. It is something closed box. No? How do I know it does what it says 100%? They can just put in that file whatever they want. No?

Ahhh okay that makes sense then. In that case I’d say just get a decent VPN. I use ExpressVPN and have enjoyed it so far. That should be plenty for any everyday tasks. Beyond that I’d just hotspot a phone or get a dedicated hotspot if you really don’t want to be on their network. I would be less concerned with someone hacking into your specific machine as I would be with someone attacking the company that runs the apartment and stealing or intercepting data on the network. A VPN would work well for mitigating that type of risk. As others have said most of the traffic is encrypted anyways but you get additional privacy with a VPN assuming you trust the provider. Beyond that just keep you machines updated, let windows defender do it’s thing…it’s much better than it used to be.

Do you mean you connect to like a VPN service at your company then RDP inside? I mean, not ideal, but as long as your company clears your computer, and if it's small-scale operation then scan your computer, if paranoid just use a vmware linux box to minimize the possibility that some malware could migrate the connection. Once set up you could save snapshot and use it already set up when needed.

​

Or do you mean you use some VPN service like Perfect Privacy and your company has RDP open to the internet. This is bad. The service is already on Shodan and probably already pwnd when everyone had the NSA leaked sploits going.

No, write blocking would be one aspect included in a hardware system. Referring to like a Tableau portable bridge. Like this Tableau TK8U Forensic USB 3.0 Bridge Kit https://www.amazon.com/dp/B00YDEM30O/ref=cm_sw_r_cp_api_glt_fabc_XHKXFWFBC3EJQQSPY404

> Pick a good, open source, password manager (I recommend keepassxc on PC, keepassdx on android), secure it with a strong password that you won't forget, take decent backups and you'll be fine.

> My paranoia is similar to yours, so I will not use or recommend cloud-hosted passwords managers like bit warden, even if they are open source ....

This seems illogical to me. If you don't trust Bit Warden because it is sitting on a cloud server, that means you can't trust the locations where you get the KeePass binaries from. Do you hash check every single update? Review the code every time? How do you sync the passwords between the devices? If not, then any argument about not being able to trust something like Bit Warden is unfounded and hypocritical. I can understand an argument against something like Dashlane or NordVPN Vault or whatever, but with BitWarden... you lost me there.

> I want total control of where my password file goes.

But.... why? That database is encrypted, and best practices say you should have 2 or more factors of authentication. Even the best nation state actors aren't brute forcing a Bit Warden/LastPass/FireFox container. If someone is targeting you to incite such levels of paranoia, you wouldn't be using Android either.

While your post is technically accurate, it is also extreme.

I use ExpressVPN and it works very well. They also have a no logging policy. There are so many vpn providers and the thing to lookout for is super cheap or even free vpn. If its free or super cheap, then they are making money some other way, such as selling user information.

Can they? Yes. Will they? Likely not.

Monitoring the contents of packets flowing in and out of the network is not too complex, but complex enough your average person isn't going to do it.

Additionally, there's so much data to analyze it's near impossible. Fortune 500 companies who spend millions annually retaining teams of network analysts to protect billions in assets don't do it. Just to much data. They usually rely on automation programs and event management systems...
but even they only (usually) watch the netflow data (packet metadata) not the packet contents.

Bottom line, either: A. With admin access to the router, you could see what's analyzing/bring analysed and modify it, or B. (Easier) use a good VPN on each decide. A good one is only $5-$8 per month. Check out Mullvad (cheaper, but slightly more complex) or ProtonVPN (couple $'s more, but easier)

So I have two approaches. I use a paid for ExpressVPN and VyprVPN for content access (Netflix, BBC iPlayer etc) and then I host my own cloud VPS that I have OpenVPN running to access if it’s something more privacy related. Also use it for testing from another system if needing to scan or check something I’ve been doing.

Well your answer is yes - if you are on a wifi then your employer could track you. IF you are on cellular, your carrier is your ISP and can track you. You can use a VPN and an DNS service to help with this !

​

I use CyberGhost VPN (they have mobile and desktop apps) and AdGuard as my DNS server.

There are so many players in the field and so many factors that go into a decision that it’s hard to make a solid recommendation. I’ll point you to The Wirecutter’s VPN review.

Personally, I’ve used PIA and because they seemed easy, relatively inexpensive, and established enough that they probably aren’t run by a guy with a server in his basement hoping to blackmail you. has a nice feature where you can identify “trusted” WiFi networks and if you joking anything untrusted, it will automatically flip on and block all your traffic until the VPN is established.

If you subscribe to a VPN solution called "Private Internet Access", you can run an app on computers and smartphones which connects to the service's datacenters and routes your internet traffic through using secure encryption. Your family couldn't tell what you're browsing - heck, the government won't even be able to tell what you're browsing.