Three Tiered Security

In order to increase privacy and security on the web, one of the biggest tradeoffs is normally convenience. So, I separated my online lifestyle into 3 tiers, each with their own security and privacy requirements. Using a more lax approach for random online forums I like to lurk, will hopefully bring some of the convenience back to my online life, especially when it comes to accessing passwords and email on multiple devices, without sacrificing the security and privacy where it is most necessary.

TIER 1

- banks, amzn, paypal, etc, large financial impact of security breach

- passwords locked by gpg key (not distributed, can only be accessed from limited devices, i use pass, the unix password manager)

- email sent to encrypted self hosted email (proton mail if you really cannot self host)

TIER 2

- streaming services, mobile provider, limited impacted of security breach

- passwords stored in mobile vault (self distributed)

- email sent to third party (but secure and privacy minded) email address (tutanota)

TIER 3

- forums, free sites, github, social media maintaining an extended online identity but zero or very little financial impact

- passwords stored in web vault (bitwarden, once could consider using bitwarden for both tier 2 and tier 3 passwords)

- email sent to third party email address (could be anything, being American I considered Yandex, figuring the Russian government wonât share info about me to the U.S. government)

TIER 4

- burner

Page Last Edited: Date: 2021-06-23 00:23:42