I just read in interesting and informative post from @Charger8232, and decided to write one of my own.
Perhaps there could be a megathread created?
EDIT: Items in italics are subsequent additions.
Remember these rules:
-
Be respectful! Some people are early on in their privacy journey, or have a lax threat model. Just because it doesn’t align with yours, or uses some anti-privacy software, doesn’t mean you can downvote them! Help them improve by giving suggestions on alternatives.
-
Don’t promote proprietary software! Proprietary software, no matter how good it may seem, is against the community rules, and generally frowned upon. If you aren’t sure, you can always ask! This is a place to learn. Don’t downvote people just because they don’t know!
-
Don’t focus solely on me! Since this happened in another one of my posts, I want to mention that this thread is not designed to pick apart only my setup. The point is to contribute your own and help others. That doesn’t mean you can’t still give suggestions for mine, but don’t prioritize mine over another.
-
Be polite!* This falls under “Be respectful”, but be kind to everyone! Say please, thank you, and sorry. Lemmy is really good about this, but there will always be someone.
Here is my setup:
Web browsing
-
I use Mullvad Browser for general browsing.
-
I use Tor Browser for extra protection, when necessary.
-
I use Firefox + Arkenfox User.js for general browsing on FreeBSD and on my Raspberry Pi, as Mullvad has not yet been ported to FreeBSD or aarch64.
-
I use MetaGer for web searches, but I keep switching between different private options.
-
I always use ProtonVPN (free tier) through WireGuard.
-
I use NextDNS for extra content blocking.
-
I use Redirector (by Einar Egilsson) to redirect me to alternative frontends for popular services (e.g. YouTube -> CloudTube)
Desktop
-
I use several trusted Linux distributions, as well as FreeBSD, on my PCs and MacBook.
-
My MacBook’s UEFI is password-protected, but I have not done this on other machines:
- I haven’t got around to securing my main laptop at the UEFI level yet.
- My ThinkPad is second-hand and quite old. The BIOS cannot be locked, and the PXE settings have been password-protected by the previous owner.
- All of my other devices are simply too old and rarely leave the house anyway.
-
I recently installed Tails, but I haven’t yet had cause to use it.
-
I use full disk encryption on everything, and I have a VeraCrypted pen drive for special cases
-
I cover all of my webcams with Blu-Tac or electrical tape
-
Many of my laptops are too old for this, but I am trying to make the switch from X11 to Wayland (as recommended by PrivacyGuides).
Mobile
-
I currently use hardened iOS until my iPhone burns out or gets obsoleted. Once this happens, I’ll be using DivestOS.
-
Again, I constantly use ProtonVPN (free tier) using the WireGuard app (as this is the only VPN client that both supports Proton and allows customising the DNS).
-
I use the private mode in Orion Browser (not to be confused with Onion Browser), as the EFF’s Cover Your Tracks software reported that it was less fingerprintable than other options.
-
I have Onion Browser installed, for when I need more protection or if I need to access a .onion
-
I use an alphanumeric passphrase.
-
I disable radios (i.e. WiFi, Bluetooth) when they are not in use.
-
I don’t use a privacy screen protector, but I will buy one for my next phone.
Messenger
- I am forced to use WhatsApp, sadly, as none of my friends or family will even humour me by trying Signal. It could be worse.
Online accounts
-
I use KeePass to manage my passwords, which are synchronised between devices using Filen.
- KeePassXC is the client I use on desktop.
- On iOS, I use Keepassium; but I am apalled by the selection of clients available.
- When I switch to Android, I will use KeePassDX.
-
I use ente Auth and OTPClient to generate TOTPs. I also have a graphing calculator that can generate these.
-
I am in the process of partially anonymising my online accounts.
Video streaming
-
I use CloudTube to watch YouTube videos.
-
I use PeerTube when possible (mainly to watch Techlore and The Linux Experiment).
-
I use FreeTube on desktop.
AI
- I played around with ChatGPT and DALL-E last year, but those days are behind me now.
- I signed the NoML open letter, and I have used robots.txt to shut out LLM scrapers from my websites.
Social Media
-
The only non-FOSS social media I use are Tumblr — which is ranked B by ToS;DR — and cohost.
-
I only use my real name on Mastodon, and even then I will probably change to my usual username when and if I next decide to change servers.
-
I use Posteo.
-
I have DuckDuckGo Email Protection as an alias service, which I use through Bitwarden.
Shopping/Finance
-
I rarely make online purchases. I am certainly being tracked, but I’m simply not producing enough data in the first place for this to be a big problem.
-
For physical purchases, I
am trying touse cashmore often. However, my sixth form cafeteria only accepts two forms of payment: biometric (handled internally) and debit card. -
I use no subscription services at all, but I may use LiberaPay and OpenCollective in the future to support open-source projects.
Music streaming
-
I occasionally stream music from Bandcamp, but virtually everything I listen to is either on CD or a local file.
-
I occasionally listen to KERRANG! Radio using an MP3 stream, and BBC Radio 4 over FM.
TV shows
-
I use DVDs for most of my viewing, but I have sailed the high seas in the past
-
Some shows I enjoy (i.e. Helluva Boss) are released officially for free on YouTube (watched via CloudTube).
-
I do not own a smart TV.
Gaming
-
I generally don’t game.
-
When playing Minecraft, I use PrismLauncher and I’m always sure to install the Anti-Telemetry mod.
Programming
-
I code in Python using Micro. I also sometimes use Kate, but only if I’m running Plasma.
-
I use Codeberg to host my projects.
Productivity
-
I normally use LibreOffice.
-
I’m trialling a new workflow, using Markdown and Pandoc for text documents and presentations, and Gnumeric for spreadsheets.
Misc
-
I use an RSS reader for news.
-
My local timezone just happens to be the same as UTC.
-
I use a privacy-respecting smartwatch: the PineTime (from PINE64).
-
I don’t have a car, as I’m 17.
-
I use Bluetooth headphones out of necessity. I’m still salty about Apple removing the headphone jack and then every other phone company following suit. However, they are basic headphones which do not require an app, and so they should be more private than other similar models.
-
I will never use Amazon Echo or Google Home.
To-Do
- ✅
Look into further hardening of iOS - ✅
Start using multiple browsers - ✅
Use cash more often - ✅
Anonymise social media - Try to get family to ditch Meta
- ✅
Look into BIOS and UEFI hardening - Buy a privacy screen protector and faraday equipment
- Audit all systems with Lynis
Thanks for reading!
EDIT 27/05/24: Updated search engine, iOS apps, email, social media, and checklist.
for a 17 year young, that seems like a miracle.
thanks for taking the time to write this
Thanks!
Thanks for creating your own post!
I also have a graphing calculator that can generate these.
This is a unique solution that I will add to my toolbelt for the future! Which calculator is it?
However, I fear that the cat’s already out of the bag.
Data gets stale! It’s never too late to start, and it’s always better to prevent future disaster than to dwell on old ones. I used to use Instagram + as my main chat platform, and now I have no worries because what’s done is done and I learned better.
However, my sixth form cafeteria only accepts two forms of payment: biometric (handled internally) and debit card.
Dystopia… Have you asked if you can explicitly use cash? If you’re up for it, push for the use of it in your school. I know plenty of students that use cash religiously for lunch.
Some shows I enjoy (i.e. Helluva Boss)
Hazbin Hotel is one of my favorites
My local timezone just happens to be the same as UTC
That is truly a lucky thing, as it reduces a lot of fingerprinting.
I’m still salty about Apple removing the headphone jack and then every other phone company following suit.
Me too, but fret not, as there are adapters and (most likely, I haven’t checked) non-disposable USB-C earphones.
I will never use Amazon Echo or Google Home.
I will never use Alexa. Or really anything that turns my home automated.
“Alexa, open the door.”
“I’m sorry, your voice is not recognized and your plan has been cancelled. Please contact support and we will respond within 3-5 business days.”
Obviously that will never happen, but it’s not so unreal…
Start using multiple browsers
I used to stick to only one, but found out that it’s easier to be as private as I can and “move down the assembly line” until something works.
Use cash more often
I withdrew almost all my funds from my bank and only used my card if I ran out of cash on a run.
Anonymise social media
No helping you there. I found out that even the smallest details I put out collectively could be used to uniquely identify me, after making only two posts.
Try to get family to ditch Meta
If you can, great. Otherwise, just try not to get posted on their socials.
Look into BIOS and UEFI hardening
Really just use an open source BIOS and slap a password on it (with Heads if you want) and you’re all set. Careful not to brick your PC.
Buy a privacy screen protector and faraday equipment
One note about privacy screen protectors: If your brightness (specifically white point) is too high, people can see it. You can enable “reduce white point” on iOS, and set it to 100%, and that works well even on max brightness. Smudges can also let people see. Turn your phone horizontal (if you’re testing in public) and tilt it slightly to see how much people can see in your current environment.
Good luck! You have a pretty good setup! I hope you make the improvements you want, and learn along the way!
Which calculator is it?
It’s a Casio fx-CG50 (known as the Casio PRIZM in the USA). The TOTP generator is part of the Utilities app.
Cool! Thank you!
Absolutely fantastic, considering your age! I was far, far worse than you are right now on this path to better privacy. Truly exceptional.
I commented in the post you reference, and I’d like to comment here too since I do see some things that can be improved (some of them, I employ for myself, whilst the others are still on my list to implement).
- What made you use FreeBSD over everything else? I assume you have some experience using *nix-like operating systems, and the slightly more pro-user distributions like Gentoo and Void do seem BSD-like in operation. I’m just curious.
- About Wireguard: it’s a very good solution, however unlike other VPN projects, it doesn’t have a way to natively hide its trace; i.e. OpenVPN and the like employ certain mechanisms to appear like HTTPS traffic to firewalls, which allows for better obscurity when using a VPN. Certainly useful for special cases, I remember seeing a comment somewhere that a school had disallowed VPNs on its campus network and the only way was to use a specific proxy that made it appear like HTTPS.
- Ever tried a Blocky DNS + Unbound + Wireguard combo? The first is a DNS server with nice features, the second can be a DNS resolver, and the VPN is to obfuscate the IP from where you resolve your DNS queries.
- I found a very nifty thing on the WhatsApp website the other day: https://faq.whatsapp.com/1299035810920553 - might be worth a look!
- About the webcam and microphone on your device: if it’s an older laptop, you can simply take the front cover of the screen off and disconnect the cable to it. It’s pretty easy with the older Thinkpads and with some newer laptops too, just needs some practice.
- Time to nuke your online accounts and (if possible) use stylometry analysis to measure certain triggers in your writing. I have yet to implement this myself but the idea is to have an LLM rewrite my answer whilst removing said bias and write in a generic tone.
- I’ll club payments and online shopping together: learn more about XMR. It is possible to use LocalMonero to exchange fiat to Monero directly, and once it reaches your wallet you can go through a generic churning process (not sure what it’s called in Monero or if this is required, I need to look into it too) and finally, purchase gift cards using the Monero you have now. If the cafeteria accepts debit cards I think they’ll accept gift cards too, but you might want to check. You can purchase Amazon gift cards, gift cards for ISPs/mobile network providers too.
- Glad to have found another that likes to collect physical media! If I had the space I would have invested in a few CDs myself, but alas; FLAC it is (not complaining!). Which CD transport do you use?
- I don’t use office tools these days but I’d learn latex if I really needed to create PDFs.
- I probably don’t need to tell you this but RF hacking is really fun, I’m only really starting to look into it. When I get time!
I came across a few tools which I hadn’t heard of before; thanks for the effort in creating your post. I hope you have a great time pursuing this path!
Well thanks! As for the questions:
- I had been distrohopping on the ThinkPad after Arch Linux started acting a little funny. FreeBSD just happened to be the OS that stuck.
- I use WireGuard because it’s light and allows me to set custom DNS servers (allowing me to use ProtonVPN and NextDNS at the same time). My school has blocked most VPNs, but the official apps for ProtonVPN and Windscribe can get around it no problem, as can Tor, but I do lose my DNS.
- I’ll give it a look, but I’m already quite happy with NextDNS.
- Interesting. I did manage to get WhatsApp working in Pidgin a while ago, but it was a little clunky.
- I might consider doing that, but I do need to use my webcam for the occasional intrusive Teams call. It is what it is and I do what I can to maximise my privacy.
- Yeah, I’m not sure I want to go nuclear. My accounts are (with the exception of my abandoned Instagram account) on privacy-respecting services with more people than bad actors. I would say that all I should do is change my usernames and profile pictures, then unlink my websites while I scrub away personal details. After that, all I need to do is DM a few of my trusted mutuals about the change, so they don’t think I’m a stranger, and everything should be hunky-dory.
- Good advice, although I tend to shop more in-person than online.
- I don’t have a transport. I use a standard off-the-shelf boombox to play the CDs, and I use fre:ac to rip and convert them to Ogg Vorbis format. I like the idea of FLAC, but I don’t see the point in using it myself, as I already have hard copies of the media.
- I used LATEX in the past, but now I prefer Markdown. The syntax is easier and it comes out of Pandoc looking the same as LATEX.
- Sounds cool. This would also be relevant to the cybersecurity degree I’ve applied for at uni.
I don’t have a car, as I’m 17.
Try not to get one at all. You should have good enough public transport in the UK to get you around. Living in a place where everything you need is in easy walking distance is ideal, though not easily achievable for some. Also, (insert urbanism propaganda here).
The only places here with decent public transport are the major cities and a handful of towns. Where I live there’s only one bus, which stops for breakfast and lunch and doesn’t run after 7 PM. We used to have a train, but the tracks were removed in the '60s and half of what used to be the line is now underwater.
Not to mention that the Conservative government keeps finding new and inventive ways to cripple public services.
Then again, minimum wage isn’t enough own a car and pay for the insurance, so I probably won’t be getting a car anyway.
I suppose I do enjoy hiking…
Same here in the US, only major cities have somewhat acceptable public transport and the price of cars is insane. My advice for you, get a cheap used car (most older cars are good for privacy because the computers are lacluster at most.), and do some preventitve maintince to keep it out of the shop.
I’m proud of you. It’s challenging to convince the younger generation about the importance of digital privacy. Keep up the great work.
Thanks!
Not listened to Kerrang for a good many years. Well thought out post though! Lots of details.
Good work youngun!
My setup is broadly similar, the main difference being CalyxOS on a second-hand Pixel phone. I’m quite impressed with it actually - it allows VPN sharing via the hotspot, so I can essentially use it as a VPN router for WiFi connections as well as mobile data.
I also self-host a few things on a VPS, like email, website, file transfer and push notifications, all to varying degrees of success! If you’re interested in self-hosting have a look at YUNOhost. These days I’m mostly looking to connect to the internet as little as possible though!
Well done for using cash - it needs to be kept alive for many reasons, including privacy .
Thanks! As it happens, I have experimented with self-hosting before. It’s just that it can be expensive to do this and there are often age barriers (for some reason).
I have managed to host a static website completely for free, however. I used Codeberg Pages for the site, Cloudflare for the DNS (although I may move to FreeDNS), and EU.ORG for the domain. It’s not quite self-hosting, but it’s close!
I actually really liked this. I’m gonna have to do my own now ;) . What is your threat model ?
So funny story. I spent a couple of hours threat-modelling last year, and then I forgot where I put the docs. Really, I’m just maxing out everything as much as I can without it becoming too inconvenient. I’m mainly trying to reduce tracking and data mining by “evil” organisations (e.g. multinationals, billionaire-run companies, three-letter agencies, GAFAM).
If I find a template, I’ll be sure to send you a copy of my threat model.
I’m in the same boat. I wouldn’t consider myself a target in my current government regime but who knows what will happen in the future. Even though I don’t do anything illegal per se I just don’t trust politicians.
The goddamn mega corpos are just something else though. I’d appreciate the template!
Interesting man. I like your setup. My is a little less private (using social media for friends sometimes and in my case as a 20 years old gamer, I’m gaming a lot on my steam deck so different accounts. Also I need to purchase online, hahaha, I live in a little remote place without good physical stores). But very nice setup. I would maybe recommend using KeePassXC. Nothing against Bitwarden, but I learned in this journey that you always need to have a encrypted local backup. You never know when a service is going to shut down. Maybe use cryptomator with a cloud service to sync to different devices.