Skip Navigation

Improve Your Privacy Setup

Hello, Lemmy!

It may be difficult to spend time actively improving some of the services you use to have a more privacy conscious presence, and so this thread is dedicated to help people learn and grow in their privacy journeys! Start by stating which services you currently use, and which ones you may be looking for/want to improve. This thread is entirely optional to participate in, because a lot of people understandably feel uncomfortable listing which services they use. Writing those out can be a lot of work, but the payoff is huge!

Remember these rules:

  • Be respectful! Some people are early on in their privacy journey, or have a lax threat model. Just because it doesn't align with yours, or uses some anti-privacy software, doesn't mean you can downvote them! Help them improve by giving suggestions on alternatives.

  • Don't promote proprietary software! Proprietary software, no matter how good it may seem, is against the community rules, and generally frowned upon. If you aren't sure, you can always ask! This is a place to learn. Don't downvote people just because they don't know!

  • Don't focus solely on me! Since this happened in another one of my posts, I want to mention that this thread is not designed to pick apart only my setup. The point is to contribute your own and help others. That doesn't mean you can't still give suggestions for mine, but don't prioritize mine over another.

  • Be polite! This falls under "Be respectful", but be kind to everyone! Say please, thank you, and sorry. Lemmy is really good about this, but there will always be someone.

Here is my setup:

Web browsing

  • I use Tor for using online accounts (such as Lemmy, etc.)

  • I use Mullvad Browser for general browsing

  • I use Librewolf for functionality that Mullvad Browser doesn't have (security keys, etc.)

  • I use Firefox + uBlock Origin for streaming videos that break on Librewolf and Mullvad Browser.

  • I always use a SearXNG instance for web searches. I always use ProtonVPN (free tier). I use a private DNS resolver.

Desktop

  • I use Secureblue (yes, I'm that guy from a post a couple weeks ago)

  • I sit behind a firewall.

  • I only use FOSS Flatpaks with Flatseal.

  • My BIOS is password locked but proprietary (due to compatibility issues).

  • I occasionally use Tails because I think it's fun.

  • I use full disk encryption, multiple disks, and a second layer of encryption for specific important files (NSA style)

Mobile

  • I currently use hardened iOS until I can scrape together some money for a Pixel to use GrapheneOS

  • Again, I constantly use ProtonVPN (free tier)

  • I use a private DNS when ProtonVPN is turned off

  • I use AdGuard, but I browse the internet with the DuckDuckGo app (I can't sideload)

  • I use a very strong passcode

  • Airplane mode is constantly enabled, I don't have a SIM

  • I use a Faraday bag to store my device when I'm in public

  • I use a privacy screen protector

Messenger

  • I mainly use Signal with a borrowed phone number, because SimpleX is still buggy on iOS, and Signal is the easiest to switch friends to. I rarely use iMessage, but there are times when I have to.

Online accounts

  • Passwords are stored in Bitwarden for mobile accounts, and KeePassXC for desktop accounts.

  • Yubikey is placed on any account I can, otherwise 2FAS is used

  • I keep public accounts (Lemmy, etc.) as locked down as I can.

Video streaming

  • I use the native YouTube app on iOS, simply because any of the others I've tried either don't actually work or require a Mac to install. I don't have a Mac, obviously.

  • I use FreeTube on desktop, but as I was writing this I was informed that FreeTube has a few issues I may want to look into (Electron).

AI

  • I would love to know if there are any Flatpaks that run local LLMs well, but I currently use GPT4All (since that's what I used a year ago).

  • On mobile, I use an app made by a friend that gives access to GPT-4 and Gemini. Because it's running off of his own money, I'm not going to share the project until he has a stable source of income.

Social Media

  • I don't use any social media besides Lemmy.

Email

  • I use ProtonMail

  • I have addy.io as an alias service

Shopping/Finance

  • I currently either proxy my online purchases through someone else (have them buy it for me and I pay them back), or use a gift card

  • For physical purchases I use cash

  • I only use my bank account for subscriptions (Spotify, etc.)

  • I am working on using Monero and privacy.com

Music streaming

  • I use Spotify on my phone

  • I use Spotube or locally downloaded files on my computer

  • I have multiple AM/FM receivers with some yard long antennas and direct metal connectors

TV shows

  • I stream from ethical services for some movies

  • I go to a theater or buy a DVD for other movies. I am the proud owner of a USB DVD player.

  • I also have an antenna hooked up to my TV

  • There are certain IPTV services I have used in the past

  • I do not use a smart TV.

Gaming

  • I download local games, plain and simple. Or I code my own game.

Programming

  • I code in Python using PyCharm. I'm looking for alternatives.

  • I will use GitLab when I decide to publish some of my work.

Productivity

  • LibreOffice, although the UI is iffy

Misc

  • I don't use any location services

  • All my clocks are set to UTC

  • I don't have a smart watch

  • I don't have a smart car

  • I use Bluetooth earbuds

  • I cover my webcams with paper and tape. Reason: It's worth taking a couple seconds to peel tape off when you use the webcam than to risk a massive breach.

Thanks for reading!

Note here: I found out the other day that a Google Streetview car passed by my house, and my blinds being shut were the only thing keeping my room away from prying eyes. Is there an easy way to blur/censor my house without giving up my soul?

Special thanks

Lots of people kindly contributed their personal setups in the comments, and some even made their own posts! I'm really glad I could spark inspiration and start a way for people to learn and grow in their privacy journeys. To think, just this morning, I was stressing on if people would even enjoy the post at all! Thank you all again, and please go forward to inspire others. I am not the person who made this happen, all of you are!

92

You're viewing part of a thread.

Show Context
92 comments
  • "Hardened iOS" and "GrapheneOS" often crosses my tolerance limit. It sounds to me from experience that the person is no longer "reachable" in a reasonable manner, unless drums are loudly beaten. Such brainwashing often becomes too much to reverse, and I no longer use up my energy on most people.

    • Pleasure to finally meet you, albeit under less than ideal circumstances. I've been anonymously surfing this community for the better part of a year now, and only made an account in the past month. Your name has shown up a lot in most of the notable comments I've read. You've grown quite the reputation, even spreading to friends I know from other communities. Again, nice to meet you. Would you like to have a constructive and calm discussion regarding your concerns?

      • I am unsure how you would like to discuss. Public or private? One thing I am known for is not abusing mod powers, and giving people plenty leeway. But even then, being the mod, you probably view it as an imbalance, so we could have a DM chat, but that is not public. If it is a simple debate in public, I welcome it as well.

        I cannot promise an immediate debate unless I am free, given my life circumstances, but we can try.

        I will admit one mistake, I did not know and assumed Secureblue is a misspelled Silverblue, but Secureblue is coincidentally very similar to Silverblue, instead being a spin of Atomic with the same Flatpak style immutable system. Nice pick. I use Debian Stable and am extremely picky with what I install, even minimising Flatpak installs and network connected programs.

        • Thank you for your openness to a rational discussion! For transparency's sake (since I have a firm belief that correspondence with higher powers should be publicized), I am willing to address your points one by one publicly.

          TailsOS is not for “fun” purposes.

          While you are correct that Tails is not designed for entertainment purposes, because I have a passion in technology and privacy alike, I find it an enjoyable experience to use Tails, learn about some of its features, and overall have a peace of mind that none of my "shenanigans" will affect my daily operating system.

          I use a Faraday bag to store my device when I’m in public

          Nobody uses their phone like this. When you stop using the communicator as a communicator, you have made the phone essentially a glass brick you lug around for no purpose.

          I hardly use my phone for communication purposes, as phones have been designed to be used for a multitude of different tasks. Some of these are: gaming, photography, a calculator, note-taking, music streaming, and many more. Phones today are essentially used as portable pocket computers. While I do use my phone for communication, I am not constantly in contact with people in my social circle. It's a healthier way to use a digital device, because it means when you are at work or with friends, you aren't constantly distracted using your phone. This helps me to live the moment, and be present. The Faraday bag adds extra security while doing so. I am by no means telling you how to use your phone, but that is how I use mine. After all, it's my phone, not yours.

          “NSA style” zomg cool blonde hair tech whiz kid?

          This was a poke at this comment: "If you want paranoid levels of security, consider following the NSA’s Rule of Two, which means two completely independent layers of encryption."

          I am not blonde, by the way. Nor a minor.

          iOS is a privacy nightmare. https://gist.github.com/iosecure/357e724811fe04167332ef54e736670d And its security has been worse than that of Android for years now. https://www.wired.com/story/android-zero-day-more-than-ios-zerodium/

          Thank you for providing helpful links! While I am well aware of the privacy invasive nature of iOS, I currently don't have the funds to switch to my preferred alternative, GrapheneOS. This is my personal preference, and YMMV.

          GrapheneOS is complete snake oil. Read more here to know about “security” cultists in FOSS/privacy community.

          https://old.reddit.com/r/privatelife/comments/ug9qnc/writeup_criticism_of_rprivacyguides_grapheneos/

          https://old.reddit.com/r/privatelife/comments/13teoo9/grapheneos_corporate_foss_loving_witch_hunting/

          It's not very appropriate to discriminate against a group of people, even if their views do not align with yours. They are still people, after all. While I don't share your views about GrapheneOS, I do appreciate providing sources to back up your claims. Kudos to you for using old.reddit.

          This post is a massive joke.

          This is not nice and does not contribute to the post at all, and is therefore unnecessary. If you have negative opinions regarding a post, consider simply downvoting and potentially having a conversation with the creator (me) about it.

          This person made a rough guide, and not merely shared their own setup.

          If my post has been perceived as a guide, I apologize. It was not my intention. I'm not exactly sure if you were referring to a privacy guide, or a guide on how to format answers (which many people have followed). I don't see any parts that encourage people to use the same services that I use (as a privacy guide would), but I could be wrong. Would you mind elaborating with specific examples?

          And if someone is going to suggest their setup, let alone a guide, there will be people who pick it apart. Most will be trolls, some will be constructive.

          This is the sole reason I placed the rules directly in the post, to discourage that behavior. Obviously it's not foolproof, but it has significantly helped prevent it.

          “Hardened iOS” is an oxymoron at some level, for example.

          I agree that, in some sense, it is an oxymoron: considering that iOS cannot be fully hardened due to multiple factors. The reasons I chose to use that terminology are explained below.

          If you use iOS, stop trying to conform to “cool” privacy notions, and be okay with it.

          I tried my best to refrain from using terms that beginner privacy enthusiasts would not understand, which led to certain creative solutions to be used, such as "hardened" as an adjective to describe a more locked-down service. If you have any suggestions on alternatives, I am happy to hear them!

          Switch to Android and harden it when comfortable.

          I do not have the finances to switch to a device capable of running Android yet. I am doing the best with what I can. Thank you for understanding my situation!

          Yes I mocked the post, but I did not berate the user, and I consider it fair enough.

          Mocking any content created with detail and care is not a kind thing to do, and goes against c/privacy's 6th rule "Be nice :)", which I am sure you are well aware of, considering you are a moderator in that community.

          I come with a lot of privacy/anonymity experience so I suggest things in a more hardline manner, while being able to see through if someone is okay with a more basic threat model. I am not a snobby elitist. I make guides for threat modelling, smartphones and computing.

          Interesting! Would you mind linking to a few of your guides? I am very interested in reading them.

          “Hardened iOS” and “GrapheneOS” often crosses my tolerance limit.

          It is interesting for you to compare hardened Android (which you have stated is preferable) to iOS (which you have stated is not private). Would you mind elaborating on why GrapheneOS is not regarded as highly in comparison to other hardened Android ROMs, in your own opinion? Also, disregarding how privacy invasive Apple devices are, do you believe that Apple's Lockdown Mode (at least) delivers on security features?

          It sounds to me from experience that the person is no longer “reachable” in a reasonable manner, unless drums are loudly beaten.

          I am happy to hear that I was able to exceed your expectations, with quiet instruments.

          One thing I am known for is not abusing mod powers, and giving people plenty leeway. But even then, being the mod, you probably view it as an imbalance

          Would you mind elaborating on why I may see your messages as an imbalance, as a result of your status as a professional moderator of this community?

          If it is a simple debate in public, I welcome it as well.

          I am glad you are open to a clean, transparent discussion. I look forward to hearing from you.

          I cannot promise an immediate debate unless I am free, given my life circumstances, but we can try.

          That's alright, we all have hardships in the real world. Take your time.

          I will admit one mistake, I did not know and assumed Secureblue is a misspelled Silverblue

          It is a good quality to be able to admit your own mistakes, and I commend you for that. Until recently, I, too, was unaware as to what Secureblue is.

          Nice pick. I use Debian Stable and am extremely picky with what I install, even minimising Flatpak installs and network connected programs.

          Thank you! It was actually the community you moderate (c/privacy) that helped me pick it out. I, too, am somewhat picky about my installs. I am currently sticking to strictly Flatpaks.

          I am eager to hear your responses! Please, get back to me when you can.

          Cheers!

          • find it an enjoyable experience to use Tails

            Wasting time to learn is good. But do not stroll away in darknet wasting time for months like I did as a teenager. SomeOrdinaryGamers has a Deep Web series for the "fun".

            hardly use my phone for communication purposes, as phones have been designed to be used for a multitude of different tasks. Some of these are: gaming, photography, a calculator, note-taking, music streaming, and many more. [...] when you are at work or with friends, you aren't constantly distracted using your phone

            I can attest to that, being my MO as well. Smartphones have made us isolated, anti social and dumber.

            “NSA style” zomg cool blonde hair tech whiz kid?

            This was a poke at this comment: "If you want paranoid levels of security, consider following the NSA’s Rule of Two, which means two completely independent layers of encryption."

            NSA's Rule of Two is an actual thing. Either use these terms or just leave them out. Don't try "inching closer" to NSA in your head, it leads to arrogant thoughts and sometimes regret.

            GrapheneOS is complete snake oil. Read more here to know about “security” cultists in FOSS/privacy community.

            It's not very appropriate to discriminate against a group of people, even if their views do not align with yours. They are still people, after all.

            Well, for one, they openly harass and witch hunt people (Micay instructed mods in his Matrix chat), and Micay went on to call almost everyone complicit in his claimed swatting attempt in April 2023, for which there is no evidence provided or in media. He also abuses "autism" label to avoid public accountability for his lies and crybullying behaviour.

            Linus Torvalds himself has called these security cultists "masturbating monkeys" for the annoying things they do. People like Brad Spengler have been an annoyance to Linux community. And many people dislike the disregard for open source culture, privacy, anonymity and performance in the name of security, since most of them love advocating for corporate closed source security.

            This post is a massive joke.

            This is not nice and does not contribute to the post at all, and is therefore unnecessary.

            When I get pissed off, I try steering people in a better direction. You will probably try nitpicking and refining your OPSEC yourself.

            Stuff like "hardened iOS" gets me. If you use it, use it, but iOS in no measure stands above Android for privacy, security and anonymity purposes. And I think it must be made clear, because too many pro Apple trolls keep lurking on internet. It does not help that places like r/privacy subreddit have iPhone using moderators defending Apple, and Apple trolls being given cover by these mods.

            I am serious about privacy and anonymity, advocating it and ensuring good general advice becomes mainstream, and bullshit notions ($1000 Apple=privacy, Apple>Android) go the way of the dodo. I am a privacy advocate that happens to be a moderator, instead of being a moderator with having negligible privacy knowledge, a usual occurrence on internet.

            Would you mind linking to a few of your guides?

            Non-root smartphone guide: https://lemmy.ml/post/128667

            Linux/Windows computing guide: https://lemmy.ml/post/511377

            Threat model guide: https://lemmy.ml/post/34223

            Guide for protestors: https://lemmy.ml/post/34220

            Would you mind elaborating on why I may see your messages as an imbalance, as a result of your status as a professional moderator of this community?

            People often leverage powers to ban or silence debating just to not "lose". Nature's laws apply to internet mods and users. And internet mods, like most people in society, usually pretend and are pseudo productive in life so they do not need to demonstrate their lack of knowledge. Some people are genuinely busy though.

            • SomeOrdinaryGamers has a Deep Web series for the “fun”.

              Thank you, I'll check it out!

              I can attest to that, being my MO as well. Smartphones have made us isolated, anti social and dumber.

              The same effects were seen with the introduction of the first commercially available computers.

              Either use these terms or just leave them out.

              There is nothing wrong with what I said.

              Well, for one, they openly harass and witch hunt people (Micay instructed mods in his Matrix chat), and Micay went on to call almost everyone complicit in his claimed swatting attempt in April 2023, for which there is no evidence provided or in media. He also abuses “autism” label to avoid public accountability for his lies and crybullying behaviour.

              Linus Torvalds himself has called these security cultists “masturbating monkeys” for the annoying things they do. People like Brad Spengler have been an annoyance to Linux community. And many people dislike the disregard for open source culture, privacy, anonymity and performance in the name of security, since most of them love advocating for corporate closed source security.

              All of this is irrelevant to the GrapheneOS project itself. What the creators did had no effect on the focus and implementation of GrapheneOS.

              When I get pissed off, I try steering people in a better direction.

              That does not excuse your actions. There are kind, constructive ways of helping people in the right direction, what you did was neither of those.

              If you use it, use it, but iOS in no measure stands above Android for privacy, security and anonymity purposes.

              I never claimed it did. In fact, I implied the opposite.

              Non-root smartphone guide: https://lemmy.ml/post/128667

              Linux/Windows computing guide: https://lemmy.ml/post/511377

              Threat model guide: https://lemmy.ml/post/34223

              Guide for protestors: https://lemmy.ml/post/34220

              Have you considered publishing a proper article on a place other than social media?

              People often leverage powers to ban or silence debating just to not “lose”.

              Another way of trying to win a debate would be to blatantly ignore and refuse to acknowledge points brought up by the opposing side. Here are the ones you missed:

              If my post has been perceived as a guide, I apologize. It was not my intention. I’m not exactly sure if you were referring to a privacy guide, or a guide on how to format answers (which many people have followed). I don’t see any parts that encourage people to use the same services that I use (as a privacy guide would), but I could be wrong. Would you mind elaborating with specific examples?

              I agree that, in some sense, it is an oxymoron: considering that iOS cannot be fully hardened due to multiple factors. The reasons I chose to use that terminology are explained below.

              I tried my best to refrain from using terms that beginner privacy enthusiasts would not understand, which led to certain creative solutions to be used, such as “hardened” as an adjective to describe a more locked-down service. If you have any suggestions on alternatives, I am happy to hear them!

              I do not have the finances to switch to a device capable of running Android yet. I am doing the best with what I can. Thank you for understanding my situation!

              Mocking any content created with detail and care is not a kind thing to do, and goes against c/privacy’s 6th rule “Be nice :)”, which I am sure you are well aware of, considering you are a moderator in that community.

              It is interesting for you to compare hardened Android (which you have stated is preferable) to iOS (which you have stated is not private). Would you mind elaborating on why GrapheneOS is not regarded as highly in comparison to other hardened Android ROMs, in your own opinion? Also, disregarding how privacy invasive Apple devices are, do you believe that Apple’s Lockdown Mode (at least) delivers on security features?

              It seems you ignored over half of my message.

              I look forward to hearing the responses you missed!

              • I do not engage in something that needs no further elaboration, or something that is mutually agreed upon. So I only address whatever needs to be discussed.

                All of this is irrelevant to the GrapheneOS project itself. What the creators did had no effect on the focus and implementation of GrapheneOS.

                It does.

                Read the paper by Ken Thompson, co-creator of Unix and C, on why we should be able to trust the developer and NOT the code. https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf

                GrapheneOS developer has lied about various things, accused people of things as serious as being complicit in attempted murder and intentionally avoids any forms of scrutiny by false labelling critics, crybullying and harassing them. After Louis Rossmann made his Matrix DMs with Micay public, he went underground and hid behind his Discourse forum, and mods banned and censored anyone asking for swatting evidence left and right. I see zero reason to put trust in a malicious person like this for something as serious as digital security and privacy for a personal computer or phone.

                Someone made this thread last year. https://old.reddit.com/r/u_lo________________ol/comments/1314x2x/why_did_i_do_this/

                Micay has a personal grudge against Firefox due to this incident, where he got blasted by Tor Project devs. Chromium propaganda was invented and disseminated after August 2019, due to this. https://lists.torproject.org/pipermail/tor-dev/2019-August/013995.html

                Few years ago, without any community consensus, he added a shutter sound for camera which could not be muted, putting the target audience of this tool/product at risk of jail or even death – privacy users, journalists and activists. https://old.reddit.com/r/privacytoolsIO/comments/pjl4bh/what_is_your_opinion_of_grapheneos_conforming_to/

                There is a lot that you do not know, and probably want to live in ignorance. Why? Maybe you want to not put in more effort. Whatever your reason may be, it is a massive risk to even consider using something with so much weird history and active controversy behind it. CalyxOS, ProtonAOSP or even LineageOS are free of controversies and are better picks, and you have more usability freedom with them.

                Would you mind elaborating on why GrapheneOS is not regarded as highly in comparison to other hardened Android ROMs, in your own opinion? Also, disregarding how privacy invasive Apple devices are, do you believe that Apple’s Lockdown Mode (at least) delivers on security features?

                You can do 99.9% of the "hardening" yourself. This is what you do on Linux, and with web browsers, firewalls and other things. This is precisely what I demonstrate with my non root smartphone guide that works on any Android phone in the last 5+ years, rooted or not, instead of needing specific unlocked Pixel models with Google's proprietary security hardware. There is not even a need to get into this flashing custom ROM complicated stuff to achieve top grade privacy and security.

                How weird would it be if you were told to go fly to other countries and get a Pixel, otherwise you will not get privacy and security? Weird and delusional people. https://i.imgur.com/Yv9nvxy.jpg

                As for Apple's Lockdown feature, same exists on Android, and I have a very interesting way of securing device that makes Apple look like a joke. You can see "HOW TO SAFEGUARD YOUR DATA FROM..." section in non root phone guide. You may find this worthwhile.

    • What's wrong with GrapheneOS?

You've viewed 92 comments.