Hello, Lemmy!
It may be difficult to spend time actively improving some of the services you use to have a more privacy conscious presence, and so this thread is dedicated to help people learn and grow in their privacy journeys! Start by stating which services you currently use, and which ones you may be looking for/want to improve. This thread is entirely optional to participate in, because a lot of people understandably feel uncomfortable listing which services they use. Writing those out can be a lot of work, but the payoff is huge!
Remember these rules:
-
Be respectful! Some people are early on in their privacy journey, or have a lax threat model. Just because it doesn’t align with yours, or uses some anti-privacy software, doesn’t mean you can downvote them! Help them improve by giving suggestions on alternatives.
-
Don’t promote proprietary software! Proprietary software, no matter how good it may seem, is against the community rules, and generally frowned upon. If you aren’t sure, you can always ask! This is a place to learn. Don’t downvote people just because they don’t know!
-
Don’t focus solely on me! Since this happened in another one of my posts, I want to mention that this thread is not designed to pick apart only my setup. The point is to contribute your own and help others. That doesn’t mean you can’t still give suggestions for mine, but don’t prioritize mine over another.
-
Be polite! This falls under “Be respectful”, but be kind to everyone! Say please, thank you, and sorry. Lemmy is really good about this, but there will always be someone.
Here is my setup:
Web browsing
-
I use Tor for using online accounts (such as Lemmy, etc.)
-
I use Mullvad Browser for general browsing
-
I use Librewolf for functionality that Mullvad Browser doesn’t have (security keys, etc.)
-
I use Firefox + uBlock Origin for streaming videos that break on Librewolf and Mullvad Browser.
-
I always use a SearXNG instance for web searches. I always use ProtonVPN (free tier). I use a private DNS resolver.
Desktop
-
I use Secureblue (yes, I’m that guy from a post a couple weeks ago)
-
I sit behind a firewall.
-
I only use FOSS Flatpaks with Flatseal.
-
My BIOS is password locked but proprietary (due to compatibility issues).
-
I occasionally use Tails because I think it’s fun.
-
I use full disk encryption, multiple disks, and a second layer of encryption for specific important files (NSA style)
Mobile
-
I currently use hardened iOS until I can scrape together some money for a Pixel to use GrapheneOS
-
Again, I constantly use ProtonVPN (free tier)
-
I use a private DNS when ProtonVPN is turned off
-
I use AdGuard, but I browse the internet with the DuckDuckGo app (I can’t sideload)
-
I use a very strong passcode
-
Airplane mode is constantly enabled, I don’t have a SIM
-
I use a Faraday bag to store my device when I’m in public
-
I use a privacy screen protector
Messenger
- I mainly use Signal with a borrowed phone number, because SimpleX is still buggy on iOS, and Signal is the easiest to switch friends to. I rarely use iMessage, but there are times when I have to.
Online accounts
-
Passwords are stored in Bitwarden for mobile accounts, and KeePassXC for desktop accounts.
-
Yubikey is placed on any account I can, otherwise 2FAS is used
-
I keep public accounts (Lemmy, etc.) as locked down as I can.
Video streaming
-
I use the native YouTube app on iOS, simply because any of the others I’ve tried either don’t actually work or require a Mac to install. I don’t have a Mac, obviously.
-
I use FreeTube on desktop, but as I was writing this I was informed that FreeTube has a few issues I may want to look into (Electron).
AI
-
I would love to know if there are any Flatpaks that run local LLMs well, but I currently use GPT4All (since that’s what I used a year ago).
-
On mobile, I use an app made by a friend that gives access to GPT-4 and Gemini. Because it’s running off of his own money, I’m not going to share the project until he has a stable source of income.
Social Media
- I don’t use any social media besides Lemmy.
-
I use ProtonMail
-
I have addy.io as an alias service
Shopping/Finance
-
I currently either proxy my online purchases through someone else (have them buy it for me and I pay them back), or use a gift card
-
For physical purchases I use cash
-
I only use my bank account for subscriptions (Spotify, etc.)
-
I am working on using Monero and privacy.com
Music streaming
-
I use Spotify on my phone
-
I use Spotube or locally downloaded files on my computer
-
I have multiple AM/FM receivers with some yard long antennas and direct metal connectors
TV shows
-
I stream from ethical services for some movies
-
I go to a theater or buy a DVD for other movies. I am the proud owner of a USB DVD player.
-
I also have an antenna hooked up to my TV
-
There are certain IPTV services I have used in the past
-
I do not use a smart TV.
Gaming
- I download local games, plain and simple. Or I code my own game.
Programming
-
I code in Python using PyCharm. I’m looking for alternatives.
-
I will use GitLab when I decide to publish some of my work.
Productivity
- LibreOffice, although the UI is iffy
Misc
-
I don’t use any location services
-
All my clocks are set to UTC
-
I don’t have a smart watch
-
I don’t have a smart car
-
I use Bluetooth earbuds
-
I cover my webcams with paper and tape. Reason: It’s worth taking a couple seconds to peel tape off when you use the webcam than to risk a massive breach.
Thanks for reading!
Note here: I found out the other day that a Google Streetview car passed by my house, and my blinds being shut were the only thing keeping my room away from prying eyes. Is there an easy way to blur/censor my house without giving up my soul?
Special thanks
Lots of people kindly contributed their personal setups in the comments, and some even made their own posts! I’m really glad I could spark inspiration and start a way for people to learn and grow in their privacy journeys. To think, just this morning, I was stressing on if people would even enjoy the post at all! Thank you all again, and please go forward to inspire others. I am not the person who made this happen, all of you are!
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 84 users / day
- 537 users / week
- 1.5K users / month
- 6.58K users / 6 months
- 1 subscriber
- 2.31K Posts
- 53.5K Comments
- Modlog
Check out Yattee on the App Store for a YouTube front end utilizing Invidious and Newpipe instances. Can even self host those if you want
Update: I finally got it working! The UI is a bit weird, but it works. Thank you!
Nice glad you got it figured out
I’ve tried it a few times, but couldn’t get it to work for reasons I don’t remember. I will try it one more time and give my feedback.
deleted by creator
That’s seriously impressive. I wonder, what is your threat profile for all of these? It seems to me like some of the things you do have a drastic impact on user experience, while also not providing that much of a benefit unless you have some really sensitive data.
deleted by creator
Reading this, my only thought was “This setup is eerily similar to the one I aspire to have.” Good job! I may reply with questions if I feel up for it.
My own setup from the top of my head would be:
Few recommendations from the top of my head, from skimming the post.
I’d recommend checking out QubesOS (https://www.qubes-os.org/), especially since it seems you switch between ToR and already use Silverblue, which is AFAIK similar, but why not go all the way in?
Also for VPN - I’ve switched Proton for Mullvad VPN, because I really like the idea they are going for - if you pair Mullvad browser, that is designed to have the same fingerprint for all users, with a VPN that’s from the same company, you can kind of expect that most of the Mullvad VPN users will also be users of Mullvad Browser. Which means you will not be one of the few Proton VPN users with Mullvad fingerprint, but will have the same fingerprint as most of other users of Mullvad VPN. This will make it harder to fingerprint you based on your browser. One word of warning, though - don’t install extensions to Mullvad. If you do, you break the “same fingerprint” premise, and the more extensions you install, the more identifiable you are. Mullvad should be used without any extensions.
Another thing I see is music streaming - I think that in general I’d recommend just getting a cheap laptop/NAS and run your own Jellyfin, and slowly start building your own music collection. You can also run Matrix server as a bonus, and bridge all your communication (including Signal, even though that may not help that much) - but it does help if you need to use some kind of service, i.e Messenger, for group or work related purposes.
My approach to music was to cancel my subscription, and then use the money I save to spend on albums on Bandcamp, so I still support the artists I want. I make sure to do that every month. Since there’s just wast amount of music to get, I use Headphones with an account on redacted.ch to fill my library, but I still make sure to buy albums I like even if I already have them downloaded. The added bonus is that you actually don’t loose any of your music, if the artist decides to pull it off the streaming service, which has aready happened to me several time.
If you want hosting your own LLM, take a look at https://refact.ai. But note that it’s not really cheap, I’ve recently upgraded my computer and decided to use my NVIDIA 1060 to run refact, and it still didn’t work well - 8Gb of GPU memory is borderline usable, and I couldn’t do the finetuning.
Thanks for these recommendations!
I’ve tried Qubes in the past, and I’m not ready to tackle the learning curve yet. I want Secureblue to be the bridge to learning Qubes first.
I’ve considered using it from a fingerprinting perspective, but I don’t have the finances to switch yet.
Oh?
“My BIOS is password locked but proprietary (due to compatibility issues).”
“I use full disk encryption, multiple disks, and a second layer of encryption for specific important files (NSA style)”
I recommend switching to Libreboot, I’ve recently helped add support for the Dell Optiplex 9020 MT, and will soon add support for the Dell Precision T1700 MT. Libreboot allows for full disk encryption, including the automatically encrypting the /boot partition during installation of an OS. I use RAID 0 with 3 disks (LUKS and LVM) on my desktop, with my /boot unencrypted stored on a SD card so I can easily toss it whenever.
For gaming, I’ve had success using Proxmox to play games like GTA V and Rainbow Six Siege through a VM, even passing through NVIDIA drivers (though I plan to switch to AMD). Although, currently the Haswell boards (9020MT and T1700MT) can’t use IOMMU correctly so I recommend using the T1650 for passing through your GPU to a VM. Beware though, the T1650 board can’t be freed entirely in the BIOS I believe.
Also, updating your CPU microcode can help avoid potential performance issues. If you’re concerned about security, consider GPG signing your kernel with Libreboot GRUB for an additional layer of verification at boot.
I am currently in the process of researching Libreboot. Have you had any concerns or problems when using it? Thanks!
Hey! I had no idea that was possible. I usually encrypt everything but /boot, because it’s easy that way.
I don’t have a “threat model” of someone puting malware in /boot while I’m away of the computer. But it would be nice to know how to prevent that.
Do you have a link of a guide or tutorial for that?
Tip, FreeTube is fine, but as you say, certain difficults with some Videos. Because of this, I have specified SMplayer (MPlayer engine) as an external player in FreeTube, this way, if a video does not work in FreeTube, just click on the small rectangle at the bottom left of the thumbnail, so that the Video opens in SMplayer, which practically works always.
If you visit YouTube directly, there is a simple trick to convert the Video into embedded, that is, the video is opened as such in a tab, without going through the YT page. This also avoids a lot of trackers and ads, as well as unnecessary loads (thumbnails, comments, suggestions and other crap).
Simply edit the URL
https://www.youtube.com/watch?v=xxxxxxxxto
https://www.youtube.com/embed/xxxxxxxxThanks for this! It’s a trick I learned a long while back but have since forgotten. Good reminder!
It can be done automaticly with a small script of few lines, like this one (use with Violentmonkey or Greasymonkey). The only drawback is, that are some (few) videos in YT have desactivated embedding, in this case appears a message to watch the video in YT
Thanks! I’ll check that out
Silverblue is not even spelled correctly.
TailsOS is not for “fun” purposes.
Nobody uses their phone like this. When you stop using the communicator as a communicator, you have made the phone essentially a glass brick you lug around for no purpose.
“NSA style” zomg cool blonde hair tech whiz kid?
iOS is a privacy nightmare. https://gist.github.com/iosecure/357e724811fe04167332ef54e736670d And its security has been worse than that of Android for years now. https://www.wired.com/story/android-zero-day-more-than-ios-zerodium/
GrapheneOS is complete snake oil. Read more here to know about “security” cultists in FOSS/privacy community.
https://old.reddit.com/r/privatelife/comments/ug9qnc/writeup_criticism_of_rprivacyguides_grapheneos/
https://old.reddit.com/r/privatelife/comments/13teoo9/grapheneos_corporate_foss_loving_witch_hunting/
This post is a massive joke.
Oy, bit of a cunt innit?
Elaborate.
Well, for starters…
Highly debatable opinion, all tech can be fun.
zomg condescending and immature much?
Said the mod of the subreddit to the curious, kind, helpful, thought-provoking user who posted wondering about other people’s setups, and even prefaced their post with:
This person made a rough guide, and not merely shared their own setup. And if someone is going to suggest their setup, let alone a guide, there will be people who pick it apart. Most will be trolls, some will be constructive. “Hardened iOS” is an oxymoron at some level, for example. If you use iOS, stop trying to conform to “cool” privacy notions, and be okay with it. Switch to Android and harden it when comfortable. Yes I mocked the post, but I did not berate the user, and I consider it fair enough.
I come with a lot of privacy/anonymity experience so I suggest things in a more hardline manner, while being able to see through if someone is okay with a more basic threat model. I am not a snobby elitist. I make guides for threat modelling, smartphones and computing.
deleted by creator
Might I suggest that instead of mocking the user and ensuring they don’t post here in the future after they have learned more, that you sticky a comment about threat models and give constructive criticism about their setup? That way you don’t run away this user, who is willing to dedicate their free time writing free posts which benefit the community, and you also educate those who are reading the post who may not know better.
“Hardened iOS” and “GrapheneOS” often crosses my tolerance limit. It sounds to me from experience that the person is no longer “reachable” in a reasonable manner, unless drums are loudly beaten. Such brainwashing often becomes too much to reverse, and I no longer use up my energy on most people.
Pleasure to finally meet you, albeit under less than ideal circumstances. I’ve been anonymously surfing this community for the better part of a year now, and only made an account in the past month. Your name has shown up a lot in most of the notable comments I’ve read. You’ve grown quite the reputation, even spreading to friends I know from other communities. Again, nice to meet you. Would you like to have a constructive and calm discussion regarding your concerns?
What’s wrong with GrapheneOS?
Secureblue does exist for starters
I’m not educated enough to comment on most of your points, so here is my set-up:
Web: Safari on iPhone with Google browser, Firefox + uBlock origin on desktop with Google browser. I had DDG for a while but I missed the short summary answers you get when you type in a question to Google. I am not in a place to pay for a browser (i.e. Kagi).
Mobile: iPhone with free tier NextDNS. I am looking into buying a Samsung S9/S10 to install LineageOS on. It’s been a while I used Android so I’m not sure how easy that will be. I store all my passwords in Apple’s “Passwords” in settings, and all of them are 20+ characters long and complex (I use a generator whenever I make a new password). Any suggestions on (free/FOSS) password storers?
Messenger: I use Facebook messenger to communicate with my family as only my sister and I have iOS. Furthermore, FB is the only social media I have besides Lemmy.
Email: I use ProtonMail but am considering switching to Tutanota. I don’t have the opportunity to pay for a mail provider right now.
Music/streaming: I use Spotify for music. I use FreeTube for YT on desktop only. My parents pay for Netflix & HBO and so I watch them sometimes, although I have made it a habit to pirate movies online. Also books. Part of me wants to download my music from Spotify and store it somewhere, but iPhone Drive isn’t the greatest when it comes to that. Maybe somebody has (free/FOSS) suggestions?
Misc: I never pay with cash since most stores don’t take it. I use Bluetooth earphones. I don’t game.
Keep in mind I am relatively new to the piracy / privacy community and there’s a lot of terms I don’t know. I hope to improve my privacy and receive advice from more experienced people. Cheers!
If you have the money, check out GrapheneOS!
Spotube does this really well
I remember I tried out Spotube on my computer but the code wouldn’t work. Also a minus it’s not available on iOS. How does Graphene differ from Lineage, in any way that it is preferable?
It’s buggy, but it works good enough with some effort.
This table compares Android ROMs based on a lot of metrics. Basically, Lineage isn’t as private as people think, but Graphene does it proper. Let me know if you have specific questions :)
It’s really too bad Graphene doesn’t seem to support Samsung phones, or any phone that isn’t Google.
If you’re reading this and on ios, go do the safety check.
It whips ass and makes a lot of stuff easier to understand.
Nice setup! I think I’ll maybe make one of my own!
I have a few questions, though:
Since this is a fresh install of Secureblue, I have the default rules in place. I will eventually take a day to crack down and find out what rules I want.
This explains now to harden iOS
Thanks for letting this inspire you to make your own!
I have only had issues with it twice, been using it for a year
Images on a website wouldn’t load (for security reasons)
Some apps break, but you can disable it per-app
What are these ethical movie streaming sources?
Have you tried this process? https://mashable.com/article/how-to-blur-your-house-on-google-street-view
Don’t do this or your house will become part of a conspiracy
deleted by creator
Netflix, Amazon Prime, places that host copyright free movies, etc.
I have not, thank you!
There is literally nothing ethical about Amazon.
I’m curious what makes Netflix or Amazon “ethical”, and what you’re comparing them to? Are you just meaning not piracy?
Yes.
What is hardened iOS?
This is a good guide on how to harden iOS. Basically iOS made as private as possible.
This is great. Done a lot of it but lots I haven’t.
removed by mod
Websites can see what your ISP (or IP address) is, and geolocate you based on that. Also, even small ISPs sell data, and being small is all the more reason to do some sketchy things to grow the business.
I hear that. The easiest thing you can do is try to convince people closest to you to move to something at least a little more privacy respecting. Signal (Molly is a hardened version) has been easiest for me to convince people with.
Try Invidious or Piped! It’s not for everyone, but it’s worth trying! Also, you should think about adding SponsorBlock to your setup, in case you didn’t know about it.
Fair.
😱 B-But!!1 /s
Would love to hear the alternatives people have! Keep me posted :)
removed by mod
Thanks for sharing! Most IP addresses are specific enough to locate cities by themselves, just a note.
removed by mod
Alright, so:
When you visit a website without using a VPN/Proxy/Tor, the website can see your public IP address. That public IP address is unique (with exceptions I’ll get to in a moment) to your home router. NAT means that each device connected to your router (Wi-Fi) has a local IP address, hidden to the website, but your routers IP is still unique to the website. That means that, even if you switch devices, if you visit a website using your home network the website knows that it is your Wi-Fi and not somebody else’s. That means that you can get tracked across websites just by correlating public IP addresses. Ads can see this IP address too. The public IP address by itself is enough to narrow down your location to the exact city, in most cases. So, when you visit a website, the website knows
If your ISP uses dynamic IP addresses, that means your public IP address changes every month or so, so that #2 only has a history of about a month. CGNAT (Carrier-Grade NAT) means that multiple routers share the same public IP address, which removes #2 altogether. This still lets websites know the city you live in, but it reduces mass internet surveilling.
I may have gotten a few minute details a bit off, but that’s a basic shake down of how it works. TL;DR: Your IP can uniquely identify each of your devices if you don’t have NAT, your router if you do have NAT but not CGNAT, and the city you live in. Find an ISP that uses IPv6, dynamic IP addresses, and CGNAT, and use a elite proxy, free VPN, and Tor with a private DNS for maximum privacy.
removed by mod
I need to read up on NAT and CGNAT, I’ll reply again tomorrow. Cheers!
deleted by creator
Ouch! Sorry that happened. I will take that into consideration. Thank you!
Glad to see you use cash. It’s often forgotten in privacy advice, despite being one of the most importants.
I like to use cash. Used it all the time. But now I’ve fallen for the bank-card convenience… (especially self-checkout counters).
I’ve been considering to start using cash more again, but also I’ve noticed a bunch of places that don’t take cash anymore :/
My local gas station charges extra for using a credit card
removed by mod
I keep a jar in my glovebox. My local grocery store has cash-based self checkout registers with a spot to input change. Whenever I go, I grab a handful of change and dump the lot into there. It usually takes like $3-6 off my purchase with some change left over. But it’s an easy way to keep the collection low.
removed by mod
deleted by creator
removed by mod
The old jar full of change at home is how most people handle this.
It’s normal to have some change. Theres a famous movie, reservoir dogs maybe, where a cop has to blend in and scoops some change up off his nightstand and considers its weight before he stuffs it in his pocket.
Part of privacy is anonymity and one aspect of security is obscurity. Look normal, carry change.
removed by mod
That’s weird. I’m in the us and it’s normal to use change or cash. The vending machines all take it, stores all take it. You gotta prepay for gas but whatever. There’s special self checkout registers festooned with cameras that you can’t use but idk if you’d want to go through one of those anyway.
No worries if you don’t want to, but I haven’t seen any weirdness around it.
What are you worried about with the existing cashless payment options?
removed by mod
If you’re worried about your name being given at checkout and being stored and indexed by the merchant or the processor, you’re on the money about credit cards. They have a name associated with them every time like clockwork, it’s how the system is designed and it’s absurdly hard to get gift cards without receiving them as gifts or having people make straw purchases (yes, when pursuing financial crime the police use the same terminology as guns).
Some kind of device tied nfc might work, but the merchant still gets your id along with the transaction.
If you could get okay with apple devices id say that’s the contactless option that helps you the most in the situation you’re describing. But it doesn’t do you any good if you’re not on the devices.
There is an unexpected solution though…
You could always set up a corporate structure that you use to make purchases through. I’m not a lawyer, but something with a principal agent that’s not you but has you and or others as officers would let you buy stuff with a card and not have your name exposed to merchants and processors.
Now there are paperwork requirements and you’re opening yourself up to investigation by your state and federal authorities, but there are often enough kinds of local pass through entities that you can do a low key fake sort of money laundering through them.
Such a thing might seem antithetical to a privacy focused person, but consider that the wealthy use different corporate structures to hide the origin and disposition of their funds all the time. If it didn’t work it wouldn’t take incredible amounts of resources to prosecute.
removed by mod