It's been a while since I made [this post](https://lemmy.ml/post/13306687), so I think it's time for an update. Items in *italics* are subsequent additions. # Remember these rules: * **Be respectful!** Some people are early on in their privacy journey, or have a lax threat model. Just because it doesn't align with yours, or uses some anti-privacy software, doesn't mean you can downvote them! Help them improve by giving suggestions on alternatives. * **Don't promote proprietary software!** Proprietary software, no matter how good it may seem, is against the community rules, and generally frowned upon. If you aren't sure, you can always ask! This is a place to learn. Don't downvote people just because they don't know! * **Don't focus solely on me!** Since this happened in [one of @Charger8232@lemmy.ml's posts](https://lemmy.ml/post/12711033), I want to mention that this thread is **not** designed to pick apart only my setup. The point is to contribute your own and help others. That doesn't mean you can't still give suggestions for mine, but don't prioritize mine over another. * **Be polite!** This falls under "Be respectful", but be kind to everyone! Say please, thank you, and sorry. Lemmy is really good about this, but there will always be someone. # Here is my setup: **Web browsing** * I use Mullvad Browser for general browsing, with uBlock Origin and NoScript. * I use FoxyProxy to route my connection over Tor or I2P when accessing a hidden service or eepsite. * I use Librewolf for general browsing on on my Raspberry Pi, as Mullvad has not yet been ported to aarch64. * I use a self-hosted SearXNG instance for web searches, though it isn't quite as reliable as MetaGer used to be. * I use Mullvad VPN at all times. * I only use their owned servers; not their rented ones. * I usually enable multihop, but it does cause issues. * I use their Shadowsocks proxy to connect while on eduroam. * I use NextDNS and Mullvad DNS interchangeably for extra content blocking. * I use Libredirect and UntrackMe to redirect me to alternative frontends for popular services (e.g. YouTube -> Invidious) * I use Vivaldi for society stuff, where the stupid web apps don't play nice with adblockers. **Desktop** * I use several trusted Linux distributions on my PCs; currently: * Arch Linux * Debian * Raspbian * Alpine (pending installation) * Slackware * Apart from my Raspberry Pi, the UEFI/BIOS is password-protected on all of my machines. * I have enabled secure boot on my ThinkPad T480s (the only device I own that supports it). * I always carry a Tails USB, but I haven't yet had cause to use it. * I use full disk encryption (LUKS) on everything, and I have a VeraCrypted pen drive for special cases. * I cover most of my webcams with Blu-Tac or electrical tape. * My ThinkPad T480s supports disabling the webcams and microphone in the UEFI. * I trust the security in GrapheneOS enough not to to this on my phone, which would be inconvenient (although a case with camera covers would be nice once my Otterbox wears out). **Mobile** * I use a Pixel 8 with GrapheneOS. * Again, I am always connected to Mullvad VPN. * I currently use Cromite, but I often switch between several private options. Suggestions with reasoning are most welcome. * Cromite is hardened according to PrivacyGuides. * I have Tor Browser installed, for when I need more protection or if I need to access a .onion * My passcode is simply the longest string of digits I can remember. * I used to use an alphanumeric passphrase, but it became rather inconvenient when I disabled biometric unlock. * Radios (i.e. WiFi, Bluetooth) are automatically disabled when they are not in use. **Messaging** * I have managed to get my family and a few friends to use Signal, and I have one friend who I speak to over Tox (I am aware of why this isn't the most secure; he's had difficulty with other options) * I am forced to use Discord, sadly, as all three of my societies use it as their only form of communication (other than social media), as do several societies from other universities and as does one of my close friends. * With the exceptions of my grandma and my old high school group chat, I no-longer use WhatsApp. * Now that I'm out of student accommodation, I have been able to delete Snapchat (my old flatmates insisted on using it for the flat group chat). Good riddance. **Online accounts** * I use KeePass to manage my passwords, which are synchronised between devices using Syncthing. * KeePassXC is the client I use on desktop. * On Android, I use KeePassDX. * I use Aegis and OTPClient to generate TOTPs. I also have a graphing calculator that can generate these, but it doesn't seem to work very well these days. * I have anonymised all of my social media accounts apart from my LinkedIn (I wish I didn't have this in the first place; something something capitalism) and an old Mastodon account I lost access to. **Video streaming** * I use Invidious, yt-dlp, and mpv to watch YouTube videos. * I use PeerTube when possible (mainly to watch Veronica Explains, New Ellijay TV, Techlore, and The Linux Experiment). **AI** * I played around with ChatGPT and DALL-E in the early '20s, but those days are behind me now. * I occasionally use Duck.ai for help with server stuff, but only when I'm desperate and out of options. **Social Media** * The only non-FOSS social media I use is Tumblr, which is ranked B by ToS;DR. * I have a LinkedIn, but I don't really use it. * I am the media officer for one of my societies, but I have all of those nasty proprietary apps in a separate profile. **Email** * I use Posteo as my main provider. * I have DuckDuckGo Email Protection as an alias service, which I use through Quacky. * I use my uni email (Outlook 365) and my society email (Gmail) through privacy-respecting clients; namely Evolution, KMail (if I'm running KDE), and FairEmail. **Shopping/Finance** * I rarely make online purchases. I am certainly being tracked, but I'm simply not producing enough data in the first place for this to be a big problem. * For physical purchases, I am trying to use cash more often, but it makes my budget harder to manage. * The only recurring payment I make is to OVH, who provide my VPS and are known to be one of the better hosting providers from a privacy standpoint (though I imagine not the best). * I would use Monero for things like Mullvad, but I've had a hard time acquiring any. * I have joined several loyalty schemes, but I rarely use them as I shop at Aldi (specifically Aldi Süd), which doesn't have one. * The data collected by supermarkets when I use my loyalty cards is, in my opinion, a fair trade. They get some analytics, and I get discounted products. I am comfortable with this. **Music** * I occasionally stream music on Bandcamp, but virtually everything I listen to is either on CD or a local file. * I occasionally use an MP3 stream to listen to KERRANG! Radio, Radio 4, Classic FM (for DanTDM's show), or my university's student radio station. * ~~I give Last.fm my listening data intentionally.~~ * I use Libre.fm and ListenBrainz to track my listening habits. **TV shows** * I use DVDs for most of my viewing, but I have sailed the high seas in the past * Some shows I enjoy (i.e. Helluva Boss) are released officially for free on YouTube (watched via Invidious). * My flat does have a smart TV, but its one of the older ones (sans bullshit) and not connected to the internet. * One of my flatmates is trying to set up a media server, which is nice. **Gaming** * I generally don't game. * When playing Minecraft, I use PrismLauncher and I'm always sure to install the Anti-Telemetry mod. **Programming** * I code using Micro. I also sometimes use Kate, but only if I'm running Plasma. * I use sourcehut and Codeberg to host my projects. **Productivity** * I normally just use Markdown for note-taking and documents. * Next time I make a presentation, I will probably use Markdown slides (LibreOffice Impress isn't great, in my experience). * Spreadsheets are edited with LibreOffice Calc, but I tend to just use a text editor to write a CSV or TSV unless I need formulae. * One of my societies uses Trello and Google Docs for their stuff. However, I use these in their own profile on my phone, and in their own browser on desktop. * If there's anything really sensitive or really private I need to write, I just use a pen and paper. I also own a typewriter. **Misc** * I use FreshRSS for news. * I use Capy Reader on my phone and Newsboat on desktop. * My local timezone just happens to be the same as UTC most of the time. * I use a non-smart, analogue watch (RIP PineTime). * I don't have a car, as I'm skint. * I use Bluetooth earbuds out of necessity. I'm still salty about Apple removing the headphone jack and then every other phone company (in this case, Google) following suit. However, they are basic earbuds which do not require an app, and so they should be more private than other similar models. * I will never use Amazon Echo or Google Home. ## To-Do * Use cash more often * Try to get family to ditch Meta * Get grandparents to use Signal * Audit all systems with Lynis * Selectively clear cookies and site data every so often in Vivaldi (automate, if possible) Thanks for reading!

I recently transferred one of my domains over to Combell (a registrar based in Belgium), and they gave me an email inbox under my domain as part of the package. However, I’m wondering if it’s trustworthy. If it isn’t, I can set the registrar to redirect mail to the Posteo alias I currently use for the site. However, it would be convenient to be able to use this inbox. I would, of course, be using PGP encryption when possible (although in practice this is infrequent). Any thoughts?

So, for privacy and security reasons, I use a VPN. This is normally Mullvad (with DAITA and quantum resistance enabled), but I have ProtonVPN, Windscribe, and Orbot handy in case something doesn't work. However, lately I've noticed my connections being blocked. This is across three different ISPs: Sky, Virgin, and Wifinity. I have tried all three VPNs and Orbot, and I have tried several protocols (WireGuard, OpenVPN, IKEv2, Stealth, and of course SOCKS5) to no avail. The logical solution would be to use a bridge in Orbot, but the button seems to have been removed. Also, by using Orbot, I will not be protected by my DNS. I am currently using iOS, but my other machines run Linux and I will be getting a GrapheneOS phone in the near future. Can anyone help?

Hey, all. I just bought a Samsung Galaxy Tab A7, and I would like to install a custom Android ROM on it. After a bit of research, my two options are LineageOS and Murena (aka /e/OS). Does one have any advantages over the other? Or is it simply a matter of preference? UPDATE: **You will need a machine running Windows 10 or higher in order to successfully flash either ROM!**

cross-posted from: https://lemmy.ca/post/22775470 > I'm looking to buy a router for home use, on which I plan to install OpenWRT. After some research, I have come across the [TP-LINK Archer AX23](https://www.currys.co.uk/products/tplink-archer-ax23-wifi-cable-and-fibre-router-ax-1800-dualband-10253392.html), which checks all of the boxes I have: > > > > - [x] Comparatively low price > > - [x] Supports WPA3 > > - [x] Supported by OpenWRT > > - [x] Has at least three LAN ports > > > > However, before I and my dad go and buy one, it has to pass the final test: the forums. > > > > Has anyone used this router before? What was your experience? Can I do better, or have I found the best router ever made? Please share your thoughts.

Cross-posted from https://lemmy.world/post/13888155

I'm considering implementing SELinux in my Debian setup, but I've read that it was initially developed by the NSA. Can anyone shed any light on this? Has SELinux been audited? When and by whom? Does the NSA still have anything to do with SELinux, or is this a "US Navy creating Tor" sort of scenario?

cross-posted from: [https://lemmy.world/post/13408103](https://lemmy.world/post/13408103)

I just read in interesting and informative [post](https://lemmy.ml/post/13296072) from [@Charger8232](/u/Charger8232@lemmy.ml), and decided to write one of my own. Perhaps there could be a megathread created? EDIT: Items in *italics* are subsequent additions. # Remember these rules: - **Be respectful!** Some people are early on in their privacy journey, or have a lax threat model. Just because it doesn't align with yours, or uses some anti-privacy software, doesn't mean you can downvote them! Help them improve by giving suggestions on alternatives. - **Don't promote proprietary software!** Proprietary software, no matter how good it may seem, is against the community rules, and generally frowned upon. If you aren't sure, you can always ask! This is a place to learn. Don't downvote people just because they don't know! - **Don't focus solely on me!** Since this happened in [another one of my posts](https://lemmy.ml/post/12711033), I want to mention that this thread is **not** designed to pick apart only my setup. The point is to contribute your own and help others. That doesn't mean you can't still give suggestions for mine, but don't prioritize mine over another. - *Be polite!** This falls under "Be respectful", but be kind to everyone! Say please, thank you, and sorry. Lemmy is really good about this, but there will always be someone. # Here is my setup: **Web browsing** * I use Mullvad Browser for general browsing. * *I use Tor Browser for extra protection, when necessary.* * I use Firefox + Arkenfox User.js for general browsing on FreeBSD and on my Raspberry Pi, as Mullvad has not yet been ported to FreeBSD or aarch64. * I use MetaGer for web searches, but I keep switching between different private options. * I always use ProtonVPN (free tier) through WireGuard. * I use NextDNS for extra content blocking. * I use Redirector (by Einar Egilsson) to redirect me to alternative frontends for popular services (e.g. YouTube -> CloudTube) **Desktop** * I use several trusted Linux distributions, as well as FreeBSD, on my PCs and MacBook. * My MacBook's UEFI is password-protected, but I have not done this on other machines: * I haven't got around to securing my main laptop at the UEFI level yet. * My ThinkPad is second-hand and quite old. The BIOS cannot be locked, and the PXE settings have been password-protected by the previous owner. * All of my other devices are simply too old and rarely leave the house anyway. * I recently installed Tails, but I haven't yet had cause to use it. * I use full disk encryption on everything, and I have a VeraCrypted pen drive for special cases * I cover all of my webcams with Blu-Tac or electrical tape * *Many of my laptops are too old for this, but I am trying to make the switch from X11 to Wayland (as recommended by PrivacyGuides).* **Mobile** * I currently use hardened iOS until my iPhone burns out or gets obsoleted. Once this happens, I'll be using DivestOS. * Again, I constantly use ProtonVPN (free tier) using the WireGuard app (as this is the only VPN client that both supports Proton and allows customising the DNS). * I use the private mode in O**r**ion Browser (not to be confused with Onion Browser), as the EFF's Cover Your Tracks software reported that it was less fingerprintable than other options. * I have Onion Browser installed, for when I need more protection or if I need to access a .onion * I use an alphanumeric passphrase. * I disable radios (i.e. WiFi, Bluetooth) when they are not in use. * I don't use a privacy screen protector, but I will buy one for my next phone. **Messenger** * I am forced to use WhatsApp, sadly, as none of my friends or family will even humour me by trying Signal. It could be worse. **Online accounts** * I use KeePass to manage my passwords, which are synchronised between devices using Filen. * KeePassXC is the client I use on desktop. * On iOS, I use Keepassium; but I am apalled by the selection of clients available. * When I switch to Android, I will use KeePassDX. * I use ente Auth and OTPClient to generate TOTPs. I also have a graphing calculator that can generate these. * I am in the process of partially anonymising my online accounts. **Video streaming** * I use CloudTube to watch YouTube videos. * I use PeerTube when possible (mainly to watch Techlore and The Linux Experiment). * I use FreeTube on desktop. **AI** * I played around with ChatGPT and DALL-E last year, but those days are behind me now. * I signed the NoML open letter, and I have used robots.txt to shut out LLM scrapers from my websites. **Social Media** * The only non-FOSS social media I use are Tumblr — which is ranked B by ToS;DR — and cohost. * I only use my real name on Mastodon, and even then I will probably change to my usual username when and if I next decide to change servers. **Email** * I use Posteo. * I have DuckDuckGo Email Protection as an alias service, which I use through Bitwarden. **Shopping/Finance** * I rarely make online purchases. I am certainly being tracked, but I'm simply not producing enough data in the first place for this to be a big problem. * For physical purchases, I ~~am trying to~~ use cash ~~more often~~. However, my sixth form cafeteria only accepts two forms of payment: biometric (handled internally) and debit card. * I use no subscription services at all, but I may use LiberaPay and OpenCollective in the future to support open-source projects. **Music streaming** * I occasionally stream music from Bandcamp, but virtually everything I listen to is either on CD or a local file. * I occasionally listen to KERRANG! Radio using an MP3 stream, and BBC Radio 4 over FM. **TV shows** * I use DVDs for most of my viewing, but I have sailed the high seas in the past * Some shows I enjoy (i.e. Helluva Boss) are released officially for free on YouTube (watched via CloudTube). * I do not own a smart TV. **Gaming** * I generally don't game. * When playing Minecraft, I use PrismLauncher and I'm always sure to install the Anti-Telemetry mod. **Programming** * I code in Python using Micro. I also sometimes use Kate, but only if I'm running Plasma. * I use Codeberg to host my projects. **Productivity** * I normally use LibreOffice. * I'm trialling a new workflow, using Markdown and Pandoc for text documents and presentations, and Gnumeric for spreadsheets. **Misc** * I use an RSS reader for news. * My local timezone just happens to be the same as UTC. * I use a privacy-respecting smartwatch: the PineTime (from PINE64). * I don't have a car, as I'm 17. * I use Bluetooth headphones out of necessity. I'm still salty about Apple removing the headphone jack and then every other phone company following suit. However, they are basic headphones which do not require an app, and so they should be more private than other similar models. * I will never use Amazon Echo or Google Home. ## To-Do * ✅ ~~Look into further hardening of iOS~~ * ✅ ~~Start using multiple browsers~~ * ✅ ~~Use cash more often~~ * ✅ ~~Anonymise social media~~ * Try to get family to ditch Meta * ✅ ~~Look into BIOS and UEFI hardening~~ * Buy a privacy screen protector and faraday equipment * Audit all systems with Lynis Thanks for reading! EDIT 27/05/24: Updated search engine, iOS apps, email, social media, and checklist.

I currently use a few browsers on various platforms: * Mullvad on Linux and macOS * Firefox (w. Arkenfox User.js) on FreeBSD * Safari (w. extensions & privacy settings changed) on iOS However, I am finding the absence of any sort of cookie persistence in Mullvad and Safari to be a little annoying, as just about everything I use has 2FA enabled. So, I was wondering what you would say a good choice for a second browser would be. I would use this to access a small number of privacy-respecting sites (such as CloudTube and Lemmy), which would involve saving cookies and allowing third-party content (i.e. googlevideo in CloudTube). Ideally, this should be Firefox or WebKit-based, and I would like suggestions for Linux, macOS, FreeBSD, and iOS. On macOS, I have not signed in with an Apple ID, so I can't use the App Store; but I *do* have Homebrew and [pkgsrc(7)](https://man.netbsd.org/pkgsrc.7) installed. Any ideas? EDIT: I am NOT moving away from Mullvad. I'm looking for a COMPLEMENTARY browser which I can use for stuff like CloudTube.

cross-posted from: https://lemmy.ca/post/14567056