I’m missing a bit the fact that this is not a law yet. This is the position of the commission, which the parliament will then need to approve and has to get past the ECHR as well most likely.

It depends on your threat model or how I like to call it: the paranoia level. Since all connections go through the ISP router anyway you won’t really gain that much privacy unless you directly put a VPN on your router.

Here is what you could potentially stop leaking:

• MAC addresses of your devices
• DNS queries if you use unencrypted DNS

Also theoretically, the router could be an entry point to do attacks against your devices.

People who use pfsense mostly do that because they want more features. For example I have an IoT VLAN that cannot talk to the internet.

For privacy the simplest thing would be to try and put a custom firmware on your WiFi router, like OpenWRT.

Everything else is a bit of an overhaul. And in the end, you always have to trust that the WiFi access points manufacturers firmware does not exfiltrate data.

Also, I would just try plugging in to the modem and see what happens. Most likely you’re just wasting power right now with that ISP router.

Who says the authoritative servers aren’t logging requests?

That should only happen with SNI, no?

The queries are known to the DNS provider. Only thing is to use one you trust.

The only thing you gain from VPN is that the target server does not know your IP.

HTTPS is safe anyway and as such also the content of what you do.

The only other way you may leak information are DNS queries.

No write it from scratch. With the copyright directive MEPs thought those templates were bots.

Check out EFF cover your tracks: https://coveryourtracks.eff.org/

The results are very interesting. For me, the most unique thing about my browser was that I had two system languages, and so the accept-language header was very unique.

I now use vanadium (graphene OS), which simply sends made up values for a lot of headers, and so makes fingerprinting harder.

In general, you should try to be as “normal” as possible, use standard settings for everything, just accept English, etc…

GrapheneOS provides users with the ability to set a duress PIN/Password that will irreversibly wipe the device (along with any installed eSIMs) once entered anywhere where the device credentials are requested (on the lockscreen, along with any such prompt in the OS).

No I’ve never seen this. Usually they send you an email to the admin address of the domain with the code.

Its always encrypted, just that the keys are in RAM when it runs.

In case of graphene though you can have a distress pin that wipes the encryption keys, making the phones content irrecoverable.

I’m using it and never going back.

It’s not just the privacy aspect, but the fact that most results in other search engines suck. The first two pages would usually be ads - first the bought ones, then company websites and copywritten blogs. I get that way less with kagi. I find useful stuff faster and my brain is less polluted.

The question to ask yourself is why is cloudflare offering that service for free? Probably because they get something out of it, like analysing the data.