I just read in interesting and informative post from @Charger8232, and decided to write one of my own.

Perhaps there could be a megathread created?

EDIT: Items in italics are subsequent additions.

Remember these rules:

  • Be respectful! Some people are early on in their privacy journey, or have a lax threat model. Just because it doesn’t align with yours, or uses some anti-privacy software, doesn’t mean you can downvote them! Help them improve by giving suggestions on alternatives.

  • Don’t promote proprietary software! Proprietary software, no matter how good it may seem, is against the community rules, and generally frowned upon. If you aren’t sure, you can always ask! This is a place to learn. Don’t downvote people just because they don’t know!

  • Don’t focus solely on me! Since this happened in another one of my posts, I want to mention that this thread is not designed to pick apart only my setup. The point is to contribute your own and help others. That doesn’t mean you can’t still give suggestions for mine, but don’t prioritize mine over another.

  • Be polite!* This falls under “Be respectful”, but be kind to everyone! Say please, thank you, and sorry. Lemmy is really good about this, but there will always be someone.

Here is my setup:

Web browsing

  • I use Mullvad Browser for general browsing.

  • I use Tor Browser for extra protection, when necessary.

  • I use Firefox + Arkenfox User.js for general browsing on FreeBSD and on my Raspberry Pi, as Mullvad has not yet been ported to FreeBSD or aarch64.

  • I use MetaGer for web searches, but I keep switching between different private options.

  • I always use ProtonVPN (free tier) through WireGuard.

  • I use NextDNS for extra content blocking.

  • I use Redirector (by Einar Egilsson) to redirect me to alternative frontends for popular services (e.g. YouTube -> CloudTube)

Desktop

  • I use several trusted Linux distributions, as well as FreeBSD, on my PCs and MacBook.

  • My MacBook’s UEFI is password-protected, but I have not done this on other machines:

    • I haven’t got around to securing my main laptop at the UEFI level yet.
    • My ThinkPad is second-hand and quite old. The BIOS cannot be locked, and the PXE settings have been password-protected by the previous owner.
    • All of my other devices are simply too old and rarely leave the house anyway.
  • I recently installed Tails, but I haven’t yet had cause to use it.

  • I use full disk encryption on everything, and I have a VeraCrypted pen drive for special cases

  • I cover all of my webcams with Blu-Tac or electrical tape

  • Many of my laptops are too old for this, but I am trying to make the switch from X11 to Wayland (as recommended by PrivacyGuides).

Mobile

  • I currently use hardened iOS until my iPhone burns out or gets obsoleted. Once this happens, I’ll be using DivestOS.

  • Again, I constantly use ProtonVPN (free tier) using the WireGuard app (as this is the only VPN client that both supports Proton and allows customising the DNS).

  • I use the private mode in Orion Browser (not to be confused with Onion Browser), as the EFF’s Cover Your Tracks software reported that it was less fingerprintable than other options.

  • I have Onion Browser installed, for when I need more protection or if I need to access a .onion

  • I use an alphanumeric passphrase.

  • I disable radios (i.e. WiFi, Bluetooth) when they are not in use.

  • I don’t use a privacy screen protector, but I will buy one for my next phone.

Messenger

  • I am forced to use WhatsApp, sadly, as none of my friends or family will even humour me by trying Signal. It could be worse.

Online accounts

  • I use KeePass to manage my passwords, which are synchronised between devices using Filen.

    • KeePassXC is the client I use on desktop.
    • On iOS, I use Keepassium; but I am apalled by the selection of clients available.
    • When I switch to Android, I will use KeePassDX.
  • I use ente Auth and OTPClient to generate TOTPs. I also have a graphing calculator that can generate these.

  • I am in the process of partially anonymising my online accounts.

Video streaming

  • I use CloudTube to watch YouTube videos.

  • I use PeerTube when possible (mainly to watch Techlore and The Linux Experiment).

  • I use FreeTube on desktop.

AI

  • I played around with ChatGPT and DALL-E last year, but those days are behind me now.
  • I signed the NoML open letter, and I have used robots.txt to shut out LLM scrapers from my websites.

Social Media

  • The only non-FOSS social media I use are Tumblr — which is ranked B by ToS;DR — and cohost.

  • I only use my real name on Mastodon, and even then I will probably change to my usual username when and if I next decide to change servers.

Email

  • I use Posteo.

  • I have DuckDuckGo Email Protection as an alias service, which I use through Bitwarden.

Shopping/Finance

  • I rarely make online purchases. I am certainly being tracked, but I’m simply not producing enough data in the first place for this to be a big problem.

  • For physical purchases, I am trying to use cash more often. However, my sixth form cafeteria only accepts two forms of payment: biometric (handled internally) and debit card.

  • I use no subscription services at all, but I may use LiberaPay and OpenCollective in the future to support open-source projects.

Music streaming

  • I occasionally stream music from Bandcamp, but virtually everything I listen to is either on CD or a local file.

  • I occasionally listen to KERRANG! Radio using an MP3 stream, and BBC Radio 4 over FM.

TV shows

  • I use DVDs for most of my viewing, but I have sailed the high seas in the past

  • Some shows I enjoy (i.e. Helluva Boss) are released officially for free on YouTube (watched via CloudTube).

  • I do not own a smart TV.

Gaming

  • I generally don’t game.

  • When playing Minecraft, I use PrismLauncher and I’m always sure to install the Anti-Telemetry mod.

Programming

  • I code in Python using Micro. I also sometimes use Kate, but only if I’m running Plasma.

  • I use Codeberg to host my projects.

Productivity

  • I normally use LibreOffice.

  • I’m trialling a new workflow, using Markdown and Pandoc for text documents and presentations, and Gnumeric for spreadsheets.

Misc

  • I use an RSS reader for news.

  • My local timezone just happens to be the same as UTC.

  • I use a privacy-respecting smartwatch: the PineTime (from PINE64).

  • I don’t have a car, as I’m 17.

  • I use Bluetooth headphones out of necessity. I’m still salty about Apple removing the headphone jack and then every other phone company following suit. However, they are basic headphones which do not require an app, and so they should be more private than other similar models.

  • I will never use Amazon Echo or Google Home.

To-Do

  • Look into further hardening of iOS
  • Start using multiple browsers
  • Use cash more often
  • Anonymise social media
  • Try to get family to ditch Meta
  • Look into BIOS and UEFI hardening
  • Buy a privacy screen protector and faraday equipment
  • Audit all systems with Lynis

Thanks for reading!

EDIT 27/05/24: Updated search engine, iOS apps, email, social media, and checklist.

  • MigratingtoLemmy@lemmy.world
    link
    fedilink
    arrow-up
    3
    ·
    9 months ago

    Absolutely fantastic, considering your age! I was far, far worse than you are right now on this path to better privacy. Truly exceptional.

    I commented in the post you reference, and I’d like to comment here too since I do see some things that can be improved (some of them, I employ for myself, whilst the others are still on my list to implement).

    1. What made you use FreeBSD over everything else? I assume you have some experience using *nix-like operating systems, and the slightly more pro-user distributions like Gentoo and Void do seem BSD-like in operation. I’m just curious.
    2. About Wireguard: it’s a very good solution, however unlike other VPN projects, it doesn’t have a way to natively hide its trace; i.e. OpenVPN and the like employ certain mechanisms to appear like HTTPS traffic to firewalls, which allows for better obscurity when using a VPN. Certainly useful for special cases, I remember seeing a comment somewhere that a school had disallowed VPNs on its campus network and the only way was to use a specific proxy that made it appear like HTTPS.
    3. Ever tried a Blocky DNS + Unbound + Wireguard combo? The first is a DNS server with nice features, the second can be a DNS resolver, and the VPN is to obfuscate the IP from where you resolve your DNS queries.
    4. I found a very nifty thing on the WhatsApp website the other day: https://faq.whatsapp.com/1299035810920553 - might be worth a look!
    5. About the webcam and microphone on your device: if it’s an older laptop, you can simply take the front cover of the screen off and disconnect the cable to it. It’s pretty easy with the older Thinkpads and with some newer laptops too, just needs some practice.
    6. Time to nuke your online accounts and (if possible) use stylometry analysis to measure certain triggers in your writing. I have yet to implement this myself but the idea is to have an LLM rewrite my answer whilst removing said bias and write in a generic tone.
    7. I’ll club payments and online shopping together: learn more about XMR. It is possible to use LocalMonero to exchange fiat to Monero directly, and once it reaches your wallet you can go through a generic churning process (not sure what it’s called in Monero or if this is required, I need to look into it too) and finally, purchase gift cards using the Monero you have now. If the cafeteria accepts debit cards I think they’ll accept gift cards too, but you might want to check. You can purchase Amazon gift cards, gift cards for ISPs/mobile network providers too.
    8. Glad to have found another that likes to collect physical media! If I had the space I would have invested in a few CDs myself, but alas; FLAC it is (not complaining!). Which CD transport do you use?
    9. I don’t use office tools these days but I’d learn latex if I really needed to create PDFs.
    10. I probably don’t need to tell you this but RF hacking is really fun, I’m only really starting to look into it. When I get time!

    I came across a few tools which I hadn’t heard of before; thanks for the effort in creating your post. I hope you have a great time pursuing this path!

    • Hellfire103@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      Well thanks! As for the questions:

      1. I had been distrohopping on the ThinkPad after Arch Linux started acting a little funny. FreeBSD just happened to be the OS that stuck.
      2. I use WireGuard because it’s light and allows me to set custom DNS servers (allowing me to use ProtonVPN and NextDNS at the same time). My school has blocked most VPNs, but the official apps for ProtonVPN and Windscribe can get around it no problem, as can Tor, but I do lose my DNS.
      3. I’ll give it a look, but I’m already quite happy with NextDNS.
      4. Interesting. I did manage to get WhatsApp working in Pidgin a while ago, but it was a little clunky.
      5. I might consider doing that, but I do need to use my webcam for the occasional intrusive Teams call. It is what it is and I do what I can to maximise my privacy.
      6. Yeah, I’m not sure I want to go nuclear. My accounts are (with the exception of my abandoned Instagram account) on privacy-respecting services with more people than bad actors. I would say that all I should do is change my usernames and profile pictures, then unlink my websites while I scrub away personal details. After that, all I need to do is DM a few of my trusted mutuals about the change, so they don’t think I’m a stranger, and everything should be hunky-dory.
      7. Good advice, although I tend to shop more in-person than online.
      8. I don’t have a transport. I use a standard off-the-shelf boombox to play the CDs, and I use fre:ac to rip and convert them to Ogg Vorbis format. I like the idea of FLAC, but I don’t see the point in using it myself, as I already have hard copies of the media.
      9. I used LATEX in the past, but now I prefer Markdown. The syntax is easier and it comes out of Pandoc looking the same as LATEX.
      10. Sounds cool. This would also be relevant to the cybersecurity degree I’ve applied for at uni.