I just read in interesting and informative post from @Charger8232, and decided to write one of my own.

Perhaps there could be a megathread created?

EDIT: Items in italics are subsequent additions.

Remember these rules:

  • Be respectful! Some people are early on in their privacy journey, or have a lax threat model. Just because it doesn’t align with yours, or uses some anti-privacy software, doesn’t mean you can downvote them! Help them improve by giving suggestions on alternatives.

  • Don’t promote proprietary software! Proprietary software, no matter how good it may seem, is against the community rules, and generally frowned upon. If you aren’t sure, you can always ask! This is a place to learn. Don’t downvote people just because they don’t know!

  • Don’t focus solely on me! Since this happened in another one of my posts, I want to mention that this thread is not designed to pick apart only my setup. The point is to contribute your own and help others. That doesn’t mean you can’t still give suggestions for mine, but don’t prioritize mine over another.

  • Be polite!* This falls under “Be respectful”, but be kind to everyone! Say please, thank you, and sorry. Lemmy is really good about this, but there will always be someone.

Here is my setup:

Web browsing

  • I use Mullvad Browser for general browsing.

  • I use Tor Browser for extra protection, when necessary.

  • I use Firefox + Arkenfox User.js for general browsing on FreeBSD and on my Raspberry Pi, as Mullvad has not yet been ported to FreeBSD or aarch64.

  • I use MetaGer for web searches, but I keep switching between different private options.

  • I always use ProtonVPN (free tier) through WireGuard.

  • I use NextDNS for extra content blocking.

  • I use Redirector (by Einar Egilsson) to redirect me to alternative frontends for popular services (e.g. YouTube -> CloudTube)

Desktop

  • I use several trusted Linux distributions, as well as FreeBSD, on my PCs and MacBook.

  • My MacBook’s UEFI is password-protected, but I have not done this on other machines:

    • I haven’t got around to securing my main laptop at the UEFI level yet.
    • My ThinkPad is second-hand and quite old. The BIOS cannot be locked, and the PXE settings have been password-protected by the previous owner.
    • All of my other devices are simply too old and rarely leave the house anyway.
  • I recently installed Tails, but I haven’t yet had cause to use it.

  • I use full disk encryption on everything, and I have a VeraCrypted pen drive for special cases

  • I cover all of my webcams with Blu-Tac or electrical tape

  • Many of my laptops are too old for this, but I am trying to make the switch from X11 to Wayland (as recommended by PrivacyGuides).

Mobile

  • I currently use hardened iOS until my iPhone burns out or gets obsoleted. Once this happens, I’ll be using DivestOS.

  • Again, I constantly use ProtonVPN (free tier) using the WireGuard app (as this is the only VPN client that both supports Proton and allows customising the DNS).

  • I use the private mode in Orion Browser (not to be confused with Onion Browser), as the EFF’s Cover Your Tracks software reported that it was less fingerprintable than other options.

  • I have Onion Browser installed, for when I need more protection or if I need to access a .onion

  • I use an alphanumeric passphrase.

  • I disable radios (i.e. WiFi, Bluetooth) when they are not in use.

  • I don’t use a privacy screen protector, but I will buy one for my next phone.

Messenger

  • I am forced to use WhatsApp, sadly, as none of my friends or family will even humour me by trying Signal. It could be worse.

Online accounts

  • I use KeePass to manage my passwords, which are synchronised between devices using Filen.

    • KeePassXC is the client I use on desktop.
    • On iOS, I use Keepassium; but I am apalled by the selection of clients available.
    • When I switch to Android, I will use KeePassDX.
  • I use ente Auth and OTPClient to generate TOTPs. I also have a graphing calculator that can generate these.

  • I am in the process of partially anonymising my online accounts.

Video streaming

  • I use CloudTube to watch YouTube videos.

  • I use PeerTube when possible (mainly to watch Techlore and The Linux Experiment).

  • I use FreeTube on desktop.

AI

  • I played around with ChatGPT and DALL-E last year, but those days are behind me now.
  • I signed the NoML open letter, and I have used robots.txt to shut out LLM scrapers from my websites.

Social Media

  • The only non-FOSS social media I use are Tumblr — which is ranked B by ToS;DR — and cohost.

  • I only use my real name on Mastodon, and even then I will probably change to my usual username when and if I next decide to change servers.

Email

  • I use Posteo.

  • I have DuckDuckGo Email Protection as an alias service, which I use through Bitwarden.

Shopping/Finance

  • I rarely make online purchases. I am certainly being tracked, but I’m simply not producing enough data in the first place for this to be a big problem.

  • For physical purchases, I am trying to use cash more often. However, my sixth form cafeteria only accepts two forms of payment: biometric (handled internally) and debit card.

  • I use no subscription services at all, but I may use LiberaPay and OpenCollective in the future to support open-source projects.

Music streaming

  • I occasionally stream music from Bandcamp, but virtually everything I listen to is either on CD or a local file.

  • I occasionally listen to KERRANG! Radio using an MP3 stream, and BBC Radio 4 over FM.

TV shows

  • I use DVDs for most of my viewing, but I have sailed the high seas in the past

  • Some shows I enjoy (i.e. Helluva Boss) are released officially for free on YouTube (watched via CloudTube).

  • I do not own a smart TV.

Gaming

  • I generally don’t game.

  • When playing Minecraft, I use PrismLauncher and I’m always sure to install the Anti-Telemetry mod.

Programming

  • I code in Python using Micro. I also sometimes use Kate, but only if I’m running Plasma.

  • I use Codeberg to host my projects.

Productivity

  • I normally use LibreOffice.

  • I’m trialling a new workflow, using Markdown and Pandoc for text documents and presentations, and Gnumeric for spreadsheets.

Misc

  • I use an RSS reader for news.

  • My local timezone just happens to be the same as UTC.

  • I use a privacy-respecting smartwatch: the PineTime (from PINE64).

  • I don’t have a car, as I’m 17.

  • I use Bluetooth headphones out of necessity. I’m still salty about Apple removing the headphone jack and then every other phone company following suit. However, they are basic headphones which do not require an app, and so they should be more private than other similar models.

  • I will never use Amazon Echo or Google Home.

To-Do

  • Look into further hardening of iOS
  • Start using multiple browsers
  • Use cash more often
  • Anonymise social media
  • Try to get family to ditch Meta
  • Look into BIOS and UEFI hardening
  • Buy a privacy screen protector and faraday equipment
  • Audit all systems with Lynis

Thanks for reading!

EDIT 27/05/24: Updated search engine, iOS apps, email, social media, and checklist.

  • mac@infosec.pub
    link
    fedilink
    arrow-up
    2
    ·
    9 months ago

    Not listened to Kerrang for a good many years. Well thought out post though! Lots of details.