I open this topic for people to share their privacy or anonymity ‘setup’ in order to learn from each other and take advises or recommendations, there is always room for improvement right? Also bare in mind that every individual has a different approach and different threat model so I hope people won’t comment stuff like ‘overkill’ or whatever because you don’t know the situation of the person in question.
Oke, let me start off with this topic.
Full Disk (windows partition ) encryption with veracrypt
Main OS is windows but I also use Linux in a virtual machine (Whonix) for stuff that needs more privacy.
I use VPN (Mullvad which I pay with monero)
Keepass manager to manage my passwords on
Brave browser and libreworlf for browsing
Bleachbit for cleaning
I have two routers, 1 from my ISP and one I bought myself. I connected the ISP router with my own router through a cable and I also installed a VPN client in my second non-ISP router. I run ProtonVPN through that router. Obviously everything is password protected with long and hard passwords.
I use a google pixel phone with GrapheneOS
Instead of a normal VPN I do the following: I run a shadowsocks server on a VPS which I use as a socks5 server, I use a TOR vpn (inviziblepro) to run through the socks5 proxy only (instead of using a bridge). So my internet is routed like this: ISP > shadowsocks > TOR > internet
My whole phone runs through TOR and DNScrypt, so all apps and all browsing goes through TOR
Communication apps: Signal, Briar, Session, Conversations (XMPP) and telegram.
Downloading apps: F-droid and aurora store
Ditch Windows AND Linux. Windows is awful for privacy, Linux is even worse for security (Linux | Madaidan's Insecurities)
If possible, use QubesOS. If that is not a possibility, try to use a Linux without any software installed to it directly and only VMs. If that is not possible, try to use Gentoo with as much of this Linux Hardening Guide | Madaidan's Insecurities hardening guide as possible.
If that is not an option, decide how important security is (e.g. what programs you use) and either use a Linux distro with sane security standards (like Fedora), or try to get your hands on a Windows Professional or Educational Edition. If none of this is possible, ditch your Desktop as it will be a privacy & security problem.
For the software:
A VPN does about nothing for your security and privacy. It is still a single point of failure. While Mullvad is decent, do not use it for privacy reasons. Use it for reasons like switching your location for streaming.
Use an offline Keepass, if possible disallow every other program access to the keyfile.
Ditch Librewolf, still the same problems as Firefox. Firefox and Chromium | Madaidan's Insecurities
You should not expect any clean up application to help with security. Setup sane scripts (that run at the start of your system!) to clean your system.
Now for the actual hardware:
If you have Hyperthreading activated, deactivate it. Hyperthreading is a security problem (as an example https://github.com/comsec-group/retbleedWenn) that in the worst case leaks your plain password.
If you have the skill to do it, try to remove the webcam, camera, microphone and other sensors you do not need from your devices.
You now might be like “but most of what you said is security, what has security to do with privacy?”
Especially if you haven’t read the Linux article from Madaidan I linked.
The answer is really short: Any kind of security problem will get exploited. Privacy respecting apps do absolutely nothing, if they have a bug that allows someone any kind of access to your device. Security should be first, because a device can only be private if it already is secure.
you can use the Linux terminal but it isn’t really necessary depending on what you are trying to do.
get a name brand ssd drive and not anything cheap
BTW - using bleachbit as root on a linux system is dangerous so proceed with caution. bleachbit will wreck your Linux OS if you aren’t careful.
DD WRT is open source and vetted for privacy and security. Most routers are closed source and can be prone to attacks. Configurations are broader allowing for improved security.
Some people even add a Raspberry pie to use as a DNS router to filter out tracking, etc,… If you really want a hardened network you may want to look into configuring your own Raspberry pie with customized DNS.
Thanks for the advice, I know about QubesOS. The plan is indeed to slowly transit to Linux system, QubesOS looks like the most impressing to me (security-wise).
For me a VPN is merely a tool better than my ISP, I trust my VPN provider more than I trust my own ISP. So i’d rather not have my ISP look into my traffic even though a VPN provider could always provide the data. For real sensitive stuff I only use the TOR network.
Thanks for the link, I’ll have a read.
I actually did remove the cameras, microphones and sensors from my pixel phone, you don’t need real skill to do that. Just watch teardown videos several times :D.
I totally agree with the sentiment here. Thanks for your write up.
As someone who is not very technical, there are good non-technical options to choose. I tried PopOS first and then switched to Fedora. The only time I really had to spend any time in the terminal was when I was trying to install a Minecraft launcher, and I ended up finding a fork of that launcher already in Flathub. You still have overcome the hurdle of installing it, but it’s easier once it’s installed.
Fedora Linux 36 with most of the stock applications and hardened Firefox and Brave.
Pixel 6 with stock Android. May one day switch to CalyxOS, but I only have one phone and don’t want to screw it up. Also wondering about how my experience will suffer. My threat model doesn’t need CalyxOS, but it would be a nice to have.
Apps and services
I’m mainly still in the Google ecosystem but looking for the privacy alternatives that make sense for me to switch to. Looking at Proton in particular once Proton Drive comes out of beta. Otherwise I’m using:
LastPass for password management (one day I will get around to migrating to Bitwarden)
Proton VPN and Mullvad for VPN
DuckDuckGo as default browser for searches
Brave for web apps and other services I want to stay logged in for
MyExpenses as FOSS budgeting app
AntennaPod for FOSS podcast player (it’s so good)
Proton Mail for some alt accounts I use for aliasing
I’m prob missing some but these are the main ones that come to mind. On one end there is still more I want to do, but on the other end my threat model is primarily against targeted or mass attacks as well as irresponsible data management. Reducing exposure to companies and government is nice-to-have for me.
Feel like I have a more relaxed setup then some ITT
Fedora for my Desktop, use to run OpenSUSE a long time ago but I find that Fedora has stronger updates. Feeling meh about GNOME 43 but I still like it better than other desktop environments at the moment. I have a VPN but I really don’t use it much at all, maybe I’ll start running it more.
Pixel 4a 5g with Calyx for my phone pls don’t yell at me Raznick I’m doing my best . I don’t really use my phone much so pretty much just cycle between Signal and whatever phone and calendar apps that come with the ROM.
OpenWRT for my router, though if I’m being honest I use it mainly just for the extra configuration options.
Using DuckDuckGo right now for searches, though Ecosia seems like it’s a bit of an up-and-coming pick? Any thoughts on it?
Server runs a basic Nextcloud, Bitwarden and media server, not a whole lot going on there.
basedtop: slackware, seamonkey as my browser and firefox if i am forced to. also dwm as my wm
phone: pinephone pro with arch atm, soon i will have time to make a slackware distro
Router: my computer and my servers are connected to my modem ( le static ip)
Servers: a rockpro64 running most things like email and a x86 computer for jellyfin
Security of FreeBSD honestly is not that good. Better than on most Linux distros, but also far from actually good (and then the lack of software you mentioned)
If we’re talking about OpenBSD tho, that is probably the best project of them all. While not a lot of desktop applications work on it (like Chromium doesn’t), it at least is one of the best solutions in the server space. Maybe even the best.
Someone needs to write an essay about this factor when it comes to interest in privacy and security.
Just my opinion, but I believe there is a direct correlation between how advanced threat models are in the privacy community and how much those folks like thinking about and tinkering with these tools and systems. When we acknowledge that our interest in this space is kind of like a really helpful hobby, that would go a long way toward not expecting others to go so far.
We think about these things in part because we like it, and that’s ok! But it also means you can’t talk down to other people like it’s the end of the world just because they don’t value your hobby as much as you do, despite how important the cause is. We should take advantage of having a productive hobby like this and not expect so much effort from people who don’t share our level of enthusiasm.
Disclaimer: Not meant to disrespect anyone. I don’t mean to conflate hobby with passion or conviction either. Besides having different threat models, we also all have our own views on how urgent the problem is and what our expectations should be of others even if we withhold those views when giving advice.
No socials, although YouTube is more entertainment than anything else.
Linux on my laptop and desktop. Hoping to install arch soon and experiment with Gentoo.
2 degoogled phones, one for work and the other for personal.
Get my news through RSS only, with compatible apps to reddit like (Lemmy, Infinity, etc) for hidden content only and hidden away for when I need to click a reddit or similar link.
Also using antennapod for podcasts (Love it🙏)
Mail: Tutanota and Proton (never use unless you have no choice), with simplelogin for alieses.
Password managers: Bitwarden and KeepassXC with 2FA enabled on Bitwarden, and other 2FA app on both phones.
Browser: Fennic with Ublock, Librewolf and Firefox with Ublock. and bromite just incase.
Newpipe and Freetube for YouTube content.
Signal for messaging.
Duckduckgo for searching with Brave search included.
Exodus for app scanning and any hidden trackers.