How does your privacy setup looks like? Share and advise topic

I open this topic for people to share their privacy or anonymity ‘setup’ in order to learn from each other and take advises or recommendations, there is always room for improvement right? Also bare in mind that every individual has a different approach and different threat model so I hope people won’t comment stuff like ‘overkill’ or whatever because you don’t know the situation of the person in question.

Oke, let me start off with this topic.

Desktop:

Full Disk (windows partition ) encryption with veracrypt
Main OS is windows but I also use Linux in a virtual machine (Whonix) for stuff that needs more privacy.
I use VPN (Mullvad which I pay with monero)
Keepass manager to manage my passwords on
Brave browser and libreworlf for browsing
Bleachbit for cleaning

Router:

I have two routers, 1 from my ISP and one I bought myself. I connected the ISP router with my own router through a cable and I also installed a VPN client in my second non-ISP router. I run ProtonVPN through that router. Obviously everything is password protected with long and hard passwords.

Phone:

I use a google pixel phone with GrapheneOS
Instead of a normal VPN I do the following: I run a shadowsocks server on a VPS which I use as a socks5 server, I use a TOR vpn (inviziblepro) to run through the socks5 proxy only (instead of using a bridge). So my internet is routed like this: ISP > shadowsocks > TOR > internet
My whole phone runs through TOR and DNScrypt, so all apps and all browsing goes through TOR
Communication apps: Signal, Briar, Session, Conversations (XMPP) and telegram.
Downloading apps: F-droid and aurora store

2 Likes
  • dump windows and use linux
  • ask around for a list of extensions you might want to add to brave
  • bleachbit is ok for magnetic drives but will wreck your SSD if you are using one
  • get a router with DD WRT install
  • the rest is a discussion to be had with various ppl on this site.

Will eventually transit fully to Linux when my terminal skills are good enough.

Thanks, will do.

Any suggestion for SSD drives?

Why is that better?

So for the Desktop:

Ditch Windows AND Linux. Windows is awful for privacy, Linux is even worse for security (Linux | Madaidan's Insecurities)
If possible, use QubesOS. If that is not a possibility, try to use a Linux without any software installed to it directly and only VMs. If that is not possible, try to use Gentoo with as much of this Linux Hardening Guide | Madaidan's Insecurities hardening guide as possible.
If that is not an option, decide how important security is (e.g. what programs you use) and either use a Linux distro with sane security standards (like Fedora), or try to get your hands on a Windows Professional or Educational Edition. If none of this is possible, ditch your Desktop as it will be a privacy & security problem.

For the software:
A VPN does about nothing for your security and privacy. It is still a single point of failure. While Mullvad is decent, do not use it for privacy reasons. Use it for reasons like switching your location for streaming.
Google can identify you with less than 5 searches. Your typing and wording is unique. As you most likely have JavaScript enabled, a VPN does nothing for you.
Use an offline Keepass, if possible disallow every other program access to the keyfile.
Ditch Librewolf, still the same problems as Firefox. Firefox and Chromium | Madaidan's Insecurities
You should not expect any clean up application to help with security. Setup sane scripts (that run at the start of your system!) to clean your system.

Phone:
Try to isolate as many apps as possible. A simple example would be an extra profile for every messenger you do not regularly use.
Do not use F-Droid A brief and informal analysis of F-Droid security | Wonder's Lab

Now for the actual hardware:
If you have Hyperthreading activated, deactivate it. Hyperthreading is a security problem (as an example https://github.com/comsec-group/retbleedWenn) that in the worst case leaks your plain password.
If you have the skill to do it, try to remove the webcam, camera, microphone and other sensors you do not need from your devices.

You now might be like “but most of what you said is security, what has security to do with privacy?”
Especially if you haven’t read the Linux article from Madaidan I linked.
The answer is really short: Any kind of security problem will get exploited. Privacy respecting apps do absolutely nothing, if they have a bug that allows someone any kind of access to your device. Security should be first, because a device can only be private if it already is secure.

2 Likes

you can use the Linux terminal but it isn’t really necessary depending on what you are trying to do.

get a name brand ssd drive and not anything cheap

BTW - using bleachbit as root on a linux system is dangerous so proceed with caution. bleachbit will wreck your Linux OS if you aren’t careful.

DD WRT is open source and vetted for privacy and security. Most routers are closed source and can be prone to attacks. Configurations are broader allowing for improved security.

Some people even add a Raspberry pie to use as a DNS router to filter out tracking, etc,… If you really want a hardened network you may want to look into configuring your own Raspberry pie with customized DNS.

1 Like

Thanks for the advice, I know about QubesOS. The plan is indeed to slowly transit to Linux system, QubesOS looks like the most impressing to me (security-wise).

For me a VPN is merely a tool better than my ISP, I trust my VPN provider more than I trust my own ISP. So i’d rather not have my ISP look into my traffic even though a VPN provider could always provide the data. For real sensitive stuff I only use the TOR network.

Thanks for the link, I’ll have a read.

I actually did remove the cameras, microphones and sensors from my pixel phone, you don’t need real skill to do that. Just watch teardown videos several times :D.

I totally agree with the sentiment here. Thanks for your write up.

1 Like

Sounds like you’re on a great track! Good luck achieving your goals and take slow steps at a time. Linux takes time to get used to, QubesOS so much more.

If you need help on specific steps, just start a new topic, go on matrix and ask people there. The security & privacy community is welcoming everyone :slight_smile:

1 Like

Saving this for a read later.
Interesting article on the F-Droid store. Makes me rethink.
Love learning new shit like this everyday.

1 Like

As someone who is not very technical, there are good non-technical options to choose. I tried PopOS first and then switched to Fedora. The only time I really had to spend any time in the terminal was when I was trying to install a Minecraft launcher, and I ended up finding a fork of that launcher already in Flathub. You still have overcome the hurdle of installing it, but it’s easier once it’s installed.

Desktop

Fedora Linux 36 with most of the stock applications and hardened Firefox and Brave.

Mobile

Pixel 6 with stock Android. May one day switch to CalyxOS, but I only have one phone and don’t want to screw it up. Also wondering about how my experience will suffer. My threat model doesn’t need CalyxOS, but it would be a nice to have.

Apps and services

I’m mainly still in the Google ecosystem but looking for the privacy alternatives that make sense for me to switch to. Looking at Proton in particular once Proton Drive comes out of beta. Otherwise I’m using:

  • LastPass for password management (one day I will get around to migrating to Bitwarden)
  • Proton VPN and Mullvad for VPN
  • DuckDuckGo as default browser for searches
  • Brave for web apps and other services I want to stay logged in for
  • MyExpenses as FOSS budgeting app
  • AntennaPod for FOSS podcast player (it’s so good)
  • Proton Mail for some alt accounts I use for aliasing

I’m prob missing some but these are the main ones that come to mind. On one end there is still more I want to do, but on the other end my threat model is primarily against targeted or mass attacks as well as irresponsible data management. Reducing exposure to companies and government is nice-to-have for me.

1 Like

Feel like I have a more relaxed setup then some ITT

Fedora for my Desktop, use to run OpenSUSE a long time ago but I find that Fedora has stronger updates. Feeling meh about GNOME 43 but I still like it better than other desktop environments at the moment. I have a VPN but I really don’t use it much at all, maybe I’ll start running it more.

Pixel 4a 5g with Calyx for my phone pls don’t yell at me Raznick I’m doing my best :sob: . I don’t really use my phone much so pretty much just cycle between Signal and whatever phone and calendar apps that come with the ROM.

OpenWRT for my router, though if I’m being honest I use it mainly just for the extra configuration options.

Using DuckDuckGo right now for searches, though Ecosia seems like it’s a bit of an up-and-coming pick? Any thoughts on it?

Server runs a basic Nextcloud, Bitwarden and media server, not a whole lot going on there.

3 Likes

basedtop: slackware, seamonkey as my browser and firefox if i am forced to. also dwm as my wm
phone: pinephone pro with arch atm, soon i will have time to make a slackware distro
Router: my computer and my servers are connected to my modem ( le static ip)
Servers: a rockpro64 running most things like email and a x86 computer for jellyfin

1 Like

FDroid has security issues and Aurora Store doesn’t have TLS Cert pinning(insecure)

Use Bitlocker instead which utilizes TPM for extra security.

Smart Choice.

Don’t use anything Firefox. Use Brave only.

Does your threat model requires you to?

Use Signal/Brair only. Anything else is bs in terms of security.

just wondering about Unix. no one mentioned using it. Security on FreeBSD is pretty good, but driver installation could be a problem for adding peripherals like scanners, printers and cameras.

Anyone interested in talking about the matter?

Security of FreeBSD honestly is not that good. Better than on most Linux distros, but also far from actually good (and then the lack of software you mentioned)

If we’re talking about OpenBSD tho, that is probably the best project of them all. While not a lot of desktop applications work on it (like Chromium doesn’t), it at least is one of the best solutions in the server space. Maybe even the best.

Good points and ideas, this was very informative thank you!

1 Like

Chosen for security, privacy and/or annoyance reduction minus tradeoff:

  • No Social Media. Not only for privacy but for a lot of reasons, including ethics and annoyance. Btw: I don’t count forums and Youtube as social media.
  • Hardened and debloated Windows 10
  • ZorinOS (for old/special hardware and for fun)
  • Pi-Hole + Quad9 over DoH for home network DNS
  • pCloud (Swiss/EU + E2EE + multi-platform)
  • 1Password (multi-platform and generally fantastic)
  • Browsing (Desktop): Somewhat hardened FF + uBlock Origin, LibreWolf.
  • Browsing (Android): FF + uBlock Origin, DDG
  • Replaced Google apps where possible
  • Exodus (Android and Web DB) for scanning App tracking & permissions
  • Prefer Signal over WhatsApp
  • ProtonMail + SimpleLogin for e-mail aliasing
  • ProtonVPN for public/non trusted networks
  • Randomly hopping between Startpage, DuckDuckGo and Qwant for search.
  • NewPipe and Freetube for Youtube (not only for privacy)

In general: trying to be security and privacy aware. Within a certain thread model, without overarching or becoming hysterical. There is also a considerable curiousity/hobby component.

Someone needs to write an essay about this factor when it comes to interest in privacy and security.

Just my opinion, but I believe there is a direct correlation between how advanced threat models are in the privacy community and how much those folks like thinking about and tinkering with these tools and systems. When we acknowledge that our interest in this space is kind of like a really helpful hobby, that would go a long way toward not expecting others to go so far.

We think about these things in part because we like it, and that’s ok! But it also means you can’t talk down to other people like it’s the end of the world just because they don’t value your hobby as much as you do, despite how important the cause is. We should take advantage of having a productive hobby like this and not expect so much effort from people who don’t share our level of enthusiasm.

Disclaimer: Not meant to disrespect anyone. I don’t mean to conflate hobby with passion or conviction either. Besides having different threat models, we also all have our own views on how urgent the problem is and what our expectations should be of others even if we withhold those views when giving advice.

1 Like

My current set up.

No socials, although YouTube is more entertainment than anything else.
Linux on my laptop and desktop. Hoping to install arch soon and experiment with Gentoo.
2 degoogled phones, one for work and the other for personal.
Get my news through RSS only, with compatible apps to reddit like (Lemmy, Infinity, etc) for hidden content only and hidden away for when I need to click a reddit or similar link.
Also using antennapod for podcasts (Love it🙏)

VPN: ProtonVPN
Mail: Tutanota and Proton (never use unless you have no choice), with simplelogin for alieses.
Password managers: Bitwarden and KeepassXC with 2FA enabled on Bitwarden, and other 2FA app on both phones.
Browser: Fennic with Ublock, Librewolf and Firefox with Ublock. and bromite just incase.
Newpipe and Freetube for YouTube content.
Signal for messaging.
Duckduckgo for searching with Brave search included.
Exodus for app scanning and any hidden trackers.

Shouldn’t use Firefox or anything based off of it. Only Bromite.

Ditch that, info’s available on website.