Want extra eyes on my identity management and obfuscation process

Over the last 2 years as of this month, I have been working on cleaning up my online practices and cleaning house when it comes to my online presence.

Currently I am using protonmail, simplelogin, bitwarden, 2fas, yubikeys, NextDNS and portmaster.

Every site login has its own email and password. Every site/service that that has multifactor has it enabled, bitwarden login is using an email that connects to nothing else with and yubikey. Multifactor is split off from bitwarden in 2fas, important sites passkeys are kept on the yubikeys.

NextDNS has every filter list they offer turned on. It has taken some getting used to but it doesn’t bother me any more. Occasionally I have to whitelist things but when I’m done I remove it. This has made me think twice about what i am doing and if it is necessary.

Portmaster was a crazy pain in my ass and I still have issues with it multiple times a week. However mostly I reboot my computer it everything comes back up.

The obvious things I’ve changed, hardened firefox, no google or microsoft service accounts. I switched to GrapheneOS ( story in its own but I accept it is what it is).
I have gotten off all social media sites, they really lost all value to me nearly a decade ago so it wasn’t hard for me. I use odyssey and freetube through invidious.

I am wanting to get extra eyes on my process here. The changes I made were painful at times but once done, I can say mostly I don’t feel terribly different about how I use the internet and to me that is awesome. But community eyes to point out any gaps would be great.

This is way too overkill. Is anything even loading for you? This would disrupt a lot of web elements. You should definitely rethink this.

How do you mean?

Yeah, I don’t doubt it. You went all in with a couple of them. A balance is what is needed. You don’t necesarily have to value privacy and security over all convenience. And your threat model doesn’t seem so high that this level of potential inconvenience you’re hinting at is warranted.

Do you use Windows or Linux? Do you not use a VPN at all? Are you compartmentalizing your online activities by browsers or browser profiles at least (or do you not need this for your use case)?

For 2FA TOTP - I recommend Ente Auth. They also have a web version where in the worst case you lose all your devices and don’t have latest backups, you can always log into your Ente account and get what you need. But if you find 2FAS works better for you, you do you.

Edit: but besides this, you seem to have taken all the right steps and I see no major concerns.

The only issue I have with all the filters on, is come hardware sites (Lowe’s, homedopot, menards), Guns sites, and media based sites. For the media based sites I found alternatives, like Freetube, and RSS feeds converting services. My internet activities are primarily forums, videos, and voice chat.

My Issue with Portmaster NOW is that it locks up and blocks ALL traffic. If I force close it, my connection immediately come back. I’m someone who leaves their machine on 24/7. So the reboots do not bother me.

The changes like I said were painful, but only because I had 19years of passwords, and I wen through everyone deleted the ones for dead site, it was about half of the saved passwords, changed the email and passwords then deleted the accounts of site I don’t use, if they didn’t let me delete the account I generated a temp email on one of the many temp email sites until I found one they accepted. Then going in and deleting all my information out of my google accounts, and then i watched it for a year to see if I missed anything with the emails that came in. With Google and Meta services, I found many accounts on site that I connected through the google and meta accounts so I also when through those and deleted the accounts there. I partly put myself through this to get the emotional understand of how exposed I was to match my intellectual understanding of it. And going through 19years of this was emotional. I can clearly see how all this information could be used to build a digital simulacrum of myself. Also it was emotional to revisit key-points of my life in what was ‘real time’, it was a bit surreal. I could have done it in a year I think, but I took the time to ponder on the past, and reconnected in 2 old friends, seeing how the reasons we had our falling out was trivial looking back. And pulling off all my person media off them then getting them properly ingested.
This helped me better convey the case for my small circle of people in my life. They all have started a similar journey, though I would not expect anyone to go through things like I did.

I haven’t been a big fan of 2fas, so next time I get motivated I will check out Ente Auth, at first glance it does look like it addresses some of my annoyances of 2fas. This is why I posted here, thank you!

As for OS I am still on Windows11 one of the ‘Tiny’ type installs I stumbled through ‘building’ myself. I have every intention of moving to an immutable Linux distro. But I have been holding off hoping for a few things finish their rollout. I am waiting for budgie to complete their move to Wayland, and for Wine to resolve of the DPI and resolution issues. I am currently running the ATOMIC Fedora Budgie distro on a laptop that I dedicate to my Obsidian usage.

And I use 3 browsers, one for daily use (zen), LibreWolf for all financial things, and Mull for anything I deem more… out of the box.

1 Like

Nothing in particular wrong with everything you’re doing.

You are going a bit overboard for most threat models. Simplifying things a bit might be more sustainable and wouldn’t add any risks in most people’s case.
Keeping things simple reduces mistakes.

I have to applaud going through all your accounts, I’m well aware it’s painfully tedious at best.

A big concern from my perspective would be backups. A lot of these services have almost no way to help if you forget the password or lose access to the 2FA.
In my case, this is sort of a question of whether I’d be able to retrieve a specific encrypted container using only a good friend or family members devices or what I would need to get in using a new computer.
The biggest risk is probably device theft, so it’s unlikely that everything gets stolen

1 Like

I have the recovery codes for everything saved in bitwarden encrypted notes. And I took some inspiration from the blockchain world and lazer etched some steel plates with the essential recovery codes as well.
But after getting through everything, the day to day of operating in this structure isn’t hindering at all. DNS filter on occasion makes me second think what i am doing. Most of the time I just stop and go to something else. But if it something i NEED to do, yes its a hassle to white list something or two. But I accept this small 2min inconvenience.

The primary thing that got me on this privacy track is that when I was in college my identity was stole due to lax security at the school. Every 12-24 months I have to lock down my financial information and change everything. Now that I’m at a point I’m my life that I have ‘real’ finances to loose, I am working with a lawyer who says I have a strong case for new Social security number. Once I get my case date I will then move to start paying for a couple of the identity removal services.

1 Like

I’m not from the US, so I’m not as familiar with the identity or financial stuff.
It sucks that you were compromised by something you were mostly stuck using and don’t have much control over.

Seems like you have a pretty good plan and idea of what you’re doing overall.

1 Like

Laser etching codes… I know what I’m doing this weekend!