I have been trying to take my online privacy but I will admit—it feels such as a huge rabbit hole. There is so much out there: VPNs, encrypted messengers, privacy browsers, trackers, firewalls & it is hard to tell what is effective & what is just hype.
I am not looking to go full tinfoil hat but I do want a setup that gives me a solid level of protection without completely flipping my digital life upside down. I have heard some people suggest starting with structured resources such as CISSP Training but I am not sure if that is too advanced for someone just trying to protect personal data & devices.
What steps did you take when you started getting serious about privacy?? Any tools or habits that made a big difference for you? I want to hear your thoughts or even see how your current setup look.
Threat modeling is important. It’s basically just the underlining decision of what it is you’re trying to protect yourself from. For me, I hide from corporations, but I’m not really worried about government entities or state level actors.
I would divide what I do into three separate levels.
Level 1, the lowest level of protection that I do for myself is that I don’t use shopping memberships, or provide (real) email or phone number at any business that I use.
I use Simple Login to create alias email addresses that can forward to my inbox if I want to receive a message. After I create them, many are just switched off.
I create these aliases in advance and mark them “unused”, so that when I’m out and about if I have to provide an email address, I can just open the app and select an unused one without having to do other steps of creating it.
Level 2, the next level deeper, is that I do not use gmail, Yahoo, msn/hotmail, etc. I use protonmail, so that my email inbox is not scanned and spammed. Using the combination of protonmail and simple login has basically reduced the spam that I received to almost nothing.
Protonmail and Tutanota are the most prevalent for me in this category but there are a few other providers out there.
Level 3, the step that’s seemed to be the hardest, I deleted social media. No Facebook. I did miss it for a while. But honestly, I missed Google Drive more. Lol.
I also use signal messenger as my main communication method with those close to me. I still use SMS with some people but I really try to stick with signal messenger.
I use graphene OS on my phone. It’s super easy to set up and there’s no excuse not to use it unless you don’t currently own a pixel device. Get a pixel device when you buy your next phone if you want to try it.
That’s some of what I did for myself as a base level three-step program, Your steps may be different. The first thing you need to decide is what it is you’re trying to keep private.
I didn’t want my day-to-day habits of using the credit card or debit card or the grocery store or what I buy and where I buy it from to just be searchable by anyone. By not using a shopping club number or my real email or phone, makes the algorithm have to contact the credit card agency to get this information… which won’t be there in cases where I use cash to pay.
I didn’t want to open my email and have a bunch of spams from Google scanned my inbox and decided that I might be interested in “x” offer.
I feel like Facebook is basically like a survey and a profile all the time. I didn’t like filling it out like a survey to a supervillain. I didn’t like sharing my life or other preferences willingly, or having them exposed through an algorithm.
Also, since the Patriot Act all phone messages are recorded, stored, or otherwise catalogued. a SMS message is basically a postcard. A private phone call is recorded by the state, no matter what you do. So to minimize that footprint, I use signal, which either deletes or encrypts my communications. It makes it incredibly easy for other people to use encrypted communications by just installing that app. The best way to get out of people to use it is to start using it yourself even if you only have one person in your life that would use it.
I’ve considered in the past posting my own signal username online so that other people who want to use or try signal have someone to message.
Viewing privacy as a journey can be really useful, because it’s not something you can ever fully complete; new tools will arrive, your life situation or threat model may change, or maybe you start to value certain things over other things. Because of this, I wouldn’t be too worried with the pace of everything.
When I started my privacy journey many years ago, I started with things that were quite easy to change, such as using a password manager, changing my search engine to a privacy-respecting one, and using an ad blocker on my browser. When I learned more along the way, I made new changes and then updated some of my tools because initially I hadn’t really cared about the open source aspect, which only later became more important to me. Some changes have literally taken me years of consideration like when I started to consider if I should switch from iPhone to GrapheneOS. Even to this day, I’m still constantly evaluating the tools that I use, and there are changes that I know I would like to get done in the future, like potentially eliminating WhatsApp completely, but because I live in Europe that is easier said than done.
So, if you’re still in the beginning stages of your journey, I would suggest to start with something that is easy to do. These days, I would prioritize password manager, email aliases, privacy-respecting browser and search engine. Privacy-focused email provider and VPN would also be things that I would encourage starting to use relatively quickly. Two external sources that I recommend are Techlore and Privacy Guides. Both have some really great information and tool recommendations that could also inspire you if you don’t know where to go next. Good luck with your privacy journey!
I can attest privacy can be real overwhelming and with crossfires happening it can be pretty daunting.
Before climbing that privacy tall mountain, asses your threat model, think of it like the equipment you will need to climb or otherwise rather what you have, and go from here, after assessing your threat model, go from here with your journey or we can get it rapid fire-ish if it’s severe, with that said assuming you have similar threat models to most people getting into privacy which is surveillance capitalism, here’s below what I have too say, if not let us know.
as many have said, think of it as a journey, climbing that tallest mountain but it’s ok if you don’t go to the Top quickly (but you never will and I explain later why and why that’s ok and just enjoy climbing the tallest mountain)
Begin with simple things as other said, first by eg. Improving security and auditing privacy settings of platforms you use like Google, try to navigate through security and privacy settings of your phone also to opt out of any data collection, it’s a good start.
Depending on if you;re iOS or Android:
iOS:
With the privacy and security settings checked, if you do utilize iCloud, start by enabling ADP to end-to-end encrypt your data which is a great start, and of course start utilizing password managers and hide-my alias (password manager is free but hide-my is iCloud+ locked iirc so yeah but still)
Android:
There’s isn’t much to say, I could be wrong about this but Google’s Android backups are end-to-end encrypted which is a nice one, by doing theusualy pirvacy and security checkups you should have done it
NOTE: It is generally recommended to use cross platform apps that won’t lock you into one ecosystem (eg. iCloud Photos → Ente Photos, iCloud drive → Proton Drive, etc.)
speaking of alternatives, now it is the time to check them out, Proton and Tuta makes seamless transitions from Gmail and Outlook nowadays I see no point in not trying them out, Proton offers a suite of apps like drive I mentioned before, password manager (generally recommended to separate your password manager or secure your account well otherwise and optionally turn on proton sentinel for extra protection.), calendar and for now just docs but it is a nice suite.
Tuta is also really good but you will be locked to theirs if you wanna move back to something like Proton seamlessly so I would make sure I wouldn’t regret Tuta, Tuta does not yet have Drive but it is in development and currently they only have Calendar and email. (finally for e-mails you can consider using custom domains so that you don;t have to give your new address if you do switch providers)
Speaking of easy switches to platforms, your browser and search engine, it becomes easier than ever, if you prefer something chromium based, Install brave, it should be able to prompt you to import your browsing data from your older browser like chrome, it comes by default with a strong adblocker so no need for uBlock origin imo and comes with brave search by default which you can always change, just avoid something like Google & Bing, Use DDG, Startpage, SearXNG, Brave Search. stuff like that.
Firefox and forks are good alternatives to Google’s chromium, generally best to use the forks but yeah, it’s also what Tor and Mullvad Browser are based out of. Point is there is options out there and it doesn’t have to be chrome or edge or anything like that.
Finally yes, using password managers and 2FA will dramatically improve security and in side effect, it’s a privacy enhancement
^ These never have been easier
Next up would be your Messengers, this one is a little tricky, not because of the barrier of entry but otherwise getting those around you to respect your choice and make the change.
I am lucky enough to have friends and my parents be on Signal but I’ve seen not so many have that luck, to the point they would still use WhatsApp or otherwise.
Generally it is easy to get in yourself and a great start imo is the Techlorians signal group if you can afford it!
Otherwise when you do get signal, there’s a great video on Youtube/Odysee from Naomi Brockwell on tricks to use to get them to use a More Private Messenger like Signal https://inv.nadeko.net/watch?v=s9Ux8DFgMSM
Another easy step also is to get to use frontends of services you use like Youtube, I have used LibRedirect for years and a I highly recommend
And then start getting into the nitty grittys of privacy improvement, like getting a pixel and flashing GrapheneOS onto it (and it’s easy enough thanks to the web installer) or if you’re on iPhone, see above what I said before.
Doing these as like a journey can slowly but surely improve your privacy and likely security signficantly. You may also as well feel like you’re high enough on the tallest mountain at some point
but remember, the tallest mountain is impossible to reach the top unless you’re superhuman with so ever evolving stories, so it’s best to just enjoy climbing it instead!
Start by switching to a privacy respecting browser like Brave. Then take care of OS privacy settings. Afterwards or in parallel start using a password manager. These are usually the frist three steps I would recommend. They are relatively easy, usually don’t decreases usability and nevertheless have a significant impact.
If you’re unsure and feeling potentially overwhelmed, I suggest simply begin by watching Techlore videos and trying those things out. And slowly move to them in your personal life.
This is a marathon, not a sprint and it can take up to a year for you to fully take back control and do all that one can do to become more digitally conscious and private online.
switch your Browser to Brave (you can disable most of the crypto crap) or Firefox
make sure you use an Ad block, Brave already comes with one and for Firefox use uBlock Origin
stop oversharing your private life on social media
change the privacy settings on your social media
look into the privacy setting of every service/program/OS you use, you don’t have to do it all at once just do 1 or 2 every time you have some spare time and feel like it
not privacy related but still worth doing:
setup 2FA whenever possible
use a password manager
make sure to have backups of your most important files
some traps (IMO) i see people falling into:
privacy/debloat scripts for Windows
every single person I’ve seen using them had problems because of them in the long run, Windows will break or get instable (usually those people complain how shitty modern Windows is and that it breaks all the time and when you ask the “have you used any debloat scripts” they will answer “oh yea its the first thing i do every time I install Windows”
VPNs
they do have benefits but they are not a magical tool that instantly solves all of your privacy problems
don’t overthink it too much, some people fall into VPNs and all they can think about is VPNs
Data removal services
they sound nice and are nice in theory but in reality (at least some) just hire people from the 3rd world to send email with all of your information to every data broker and say “please delete those” (obviously oversimplified) even if the data broker didn’t have your data in the first place (I’m also half convinces that some of the people that get hired to write the emails also sell your data to make an extra buck(I saw a drastic increase of spam calls/emails after using one)).
last thoughts:
don’t rush it, its a marathon not a sprint
you sound like you already have one so stick with your threat model and don’t go too far overboard
