Hello, Lemmy!

It may be difficult to spend time actively improving some of the services you use to have a more privacy conscious presence, and so this thread is dedicated to help people learn and grow in their privacy journeys! Start by stating which services you currently use, and which ones you may be looking for/want to improve. This thread is entirely optional to participate in, because a lot of people understandably feel uncomfortable listing which services they use. Writing those out can be a lot of work, but the payoff is huge!

Remember these rules:

  • Be respectful! Some people are early on in their privacy journey, or have a lax threat model. Just because it doesn’t align with yours, or uses some anti-privacy software, doesn’t mean you can downvote them! Help them improve by giving suggestions on alternatives.

  • Don’t promote proprietary software! Proprietary software, no matter how good it may seem, is against the community rules, and generally frowned upon. If you aren’t sure, you can always ask! This is a place to learn. Don’t downvote people just because they don’t know!

  • Don’t focus solely on me! Since this happened in another one of my posts, I want to mention that this thread is not designed to pick apart only my setup. The point is to contribute your own and help others. That doesn’t mean you can’t still give suggestions for mine, but don’t prioritize mine over another.

  • Be polite! This falls under “Be respectful”, but be kind to everyone! Say please, thank you, and sorry. Lemmy is really good about this, but there will always be someone.

Here is my setup:

Web browsing

  • I use Tor for using online accounts (such as Lemmy, etc.)

  • I use Mullvad Browser for general browsing

  • I use Librewolf for functionality that Mullvad Browser doesn’t have (security keys, etc.)

  • I use Firefox + uBlock Origin for streaming videos that break on Librewolf and Mullvad Browser.

  • I always use a SearXNG instance for web searches. I always use ProtonVPN (free tier). I use a private DNS resolver.

Desktop

  • I use Secureblue (yes, I’m that guy from a post a couple weeks ago)

  • I sit behind a firewall.

  • I only use FOSS Flatpaks with Flatseal.

  • My BIOS is password locked but proprietary (due to compatibility issues).

  • I occasionally use Tails because I think it’s fun.

  • I use full disk encryption, multiple disks, and a second layer of encryption for specific important files (NSA style)

Mobile

  • I currently use hardened iOS until I can scrape together some money for a Pixel to use GrapheneOS

  • Again, I constantly use ProtonVPN (free tier)

  • I use a private DNS when ProtonVPN is turned off

  • I use AdGuard, but I browse the internet with the DuckDuckGo app (I can’t sideload)

  • I use a very strong passcode

  • Airplane mode is constantly enabled, I don’t have a SIM

  • I use a Faraday bag to store my device when I’m in public

  • I use a privacy screen protector

Messenger

  • I mainly use Signal with a borrowed phone number, because SimpleX is still buggy on iOS, and Signal is the easiest to switch friends to. I rarely use iMessage, but there are times when I have to.

Online accounts

  • Passwords are stored in Bitwarden for mobile accounts, and KeePassXC for desktop accounts.

  • Yubikey is placed on any account I can, otherwise 2FAS is used

  • I keep public accounts (Lemmy, etc.) as locked down as I can.

Video streaming

  • I use the native YouTube app on iOS, simply because any of the others I’ve tried either don’t actually work or require a Mac to install. I don’t have a Mac, obviously.

  • I use FreeTube on desktop, but as I was writing this I was informed that FreeTube has a few issues I may want to look into (Electron).

AI

  • I would love to know if there are any Flatpaks that run local LLMs well, but I currently use GPT4All (since that’s what I used a year ago).

  • On mobile, I use an app made by a friend that gives access to GPT-4 and Gemini. Because it’s running off of his own money, I’m not going to share the project until he has a stable source of income.

Social Media

  • I don’t use any social media besides Lemmy.

Email

  • I use ProtonMail

  • I have addy.io as an alias service

Shopping/Finance

  • I currently either proxy my online purchases through someone else (have them buy it for me and I pay them back), or use a gift card

  • For physical purchases I use cash

  • I only use my bank account for subscriptions (Spotify, etc.)

  • I am working on using Monero and privacy.com

Music streaming

  • I use Spotify on my phone

  • I use Spotube or locally downloaded files on my computer

  • I have multiple AM/FM receivers with some yard long antennas and direct metal connectors

TV shows

  • I stream from ethical services for some movies

  • I go to a theater or buy a DVD for other movies. I am the proud owner of a USB DVD player.

  • I also have an antenna hooked up to my TV

  • There are certain IPTV services I have used in the past

  • I do not use a smart TV.

Gaming

  • I download local games, plain and simple. Or I code my own game.

Programming

  • I code in Python using PyCharm. I’m looking for alternatives.

  • I will use GitLab when I decide to publish some of my work.

Productivity

  • LibreOffice, although the UI is iffy

Misc

  • I don’t use any location services

  • All my clocks are set to UTC

  • I don’t have a smart watch

  • I don’t have a smart car

  • I use Bluetooth earbuds

  • I cover my webcams with paper and tape. Reason: It’s worth taking a couple seconds to peel tape off when you use the webcam than to risk a massive breach.

Thanks for reading!

Note here: I found out the other day that a Google Streetview car passed by my house, and my blinds being shut were the only thing keeping my room away from prying eyes. Is there an easy way to blur/censor my house without giving up my soul?

Special thanks

Lots of people kindly contributed their personal setups in the comments, and some even made their own posts! I’m really glad I could spark inspiration and start a way for people to learn and grow in their privacy journeys. To think, just this morning, I was stressing on if people would even enjoy the post at all! Thank you all again, and please go forward to inspire others. I am not the person who made this happen, all of you are!

  • baritone_edge@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    9 months ago

    Here is my setup:

    Web browsing

    • I try to stay in Tor, but it doesn’t work everywhere.
    • For general browsing I switch up using Brave, LibreWolf, Mullvad Browser, and (semi-hardened) Firefox. Working on shortcut(script) to randomly select my browser for me. Theory: Rotating browsers because fingerprinting and mitigating currently unknown security risks.
    • I wrote a program I call the Browser Condom. It’s a separate application because extensions increase fingerprinting. It’s a clear window so I can still see the browser underneath, but the mouse movements aren’t sent to the DOM because the OS thinks I’m in another application. Working on adding the ability to pass text through at random intervals to prevent both mouse and keyboard tracking. Still a WIP
    • Copy and paste all text into the browser until the browser condom is finished.
    • I Host a SearXNG instance and Adguard DNS… Working on improvements to my DNS, I haven’t gotten it as secured as I’d like

    Desktop

    • QubesOS, Kali, Tails, Debian
    • “More firewalls than the devil’s bedroom.”
    • Application specific firewalls and VMs for all banking/financial needs.
    • Full disk encryption
    • For files that need encryption I use 2 different programs to encrypt just in case there’s a vuln in one. Files are on air-gaped machine. I also have lots of encryption programs installed onto that computer so you’d have to try lots of programs to find the right combo.

    Servers (too much to list but here’s some random stuff)

    • SearXNG
    • AdguardDNS
    • NextCloud
    • Calibre
    • pfSense, OPNSense, combine with Software Firewalls
    • Intrusion prevention and detection
    • Proxmox
    • Kali – Custom web scraping, pen testing, misc scripts running.
    • Nginx
    • A Reverse Proxy
    • Traefik, tinyproxy, and HAProxy
    • AWS, Linode, Some dark web services

    Mobile

    • LineageOS + GraphineOS + Kali NetHunter + Android (multiple phones + Sims)
    • No GApps
    • For my daily carry I have VPN on work profile and TOR on main profile
    • I use InviZible Pro for main profile for Tor + DNSCRYPT + Firewall So I can selectively block apps from the internet and route everything else through tor or VPN depending on the profile.
    • Faraday bag
    • Privacy screen protector
    • Developer mode enable so I can disable mic and other phone sensors
    • Headphones both with and without microphone
    • Opened phones and removed: cameras, some mics to eliminate triangulation, and fingerprint sensors.
    • Change number, provider, and phone every year.

    Messenger

    • Signal
    • Telegram

    Online accounts

    • Bitwarden for passwords but all emails are incorrect so if it’s compromised they still can’t login. I use their cloud sync service because with how many time I brick my machines/servers, I don’t trust my backups. I have physically lost 3 different backup external HDDs in the last 2 years.
    • Have to go to email forwarding services to get login email address.
    • Yubikey

    Video streaming

    • Invidious
    • NewPipe
    • GrayJay
    • Torrents

    AI

    • GPT4All on air-gaped computer.

    Social Media

    • Lemmy - always rotating accounts, post both what I believe and what I don’t

    Email

    Shopping/Finance

    • Gift cards
    • Pay friends to purchase.
    • IronVest (used to also have Privacy.com, when they worked they were great)
    • Cash
    • P.O. Box with a name as the ‘business name’.

    Music streaming

    • Nope. Downloaded files or nothing.

    Programming

    • VSCodium (VSCode with Microsoft telemetry stripped)
    • Personal Git server

    Misc

    • I don’t have a smart watch
    • I don’t have a smart car
    • I don’t have a TV
    • Reflectacles for glasses
    • Custom Firmware on multiple routers so I can have networks that route through VPN/Tor/AdGuard/etc… depending on the needs for my device at the time
    • I physically remove webcams from all devices and use USB webcam if needed.
    • I don’t use Docker, I build my servers up from scratch. Takes a lot longer with many more headaches, but I learn so so much more. Also Docker is so easy it’s just boring.
    • Tinfoil hat wasn’t good enough, melted down pop cans and forged my own just in case tinfoil comes with spyware preinstalled.

    I feel like I’m missing a bunch of stuff and I probably am, but that’s all I’m going to include or I’d probably have to self-publish as a novel.

    **Edited for readability

    • The 8232 Project@lemmy.mlOP
      link
      fedilink
      arrow-up
      1
      ·
      9 months ago

      Reading this, my only thought was “This setup is eerily similar to the one I aspire to have.” Good job! I may reply with questions if I feel up for it.

    • Mikina@programming.dev
      link
      fedilink
      arrow-up
      1
      ·
      9 months ago

      That’s seriously impressive. I wonder, what is your threat profile for all of these? It seems to me like some of the things you do have a drastic impact on user experience, while also not providing that much of a benefit unless you have some really sensitive data.

      • baritone_edge@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        9 months ago

        The threats I started with were just Google, Facebook, and data brokers… But it quickly progressed to a game level, where I do it now for fun.

        It would probably be too inconvenient to maintain if I spent much time online. Probably 80% of the time I spend at the computer is trying to improve my privacy. Work doesn’t have any computer requirements (yea manual labor jobs) and I spend most of my personal time hunting, fishing, and reading.