Considering the current intrusive cyber climate, what are the best ways to preserve privacy?
For example, I have been exclusively using a VPN connection network-wide at home setup on OpenWrt, which in turn has a PiHole as its DNS, with the PiHole using Unbound and NextDNS (redundant I know, but I use it to encrypt my requests more than anything else).
I also have Wireguard setup so I can VPN all my devices to my network while I am on the road (also have a NextDNS profile installed. Yes I know, it’s redundant).
I also basically have all my “smart” devices (TV, lightbulbs, air purifier, etc…) at home cutoff from the internet using OpenWrt’s firewall to prevent them from calling home.
I rotate web browsers frequently to try and attempt avoiding getting fingerprinted, not sure how useful that is.
I switched email providers to mailbox.org because f*** Google and Microsoft.
I also am hosting my own cloud drive on Nextcloud to avoid using services like GDrive, OneDrive, Dropbox, etc…
I own Apple devices which aren’t the best for privacy but migrating from a whole ecosystem that I have been embedded in for MANY years is easier said than done. Hopefully in the future that’s my next move.
I feel like there is a lot more I can do but I am not sure what else. I would appreciate any and all suggestions ya’ll might have.
EDIT: I’m not being too extreme with my caution as some comments are making it sound to be. I am a very average person who is privacy conscious yet realize being cut off from the internet and society is not realistic. I guess my threat model is your basic “day-to-day it’s non of your business who am I online or what I do, please don’t profile/fingerprint me, I am just a passerby” kinda threat model.
I wouldn’t worry about moving away from the apple devices. Just turn on lockdown and keep it on, do the privacy checkup or whatever it’s called and use a doh profile.
On the other hand, which is to say stuff you should be doing to enhance your privacy, stop voting. Assuming you’re in the us, voter rolls with your home address are free for any advocacy group to peruse. Consider moving your home under a trust or something so that your property taxes are not tied to your name. If you rent, stop renting, if you can’t, consider renting a place from your local credit union instead of from a company. Banks have more chance to protect your privacy than a rental company will r an individual.
Don’t use localization or weather apps, don’t use soft or services from big (US) corporations, don’t use discount or banking apps in your mobile, use a good VPN/SPN or Snowflake, use Pi-Hole or better Portmaster on desktop, InVizible Pro on Mobile, don’t store sensible data on your Mobile…the most important, use your common sense, PEBCAK
What do you think of weather apps from F-Droid?
All weather apps need your location, well from your GPS data or entering it manually and this is always an security hole, even if the app don’t share it. If you want to use it, is preferable an FOSS app from F-Droid than one from Google Play, but the best apps are from the official meterologic agency of your country (in Spain AEMET), these are the most accurate and reliables and not driven by commercial interests, other apps anyway use their info from these agencies.
Sadly, NOAA is prohibited from making their own weather app. God bless America.
You have taken a lot of useful steps. May I suggest email aliases? Using same email address on many services is too easy to track
Use cash. A card payment allows your bank and the shop to track you.
This is a big one. Going back is a bit painful but nobody said fighting the class war would be easy
You are still exposed by using Apple products. Use linux for PC’s with encryption, vpn. For a phone, switch to device, such as a Google Pixel, or several other manufacturers that can use a privacy android rom. I use CalyxOS, private, secure and de-googled.
Lets not forget…operation PRISM which was exposed by Snowden.
The best way?
Get rid of all the connected stuff entirely, delete all your online accounts, get rid of your cell phone and similar devices, start paying cash for everything. Close your bank accounts and keep your money under your mattress. Move into the woods, grow your own food, and don’t talk to anyone.
The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it.
-Robert Morris
Not taking it to the extreme here, being more realistic with what can be done in today’s society.
Can’t really move to the woods and be cut off from the internet, sadly enough that’s not something we can do nowadays.
The measures you’ve taken are more than enough for your threat model. I think it now depends on your data hygiene. Weakest link kinda thing, where it doesn’t matter if your home network is locked down and you use privacy friendly services if you’re careless with your data anyway; which I assume you aren’t.
Thank you.
To your point, one example that comes to mind is that I have read many people complaining about cloudflare, saying it’s “evil” and over extending. While I agree on the aspect of Cloudflare being sort of a monopoly, I am not sure what else to use to route some of my traffic to my services running at home without explicitly opening up ports to the internet by using a reverse proxy for example.
In that regard, Cloudflare has access to my traffic and data could theoretically leak that way, but I am not sure what is a safer and better alternative to it.
Tailscale (https://tailscale.com/) works great for remote access to your private services. Once the wireguard tunnel is established, then the traffic is peer-to-peer (assuming it’s configured correctly) and not through their centralized servers. Even from a mobile device.
Check out Pangolin with a cheap Racknerd VPS. More info over in c/selfhosted@lemmy.world
All data is routed through somewhere you don’t have control over at some point. If everything is encrypted then you are fine. You could setup a vps and proxy through that instead of Cloudflare, but you are just relying on the vps provider to protect any data/not snoop then rather than Cloudflare.
The only real way to be completely private is to just avoid connecting to the internet at all, but that’s not really feasible. Just get to a point where you are comfortable, you’ve already done more than most to protect yourself (as much as you can without it getting silly anyway). Good job!
What bs if I have a reverse proxyy data gets decrypted by the person who it should be. Cloudflare MiTM the data.
You might enjoy reading Extreme Privacy by Michael Bazzell
This book is amazing. Every other resource I find refers back to Michael Bazzell as the expert.
I ordered it yesterday 😂
Thanks for the suggestion though. I really appreciate it.
You pretty much got the foundational stuff plus a little more established. Aside from getting away from Apple, which you already mentioned, there’s not much more I can think of without going full tinfoil hat. The main thing, in my opinion, is just not being a wide open door and giving away your personal data freely. Sounds like you’re there, so long as you don’t have social media accounts.
I feel I am missing out on other things and that I could do much better though.
Like you said, aside from a tinfoil hat, I think my setup is very basic and can be improved.
More encryption is the only thing I would think worthy of mention since I don’t see that listed anywhere. Encrypted messengers, encrypted storage, encrypted emails.
Removing anti-libre software, like WhatsApp, Instagram and iOS, from your friend’s devices.
Aside from iOS, I am already there. Soon enough, I hope, I will migrate from Apple’s ecosystem. Already have my Linux box setup and functional recently. One step at a time.
There is a lot, and there are a lot of levels. I am working on this now as well. Escalating from where I was, its a learning process. Too much to type in a single comment/response.
If you would like more info on removing your info from the internet, reducing the amount of spyware on your android phone, de-googling yourself, or limiting how much info you spill while you browse, we can connect and I can share what I have been doing. Ive got plenty I still need to do beyond this, but I am happy to share my lessons learned as it were.
I would be more than glad to connect and learn from more experienced people. DM is fine or do you prefer something else?
or XMPP would work as well
Hey fellow XMPP user!! lol
hahah, nice. try and message me when you get a chance and ill share my notes.
How do you firewall specific devices with OpenWRT? That’s something I’m about to start attempting myself.
I used the IP + MAC address of the devices I want to block.
Do you set static IPs for everything you wish to block?
Setting static IP’s is generally a good practice to take if you want to keep track of any device.
