Hello, Lemmy!

It may be difficult to spend time actively improving some of the services you use to have a more privacy conscious presence, and so this thread is dedicated to help people learn and grow in their privacy journeys! Start by stating which services you currently use, and which ones you may be looking for/want to improve. This thread is entirely optional to participate in, because a lot of people understandably feel uncomfortable listing which services they use. Writing those out can be a lot of work, but the payoff is huge!

Remember these rules:

  • Be respectful! Some people are early on in their privacy journey, or have a lax threat model. Just because it doesn’t align with yours, or uses some anti-privacy software, doesn’t mean you can downvote them! Help them improve by giving suggestions on alternatives.

  • Don’t promote proprietary software! Proprietary software, no matter how good it may seem, is against the community rules, and generally frowned upon. If you aren’t sure, you can always ask! This is a place to learn. Don’t downvote people just because they don’t know!

  • Don’t focus solely on me! Since this happened in another one of my posts, I want to mention that this thread is not designed to pick apart only my setup. The point is to contribute your own and help others. That doesn’t mean you can’t still give suggestions for mine, but don’t prioritize mine over another.

  • Be polite! This falls under “Be respectful”, but be kind to everyone! Say please, thank you, and sorry. Lemmy is really good about this, but there will always be someone.

Here is my setup:

Web browsing

  • I use Tor for using online accounts (such as Lemmy, etc.)

  • I use Mullvad Browser for general browsing

  • I use Librewolf for functionality that Mullvad Browser doesn’t have (security keys, etc.)

  • I use Firefox + uBlock Origin for streaming videos that break on Librewolf and Mullvad Browser.

  • I always use a SearXNG instance for web searches. I always use ProtonVPN (free tier). I use a private DNS resolver.

Desktop

  • I use Secureblue (yes, I’m that guy from a post a couple weeks ago)

  • I sit behind a firewall.

  • I only use FOSS Flatpaks with Flatseal.

  • My BIOS is password locked but proprietary (due to compatibility issues).

  • I occasionally use Tails because I think it’s fun.

  • I use full disk encryption, multiple disks, and a second layer of encryption for specific important files (NSA style)

Mobile

  • I currently use hardened iOS until I can scrape together some money for a Pixel to use GrapheneOS

  • Again, I constantly use ProtonVPN (free tier)

  • I use a private DNS when ProtonVPN is turned off

  • I use AdGuard, but I browse the internet with the DuckDuckGo app (I can’t sideload)

  • I use a very strong passcode

  • Airplane mode is constantly enabled, I don’t have a SIM

  • I use a Faraday bag to store my device when I’m in public

  • I use a privacy screen protector

Messenger

  • I mainly use Signal with a borrowed phone number, because SimpleX is still buggy on iOS, and Signal is the easiest to switch friends to. I rarely use iMessage, but there are times when I have to.

Online accounts

  • Passwords are stored in Bitwarden for mobile accounts, and KeePassXC for desktop accounts.

  • Yubikey is placed on any account I can, otherwise 2FAS is used

  • I keep public accounts (Lemmy, etc.) as locked down as I can.

Video streaming

  • I use the native YouTube app on iOS, simply because any of the others I’ve tried either don’t actually work or require a Mac to install. I don’t have a Mac, obviously.

  • I use FreeTube on desktop, but as I was writing this I was informed that FreeTube has a few issues I may want to look into (Electron).

AI

  • I would love to know if there are any Flatpaks that run local LLMs well, but I currently use GPT4All (since that’s what I used a year ago).

  • On mobile, I use an app made by a friend that gives access to GPT-4 and Gemini. Because it’s running off of his own money, I’m not going to share the project until he has a stable source of income.

Social Media

  • I don’t use any social media besides Lemmy.

Email

  • I use ProtonMail

  • I have addy.io as an alias service

Shopping/Finance

  • I currently either proxy my online purchases through someone else (have them buy it for me and I pay them back), or use a gift card

  • For physical purchases I use cash

  • I only use my bank account for subscriptions (Spotify, etc.)

  • I am working on using Monero and privacy.com

Music streaming

  • I use Spotify on my phone

  • I use Spotube or locally downloaded files on my computer

  • I have multiple AM/FM receivers with some yard long antennas and direct metal connectors

TV shows

  • I stream from ethical services for some movies

  • I go to a theater or buy a DVD for other movies. I am the proud owner of a USB DVD player.

  • I also have an antenna hooked up to my TV

  • There are certain IPTV services I have used in the past

  • I do not use a smart TV.

Gaming

  • I download local games, plain and simple. Or I code my own game.

Programming

  • I code in Python using PyCharm. I’m looking for alternatives.

  • I will use GitLab when I decide to publish some of my work.

Productivity

  • LibreOffice, although the UI is iffy

Misc

  • I don’t use any location services

  • All my clocks are set to UTC

  • I don’t have a smart watch

  • I don’t have a smart car

  • I use Bluetooth earbuds

  • I cover my webcams with paper and tape. Reason: It’s worth taking a couple seconds to peel tape off when you use the webcam than to risk a massive breach.

Thanks for reading!

Note here: I found out the other day that a Google Streetview car passed by my house, and my blinds being shut were the only thing keeping my room away from prying eyes. Is there an easy way to blur/censor my house without giving up my soul?

Special thanks

Lots of people kindly contributed their personal setups in the comments, and some even made their own posts! I’m really glad I could spark inspiration and start a way for people to learn and grow in their privacy journeys. To think, just this morning, I was stressing on if people would even enjoy the post at all! Thank you all again, and please go forward to inspire others. I am not the person who made this happen, all of you are!

  • @MigratingtoLemmy
    link
    108 months ago

    Very nice read, I look forward to posts with detailed explanations of realistic privacy setups!

    With that said, here we go:

    1. TOR has been compromised. It likely doesn’t matter if you’re not doing anything that nations would be interested in, but something to keep in mind.
    2. True nerds/privacy hobbyists always have multiple browsers for different use-cases. Bravo! I need to take a look at Mullvad myself, I really don’t like Brave anymore.
    3. Do you host your SearXNG instance? It should not be very hard to do on the cloud.
    4. Which DNS resolver? I’m assuming this is upstream to your Adguard setup, which means the latter acts as the recursive resolver in your setup, if I understand correctly.
    5. Didn’t hear about SecureBlue before this, good distro in theory. Thanks.
    6. Ever thought of getting a 10-year old Thinkpad yet to get rid of that pesky BIOS? \s
    7. Do you have DoT and DNSSEC set up for your “private” DNS? Also, is this something like Quad9?
    8. With the combination of flight mode and a Faraday bag along with not having a SIM, I’m assuming that people don’t reach you using traditional means (calling). How do you stay in contact with others?
    9. Define “locking down” of public accounts.
    10. I have been thinking of AI for a bit, and you can get a P40 with 24GB VRAM for about $100-$150 on Ebay. Put that in an old computer and fight with licensing for a bit (Craft Computing has a good video on getting VFIO working on Nvidia cards by tricking the software) and you’ll have a great setup for AI.
    11. I’d stop with the subscriptions and start sailing the high seas, personally, but I understand if the sentiment does not sit well with people here. Piracy simply gives you more control and privacy. Look at LocalMonero to try and get monero without leaving a trace (directly converting fiat to XMR and exchanging for gift cards online after churning).
    12. You must be using an old TV, but if you really need to purchase a new TV at some point (and it’s very likely to be “smart”), you can simply disconnect the WiFi antenna from the back of the device. If you’re really good at embedded systems, you could find the flash chip that holds the BIOS/OS of the TV and remove it (and edit the boot sequence) or flash it with something else. This is true for everyone who has a smart TV.
    13. Holy shit this guy programs games to play them what a chad.
    14. Please switch to Codeberg, Gitlab is annoying.
    15. How do you coordinate local time with other people if your clocks are set to UTC?

    That was a lot. Thanks for reading!

    • @[email protected]
      link
      fedilink
      38 months ago
      1. Yup, here’s a good article about it - TL;DR - it can be useful, but you need to be careful
      2. I use Brave for testing my work stuff on Chrome; Firefox w/ Container Tabs for pretty much everything else

      Piracy simply gives you more control and privacy

      True, but I’m also morally against it. I’m not too worried about a game platform knowing what games I buy though, so I just stay away from cloud-based games and call it good.

      disconnect the WiFi antenna from the back of the device

      I’ve been thinking of putting mine on a DMZ. Do you think that’s sufficient, or is there documented evidence of TVs connecting to free Wi-Fi automatically? I suppose I could run a cable, but I will need some way to connect my streaming server to my TV (I suppose I could throw a Raspberry Pi behind it).

      Codeberg

      I’ve heard about it, good call-out.

      • The 8232 ProjectOP
        link
        fedilink
        1
        edit-2
        8 months ago

        A few notes on the article

        1. The article is 3 years old

        2. One type of attack, for example, would identify users by minute differences in the clock times on their computers.

        This is unreliable, I would like to see how exactly it was done.

        1. It references some exploits that have been patched

        2. One of the points mentioned is simply “He was the only one using Tor on the network at the time”, which still didn’t deanonymize him from Tor’s perspective.

        3. Anybody can operate Tor nodes and collect your data and IP address

        Anyone can operate a node, nobody can collect your decrypted data, because of E2EE. Guards can see your IP address, which is why you can use a VPN behind Tor.

        I stopped skimming after that. Anyone who wants to continue can, but I’d say the article is mostly stale.

        • @MigratingtoLemmy
          link
          28 months ago

          I believe the exploit was done at scale; the government had bought massive compute power from cloud providers to run TOR nodes and thus were able to track information flow (if you have the majority of nodes under your control, you can mathematically trace connections with their metadata across the TOR network).

          I haven’t kept up with the news but it’s a safe assumption that they have the funds to keep doing this for perpetuity.

        • @[email protected]
          link
          fedilink
          18 months ago

          This is unreliable, I would like to see how exactly it was done.

          As would I, but the FBI is unwilling to release details. They also can’t be trusted, but I have to assume that there is a legitimate attack here.

          exploits that have been patched

          The point of this article is to make it clear that just using Tor isn’t a solution in itself, you need to be aware that using it makes you stick out, and that there are attacks that can make you more vulnerable.

          If you pair a VPN with Tor, you avoid a lot of the issues.

          stale

          Do you know if the funding issue is resolved? The article claims Tor is funded 90-100% by US Intel agencies. That’s a pretty massive conflict of interest, and the article points out specific incidents where authorities were notified of bugs before the public. That’s pretty normal security procedure, so the concern is if state level actors are able to delay fixes to get their exploits updated first.

          If their funding is more diversified now, I’d be much less worried.

          • @[email protected]
            link
            fedilink
            28 months ago

            The document does not make clear using Tor is not a solution itself. It uses wrong statements, things that aren’t related to the topic and so on but on the other hand, they state (and so did you) Tor ‘is compromised’. That is not a ‘good’ document. It had some vibes of beging written by a competitor.

            (And I do not say using Tor is safe or not I simply do criticize your source)

            • @[email protected]
              link
              fedilink
              1
              edit-2
              8 months ago

              What’s not related? I thought that document was pretty clear and detailed. For example:

              • Tor is largely funded by the US government - this has gotten better and is down to 38%, but they’re still the largest donor - not a big problem, but there may be a conflict of interest here
              • FBI doesn’t need a warrant to monitor Tor, whereas the do to monitor sites/ISPs
              • many exit and relay nodes are run by state actors

              So you can’t just blindly use it and expect to stay anonymous, you need to take certain precautions. I think “compromised” may be a bit strong, but it does get the point across.

            • @[email protected]
              link
              fedilink
              18 months ago

              I checked, and it seems the US State Department is 38% of funding as of 2021 fiscal year, which is a lot better, but they’re still the biggest donor. So the direction the project is going is good.

    • The 8232 ProjectOP
      link
      fedilink
      2
      edit-2
      8 months ago

      Do you host your SearXNG instance? It should not be very hard to do on the cloud.

      No, that’s fingerprintable (i.e. Google can see which API key you use to correlate traffic)

      Which DNS resolver?

      Currently NextDNS, may switch to Mullvad DNS soon

      Didn’t hear about SecureBlue before this, good distro in theory. Thanks.

      It’s certainly different from others, I would read up on what Atomic distros are

      Ever thought of getting a 10-year old Thinkpad yet to get rid of that pesky BIOS? \s

      I know that was sarcastic, but when I have the money I will be purchasing a QubesOS certified laptop.

      Do you have DoT and DNSSEC set up for your “private” DNS? Also, is this something like Quad9?

      I don’t know how. And no.

      With the combination of flight mode and a Faraday bag along with not having a SIM, I’m assuming that people don’t reach you using traditional means (calling). How do you stay in contact with others?

      Through Wi-Fi (messaging apps). NBTV has a video on how to “survive” without cellular

      Define “locking down” of public accounts.

      Turning as much as I can private, using fake emails, disabling telemetry, etc.

      I have been thinking of AI for a bit, and you can get a P40 with 24GB VRAM for about $100-$150 on Ebay. Put that in an old computer and fight with licensing for a bit (Craft Computing has a good video on getting VFIO working on Nvidia cards by tricking the software) and you’ll have a great setup for AI.

      Thank you! My GPU runs AI fine, I’m more interested in certain apps that provide open source models.

      I’d stop with the subscriptions and start sailing the high seas, personally, but I understand if the sentiment does not sit well with people here. Piracy simply gives you more control and privacy. Look at LocalMonero to try and get monero without leaving a trace (directly converting fiat to XMR and exchanging for gift cards online after churning).

      I plan to move away from Spotify (my only subscription) when I get GrapheneOS

      You must be using an old TV, but if you really need to purchase a new TV at some point (and it’s very likely to be “smart”), you can simply disconnect the WiFi antenna from the back of the device. If you’re really good at embedded systems, you could find the flash chip that holds the BIOS/OS of the TV and remove it (and edit the boot sequence) or flash it with something else. This is true for everyone who has a smart TV

      Something I will deal with when laws force me to upgrade ;)

      Holy shit this guy programs games to play them what a chad.

      😅

      Please switch to Codeberg, Gitlab is annoying.

      Why?

      How do you coordinate local time with other people if your clocks are set to UTC?

      Math. Add or subtract the offset. Or ask what time it is. My (non-smart) watch is set to the correct time, however.

    • Possibly linux
      link
      fedilink
      English
      18 months ago

      Tor has very much not been compromised. Don’t believe what the glowies tell you