Hello, Lemmy!

It may be difficult to spend time actively improving some of the services you use to have a more privacy conscious presence, and so this thread is dedicated to help people learn and grow in their privacy journeys! Start by stating which services you currently use, and which ones you may be looking for/want to improve. This thread is entirely optional to participate in, because a lot of people understandably feel uncomfortable listing which services they use. Writing those out can be a lot of work, but the payoff is huge!

Remember these rules:

  • Be respectful! Some people are early on in their privacy journey, or have a lax threat model. Just because it doesn’t align with yours, or uses some anti-privacy software, doesn’t mean you can downvote them! Help them improve by giving suggestions on alternatives.

  • Don’t promote proprietary software! Proprietary software, no matter how good it may seem, is against the community rules, and generally frowned upon. If you aren’t sure, you can always ask! This is a place to learn. Don’t downvote people just because they don’t know!

  • Don’t focus solely on me! Since this happened in another one of my posts, I want to mention that this thread is not designed to pick apart only my setup. The point is to contribute your own and help others. That doesn’t mean you can’t still give suggestions for mine, but don’t prioritize mine over another.

  • Be polite! This falls under “Be respectful”, but be kind to everyone! Say please, thank you, and sorry. Lemmy is really good about this, but there will always be someone.

Here is my setup:

Web browsing

  • I use Tor for using online accounts (such as Lemmy, etc.)

  • I use Mullvad Browser for general browsing

  • I use Librewolf for functionality that Mullvad Browser doesn’t have (security keys, etc.)

  • I use Firefox + uBlock Origin for streaming videos that break on Librewolf and Mullvad Browser.

  • I always use a SearXNG instance for web searches. I always use ProtonVPN (free tier). I use a private DNS resolver.

Desktop

  • I use Secureblue (yes, I’m that guy from a post a couple weeks ago)

  • I sit behind a firewall.

  • I only use FOSS Flatpaks with Flatseal.

  • My BIOS is password locked but proprietary (due to compatibility issues).

  • I occasionally use Tails because I think it’s fun.

  • I use full disk encryption, multiple disks, and a second layer of encryption for specific important files (NSA style)

Mobile

  • I currently use hardened iOS until I can scrape together some money for a Pixel to use GrapheneOS

  • Again, I constantly use ProtonVPN (free tier)

  • I use a private DNS when ProtonVPN is turned off

  • I use AdGuard, but I browse the internet with the DuckDuckGo app (I can’t sideload)

  • I use a very strong passcode

  • Airplane mode is constantly enabled, I don’t have a SIM

  • I use a Faraday bag to store my device when I’m in public

  • I use a privacy screen protector

Messenger

  • I mainly use Signal with a borrowed phone number, because SimpleX is still buggy on iOS, and Signal is the easiest to switch friends to. I rarely use iMessage, but there are times when I have to.

Online accounts

  • Passwords are stored in Bitwarden for mobile accounts, and KeePassXC for desktop accounts.

  • Yubikey is placed on any account I can, otherwise 2FAS is used

  • I keep public accounts (Lemmy, etc.) as locked down as I can.

Video streaming

  • I use the native YouTube app on iOS, simply because any of the others I’ve tried either don’t actually work or require a Mac to install. I don’t have a Mac, obviously.

  • I use FreeTube on desktop, but as I was writing this I was informed that FreeTube has a few issues I may want to look into (Electron).

AI

  • I would love to know if there are any Flatpaks that run local LLMs well, but I currently use GPT4All (since that’s what I used a year ago).

  • On mobile, I use an app made by a friend that gives access to GPT-4 and Gemini. Because it’s running off of his own money, I’m not going to share the project until he has a stable source of income.

Social Media

  • I don’t use any social media besides Lemmy.

Email

  • I use ProtonMail

  • I have addy.io as an alias service

Shopping/Finance

  • I currently either proxy my online purchases through someone else (have them buy it for me and I pay them back), or use a gift card

  • For physical purchases I use cash

  • I only use my bank account for subscriptions (Spotify, etc.)

  • I am working on using Monero and privacy.com

Music streaming

  • I use Spotify on my phone

  • I use Spotube or locally downloaded files on my computer

  • I have multiple AM/FM receivers with some yard long antennas and direct metal connectors

TV shows

  • I stream from ethical services for some movies

  • I go to a theater or buy a DVD for other movies. I am the proud owner of a USB DVD player.

  • I also have an antenna hooked up to my TV

  • There are certain IPTV services I have used in the past

  • I do not use a smart TV.

Gaming

  • I download local games, plain and simple. Or I code my own game.

Programming

  • I code in Python using PyCharm. I’m looking for alternatives.

  • I will use GitLab when I decide to publish some of my work.

Productivity

  • LibreOffice, although the UI is iffy

Misc

  • I don’t use any location services

  • All my clocks are set to UTC

  • I don’t have a smart watch

  • I don’t have a smart car

  • I use Bluetooth earbuds

  • I cover my webcams with paper and tape. Reason: It’s worth taking a couple seconds to peel tape off when you use the webcam than to risk a massive breach.

Thanks for reading!

Note here: I found out the other day that a Google Streetview car passed by my house, and my blinds being shut were the only thing keeping my room away from prying eyes. Is there an easy way to blur/censor my house without giving up my soul?

Special thanks

Lots of people kindly contributed their personal setups in the comments, and some even made their own posts! I’m really glad I could spark inspiration and start a way for people to learn and grow in their privacy journeys. To think, just this morning, I was stressing on if people would even enjoy the post at all! Thank you all again, and please go forward to inspire others. I am not the person who made this happen, all of you are!

  • sugar_in_your_tea@sh.itjust.works
    link
    fedilink
    arrow-up
    6
    ·
    8 months ago

    Thanks for the post!

    Here’s some of the things I do:

    • browser - Firefox w/ uBlock Origin and container tabs; I’m not worried about my ISP since it only operates in my city, so it’s unlikely they’re selling my data
    • desktop/laptop - OpenSUSE Tumbleweed w/ full disk encryption, basic firewall, etc
    • mobile - currently Motorola Android, will be getting a Pixel soonish to get GrapheneOS
    • messenger - rarely use, but when I do, it’s just SMS w/ my wife and family; work is Slack/Teams; I’d like a replacement, but it’s hard getting people to switch
    • online accounts - Bitwarden; will be self-hosting the data soon
    • video streaming - NewPipe on Android, YouTube and Twitch with ad blocking on desktop
    • music - mostly FM radio in my car, YouTube with ad blocking occasionally at work
    • AI - hard no
    • social media - lemmy
    • email - Gmail (gasp!); switching to ProtonMail on my own domain soon (have an account, just haven’t gotten my contacts switched over
    • shopping - occasionally Amazon (no Prime) and Newegg, mostly at Costco and the local grocery; mostly on credit card because dealing with change sucks
    • TV shows - Netflix and Disney+ subscription; been using DVDs and digital backups more recently
    • gaming - Steam and Heroic (for GOG and EGS)
    • programming - neovim for Python, JavaScript, and Rust, VSCode at work for Typescript (our codebase is a massive mess); been using Gitlab mostly for personal stuff, on-prem Github at work
    • misc - I use an Enterprise router, and have played with putting a subnet on a VPN (soon) and DMZ; I use a lot of Google Sheets, so need an alternative

    So I still have a ways to go. Current priorities:

    • eliminate Gmail - mostly just need to ask my family to use my new email, and set up some forwarding rules
    • alternative to Google Sheets - probably LibreOffice Online with NextCloud or something; it’s going to be tricky because I use it for stock quotes (GOOGLEFINANCE() rocks) and transaction tracking (Tiller integration)
    • home automation - I want an Alexa alternative for playing music; my kids have been asking a lot, and it seems willow might be good enough; if I can get that working, I’ll try automating other things too

    I also want to play with mobile Linux, so I might pick up a Pinephone to mess around with. It’s not quite ready to replace Android for me, but maybe I can help get it there.

    • The 8232 ProjectOP
      link
      fedilink
      arrow-up
      3
      ·
      8 months ago

      I’m not worried about my ISP since it only operates in my city, so it’s unlikely they’re selling my data

      Websites can see what your ISP (or IP address) is, and geolocate you based on that. Also, even small ISPs sell data, and being small is all the more reason to do some sketchy things to grow the business.

      I’d like a replacement, but it’s hard getting people to switch

      I hear that. The easiest thing you can do is try to convince people closest to you to move to something at least a little more privacy respecting. Signal (Molly is a hardened version) has been easiest for me to convince people with.

      YouTube and Twitch with ad blocking on desktop

      Try Invidious or Piped! It’s not for everyone, but it’s worth trying! Also, you should think about adding SponsorBlock to your setup, in case you didn’t know about it.

      AI - hard no

      Fair.

      Gmail (gasp!)

      😱 B-But!!1 /s

      I want an Alexa alternative for playing music

      Would love to hear the alternatives people have! Keep me posted :)

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        arrow-up
        1
        ·
        8 months ago

        Yeah, the geolocation thing by websites is an issue, but most sites just guess the region (from the IP range) and not my specific city, so I don’t think most associate the two. I’m behind a NAT at my ISP, so there’s nothing to uniquely identify my house.

        That said, we’re getting municipal fiber installed soon (next year or two), and I don’t know if I’ll be behind NAT. I’m guessing I won’t (which is good), but that also means I’ll need to put most of our traffic through a VPN or something. I’ll probably pick one in my metro area, at least until I get replacements for all of the creepy sites I use (e.g. I don’t want restaurant search results for New York or California if I don’t live in either).

        Signal

        Yeah, just need to get my wife to switch. Getting my parents and siblings on as well may be difficult, but I’ll see what I can do.

        SponsorBlock

        Honestly, sponsorships don’t bother me. They don’t violate my privacy like ads do, and the people I watch are very respectful with how and when they do it (e.g. one is always at the end, others are always at the start). I would rather just drop channels that don’t respect my time than block their nonsense.

        I’m considering moving to Nebula and Odysee, but only a few of my favorite channels are there, though maybe there are decent alternatives.

        Alexa alternative

        Keep me posted!

        Absolutely! I’ll probably make a post once I have time to mess with it and get something working. The intent is to play music on-demand, and here’s my plan:

        1. Willow for speech to text
        2. Script on my NAS to turn commands into actions (maybe Home Assistant can help?)
        3. Some hacks to play YouTube video audio for whatever the song is on some audio output
        4. Stereo system per room that streams audio from Home Assistant (stuff from YouTube)

        The first two should be pretty straightforward, the third is a bit tricky, and the fourth will require some hardware. But once I have things working (assuming it gets to that point), I’ll post about it here. Step 3 would be easy to replace with any other audio source, like a private collection or some other web service.

        • The 8232 ProjectOP
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          Thanks for sharing! Most IP addresses are specific enough to locate cities by themselves, just a note.

          • sugar_in_your_tea@sh.itjust.works
            link
            fedilink
            arrow-up
            2
            ·
            8 months ago

            Yes, but the likelihood of a service doing that is relatively low. Even in the worst case scenario, they’d know my city and ISP, but not be able to track that to my house.

            So it’s bad, but not “uniquely identify me” bad. I do sometimes see “local stories in <city>” nonsense in news articles, so it’s certainly something I need to fix.

            • The 8232 ProjectOP
              link
              fedilink
              arrow-up
              2
              ·
              8 months ago

              Alright, so:

              When you visit a website without using a VPN/Proxy/Tor, the website can see your public IP address. That public IP address is unique (with exceptions I’ll get to in a moment) to your home router. NAT means that each device connected to your router (Wi-Fi) has a local IP address, hidden to the website, but your routers IP is still unique to the website. That means that, even if you switch devices, if you visit a website using your home network the website knows that it is your Wi-Fi and not somebody else’s. That means that you can get tracked across websites just by correlating public IP addresses. Ads can see this IP address too. The public IP address by itself is enough to narrow down your location to the exact city, in most cases. So, when you visit a website, the website knows

              1. The city you live in
              2. Can correlate your public IP address (ad networks usually do this, not the website itself) to all the other websites you’ve ever visited

              If your ISP uses dynamic IP addresses, that means your public IP address changes every month or so, so that #2 only has a history of about a month. CGNAT (Carrier-Grade NAT) means that multiple routers share the same public IP address, which removes #2 altogether. This still lets websites know the city you live in, but it reduces mass internet surveilling.

              I may have gotten a few minute details a bit off, but that’s a basic shake down of how it works. TL;DR: Your IP can uniquely identify each of your devices if you don’t have NAT, your router if you do have NAT but not CGNAT, and the city you live in. Find an ISP that uses IPv6, dynamic IP addresses, and CGNAT, and use a elite proxy, free VPN, and Tor with a private DNS for maximum privacy.

              • sugar_in_your_tea@sh.itjust.works
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                8 months ago

                I’m familiar with networking, with not an expert.

                Here’s how my network is:

                • ISP - static public address (doesn’t change)
                • Router - static 10/8 addr (Ethernet at the curb); no DHCP
                • Computers - 192.168 subnets with DHCP

                So websites would only get that public address for the ISP. They can still get my city through my ISP’s address, but they can’t uniquely identify me from the address alone.

                So yeah, sites will know the city I’m in, but they can’t uniquely identify me. So while I feel like I should use a VPN, I’m not that worried about it.

                We’re getting municipal fiber soon (sometime in the next two years), so I’m guessing this setup will change. I’ve already played with configuring a VPN on my network (failed at tunneling IPv6 over IPv4), so I’ll probably work on that sometime this year as I’m preparing for the upgrade (also running cable, reconfiguring VLANs, etc).