46 votes

What steps do you take to secure your online use and privacy?

I do the following:

  • Use a VPN (NordVPN)
  • Use Firefox with a tweaked about:config and the following security extensions:
    • uBlock Origin
    • NoScript
    • HTTPS Everywhere
    • Privacy Badger
    • Decentraleyes
    • Cookie Autodelete
    • Skip Redirect
    • CanvasBlocker
  • Run Linux Mint (I know, Ubuntu-based distros aren't ideal but I'm a Linux beginner)
  • Don't have any social media as of a year ago
  • Don't use any Google services, including YouTube, Google Search, or Gmail
  • Use a password manager (KeePassXC)

The next step would be for me to switch from iPhone to Android running Lineage OS, but money is a bit tight right now. As for day-to-day lifestyle choices, I try to use cash whenever possible and never sign up for things like store rewards programs.

What's your setup? Do you consider yourself a privacy-minded individual? Are you more concerned with protecting yourself from corporate or government entities?

49 comments

  1. [3]
    apoctr
    (edited )
    Link
    I'll stop myself basically repeating your OP, and mention only where I meaningfully differ. Don't use the last three Firefox extensions you mentioned, but I do use Container Tabs + Temporary...

    I'll stop myself basically repeating your OP, and mention only where I meaningfully differ. Don't use the last three Firefox extensions you mentioned, but I do use Container Tabs + Temporary Containers + User-agent Switcher. uMatrix instead of NoScript.

    I use Unbound to prevent the hassle of picking a trustworthy DNS server, plus DNSSEC is nice. PIA for certain types of web browsing.

    Don't have any social media, except a recently registered Mastodon I've not touched. Growing up being socially awkward and without a phone for a good while being the main reason before I had an interest in privacy :p.

    I do have a Google account tied to my Android phone, although I tried cold turkey with Lineage in the end being able to restore purchases from the Play Store was nice. But I use NewPipe/youtube-dl to access YouTube, use DuckDuckGo over Google and use ProtonMail + Tutanota for email.

    I'd say I'm mostly privacy minded. Though not too invested, e.g. I'm not going to put my online messages through Google Translate twice or avoid ever mentioning my A/S/L. Not going to go down the rabbit hole of hiding from the government either. I just like peace of mind that comes from general-person privacy, so that the average Joe or marketer doesn't know everything about me.

    13 votes
    1. [2]
      Comment deleted by author
      Link Parent
      1. SammyP6
        Link Parent
        yes. unbound + pihole is great. the dnssec and privacy of unbound with the ad blocking of pihole

        yes. unbound + pihole is great. the dnssec and privacy of unbound with the ad blocking of pihole

        4 votes
    2. smores
      Link Parent
      Would you mind explaining your email setup a bit/how it contributes to your privacy? I was looking into protonmail a while ago, but I kept getting stuck on the idea that if I sent an email to...

      Would you mind explaining your email setup a bit/how it contributes to your privacy? I was looking into protonmail a while ago, but I kept getting stuck on the idea that if I sent an email to anyone using Gmail, then a record tied to my email address (practically a unique ID) with the message I sent is on Google's servers. And since everyone I email uses Gmail, it didn't seem like I'd be getting much use out of having my email be encrypted on my end. Was I just missing something obvious about how this would work?

      3 votes
  2. hoefijzer
    Link
    Oh, there's nothing wrong with Ubuntu- or Debian-based Linux distributions. If they do any collecting at all, you have to give consent (and you'll know you've given it, it's not like some websites...

    (I know, Ubuntu-based distros aren't ideal but I'm a Linux beginner)

    Oh, there's nothing wrong with Ubuntu- or Debian-based Linux distributions. If they do any collecting at all, you have to give consent (and you'll know you've given it, it's not like some websites that actively try to take away your choice).

    I'm very privacy oriented. A few things I've done to protect it:

    • A VPN, to make my ip address isn't unique to me and to switch ip addresses whenever I feel like it

    • Umatrix, blocking everything but first party content

    • Keepass for my passwords, and pwgen (a Linux tool) to generate secure passwords

    • uBlock Origin

    • Cookie Autodelete

    • Bloody Vikings, which gives me easy access to temporary email addresses

    • Useragent Switcher

    • Canvas Defender

    • HTTPS Everywhere

    • Cookie Autodelete

    • Decentraleyes

    • I've installed Linux on my pc a while ago, and I've recently started using LineageOS without any Google services.

    Furthermore, I've written all companies I've ever had dealings with to remove all their data on me from their database, since the GDPR has finally given me a stick to whack them on the head with. I've installed LineageOS, don't use any Google or Facebook related services (searches are done through startpage.com) and I have a different alias on all online forums I'm active on. Oh, and lastly, as a matter of principle: if for some reason I still see your ad, I will not buy anything from you.

    That said, it's a hassle. Umatrix breaks sites very often, but generally those are not the ones I'm very interested in in the first place. Companies don't always react favourably to delete requests, but that attitude doesn't really impress me - so far, all have removed my data when I threatened to file a complaint with the Data Authority.

    9 votes
  3. [9]
    SammyP6
    Link
    Im not super concerned about my privacy, as in Im not just going to stop using youtube and android, but I am more concerned than most people I use firefox with privacy badger, https everywhere,...

    Im not super concerned about my privacy, as in Im not just going to stop using youtube and android, but I am more concerned than most people

    I use firefox with privacy badger, https everywhere, ublock origin, umatrix, noscript, and duck duck goes extension. I use duck duck go to search, but still use regular youtube and gmail.

    I also have a pihole setup with unbound

    7 votes
    1. [2]
      soc
      Link Parent
      I work tangentially in cyber-security (not really applied, more R&D) and I can say with pretty good confidence that there is definitely a privacy/security "sweet spot" - where you've done a good...

      I work tangentially in cyber-security (not really applied, more R&D) and I can say with pretty good confidence that there is definitely a privacy/security "sweet spot" - where you've done a good job of culling the low hanging fruit without doing things which make you really stand out as someone who is trying to hide something. There is a security concept called "LPI/LPD - low probability of intercept/detection" which is arguably far more important than the raw strength of payload security.

      I know this is controversial in the world of privacy ideologues, but it's also the reality of the situation. Generally, the goal is not to do things which raises the signal-to-noise ratio of your activity above a threshold which someone might find interesting. For example, local cops are not going to get a warrant for all WhatsApp traffic crossing a certain boundary, but they might get a warrant for all Signal traffic through a boundary. Blocking ads and running incognito on occasion is kosher, but randomizing your user agent and playing games with tracking cookies stands out. VPNs are typically safe, but lots of TOR traffic will definitely get your ISPs attention.

      It's paradoxical, and rubs some people the wrong way, but for the most part, you want to blend in. That way, when you do need to "go dark" for whatever reason, there is a much smaller chance that someone is watching you specifically. This is counter-espionage 101, and it sort of bothers me that so many privacy advocates dismiss the power of being another face in the crowd.

      7 votes
      1. SammyP6
        Link Parent
        ive always thought that. if you install every single privacy addon, its got to raise some red flags and you become a target and are watched more closely. even though a bunch of companies and...

        ive always thought that. if you install every single privacy addon, its got to raise some red flags and you become a target and are watched more closely. even though a bunch of companies and government are tracking everything, its not like they actually have the time to read what everyone is doing, just people on a special list

        5 votes
    2. [5]
      novac
      Link Parent
      If you care enough you can use something like invidio.us (A YouTube proxy), it allows you to watch YT videos without having to run YT scripts, although granted it's probably not convenient to use...

      If you care enough you can use something like invidio.us (A YouTube proxy), it allows you to watch YT videos without having to run YT scripts, although granted it's probably not convenient to use on mobile. But really with that Firefox setup and Pi-hole, you're already much, much more secure than most.

      5 votes
      1. smores
        Link Parent
        Thank you so much for mentioning this. I've gotten down to only using Google for mail and YouTube, but I was having a lot of trouble finding a good YouTube proxy. This looks great, even seems fine...

        Thank you so much for mentioning this. I've gotten down to only using Google for mail and YouTube, but I was having a lot of trouble finding a good YouTube proxy. This looks great, even seems fine on mobile!

        1 vote
      2. [3]
        Parliament
        Link Parent
        I'm interested in pi-hole but heard from a friend that it requires a lot of manual updating after it's setup. What did they mean by that, and is there any truth to such a statement? I'm currently...

        I'm interested in pi-hole but heard from a friend that it requires a lot of manual updating after it's setup. What did they mean by that, and is there any truth to such a statement? I'm currently exploring solutions to ad blocking over things like Roku and Apple TV.

        1 vote
        1. novac
          Link Parent
          I've never used Pi-hole, you're better off asking SammyP6 or somebody else in the thread who has.

          I've never used Pi-hole, you're better off asking SammyP6 or somebody else in the thread who has.

          2 votes
        2. SammyP6
          Link Parent
          Pi hole is extremely easy to setup. you run 1 command and it has a setup guide where you select a few multiple choice options and it does everything for you. then you have to set it as your dns in...

          Pi hole is extremely easy to setup. you run 1 command and it has a setup guide where you select a few multiple choice options and it does everything for you. then you have to set it as your dns in your router settings. it comes preinstalled with a few block lists, but you can add your own. depending on what you ad, they may block sites important to you. some stricter lists block sites such as youtube or facebook for obvious reasons. if you uses thoose sites and thoose blacklists, you can just whitelist thoose specific sites. the block lists need to be updates, but the pihole automaticly does this about once a week. sometimes the pihole gets updates that you have to manually install, by running pihole -up, but its only gotten about 2 updates since I installed it maybe 6 months ago. if you want more information, they have a pihole website, and a subreddit.

          I would highly recommend you at least experiment with it

          2 votes
    3. ThisIsMyTildesLogin
      Link Parent
      You don't need HTTPS Everywhere if you're using DuckDuckGo Privacy Essentials. Duck does the same thing HTTPS does.

      You don't need HTTPS Everywhere if you're using DuckDuckGo Privacy Essentials. Duck does the same thing HTTPS does.

      3 votes
  4. [2]
    Khoo
    Link
    Same as you pretty much. Just some experiences of mine for people interested in privacy: I found that switching emails from hotmail => tutanota was probably the best thing as my hotmail had been...

    Same as you pretty much. Just some experiences of mine for people interested in privacy:

    • I found that switching emails from hotmail => tutanota was probably the best thing as my hotmail had been getting so much spam over the years.
    • Running microG on my android phone + custom ROM hasn't really inconvenienced me in any way. Things I miss: google maps, google cast. OSM is a decent alternative but sometimes it takes ages to load for me.
    • Stopped used my old reddit account and made a number of reddit account 'partitions' for different subs
    • FInally I also find I support open source projects a lot more and donate/keep tabs on them. Something I am super excited for is the librem 5 phone, which hopefully works out well.

    I definitely agree I am privacy conscious. I'm more concerned with hiding myself from corporate entities, however that also means I am concerned about hiding/overtly giving info to the gov. Also I think it is the philosophy behind it. If everyone becomes a sucker for facebook/youtube/reddit, then it becomes that much easier for those people to control the world.

    5 votes
    1. KapteinB
      Link Parent
      I'm currently very happy with Sailfish X, but I have high hopes for the Librem 5. It would be nice to have some more choices next time I need to replace my phone.

      Something I am super excited for is the librem 5 phone, which hopefully works out well.

      I'm currently very happy with Sailfish X, but I have high hopes for the Librem 5. It would be nice to have some more choices next time I need to replace my phone.

      2 votes
  5. najodleglejszy
    Link
    I run Linux (Manjaro KDE) on my laptop, browse with Firefox with uBO blocking third party scripts and frames by default, HTTPS Everywhere and temporary containers. on my Android phone: system-wide...

    I run Linux (Manjaro KDE) on my laptop, browse with Firefox with uBO blocking third party scripts and frames by default, HTTPS Everywhere and temporary containers.
    on my Android phone:

    • system-wide ad blocker (Blokada) installed with some analytics domains blacklisted
    • Firefox Focus as main browser, with Bromite for when I want to save my logins and history for some websites
    • tend to use either paid apps from devs whom I trust (Nova Launcher, Solid Explorer, Poweramp, Moon Reader) or FOSS:
      AnySoftKeyboard
      Slide for Reddit
      Newpipe for watching Youtube videos
      Standard Notes
      Antennapod for podcasts
      Signal for chatting (although I mostly use it as an SMS client :/)
      Simple Calendar with calendar stored offline
      Simple Gallery
      MAPS.ME fork with analytics and ads removed for offline maps
    • while I do use Instagram and Snapchat, I deny the apps most permissions that I have no use for, including location
    • have most Google apps disabled or uninstalled

    I also use DuckDuckGo as my default search engine, I'm slowly moving from Gmail to Tutanota (although there are some growing pains in that regard), manage my logins with Bitwarden for unique passwords, and use 2FA codes with AndOTP.

    I could probably be doing more but hey, I figure it's better than nothing ¯\_(ツ)_/¯

    5 votes
  6. [2]
    soc
    Link
    There's nothing wrong with Ubuntu. I'm a Linux veteran of two decades and I work primarily on Linux for productivity, and Ubuntu is definitely the way to go IMO. Anyone who says otherwise is...

    There's nothing wrong with Ubuntu. I'm a Linux veteran of two decades and I work primarily on Linux for productivity, and Ubuntu is definitely the way to go IMO. Anyone who says otherwise is mostly just being a snob.

    5 votes
    1. novac
      Link Parent
      Good to know.

      Good to know.

      1 vote
  7. [2]
    Nivlak
    Link
    Need an email to signup for a site but don’t want to use a real one ? https://www.guerrillamail.com/inbox

    Need an email to signup for a site but don’t want to use a real one ?

    https://www.guerrillamail.com/inbox

    4 votes
    1. teaearlgraycold
      Link Parent
      I set up a personal domain name that references mail.mailinator.com Most sites block mailinator and their other domains, but they only do so by domain name, not IP. Given that I'm the only person...

      I set up a personal domain name that references mail.mailinator.com

      Most sites block mailinator and their other domains, but they only do so by domain name, not IP. Given that I'm the only person using my domain to collect spam I don't see it ever getting blocked.

      8 votes
  8. [3]
    Comment deleted by author
    Link
    1. [2]
      Comment deleted by author
      Link Parent
      1. najodleglejszy
        Link Parent
        FreeOTP seems to be abandoned. I'm using AndOTP and it works great.

        FreeOTP seems to be abandoned. I'm using AndOTP and it works great.

        4 votes
    2. Luna
      Link Parent
      Yubico lists services that support U2F on their website, though I doubt it's comprehensive. In addition, this site lists services that support 2FA, though you have to search for services, and you...

      Yubico lists services that support U2F on their website, though I doubt it's comprehensive. In addition, this site lists services that support 2FA, though you have to search for services, and you can't filter by types supported.

      3 votes
  9. [20]
    DanBC
    Link
    People who ask this question never say who their opponent is. That makes the question impossible to answer. Most of your list doesn't make much sense, especially if your opponent is a well funded...

    People who ask this question never say who their opponent is. That makes the question impossible to answer.

    Most of your list doesn't make much sense, especially if your opponent is a well funded government agency.

    switch from iPhone to Android running Lineage OS

    This is just baffling.

    3 votes
    1. [16]
      najodleglejszy
      (edited )
      Link Parent
      how so? they moved from a closed source OS to open source with the ability to not use Google Play Services, and a granular permission manager that can even feed false data to apps requesting...

      This is just baffling

      how so? they moved from a closed source OS to open source with the ability to not use Google Play Services, and a granular permission manager that can even feed false data to apps requesting permissions, and an option to block domains via hosts and run a firewall if one wants to.

      5 votes
      1. [11]
        ThisIsMyTildesLogin
        Link Parent
        Because iPhone is much more secure than Android. iOS has far stricter permissions than Android and Apple themselves do not keep any browsing or app data on you. Safari is by far the most secure...

        how so?

        Because iPhone is much more secure than Android. iOS has far stricter permissions than Android and Apple themselves do not keep any browsing or app data on you. Safari is by far the most secure mobile browser out there.

        Android is a great OS but it's permissions system is a complete mess. Also, remember that Google makes its money from ads, so Android exists to collect as much info about you as possible.

        2 votes
        1. novac
          Link Parent
          Apple was a named participant in PRISM.

          Apple themselves do not keep any browsing or app data on you

          Apple was a named participant in PRISM.

          10 votes
        2. [9]
          najodleglejszy
          Link Parent
          I'm not sure about OP's exact setup but yet again, LineageOS can be used with no Google bits whatsoever, and their Privacy Guard is much more granular than Android's default permission system, and...

          I'm not sure about OP's exact setup but yet again, LineageOS can be used with no Google bits whatsoever, and their Privacy Guard is much more granular than Android's default permission system,
          and almost to a fault - you can even set it so it asks you every time an all is trying to use a permission instead of granting it once and forever.

          6 votes
          1. [8]
            Nice_Pants
            Link Parent
            Here’s a question, I used Lineage with Micro G in the past without thinking about this. What DNS server does it use by default? Can it be changed?

            Here’s a question, I used Lineage with Micro G in the past without thinking about this. What DNS server does it use by default? Can it be changed?

            2 votes
            1. [2]
              najodleglejszy
              Link Parent
              sorry, no idea. the last time I used a custom ROM was when it was still called CyanogenMod and was based on Kitkat. I know Android Pie allows you to change your DNS server and some ad blocking/VPN...

              sorry, no idea. the last time I used a custom ROM was when it was still called CyanogenMod and was based on Kitkat. I know Android Pie allows you to change your DNS server and some ad blocking/VPN apps let you do that too (Blokada and Adguard, for example), but I'm not sure if LOS offers a similar setting out of the box.

              2 votes
              1. Nice_Pants
                Link Parent
                It happens to be defaulted to google DNS on mobile, so if you’re concerned about moving away from googles services, it probably doesn’t make sense to send them all of your DNS queries.

                It happens to be defaulted to google DNS on mobile, so if you’re concerned about moving away from googles services, it probably doesn’t make sense to send them all of your DNS queries.

                2 votes
            2. [5]
              codebam
              Link Parent
              I'm on Lineage with MicroG right now, I think the default DNS server is the same as the one your router or mobile carrier (for data) tell it to use? When I resolve example.com in Termux using dig...

              I'm on Lineage with MicroG right now, I think the default DNS server is the same as the one your router or mobile carrier (for data) tell it to use? When I resolve example.com in Termux using dig it uses 8.8.8.8.

              1 vote
              1. [4]
                Nice_Pants
                Link Parent
                I haven’t used Lineage in a few years, and I’m sure you can change it, but this was part of the reason I moved off the Android platform. The other main reason, was even with a “de-googled” ROM...

                I haven’t used Lineage in a few years, and I’m sure you can change it, but this was part of the reason I moved off the Android platform. The other main reason, was even with a “de-googled” ROM with Micro-g, Cloud messaging goes through them as well. Anyway, I’m not saying it’s good or bad, simply that they’ve got their fingers in so many places it’s very hard to determine what is being siphoned off to them.

                1 vote
                1. [3]
                  codebam
                  Link Parent
                  GCM can be disabled in MicroG, however if you don't want to use GCM you should probably not use MicroG in the first place, as apps such as Signal don't allow you to login without enabling MicroG's...

                  GCM can be disabled in MicroG, however if you don't want to use GCM you should probably not use MicroG in the first place, as apps such as Signal don't allow you to login without enabling MicroG's GCM if it detects GApps. There might be a workaround for this, but I'm not sure.

                  1 vote
                  1. [2]
                    gksu
                    Link Parent
                    There is and it's within the app. If you download the APK from their site and don't have a Google login (or disable micro), it defaults to using web sockets.

                    There is and it's within the app. If you download the APK from their site and don't have a Google login (or disable micro), it defaults to using web sockets.

                    2 votes
      2. [4]
        DanBC
        Link Parent
        Open source gives you almost no benefit. Here's one example (that lasted 2 years), but there are others: https://www.schneier.com/blog/archives/2008/05/random_number_b.html

        they moved from a closed source OS to open source

        Open source gives you almost no benefit. Here's one example (that lasted 2 years), but there are others: https://www.schneier.com/blog/archives/2008/05/random_number_b.html

        2 votes
        1. [2]
          Comment deleted by author
          Link Parent
          1. DanBC
            Link Parent

            However, having more eyes able to inspect the source tends to mean said bugs get found and fixed at a faster rate.

        2. [2]
          najodleglejszy
          Link Parent
          >says open source gives no benefit >links to a blog post about vulnerability that could possibly not be discovered or found much later if the package in question was closed source hmmm.

          >says open source gives no benefit

          >links to a blog post about vulnerability that could possibly not be discovered or found much later if the package in question was closed source

          hmmm.

          6 votes
          1. DanBC
            Link Parent
            Of course it could have been discovered. It would have been discovered by cryptography of the weak keys.

            Of course it could have been discovered. It would have been discovered by cryptography of the weak keys.

    2. [3]
      novac
      Link Parent
      I'm not sure what you meant by this. Any amount of tracking protection helps. I would be far worse off if I was browsing Facebook on Chrome on Windows 10. Why?

      Most of your list doesn't make much sense

      I'm not sure what you meant by this. Any amount of tracking protection helps. I would be far worse off if I was browsing Facebook on Chrome on Windows 10.

      This is just baffling.

      Why?

      3 votes
      1. [2]
        Comment deleted by author
        Link Parent
        1. 666
          Link Parent
          I'm going to jump in the middle of the discussion just to add a bit that wasn't considered. Do you know what else has (most likely) an unlocked bootloader? Your laptop and your desktop computers....

          I'm going to jump in the middle of the discussion just to add a bit that wasn't considered.

          Most glaring to me is that LineageOS requires an unlocked boot loader

          Do you know what else has (most likely) an unlocked bootloader? Your laptop and your desktop computers. An unlocked bootloader just means a bootloader that you have access to and lets you replace the stock operating system, and that can be upgraded too. This means that if your bootloader is unlocked it can also receive security upgrades, something a locked bootloader can't. It also means you can install unofficial updates to your operating system. For example, I could upgrade from Android 4 (very insecure version, latest officially supported on my device) to Android 7 thanks to an unlocked bootloader and Lineage OS. This means that my old hardware is now more secure than it was before.

          The equivalent to that on a computer is replacing the Windows bootloader with GRUB and installing Linux, bootloaders are software that may have bugs and vulnerabilities, and also require upgrades.

          7 votes
      2. DanBC
        Link Parent
        Because you haven't defined who your threat is.

        Because you haven't defined who your threat is.

        2 votes
  10. MimicSquid
    Link
    I use UBlock Origin because ads are annoying, 2FA for what accounts offer it for mild protection, and a password manager because remembering dozens of passwords is a pain. It's very limited as...

    I use UBlock Origin because ads are annoying, 2FA for what accounts offer it for mild protection, and a password manager because remembering dozens of passwords is a pain.

    It's very limited as compared to everyone else in this thread, but to me it feels like the right balance between useful and irritating.

    3 votes
  11. mrbig
    (edited )
    Link
    I really should be more careful, but I'm just too lazy. Plus, they already know so much about me that I wonder if it would make much of a difference. I use Ublock Origin and Disconnet with Google...

    I really should be more careful, but I'm just too lazy. Plus, they already know so much about me that I wonder if it would make much of a difference. I use Ublock Origin and Disconnet with Google Chrome, but I'm more concerned with my browsing experience. I should, of course, be using Firefox, but it's so hard to configure it to my liking, specially keyboard shortcuts. I do have a Protonmail account that I wish to transition to, but Protonmail is too expensive. Tutanota is cheaper, but I wonder how much time it will be on.

    I love talking with you English speakers, but I have a Facebook account because around this parts it's essential to be a part of society. From professional contacts to family and political discussions, it is just unavoidable.

    So I guess what I should say is: don't be like me, kids.

    I use Linux, though, so I guess this helps a bit.

    3 votes
  12. nsz
    Link
    Among other things, something that might be a bit unusual is I've started using the reader feature on the Edge browser, especially when I get to a site that asks for permission to use cookies with...

    Among other things, something that might be a bit unusual is I've started using the reader feature on the Edge browser, especially when I get to a site that asks for permission to use cookies with a super annoying popup - the reader mode just has the text and relevant images and removes the rest of the site, its really nice.

    1 vote
  13. [2]
    RapidEyeMovement
    Link
    What are you trying to accomplish with the steps you have taken?

    What are you trying to accomplish with the steps you have taken?

    1 vote
    1. novac
      Link Parent
      Minimize the data (and therefore power) corporations have on me. It's mostly a principle thing.

      Minimize the data (and therefore power) corporations have on me. It's mostly a principle thing.

      5 votes
  14. [3]
    Comment deleted by author
    Link
    1. [2]
      novac
      Link Parent
      There's really no way of knowing considering the closed-source nature of the iPhone. But considering Apple is a named participant in PRISM, assume all activity is logged.

      There's really no way of knowing considering the closed-source nature of the iPhone. But considering Apple is a named participant in PRISM, assume all activity is logged.

      3 votes
      1. smores
        Link Parent
        That seems like a pretty big assumption to make, in my opinion. Apple does things like make iMessage end-to-end encrypted at the device level by default, and openly and loudly refuse to create...

        That seems like a pretty big assumption to make, in my opinion. Apple does things like make iMessage end-to-end encrypted at the device level by default, and openly and loudly refuse to create backdoors for active FBI cases. There's not much reason to think they would even have the infrastructure to log the kind of activity that Google does, because why would they? They gain nothing from it; they don't sell you ads. They don't have any interest in having a software model of you as a person. Google already has that infrastructure and data, so something like PRISM would absolutely mean the government has access to everything you've ever done in Google's presence. But Apple simply doesn't, and being a participant in PRISM doesn't magically give them the billions of dollars worth of software and hardware infrastructure necessary for that level of mass surveillance.