37 votes

Tips for increasing online privacy (without going insane)?

I've been researching internet privacy and fell down the rabbit hole of...well, internet privacy. I started with deleting Facebook/Instagram and switching to fire fox + plugins. I would like to make more improvements but I really have no idea how, it started with deleting socials and next thing you know I'm looking at LineageOS and de-googling.

If anyone has any suggestions on where to go next while staying realistic/not going crazy, i would love to hear them. I am not really sure where to set my expectations, basically I would like to have more control of my data. The other day Google photos gave me a memory recap which kind of creeped me out! I am suddenly not fond of whatever is going on under the surface of Google photos that's making collages and trying to sell my photo books. Also g-board giving me a pop up in the text prediction row asking me to rate the app??? Ew.

I am a fan of self hosting and run a small NAS (open media vault) but this too quickly turns into the privacy spiral and leaves me thinking I should throw my phone into a river and live in the forest. Would love to hear your thoughts/advice/opinions!

28 comments

  1. [2]
    Interesting
    Link
    You sound like you're well past this, but for other folks who step into this thread, I always recommend going into the settings for any new application (and just occasionally in general for any...
    • Exemplary

    You sound like you're well past this, but for other folks who step into this thread, I always recommend going into the settings for any new application (and just occasionally in general for any application that holds highly sensitive or private data) and seeing what you can turn off or opt out of.

    31 votes
    1. willopillo
      Link Parent
      Great suggestion! I need to remember to do this when I download new apps.

      Great suggestion! I need to remember to do this when I download new apps.

      6 votes
  2. [8]
    whs
    Link
    You should have a threat model in mind and justify on what is possible vs. the cost of doing so. For example, a smartphone will have built-in spywares and it's really hard to block this. With more...

    You should have a threat model in mind and justify on what is possible vs. the cost of doing so.

    For example, a smartphone will have built-in spywares and it's really hard to block this. With more vendors you add, the more spying. This means that using a Pixel or iPhone remove one vendor from the list (any Android phone will have Google Play Services regardless of vendors, but you can avoid Samsung or Xiaomi spying on you)

    Unlike webapps, every apps you install may spy on you. I prefer to not install apps if possible and use the web apps.

    I try to only implement protections that cover a lot of areas:

    • Use NextDNS as your "private DNS" provider in Android and let it block ads/trackers. (You can also choose to run your own Pihole on the cloud, but I didn't like the experience)
    • Use browser with ads blocking built-in, as DNS-based blockers has limitations. I use Firefox with uBlock (due to ideological reasons - I don't want to support the Chrome/Blink monopoly)
    • Prefer applications on F-Droid, but only if they are competitive to other applications. For example a QR/barcode scanner are dime a dozen, so Binary Eye is preferred to Google Lens.
    • I'm currently using Hail which supposedly "freeze" individual apps so that they should not run when I don't want them to. The document doesn't says it's 100% frozen though

    I like what PagerDuty wrote on their security training - "Be secure, but usable". Most people don't put ten locks on their front door, but not zero either. My university course teach me that you should not invest in protection more than the cost of the harm itself. My bike cost $70. I'm not buying $100 bike lock to protect it (although for some people the cost of having to walk/taxi home may also make that investment worthwhile)

    20 votes
    1. Protected
      Link Parent
      Well, natively. You can use a degoogled alternative distro or a Pixel with GrapheneOS, which banishes google play services into a sandbox and doesn't let it talk to anything without permission.

      any Android phone will have Google Play Services

      Well, natively. You can use a degoogled alternative distro or a Pixel with GrapheneOS, which banishes google play services into a sandbox and doesn't let it talk to anything without permission.

      14 votes
    2. willopillo
      (edited )
      Link Parent
      That's a really good reminder, I tend to catastrophize. Really no reason I need to throw away my devices and become a nomad haha. Also, you make a really good point with the web apps, I'll keep...

      "Be secure, but usable"

      That's a really good reminder, I tend to catastrophize. Really no reason I need to throw away my devices and become a nomad haha.

      Also, you make a really good point with the web apps, I'll keep that in mind.

      2 votes
    3. [5]
      LookAtTheName
      Link Parent
      I currently have my router set to use Adguard's public DNS (option 2 on that page). What are the benefits of switching to NextDNS? Why would I want to install either of their apps instead of...

      I currently have my router set to use Adguard's public DNS (option 2 on that page). What are the benefits of switching to NextDNS? Why would I want to install either of their apps instead of simply pointing to the DNS IPs?

      1 vote
      1. [4]
        LumaBop
        Link Parent
        One benefit of NextDNS is that you can fairly extensively configure your settings, to choose exactly what is filtered. There are plenty of settings to fiddle with, though I haven’t been back to...

        One benefit of NextDNS is that you can fairly extensively configure your settings, to choose exactly what is filtered. There are plenty of settings to fiddle with, though I haven’t been back to that panel in a while.

        I think the only benefit of using the app is that you can quickly toggle NextDNS off if you want to fallback on your default DNS for whatever reason. Since I have a very strict filtering setup, I use this to quickly circumvent my rules, if I need to.

        3 votes
        1. [3]
          LookAtTheName
          Link Parent
          Also just learned Adguard is a Russian company. That's a no for me. https://www.reddit.com/r/nextdns/comments/15almtw/nextdns_vs_adguard_private_dns/juxzm85/

          Also just learned Adguard is a Russian company. That's a no for me. https://www.reddit.com/r/nextdns/comments/15almtw/nextdns_vs_adguard_private_dns/juxzm85/

          1 vote
          1. [2]
            LumaBop
            Link Parent
            Ah very interesting, I wasn’t aware. I still use AdGuard on Safari (since there’s no uBlock), so I may need to reconsider that…

            Ah very interesting, I wasn’t aware. I still use AdGuard on Safari (since there’s no uBlock), so I may need to reconsider that…

            1 vote
            1. gary
              Link Parent
              If you use AdGuard on Safari and only use the content blockers and don't enable the one that requests extra permissions, there's zero risk. The content blockers (the one that doesn't require any...

              If you use AdGuard on Safari and only use the content blockers and don't enable the one that requests extra permissions, there's zero risk. The content blockers (the one that doesn't require any permissions) is just a text file telling Safari what to block and doesn't share any info back.

              EDIT: Well if AdGuard wanted to not block Russian trackers, they could omit that from the content blockers I guess. Almost* no risk. I like Wipr as my Safari Adblock if you're down to drop a few dollars.

  3. [2]
    OBLIVIATER
    Link
    Edit: I made it 20 minutes into my comment and realized you weren't really talking about online information security, but I spent too much work on this so I'm going to post it anyway :p I've been...

    Edit: I made it 20 minutes into my comment and realized you weren't really talking about online information security, but I spent too much work on this so I'm going to post it anyway :p

    I've been doxxed, witch hunted, and even swatted once: here's what I've done to help.

    1. Google/Bing/whatever your name, your address, your phone number; any identifiable information you can think of that could be publicly available. Check multiple pages of results. Find every website that has your information on it and submit opt-out requests (99.9% of the sites should have this function, some don't) there are a lot of websites out there like peekyou, the Whitepages, etc which will just post your straight up name, address, number, etc for anyone to find. It's criminal.

    2. Do the same for your immediate family members, especially your parents. Parents are the number one targets for psychos online and they usually don't have the wherewithal to do this kind of thing themselves. If you have the patience you can do it for inlaws as well, I once had someone call my sister in laws phone number dozens of times saying that I caused someone to kill themselves and I should be in jail. It really stressed her out and I felt terrible that she was targeted because of her relation to me.

    3. Once you've done everything you can to remove your information from the people finder websites, do some digging into specific popular databases. You may find that you're still showing up in them despite them not appearing on searches.

    4. For any public online information that you can't easily remove, submit a takedown request via Google. I believe they'll remove it from the search results if you give them a good enough reason, so feel free to get creative. This isn't foolproof obviously but it does a lot to slow down the lazier creeps online.

    5. Consider trying out a paid service like incogni to go through a purge other records. It's usually not very expensive and can save you a lot of time and effort. I don't know how well they work, but for a few bucks it's probably worth it.

    6. You can go even deeper and start planting fake information out there associated with your personal identity. Not really sure the best way to do this, but I believe you can submit corrections for online people searches and change things like addresses and phone numbers. You could also make fake social media accounts associated with your name or username and have false info planted there too. I personally haven't but it's worth a shot if you're desperate to have some barriers up.

    7. Call your local PD and warn them that someone may attempt to SWAT you or your family. They usually are pretty clueless but sometimes you'll find someone helpful and they'll be able to make a note about it and maybe prevent a disaster.

    8. Recognize that you will probably never be able to get all traces of your info off the web and don't stress out about it too much. You can only do so much, and it's not worth beating yourself up too much over it. Do your best and hope for the best, don't let the trolls win.

    12 votes
    1. willopillo
      Link Parent
      Hahaha not what I am looking for but good advice regardless!!

      Hahaha not what I am looking for but good advice regardless!!

      1 vote
  4. [2]
    FlareHeart
    Link
    I use several things without fully de-goggling. PiHole DNS setup on a RPi at home NetGuard firewall from FDroid on my phone in whitelist mode and IP filters using a similar ruleset to my PiHole...

    I use several things without fully de-goggling.

    1. PiHole DNS setup on a RPi at home
    2. NetGuard firewall from FDroid on my phone in whitelist mode and IP filters using a similar ruleset to my PiHole for when I'm away from my home WiFi
    3. Firefox+uBlock origin+privacy badger on both my phone and desktop
    4. No twitter, Facebook, Instagram, or Reddit
    5. Refrain from the use of unnecessary apps. McDonalds, coffee shops, etc. None of them need to be on my phone hovering up my data thank you very much.
    6. Meticulous permissions management. I don't grant permissions to apps just because they ask. I limit what apps are allowed to access and wherever feasible, I use NetGuard to deny apps internet access. Keyboards and launchers don't need internet access.

    Listed all out like this it seems like a lot, but none of it is a real impediment to my daily activities so once setup, it's mostly unnoticeable. I just have to remember to whitelist new apps through NetGuard if they need the internet.

    7 votes
    1. LookAtTheName
      Link Parent
      Privacy Badger is redundant if you have uBO set up correctly and actually adds more information to your fingerprint, making you more identifiable....

      Firefox+uBlock origin+privacy badger on both my phone and desktop

      Privacy Badger is redundant if you have uBO set up correctly and actually adds more information to your fingerprint, making you more identifiable.

      https://www.reddit.com/r/firefox/comments/o28yi4/ghostery_on_firefox/h26mguk/
      https://www.reddit.com/r/privacytoolsIO/comments/l2dges/why_isnt_privacy_badger_recommended/
      https://www.reddit.com/r/uBlockOrigin/comments/t2ojvg/ublock_origins_vs_privacy_badger_vs_disconnect/

      3 votes
  5. [2]
    carsonc
    Link
    I'll happily recommend the FUTO keyboard for Android, if you are uncomfortable with your search engine reading every keystroke. The speech-to-text feature is the best one that I've found. Good luck!

    I'll happily recommend the FUTO keyboard for Android, if you are uncomfortable with your search engine reading every keystroke. The speech-to-text feature is the best one that I've found. Good luck!

    5 votes
  6. GreasyGoose
    Link
    I have Fastmail with my own domains and am gradually switching over as logins come up since all at once is overwhelming. burner emails for as much as possible nextdns ublock wipr 2 for iOS/macOS...

    I have Fastmail with my own domains and am gradually switching over as logins come up since all at once is overwhelming.

    • burner emails for as much as possible
    • nextdns
    • ublock
    • wipr 2 for iOS/macOS safari

    Slowly moving off of the big platforms as well Google (only for services that require it), Twitter to Bluesky and Mastodon, Discord to IRC, Facebook remains for people who I can’t contact otherwise. Instagram still has a few amusing accounts.

    I try to self host as much as possible using Photoprism and Immich with backups to my NAS and an S3 bucket as well.

    I find that disabling notifications unless they no-shit need to be there (medication reminders) has been extremely helpful as well and helps you clean up your phone.

    5 votes
  7. R3qn65
    Link
    If you're blocking most cookies, don't share unnecessary data with apps, and have deleted your AdID, you're 90% of the way there. Internet privacy boards are tough places because the people who...

    If you're blocking most cookies, don't share unnecessary data with apps, and have deleted your AdID, you're 90% of the way there. Internet privacy boards are tough places because the people who lurk there tend to be absolutely nuts - and often believe a lot of stuff that's just not substantiated by the facts. ("Your phone is constantly listening to your conversations to sell you ads!")

    The bottom line is you've got to understand your actual threat model. Are you trying to sell drugs on the darknet or blow the whistle on an oppressive regime? Okay, let's talk about tails or whonix or whatever. You just want to limit the amount of data that could potentially identify you? Delete your AdID and keep location services off when you don't need it and you're pretty much good.

    4 votes
  8. fxgn
    Link
    Check out https://privacyguides.org, it's probably the best privacy-related resource online! The website's co-founder is also on Tildes @freddy

    Check out https://privacyguides.org, it's probably the best privacy-related resource online! The website's co-founder is also on Tildes @freddy

    4 votes
  9. [2]
    mxuribe
    Link
    Hi @willopillo, the first thing i would say is that: you are not alone! From catastrophizing (as you noted elsewhere in this post), to finding that right balance of privacy and dare i say...

    Hi @willopillo, the first thing i would say is that: you are not alone! From catastrophizing (as you noted elsewhere in this post), to finding that right balance of privacy and dare i say convenience, there are plenty of people in a similar place to where you find yourself. As others noted, get an understanding of your threat model, level of comfort, etc...would be good idea to re-assess (I say "re-assess because you aren't starting from scratch here). And the privacy guides that another person posted is pretty good too! I guess the other aspect i would suggest is not to let this negatively impact your mental health. I say this from experience! I'm quite sensitive about my privacy, but then also need to maintain a balance to not let that desire for privacy and data sovereignty overtake my actual, real life. Stay safe, but do take care of yourself! :-)

    3 votes
    1. willopillo
      Link Parent
      Yes!! I have already taken some advice from this thread; I am going to take it slow to avoid overloading myself. thanks for sharing your input, this is really great advice.

      Yes!! I have already taken some advice from this thread; I am going to take it slow to avoid overloading myself. thanks for sharing your input, this is really great advice.

  10. [2]
    slashtab
    (edited )
    Link
    Device: Pixel 8 or above. OS: GrapheneOS (there is no competitor) GooglePhotos: Ente Photo Authenticator: Aegis Or Ente Auth Internet Traffic Management: Rethink File Manager: Mixplorer Password...

    Device: Pixel 8 or above.
    OS: GrapheneOS (there is no competitor)
    GooglePhotos: Ente Photo
    Authenticator: Aegis Or Ente Auth
    Internet Traffic Management: Rethink
    File Manager: Mixplorer
    Password Manager: Bitwarden
    App store: Accrescent/Obtanium (Fdroid is not recommended for security)
    Mail: ProtonMail, Tuta Mail, Infomaniac (Also use Aliases)
    Cloud storage: Filen.io (or use whatever but encrypt before uploading before uploading)
    ReadLater: Wallabag(self hostable)(RIP Omnivore)
    Notes App: Notesnook/Obsidian/logseQ
    Gallery: Fossify Gallery
    Message App: QUIK SMS
    Music App: RiMusic/Innertube/Spotube
    Rss Reader: Feeder
    Birthday Reminder: Birday
    Smartwatch/Earbud Manager: GadgetBridge
    ExpenseManager: MyExpenses
    VPN: ProtonVPN/Mullvad
    Browser: Chromium based are better from Firefox from security perspective Read here
    WeatherApp: Breezy Weather
    Maps: Organic Maps
    Messaging: Signal.org(<3)/Molly
    HackerNews: Harmonic

    Come Hangout here: https://discuss.grapheneos.org/

    Please ask If you have any specific question, I'll be happy to help to the best of my capability and remember this is a process.

    edit: Keyboard: FlorisBoard/Heliboard

    edit2: read this post on OpSec

    1 vote
    1. DynamoSunshirt
      Link Parent
      What's wrong with F-Droid from a security perspective? Maybe the single-point-of-failure build system? FairMail is treating me really well as an email client; I didn't love any of the ones you...

      What's wrong with F-Droid from a security perspective? Maybe the single-point-of-failure build system?

      FairMail is treating me really well as an email client; I didn't love any of the ones you suggest above.

      While I understand your perspective on Firefox, IMO full-fat uBlock Origin beats Chromium security every day of the week. My privacy is threatened much more by creepy companies than actual exploits, at which Firefox is at least reasonable, AFAIK. Fennec and Mullvad help keep Mozilla from creeping, too.

      Overall a damn excellent list, though.

      One somewhat out-of-scope consideration: your ISP and your cell phone provider! You may not be able to change ISPs, but you should at least poke around in your account settings to disable personalised advertising and tracking from the ISP, if possible. If you do have choice, compare! Cell phone providers are easier. Personally I use Google Fi, which I know seems crazy, but as far as I can tell they protect my call, text, and location information better than any other cell phone provider. AT&T and Verizon sell all of it, even down to your location data, these days. MVNOs can sometimes act a bit like unions, contracting special user data protections. Worth looking into if you really care!

      2 votes
  11. infpossibilityspace
    Link
    If you have an Android, check out TrackerControl (TC) from the F-droid app store. It allows you to control where apps are allowed to send data to, and disable them from sending your information to...

    If you have an Android, check out TrackerControl (TC) from the F-droid app store.

    It allows you to control where apps are allowed to send data to, and disable them from sending your information to ad/tracker companies.
    It's very granular and can also prevent apps from working if you disable too much, but it's categorised well and you just unstick restrictions until the app works again

  12. caliper
    Link
    I’ve been focusing on all smart home stuff lately. I was always very much against connecting appliances to the internet, but I really needed to control the heating remotely. Also got solar...

    I’ve been focusing on all smart home stuff lately. I was always very much against connecting appliances to the internet, but I really needed to control the heating remotely. Also got solar installed recently and I wanted to monitor production. For both I ended up writing Home Assistant connectors, because the available stuff still required the devices to connect to the lan. It took me quite some effort, but it’s running well now.

    For TV I started using Kodi. This was triggered when I received an Android TV device, that thing was a privacy nightmare.

  13. X08
    Link
    I've been debating switching Android phones and iPhones every 5-6 years just to create darkzones in my history with corporations like that but. Maybe better to get some of your opinions on that...

    I've been debating switching Android phones and iPhones every 5-6 years just to create darkzones in my history with corporations like that but. Maybe better to get some of your opinions on that first :P

  14. [2]
    TurtleCracker
    Link
    Since Google seems a primary issue for you, have you considered switching to the Apple ecosystem and disabling the services you find creepy on that? It has a lot of the same features of the Google...

    Since Google seems a primary issue for you, have you considered switching to the Apple ecosystem and disabling the services you find creepy on that? It has a lot of the same features of the Google ecosystem but they can be disabled.

    1. slashtab
      Link Parent
      The only main difference between Apple and Google is Apple doesn't sell any data to third party vendor currently. Otherwise all of the tracking and manipulation is same. Apple's privacy promise is...

      The only main difference between Apple and Google is Apple doesn't sell any data to third party vendor currently. Otherwise all of the tracking and manipulation is same. Apple's privacy promise is marketing and it's working.

      1 vote