Tips for increasing online privacy (without going insane)?
I've been researching internet privacy and fell down the rabbit hole of...well, internet privacy. I started with deleting Facebook/Instagram and switching to fire fox + plugins. I would like to make more improvements but I really have no idea how, it started with deleting socials and next thing you know I'm looking at LineageOS and de-googling.
If anyone has any suggestions on where to go next while staying realistic/not going crazy, i would love to hear them. I am not really sure where to set my expectations, basically I would like to have more control of my data. The other day Google photos gave me a memory recap which kind of creeped me out! I am suddenly not fond of whatever is going on under the surface of Google photos that's making collages and trying to sell my photo books. Also g-board giving me a pop up in the text prediction row asking me to rate the app??? Ew.
I am a fan of self hosting and run a small NAS (open media vault) but this too quickly turns into the privacy spiral and leaves me thinking I should throw my phone into a river and live in the forest. Would love to hear your thoughts/advice/opinions!
You sound like you're well past this, but for other folks who step into this thread, I always recommend going into the settings for any new application (and just occasionally in general for any application that holds highly sensitive or private data) and seeing what you can turn off or opt out of.
Great suggestion! I need to remember to do this when I download new apps.
You should have a threat model in mind and justify on what is possible vs. the cost of doing so.
For example, a smartphone will have built-in spywares and it's really hard to block this. With more vendors you add, the more spying. This means that using a Pixel or iPhone remove one vendor from the list (any Android phone will have Google Play Services regardless of vendors, but you can avoid Samsung or Xiaomi spying on you)
Unlike webapps, every apps you install may spy on you. I prefer to not install apps if possible and use the web apps.
I try to only implement protections that cover a lot of areas:
I like what PagerDuty wrote on their security training - "Be secure, but usable". Most people don't put ten locks on their front door, but not zero either. My university course teach me that you should not invest in protection more than the cost of the harm itself. My bike cost $70. I'm not buying $100 bike lock to protect it (although for some people the cost of having to walk/taxi home may also make that investment worthwhile)
Well, natively. You can use a degoogled alternative distro or a Pixel with GrapheneOS, which banishes google play services into a sandbox and doesn't let it talk to anything without permission.
That's a really good reminder, I tend to catastrophize. Really no reason I need to throw away my devices and become a nomad haha.
Also, you make a really good point with the web apps, I'll keep that in mind.
I currently have my router set to use Adguard's public DNS (option 2 on that page). What are the benefits of switching to NextDNS? Why would I want to install either of their apps instead of simply pointing to the DNS IPs?
One benefit of NextDNS is that you can fairly extensively configure your settings, to choose exactly what is filtered. There are plenty of settings to fiddle with, though I haven’t been back to that panel in a while.
I think the only benefit of using the app is that you can quickly toggle NextDNS off if you want to fallback on your default DNS for whatever reason. Since I have a very strict filtering setup, I use this to quickly circumvent my rules, if I need to.
Also just learned Adguard is a Russian company. That's a no for me. https://www.reddit.com/r/nextdns/comments/15almtw/nextdns_vs_adguard_private_dns/juxzm85/
Ah very interesting, I wasn’t aware. I still use AdGuard on Safari (since there’s no uBlock), so I may need to reconsider that…
If you use AdGuard on Safari and only use the content blockers and don't enable the one that requests extra permissions, there's zero risk. The content blockers (the one that doesn't require any permissions) is just a text file telling Safari what to block and doesn't share any info back.
EDIT: Well if AdGuard wanted to not block Russian trackers, they could omit that from the content blockers I guess. Almost* no risk. I like Wipr as my Safari Adblock if you're down to drop a few dollars.
Edit: I made it 20 minutes into my comment and realized you weren't really talking about online information security, but I spent too much work on this so I'm going to post it anyway :p
I've been doxxed, witch hunted, and even swatted once: here's what I've done to help.
Google/Bing/whatever your name, your address, your phone number; any identifiable information you can think of that could be publicly available. Check multiple pages of results. Find every website that has your information on it and submit opt-out requests (99.9% of the sites should have this function, some don't) there are a lot of websites out there like peekyou, the Whitepages, etc which will just post your straight up name, address, number, etc for anyone to find. It's criminal.
Do the same for your immediate family members, especially your parents. Parents are the number one targets for psychos online and they usually don't have the wherewithal to do this kind of thing themselves. If you have the patience you can do it for inlaws as well, I once had someone call my sister in laws phone number dozens of times saying that I caused someone to kill themselves and I should be in jail. It really stressed her out and I felt terrible that she was targeted because of her relation to me.
Once you've done everything you can to remove your information from the people finder websites, do some digging into specific popular databases. You may find that you're still showing up in them despite them not appearing on searches.
For any public online information that you can't easily remove, submit a takedown request via Google. I believe they'll remove it from the search results if you give them a good enough reason, so feel free to get creative. This isn't foolproof obviously but it does a lot to slow down the lazier creeps online.
Consider trying out a paid service like incogni to go through a purge other records. It's usually not very expensive and can save you a lot of time and effort. I don't know how well they work, but for a few bucks it's probably worth it.
You can go even deeper and start planting fake information out there associated with your personal identity. Not really sure the best way to do this, but I believe you can submit corrections for online people searches and change things like addresses and phone numbers. You could also make fake social media accounts associated with your name or username and have false info planted there too. I personally haven't but it's worth a shot if you're desperate to have some barriers up.
Call your local PD and warn them that someone may attempt to SWAT you or your family. They usually are pretty clueless but sometimes you'll find someone helpful and they'll be able to make a note about it and maybe prevent a disaster.
Recognize that you will probably never be able to get all traces of your info off the web and don't stress out about it too much. You can only do so much, and it's not worth beating yourself up too much over it. Do your best and hope for the best, don't let the trolls win.
Hahaha not what I am looking for but good advice regardless!!
I use several things without fully de-goggling.
Listed all out like this it seems like a lot, but none of it is a real impediment to my daily activities so once setup, it's mostly unnoticeable. I just have to remember to whitelist new apps through NetGuard if they need the internet.
Privacy Badger is redundant if you have uBO set up correctly and actually adds more information to your fingerprint, making you more identifiable.
https://www.reddit.com/r/firefox/comments/o28yi4/ghostery_on_firefox/h26mguk/
https://www.reddit.com/r/privacytoolsIO/comments/l2dges/why_isnt_privacy_badger_recommended/
https://www.reddit.com/r/uBlockOrigin/comments/t2ojvg/ublock_origins_vs_privacy_badger_vs_disconnect/
I'll happily recommend the FUTO keyboard for Android, if you are uncomfortable with your search engine reading every keystroke. The speech-to-text feature is the best one that I've found. Good luck!
Great suggestion!
I have Fastmail with my own domains and am gradually switching over as logins come up since all at once is overwhelming.
Slowly moving off of the big platforms as well Google (only for services that require it), Twitter to Bluesky and Mastodon, Discord to IRC, Facebook remains for people who I can’t contact otherwise. Instagram still has a few amusing accounts.
I try to self host as much as possible using Photoprism and Immich with backups to my NAS and an S3 bucket as well.
I find that disabling notifications unless they no-shit need to be there (medication reminders) has been extremely helpful as well and helps you clean up your phone.
If you're blocking most cookies, don't share unnecessary data with apps, and have deleted your AdID, you're 90% of the way there. Internet privacy boards are tough places because the people who lurk there tend to be absolutely nuts - and often believe a lot of stuff that's just not substantiated by the facts. ("Your phone is constantly listening to your conversations to sell you ads!")
The bottom line is you've got to understand your actual threat model. Are you trying to sell drugs on the darknet or blow the whistle on an oppressive regime? Okay, let's talk about tails or whonix or whatever. You just want to limit the amount of data that could potentially identify you? Delete your AdID and keep location services off when you don't need it and you're pretty much good.
Check out https://privacyguides.org, it's probably the best privacy-related resource online! The website's co-founder is also on Tildes @freddy
Hi @willopillo, the first thing i would say is that: you are not alone! From catastrophizing (as you noted elsewhere in this post), to finding that right balance of privacy and dare i say convenience, there are plenty of people in a similar place to where you find yourself. As others noted, get an understanding of your threat model, level of comfort, etc...would be good idea to re-assess (I say "re-assess because you aren't starting from scratch here). And the privacy guides that another person posted is pretty good too! I guess the other aspect i would suggest is not to let this negatively impact your mental health. I say this from experience! I'm quite sensitive about my privacy, but then also need to maintain a balance to not let that desire for privacy and data sovereignty overtake my actual, real life. Stay safe, but do take care of yourself! :-)
Yes!! I have already taken some advice from this thread; I am going to take it slow to avoid overloading myself. thanks for sharing your input, this is really great advice.
Device: Pixel 8 or above.
OS: GrapheneOS (there is no competitor)
GooglePhotos: Ente Photo
Authenticator: Aegis Or Ente Auth
Internet Traffic Management: Rethink
File Manager: Mixplorer
Password Manager: Bitwarden
App store: Accrescent/Obtanium (Fdroid is not recommended for security)
Mail: ProtonMail, Tuta Mail, Infomaniac (Also use Aliases)
Cloud storage: Filen.io (or use whatever but encrypt before uploading before uploading)
ReadLater: Wallabag(self hostable)(RIP Omnivore)
Notes App: Notesnook/Obsidian/logseQ
Gallery: Fossify Gallery
Message App: QUIK SMS
Music App: RiMusic/Innertube/Spotube
Rss Reader: Feeder
Birthday Reminder: Birday
Smartwatch/Earbud Manager: GadgetBridge
ExpenseManager: MyExpenses
VPN: ProtonVPN/Mullvad
Browser: Chromium based are better from Firefox from security perspective Read here
WeatherApp: Breezy Weather
Maps: Organic Maps
Messaging: Signal.org(<3)/Molly
HackerNews: Harmonic
Come Hangout here: https://discuss.grapheneos.org/
Please ask If you have any specific question, I'll be happy to help to the best of my capability and remember this is a process.
edit: Keyboard: FlorisBoard/Heliboard
edit2: read this post on OpSec
What's wrong with F-Droid from a security perspective? Maybe the single-point-of-failure build system?
FairMail is treating me really well as an email client; I didn't love any of the ones you suggest above.
While I understand your perspective on Firefox, IMO full-fat uBlock Origin beats Chromium security every day of the week. My privacy is threatened much more by creepy companies than actual exploits, at which Firefox is at least reasonable, AFAIK. Fennec and Mullvad help keep Mozilla from creeping, too.
Overall a damn excellent list, though.
One somewhat out-of-scope consideration: your ISP and your cell phone provider! You may not be able to change ISPs, but you should at least poke around in your account settings to disable personalised advertising and tracking from the ISP, if possible. If you do have choice, compare! Cell phone providers are easier. Personally I use Google Fi, which I know seems crazy, but as far as I can tell they protect my call, text, and location information better than any other cell phone provider. AT&T and Verizon sell all of it, even down to your location data, these days. MVNOs can sometimes act a bit like unions, contracting special user data protections. Worth looking into if you really care!
If you have an Android, check out TrackerControl (TC) from the F-droid app store.
It allows you to control where apps are allowed to send data to, and disable them from sending your information to ad/tracker companies.
It's very granular and can also prevent apps from working if you disable too much, but it's categorised well and you just unstick restrictions until the app works again
I’ve been focusing on all smart home stuff lately. I was always very much against connecting appliances to the internet, but I really needed to control the heating remotely. Also got solar installed recently and I wanted to monitor production. For both I ended up writing Home Assistant connectors, because the available stuff still required the devices to connect to the lan. It took me quite some effort, but it’s running well now.
For TV I started using Kodi. This was triggered when I received an Android TV device, that thing was a privacy nightmare.
I've been debating switching Android phones and iPhones every 5-6 years just to create darkzones in my history with corporations like that but. Maybe better to get some of your opinions on that first :P
Since Google seems a primary issue for you, have you considered switching to the Apple ecosystem and disabling the services you find creepy on that? It has a lot of the same features of the Google ecosystem but they can be disabled.
The only main difference between Apple and Google is Apple doesn't sell any data to third party vendor currently. Otherwise all of the tracking and manipulation is same. Apple's privacy promise is marketing and it's working.