this post was submitted on 11 Jul 2023
10 points (100.0% liked)

Privacy & Security UK

189 readers
16 users here now

A place to talk online privacy and security. From Personal VPNs to data breaches and everything in between, there should be something for everyone. No matter if you are a seasoned professional, believe you should control your own data or just wanting to know more, let chat.

Rules

The rules are simple:

Other privacy communities

founded 1 year ago
MODERATORS
 

I have not always had an interest in data privacy. Actually, it took me moving in to being a data engineer in the marketing world to really realise the intense nature of data capture.

Like, I am sure, a large proprotion of the privacy aware population, it is not that there is anything to hide, just that privacy of data should be a right. It is one of the reasons I stepped away from most social networks, try to de-Google as much as I can and take care in my data landscape.

But, how does everyone else manage theirs? It would be good to share some useful tips, resources, tools, etc. that the wider community (as it grows) can use.

For me, I use:

  • A VPN (Mullvad in this case)
  • Firefox with 'some' hardening (don't want to totally cripple the online experience)
  • Windows OS with telemtry disabled across the system (never perfect but I am happy)
  • Simplewall (Windows App) to manage some outbound traffic
  • Random password generators (exact logic is incredibly unique to me)
  • Android (mobile) with as much telemetry disabled as possible
  • Privacy Guides, a great website to keep atop of new updates
  • Various threat landscape blogs and podcasts

Listing it out, it sounds like I do a lot but this is pretty tame. I accept that there is a balance between user experience and privacy. Yes, I could totally de-Google my phone but then a lot of useful functionality is lost. Same with Windows, I could move to Linux full-time (and would if I could) but I am a gamer and, while Linux is improving in that landscape, it ain't great just yet.

top 10 comments
sorted by: hot top controversial new old
[–] tkc 8 points 1 year ago

Hey, good to see this here. I've been told to take the tin-foil hat of by family and friends before, so I think that sums me up a bit haha.

I'm running Arch linux, on laptop and desktop, I also use Mullvad browser, which comes with UBlocm Origin and NoScriot. Some sites break, but then I fall back to Brave.

I also have GrapheneOS on a Pixel 5. I try to use as much FOSS app downloaded from Github repos as possible. Obtainium is a godsend for keeping these up to date. I use Aurora store for Play Store apps, which are only installed in the Work profile, and I have sandboxes Google Apps installed I'm both profiles.

At home I run Pi-Hole with Unbound as a local DNS. This also breaks some things, but I probably dont want them working anyway haha.

I also self host Bitwarden as a password manager and use ProtonMail for email.

Phew...

Next steps are to get Nextcloud working for photo backup, and shared calendars between me and my partner. We've been using something called Time tree for years, but its full of ads.

[–] Spooner 6 points 1 year ago (2 children)

This is a great topic, that's right up my street.

The biggest change that I made to my home privacy / security is deploying PiHole on the local network. The sheer amount of tracking and nasty ad / malware sites out there is astonishing. About 15% of all my web traffic at home is blocked at the DNS level. All of that crappy MIcrosoft Telemetary just gets stopped dead. Samsung also trys to ingest a lot of data from my TV and Washing machine, but PiHole stops most if not all of that.

When out and about on the Android phone / tablet, I've switched to FireFox and Ublock origin.

[–] echo 2 points 1 year ago

I really need to setup a PiHole. I have an old Raspberry Pi 2 lying around somewhere so might do that when I get a minute.

[–] tkc 1 points 1 year ago

The worst "nornal" devices are my LG TV and Playstation. The absolute worst I'd my TP Link Tap Web can I use to watch the dog. Its blocked from accesses the internet, but accounts for something ridiculous like 30% of all my network traffic.

[–] smeg 4 points 1 year ago (1 children)

Shout out to !privacyguides@lemmy.one, the official Privacy Guides community in case you were unaware.

I'd definitely recommend GrapheneOS to anyone with a Pixel, simplest ROM I've ever installed (none of that exploit and rooting stuff we used to have to deal with!) and you can still install sandboxed Google Play Services if you want things to work in the "normal" way without giving Google the keys to the castle.

On the desktop it's definitely worth ditching Windows for some flavor of Linux, a happy halfway house is to dual boot and only use Windows for stuff that actually needs it.

Use Signal to message people if you can convince them to download it, though even WhatsApp is better than most of the unencrypted options.

Biggest thing that anyone can do though is to use a password manager to generate and save long, random passwords that are unique (i.e. never reused anywhere) - eventually some dodgy website will leak the password you used and the email associated with it so make sure Jonny Hackerman can't then use the same creds anywhere else! I'd recommend BitWarden, but even the one built into your browser is better than nothing.

[–] lypticdna 2 points 1 year ago (1 children)

A great setup. I have considered getting a Pixel for the exact reason of GrapheneOS. I am still stuck in convenience at the moment hence why I have stock Android and use Windows. That said, I do have many other things in place with VPNs, anti-telemetry, etc.

Cheers for sharing the link to Privacy Guides, I have followed them for a while now. I had already added a link to the sidebar and would be more than happy to add any other useful links.

[–] smeg 2 points 1 year ago

I think DivestOS is generally recommended if you cant install GrapheneOS, it's a fork of LineageOS with improved privacy/security

[–] gutter564 2 points 1 year ago

Great vpn especially if you pay with crypto. I recommend getting email aliases too for signing up to other things and voip if you're really paranoid.

/e/os de googled phone has all functionality imo, almost nothing to compromise.

As for gaming, you could consider booting Linux for most games and everything else and just keep windows for some games (eg valorant) but don't do anything else there!

[–] lypticdna 2 points 1 year ago (1 children)

Haha, I get the whole "tinfoil hat" topic. Often comes up when I bang the drum of privacy. You setup @tkc@feddit.uk is definately where I want to be and making moves to get there. I have my laptop on Arch but my desktop is still very much Windows. I do check outbound traffic with each update and telemetery is not a huge issue though I imagine something is getting through.

Good to see you are both using PiHole too. I have not gone through the process of setting that up yet but it is on my list of things to do. I am sure I will be surprised with how much is leaking out from the many other devices connected to my network. Still, having kids at home, makes it a little more difficult to just go hardcore blackout (turns out blocking Facebook domains on the home networks is frowned on by the family).

[–] tkc 2 points 1 year ago

I think I'm at a happy medium. Theres not much I would want to do, either because of the impact or effort involved. It was fun at dirsr, but now maintainance and doing things "correctly" really is just work sometimes.

Truthfully, there are also times I concede. It's really hard to preach the message when you're lost in the rain and no one has the patience to understand why you dont want to use Google Maps or Uber haha.

I have had to let some things through, like FB and Instagram. The Hayu app refusing to play anything unless it can reach its ad/telemetet servees!

My partner understands and is supportive, but just doesn't seem ultimately bothered by it. I think it takes some being on the other side of the curtain to truely understand.