Hi! 2 and 4 months ago @Hellfire103 and @Charger8232 made a post about their privacy setup. So I though I would also share mine.
Remember these rules:
-
Be respectful! Some people are early on in their privacy journey, or have a lax threat model. Just because it doesn’t align with yours, or uses some anti-privacy software, doesn’t mean you can downvote them! Help them improve by giving suggestions on alternatives.
-
Don’t promote proprietary software! Proprietary software, no matter how good it may seem, is against the community rules, and generally frowned upon. If you aren’t sure, you can always ask! This is a place to learn. Don’t downvote people just because they don’t know!
-** Don’t focus solely on me!** I want to mention that this thread is not designed to pick apart only my setup. The point is to contribute your own and help others. That doesn’t mean you can’t still give suggestions for mine, but don’t prioritize mine over another.
- Be polite! This falls under “Be respectful”, but be kind to everyone! Say please, thank you, and sorry. Lemmy is really good about this, but there will always be someone.
Here is my setup:
Web browsing
- I use Librewolf for almost everything.
- For 3D stuff (games, 3d modelling) I use Brave.
- On mobile I use Vanadium.
- My preferred search engine is Kagi.
- Most if the time I have MullvadVPN enabled.
Desktop and laptop
- I have self-build Ryzen + Radeon PC and Ideapad with Ryzen CPU.
- I use Arch Linux BTW!
- I have disk encryption and Nitrokey as a decryption key (or a long password of course).
- I have secure boot with locked BIOS.
- I’m running self-compiled linux-hardened kernel.
- I’m using Gnome (Wayland).
- I have only open-source apps installed.
Mobile
- I have Google Pixel 7a with GrapheneOS.
- I have different 5 profiles: main, google, school, finance, anonymous.
- I have PIN on every profile and also fingerprint for main and school profiles.
- I always use VPN, either Mullvad or self-hosted Wireguard.
- I don’t use a privacy screen protector (for now).
Messenger
- Signal for my family.
- Viber for my schoolmates.
- MS Teams for school.
- Matrix for help with some open-source projects.
- Discord for voice chat and local scouts group. I have Aliucord on mobile and Armcord on desktop.
Online accounts
- Passwords are safe in self-hosted Bitwarden (Vaultwarden).
- I use 2FA if I can. Either hardware 2FA - Nitrokey, or TOTP with Aegis.
- I use SimpleLogin for email aliases and randomly generated usernames and passwords.
Video streaming
- I watch only Youtube. Newpipe on mobile and Invidious on desktop.
AI
- I do not use AI a lot, but if I do I use locally running LLama3 8B or Duckduckgo’s LLama3 70B
Social Media
- I had Instagram, Snapchat and Viber accounts, but I’ve deleted them.
- I use only Lemmy on clearweb and Dread on darkweb.
- I have Mastodon account, but I don’t use it.
- I use ProtonMail.
- One of the best privacy things you can do is use SimpleLogin (or other email alias service).
Shopping/Finance
- IRL I use cash most of the time.
- Online I use Monero if I can, otherwise just my credit card.
- Cashew app for helping managing my purchases.
Music streaming
- I use only RiMusic on my phone, that’s it.
TV shows
- I use a VPN, that’s all I’m gonna say…
Gaming
- Minecraft, Veloren, SuperTuxKart, and some Steam games.
Programming
- I forgot how to code in Python, because Rust is so much better.
- VS Codium.
Productivity
- LibreOffice for simple stuff.
- Typst for proper documents.
Paid services
- ProtonMail - 4$ per month
- SimpleLogin - 30$ per year
- MullvadVPN - 5$ per month
- Kagi - 10$ per month. For 5$ you get 300 searches, I use ~350 searches so I will try to lower my searches.
- Domain - 13$ per year
Self-hosted
- Everything runs on Raspberry Pi 4 with encrypted micro SD card.
- Pi-Hole for blocking ads on network level.
- Bitwarden (Vaultwarden) for storing all my passwords.
- Wireguard server (with pihole as DNS) for connecting back home from anywhere.
- Ntfy for self-hosted push notifications.
- MollySocket for Signal push notifications.
- FindMyDevice if I lost my phone.
- Cloudflare DDNS, because I don’t have static IP.
- Nginx Proxy Manager.
- Watchtower automatically updates docker containers.
- My website.
Misc
- I have Samsung Galaxy Watch 4 classic. I’m trying to do something about it…
- I’m using Syncthing to sync documents and pictures between my devices.
- I don’t have a car (because I can’t - I’m 17) and I won’t have one for quite some time. I have a bicycle and my parents have 2 (smart/spy) cars.
- I’m into crypto (mostly XMR) and I’m trading a little (making a trading bot) on MEXC. I also have Ledger Nano S Plus.
- I have a 3d printer and it’s fun and usefull :)
TODO
- self-host Git repos for my projects.
- Buy a privacy screen protector when I break my current one.
- Buy a faraday bag, just in case.
- Do something about my spywatch (maybe sell).
- Make backups… Yep, I don’t have any yet.
- Monitor and harden all my devices.
- Memorize cryptowallet’s private key in case it gets lost.
Thanks for reading!
Kagi isn’t private and it is misleading to advertise it as such. Neither is Duckduckgo and similar products but at least with DDG you don’t need sign in and give it payment information. DDG is also compatible with free software as it doesn’t need JavaScript.
Both Arch and Graphene OS ship proprietary software and encourage its use. In the case of Graphene they encourage the use of Google play and play services and in the case of Arch there isn’t any distinction between licenses and it ships with proprietary firmware and media codex. It is hard to get around such limitations if you want a phone and a newer computer but you state in your post that proprietary software should not be promoted.
Be mindful of dread and the dark web. You can get yourself into trouble if your not careful. Also dark web forms are a most certainly a honeypot
As far as your age goes you should be mindful of your parents and there wishes. Don’t grow up to fast. (Generic but true)
Overall not a bad setup.
Grapheneos does not encourage the use of Google Play services, it provides the option if you want them, but by default they are not installed.
All cellular phones have proprietary binary blobs for the hardware drivers. Unless we’re talking about the completely open source Replicant project, which supports maybe two phones, and poorly… But even then, replicants still has proprietary binary blobs just less so than others
not trying to argue the fact Kagi isn’t private.
kagi gives me some very very good search results, i haven’t been able to find better anywhere else with no fine-tuning or anything. works great out of the box.
That’s completely fair. My problem is when people say it is private.
Kagi isn’t private and it is misleading to advertise it as such.
What is your reasoning for this statement?
Going directly from Kagi’s own privacy policy, “To ensure your privacy and security, we don’t monitor, log or store your queries or associate them with your account”.
Of course you have to believe them, but that’s the same for every service that you do not host or compile yourself, and for which you’ve read the entire source code yourself.
They require your payment information and you sign in to use it.
First of all, you can pay with crypto and use a burner email, but secondly, they don’t link searches to your payment or sign in. (Assuming of course you take their word for it, but that’s the same for every service that you do not host or compile yourself, and for which you’ve also read the entire source code yourself.)
I’m not saying people should use Kagi, I’m merely pointing out you can’t claim it’s “misleading and not private” without providing some sort of proof.
At best you can say you can’t verify for yourself that they are indeed private as they claim.
On Duckduckgo you can use it with Tor and have a totally different session for each search. You can’t do that with Kagi. You are stuck with one account for everything.
ddg results aren’t as good :(
So all of your internet searches are tied to one kagi account? That doesn’t sound very private.
I know but it’s way better than Google.
Google is the worst. There’s many options better. Try ddg or quant
I did and every other search engine is slower than google which is very important to me. But when I tried Kagi it was so quick, even faster than Google.
That’s totally fine, and your use case is absolutely valid, it’s just not private. Using it is fine, just don’t think it’s private.
It’s private if you give email alias and pay with crypto or prepaid cards.
nobody is talking about the results tho lol, the results are so bad on google these day unless your looking for stuff near you to go eat etc… better to use FOSS LLMs instead of google
That’s not a comparison as both Google and Kagi require a sign in
So all of your internet searches are tied to one kagi account?
Kagi states in their privacy policy, “To ensure your privacy and security, we don’t monitor, log or store your queries or associate them with your account”.
Of course you have to believe them, but that’s the same for every service that you do not host or compile yourself, and for which you’ve read the entire source code yourself.
You seem to be aware of many things.
Just for communication you are using more unfree tools then free and more then in the other categories.
Yep, its how it is. I converted my family from Viber to Signal, but whole my class… Thats maybe too much.
This is missing a critical piece of context. What is your threat model? Its impossible to know if what your doing even makes sense without that. What are you trying to protect and who are you trying to protect it from?
Probably hates Google for tracking his every move online (hence the Google Pixel phone).
Running GrapheneOS.
Anything trying to run “private” that introduces anything Google into the environment should be considered compromised. Why would want anything from the biggest corporate ad business in the world in your environment?
GrapheneOS is the most secure mobile OS except things like Ubuntu Touch, or using throwaway phones etc which obviously don’t support the apps you need to exist in society these days.
For 3D stuff (games, 3d modelling) I use Brave.
Can you elaborate on this? What exactly are you doing?
I have a 3d printer and linux. The only good 3d modelling software I found is OnShape which is online.
Forgive me if it sounds preachy, but have you tried Blender?
I use that for my 3d printing and game-ready modelling.
Or FreeCAD
Freecad is good once you learn the basics
Yes I did but it was too complex for me at the time. Maybe I’ll give it a second go.
Is there any special way that you use Blender that makes it good for CAD? I also love using blender for my 3D printing projects since I have lots of experience using it for animation projects and can make models very fast. It is just that it becomes much harder when exact dimensions are important which is where software like Fusion and FreeCAD shine, not to mention the parametric modeling.
No idea if this is a useful suggestion, but I saw it spoken of in another thread about CAD software: there’s a free and open source plugin called BlenderBIM that is apparently a decent option.
CAD has never clicked in my brain but I have a relatively non-destructive workflow in Blender from a decade of experience and it’s not really a problem to me. I can make the model far more precise than any printer I have access to can print. I’m too stupid to explain it unfortunately, but I essentially just make use of Blender’s built in measuring tools
Interesting. I usually will use the measuring tools as a sanity check to make sure I did not mess up before I spend an hour printing. Most of my projects are mostly composed of primitives and boolean modifiers so I can usually put my dimensions in the panel that appears when you create an object.
I’ve just started the hobby and stumbled upon plasticity. Seems to be the new kid on the block, doing things a bit different than the established CAD tools, but for me it’s been perfect. And I was looking for a solution without subscription, which is almost nonexistent
Looks nice, I’ll try it!
Looks like you’re paying $138/yr for Proton, SL, and vpn. Consider getting Proton Unlimited for $120/yr which includes all of the above, and use Proton vpn.
Thanks for advice! If I upgrade to proton unlimited for next 2 years I get 500gb of cloud storage and (imo) a little worse but still great VPN for 3,5$ less per month.
Do I have unlimited aliases on Proton Pass or also on SimpleLogin? You can login to simplelogin using proton account.
I have 15 days left on MullvadVPN and maybe 2 months on SimpleLogin. I’ll upgrade next month.
You get all of simplelogin with unlimited. There is a way to convert your login so you won’t lose your setup. And I BELIEVE that it prorated any unused time you had left on your simplelogin account, so you would get credit for the 3 months you have left when you convert it… But not 100% positive on that, check with support. But I do know when I converted mine a few days before simplelogin was going to expire I was charged for a new month of service with some credit applied. So there is a process.
IMO if you’re using proton mail, and simple logon anyway and want a VPN then unlimited is kind of a no brainer. It works pretty great for me.
I love seeing more Monero users. Welcome to the club, my friend. You’re in good company.
Very cool, this list matches with a lot of stuff that I do but a few that I’ve been too lazy to implement but your post gives me a good checklist to get on it. On the backup part, I suggest Nextcloud and Immich on a self hosted server…
I would love to see tutorials on how to get these services as a website up and running.
I’m already building the website ;)
Nice setup! I might have to do a redux…
This is really fascinating. I’m on this journey, too, and do a lot that’s similar, but I’ve not heard of some of what you do/use and some of it sounds beyond my capabilities.
That was interesting to read. I think privacy is a continuum, you can reach a lot with relative easy steps but it is very hard to reach 100%. So don’t get annoyed by the extremist views here.
You should look into Gadgetbridge for your smart watch needs. I don’t think it’s compatible with that watch but if you get one that does work with it, it allows you to use it pretty much like normal but without any proprietary companion apps
k