Best privacy preserving measures
-
You might enjoy reading Extreme Privacy by Michael Bazzell
I ordered it yesterday
Thanks for the suggestion though. I really appreciate it.
-
I would be more than glad to connect and learn from more experienced people. DM is fine or do you prefer something else?
or XMPP would work as well
-
Considering the current intrusive cyber climate, what are the best ways to preserve privacy?
For example, I have been exclusively using a VPN connection network-wide at home setup on OpenWrt, which in turn has a PiHole as its DNS, with the PiHole using Unbound and NextDNS (redundant I know, but I use it to encrypt my requests more than anything else).
I also have Wireguard setup so I can VPN all my devices to my network while I am on the road (also have a NextDNS profile installed. Yes I know, itâs redundant).
I also basically have all my âsmartâ devices (TV, lightbulbs, air purifier, etcâŚ) at home cutoff from the internet using OpenWrtâs firewall to prevent them from calling home.
I rotate web browsers frequently to try and attempt avoiding getting fingerprinted, not sure how useful that is.
I switched email providers to mailbox.org because f*** Google and Microsoft.
I also am hosting my own cloud drive on Nextcloud to avoid using services like GDrive, OneDrive, Dropbox, etcâŚ
I own Apple devices which arenât the best for privacy but migrating from a whole ecosystem that I have been embedded in for MANY years is easier said than done. Hopefully in the future thatâs my next move.
I feel like there is a lot more I can do but I am not sure what else. I would appreciate any and all suggestions yaâll might have.
EDIT: Iâm not being too extreme with my caution as some comments are making it sound to be. I am a very average person who is privacy conscious yet realize being cut off from the internet and society is not realistic. I guess my threat model is your basic âday-to-day itâs non of your business who am I online or what I do, please donât profile/fingerprint me, I am just a passerbyâ kinda threat model.
You pretty much got the foundational stuff plus a little more established. Aside from getting away from Apple, which you already mentioned, there's not much more I can think of without going full tinfoil hat. The main thing, in my opinion, is just not being a wide open door and giving away your personal data freely. Sounds like you're there, so long as you don't have social media accounts.
-
Considering the current intrusive cyber climate, what are the best ways to preserve privacy?
For example, I have been exclusively using a VPN connection network-wide at home setup on OpenWrt, which in turn has a PiHole as its DNS, with the PiHole using Unbound and NextDNS (redundant I know, but I use it to encrypt my requests more than anything else).
I also have Wireguard setup so I can VPN all my devices to my network while I am on the road (also have a NextDNS profile installed. Yes I know, itâs redundant).
I also basically have all my âsmartâ devices (TV, lightbulbs, air purifier, etcâŚ) at home cutoff from the internet using OpenWrtâs firewall to prevent them from calling home.
I rotate web browsers frequently to try and attempt avoiding getting fingerprinted, not sure how useful that is.
I switched email providers to mailbox.org because f*** Google and Microsoft.
I also am hosting my own cloud drive on Nextcloud to avoid using services like GDrive, OneDrive, Dropbox, etcâŚ
I own Apple devices which arenât the best for privacy but migrating from a whole ecosystem that I have been embedded in for MANY years is easier said than done. Hopefully in the future thatâs my next move.
I feel like there is a lot more I can do but I am not sure what else. I would appreciate any and all suggestions yaâll might have.
EDIT: Iâm not being too extreme with my caution as some comments are making it sound to be. I am a very average person who is privacy conscious yet realize being cut off from the internet and society is not realistic. I guess my threat model is your basic âday-to-day itâs non of your business who am I online or what I do, please donât profile/fingerprint me, I am just a passerbyâ kinda threat model.
The measures youâve taken are more than enough for your threat model. I think it now depends on your data hygiene. Weakest link kinda thing, where it doesnât matter if your home network is locked down and you use privacy friendly services if youâre careless with your data anyway; which I assume you arenât.
-
You pretty much got the foundational stuff plus a little more established. Aside from getting away from Apple, which you already mentioned, there's not much more I can think of without going full tinfoil hat. The main thing, in my opinion, is just not being a wide open door and giving away your personal data freely. Sounds like you're there, so long as you don't have social media accounts.
I feel I am missing out on other things and that I could do much better though.
Like you said, aside from a tinfoil hat, I think my setup is very basic and can be improved.
-
The measures youâve taken are more than enough for your threat model. I think it now depends on your data hygiene. Weakest link kinda thing, where it doesnât matter if your home network is locked down and you use privacy friendly services if youâre careless with your data anyway; which I assume you arenât.
Thank you.
To your point, one example that comes to mind is that I have read many people complaining about cloudflare, saying itâs âevilâ and over extending. While I agree on the aspect of Cloudflare being sort of a monopoly, I am not sure what else to use to route some of my traffic to my services running at home without explicitly opening up ports to the internet by using a reverse proxy for example.
In that regard, Cloudflare has access to my traffic and data could theoretically leak that way, but I am not sure what is a safer and better alternative to it.
-
I feel I am missing out on other things and that I could do much better though.
Like you said, aside from a tinfoil hat, I think my setup is very basic and can be improved.
More encryption is the only thing I would think worthy of mention since I don't see that listed anywhere. Encrypted messengers, encrypted storage, encrypted emails.
-
Thank you.
To your point, one example that comes to mind is that I have read many people complaining about cloudflare, saying itâs âevilâ and over extending. While I agree on the aspect of Cloudflare being sort of a monopoly, I am not sure what else to use to route some of my traffic to my services running at home without explicitly opening up ports to the internet by using a reverse proxy for example.
In that regard, Cloudflare has access to my traffic and data could theoretically leak that way, but I am not sure what is a safer and better alternative to it.
All data is routed through somewhere you don't have control over at some point. If everything is encrypted then you are fine. You could setup a vps and proxy through that instead of Cloudflare, but you are just relying on the vps provider to protect any data/not snoop then rather than Cloudflare.
The only real way to be completely private is to just avoid connecting to the internet at all, but that's not really feasible. Just get to a point where you are comfortable, you've already done more than most to protect yourself (as much as you can without it getting silly anyway). Good job!
-
Considering the current intrusive cyber climate, what are the best ways to preserve privacy?
For example, I have been exclusively using a VPN connection network-wide at home setup on OpenWrt, which in turn has a PiHole as its DNS, with the PiHole using Unbound and NextDNS (redundant I know, but I use it to encrypt my requests more than anything else).
I also have Wireguard setup so I can VPN all my devices to my network while I am on the road (also have a NextDNS profile installed. Yes I know, itâs redundant).
I also basically have all my âsmartâ devices (TV, lightbulbs, air purifier, etcâŚ) at home cutoff from the internet using OpenWrtâs firewall to prevent them from calling home.
I rotate web browsers frequently to try and attempt avoiding getting fingerprinted, not sure how useful that is.
I switched email providers to mailbox.org because f*** Google and Microsoft.
I also am hosting my own cloud drive on Nextcloud to avoid using services like GDrive, OneDrive, Dropbox, etcâŚ
I own Apple devices which arenât the best for privacy but migrating from a whole ecosystem that I have been embedded in for MANY years is easier said than done. Hopefully in the future thatâs my next move.
I feel like there is a lot more I can do but I am not sure what else. I would appreciate any and all suggestions yaâll might have.
EDIT: Iâm not being too extreme with my caution as some comments are making it sound to be. I am a very average person who is privacy conscious yet realize being cut off from the internet and society is not realistic. I guess my threat model is your basic âday-to-day itâs non of your business who am I online or what I do, please donât profile/fingerprint me, I am just a passerbyâ kinda threat model.
You are still exposed by using Apple products. Use linux for PC's with encryption, vpn. For a phone, switch to device, such as a Google Pixel, or several other manufacturers that can use a privacy android rom. I use CalyxOS, private, secure and de-googled.
Lets not forget...operation PRISM which was exposed by Snowden.
-
Considering the current intrusive cyber climate, what are the best ways to preserve privacy?
For example, I have been exclusively using a VPN connection network-wide at home setup on OpenWrt, which in turn has a PiHole as its DNS, with the PiHole using Unbound and NextDNS (redundant I know, but I use it to encrypt my requests more than anything else).
I also have Wireguard setup so I can VPN all my devices to my network while I am on the road (also have a NextDNS profile installed. Yes I know, itâs redundant).
I also basically have all my âsmartâ devices (TV, lightbulbs, air purifier, etcâŚ) at home cutoff from the internet using OpenWrtâs firewall to prevent them from calling home.
I rotate web browsers frequently to try and attempt avoiding getting fingerprinted, not sure how useful that is.
I switched email providers to mailbox.org because f*** Google and Microsoft.
I also am hosting my own cloud drive on Nextcloud to avoid using services like GDrive, OneDrive, Dropbox, etcâŚ
I own Apple devices which arenât the best for privacy but migrating from a whole ecosystem that I have been embedded in for MANY years is easier said than done. Hopefully in the future thatâs my next move.
I feel like there is a lot more I can do but I am not sure what else. I would appreciate any and all suggestions yaâll might have.
EDIT: Iâm not being too extreme with my caution as some comments are making it sound to be. I am a very average person who is privacy conscious yet realize being cut off from the internet and society is not realistic. I guess my threat model is your basic âday-to-day itâs non of your business who am I online or what I do, please donât profile/fingerprint me, I am just a passerbyâ kinda threat model.
How do you firewall specific devices with OpenWRT? That's something I'm about to start attempting myself.
-
How do you firewall specific devices with OpenWRT? That's something I'm about to start attempting myself.
wrote last edited by [email protected]I used the IP + MAC address of the devices I want to block.
-
Thank you.
To your point, one example that comes to mind is that I have read many people complaining about cloudflare, saying itâs âevilâ and over extending. While I agree on the aspect of Cloudflare being sort of a monopoly, I am not sure what else to use to route some of my traffic to my services running at home without explicitly opening up ports to the internet by using a reverse proxy for example.
In that regard, Cloudflare has access to my traffic and data could theoretically leak that way, but I am not sure what is a safer and better alternative to it.
wrote last edited by [email protected]Check out Pangolin with a cheap Racknerd VPS. More info over in c/[email protected]
-
You might enjoy reading Extreme Privacy by Michael Bazzell
This book is amazing. Every other resource I find refers back to Michael Bazzell as the expert.
-
I used the IP + MAC address of the devices I want to block.
Do you set static IPs for everything you wish to block?
-
or XMPP would work as well
Hey fellow XMPP user!! lol
-
Considering the current intrusive cyber climate, what are the best ways to preserve privacy?
For example, I have been exclusively using a VPN connection network-wide at home setup on OpenWrt, which in turn has a PiHole as its DNS, with the PiHole using Unbound and NextDNS (redundant I know, but I use it to encrypt my requests more than anything else).
I also have Wireguard setup so I can VPN all my devices to my network while I am on the road (also have a NextDNS profile installed. Yes I know, itâs redundant).
I also basically have all my âsmartâ devices (TV, lightbulbs, air purifier, etcâŚ) at home cutoff from the internet using OpenWrtâs firewall to prevent them from calling home.
I rotate web browsers frequently to try and attempt avoiding getting fingerprinted, not sure how useful that is.
I switched email providers to mailbox.org because f*** Google and Microsoft.
I also am hosting my own cloud drive on Nextcloud to avoid using services like GDrive, OneDrive, Dropbox, etcâŚ
I own Apple devices which arenât the best for privacy but migrating from a whole ecosystem that I have been embedded in for MANY years is easier said than done. Hopefully in the future thatâs my next move.
I feel like there is a lot more I can do but I am not sure what else. I would appreciate any and all suggestions yaâll might have.
EDIT: Iâm not being too extreme with my caution as some comments are making it sound to be. I am a very average person who is privacy conscious yet realize being cut off from the internet and society is not realistic. I guess my threat model is your basic âday-to-day itâs non of your business who am I online or what I do, please donât profile/fingerprint me, I am just a passerbyâ kinda threat model.
Use cash. A card payment allows your bank and the shop to track you.
-
Do you set static IPs for everything you wish to block?
wrote last edited by [email protected]Setting static IPâs is generally a good practice to take if you want to keep track of any device.
-
Hey fellow XMPP user!! lol
hahah, nice. try and message me when you get a chance and ill share my notes.
-
Thank you.
To your point, one example that comes to mind is that I have read many people complaining about cloudflare, saying itâs âevilâ and over extending. While I agree on the aspect of Cloudflare being sort of a monopoly, I am not sure what else to use to route some of my traffic to my services running at home without explicitly opening up ports to the internet by using a reverse proxy for example.
In that regard, Cloudflare has access to my traffic and data could theoretically leak that way, but I am not sure what is a safer and better alternative to it.
Tailscale (https://tailscale.com/) works great for remote access to your private services. Once the wireguard tunnel is established, then the traffic is peer-to-peer (assuming itâs configured correctly) and not through their centralized servers. Even from a mobile device.
-
Considering the current intrusive cyber climate, what are the best ways to preserve privacy?
For example, I have been exclusively using a VPN connection network-wide at home setup on OpenWrt, which in turn has a PiHole as its DNS, with the PiHole using Unbound and NextDNS (redundant I know, but I use it to encrypt my requests more than anything else).
I also have Wireguard setup so I can VPN all my devices to my network while I am on the road (also have a NextDNS profile installed. Yes I know, itâs redundant).
I also basically have all my âsmartâ devices (TV, lightbulbs, air purifier, etcâŚ) at home cutoff from the internet using OpenWrtâs firewall to prevent them from calling home.
I rotate web browsers frequently to try and attempt avoiding getting fingerprinted, not sure how useful that is.
I switched email providers to mailbox.org because f*** Google and Microsoft.
I also am hosting my own cloud drive on Nextcloud to avoid using services like GDrive, OneDrive, Dropbox, etcâŚ
I own Apple devices which arenât the best for privacy but migrating from a whole ecosystem that I have been embedded in for MANY years is easier said than done. Hopefully in the future thatâs my next move.
I feel like there is a lot more I can do but I am not sure what else. I would appreciate any and all suggestions yaâll might have.
EDIT: Iâm not being too extreme with my caution as some comments are making it sound to be. I am a very average person who is privacy conscious yet realize being cut off from the internet and society is not realistic. I guess my threat model is your basic âday-to-day itâs non of your business who am I online or what I do, please donât profile/fingerprint me, I am just a passerbyâ kinda threat model.
You have taken a lot of useful steps. May I suggest email aliases? Using same email address on many services is too easy to track
