this post was submitted on 09 Sep 2023
2 points (100.0% liked)

technology

23260 readers
1 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

founded 4 years ago
MODERATORS
 

yall seriously should start to consider using privacy alternatives, especially given the uh, not exactly pacifistic nature of the beliefs on this site, not being tracked should be essential, so I've compiled a list of things and knowledge I've used

you don't need to immediately fully switch onto everything in this list, but it's useful to know of these things so you can use them if you want to do... questionable things

this is not an end all be all guide, I am not an expert, please do your own research!

Browsers

please do not use google chrome.

you can get away with regular firefox if you configure it with a guide but if you don't wanna deal with it LibreWolf is a perfectly fine alternative. if you REALLY have to use chrome you can use Brave stripped of the crypto and ads crap or Ungoogled Chromium

avoid Vivaldi as it's not open source so you can never actually know if it's not tracking you, you have to trust them.

Browser extensions

block ads with uBlock Origin, you can get a blocklist from EasyPrivacy in this list to in one click block a bunch of trackers

You can get some 100% seamless fingerprint prevention installing CanvasBlocker, ClearURLS and Cookie AutoDelete (they all have chrome versions)

Consent-o-Matic automatically rejects most "hey can we track you?" popups when you open a website, not all but a huge part of them.

always reject all cookies a website asks to track about you, including "legitimate interest" ones, no matter how annoying. by law the popups should have a "reject all" button but not everyone complies.

Decentraleyes and Privacy Bager are "set it and forget it" addons that block trackers and increase your privacy a lot.

all of these have chrome versions I just discourage you from using it a lot.

Search engines

the absolute best and most private search engine is the SearX instance most near you, it scrapes google's search results so you don't actually lose anything, it's fully open source, customizable, etc etc. I personally use paulgo.io on europe.

other search engines like Startpage or Brave Search are still infinitely better than google and bing but they are centralized and run by corporations and do still collect a few things about you

alternatives for popular sites

Gmail: use ProtonMail for email and never share anything important or sensitive via it. It has tools to redirect stuff from your old gmail to the new protonmail. there are alternatives but the only ones that have 0 access encryption on your emails by default are them AFAIK

ProtonMail has previously shared IP addresses of its users before, they literally have to or otherwise get shut down since it's the government itself forcing them. Email is an inherently unsafe protocol, do not use it for organizing or sharing things you don't want to be known

Youtube: you can for the most part continue to use youtube using Piped and NewPipe (be sure to get NewPipe from F-Droid, other stores fill it with ads), if you import your subscriptions then the only thing you'll lose out on is the recommendation page

Twitter: If you don't post, you can see what people post on Nitter, it's barebones and very manual though

Reddit: sadly privacy frontends for reddit are dead, some that use web scraping are being developed but for now just use Lemmy as usual

LibRedirect automatically redirects links to these privacy friendly alternatives, it's a pain to setup but it's very helpful

General networking privacy

VPN: It's typically not a huge problem to have a VPN turned on at all times if you're really paranoid, but otherwise it's good to have one installed in case you need it for anything. I can only really recommend ProtonVPN and Mullvad, you have to do your own research though, don't go with the ones that are regularly sponsored by youtubers. Make sure they have a security audit and that they do not log traffic.

DNS: these ensure that all your DNS traffic is encrypted and is then ran through a blocklist that removes more tracking, the one I use is Quad9 it has guides to set it up on most operating systems, it's a bit of a pain but once it's done you can forget about it.

TOR: it's absolutely essential that you use the Tor Browser if you truly want to be anonymous while doing something online - it's really the only almost foolproof way. Use a VPN with it. Private browser tabs do not protect you, not even those that say they use the Tor protocol. The only way to safely use Tor is through the Tor Browser.

Firewall: can be a bit redundant but still useful. Hard to learn how to use properly but once you've configured one you very rarely have to change stuff. The one I use is PortMaster and it also has support for setting your system-wide DNS resolver automatically (so you don't have to go through the painful steps of setting up Quad9 and stuff like that)

Password Manager: I personally recommend Proton Pass because it has tools to create fake email aliases that help reduce tracking even more. but the most secure way I know of is to self host KeepassXC

absolutely NEVER EVER use your browser to store passwords, they are stored unencrypted and anyone with remote access can see them in a few clicks.

enable 2FA on anything that matters to you, do not use google authenticator or Authy, the one I recommend is Aegis, but the 100% most secure solution is definitely to get a YubiKey

I recommend saving the 2FA recovery codes in either an USB or written in pen and paper. Do not store them on your computer because otherwise anyone with remote access can always get to them.

Firefox Profiles: If you use firefox or firefox based browsers and you rightclick the new tab button you can open it in a different container or profile. it's useful to open different things in different profiles so that no tracker knows everything about you and only the limited set of things you do in that profile.

Application alternatives

always always always prefer open source stuff if you don't 100% NEED a closed-source program. you can only be certain a piece of software is private and secure if it is open source, period.

Office: unless you are an excel wizard, you probably won't lose anything by switching to LibreOffice or OnlyOffice (the latter has a bit more compatibility with Microsoft Office). do not use OpenOffice it is basically abandonware.

Photoshop: there is no seamless alternative, and if you use the complicated or advanced features of the program you're kinda screwed. if you only really use basic stuff to make like, memes... you'll only have to be a bit inconvenienced learning a new program for a few days by switching to Gimp, there is a configuration that tries to make it as close to photoshop as possible to minimize friction but it will still exist

Google drive, google photos, apple icloud, onedrive etc..: Nextcloud is just or even more powerful than all of these, and is a million times more privacy respecting. do note that end-to-end encryption works pretty badly so unless you self host it with a NAS (don't worry if you don't know what that means) it won't truly be a 100% private unless you mix it with something like Cryptomator. there are many provides of Nextcloud, some free some paid.

An out of the box end-to-end encrypted online storage is Proton Drive. for backups of your files, you can use Vorta encrypted backups in BorgBase

Google Docs: You can usually pair a Nextcloud instance with OnlyOffice to have a Google Docs alternative.

Operating System

Windows: look I know people get really defensive about this but truth is, unless you know you are using an application that you can't substitute in any way and you know for sure it doesn't work on Linux at all (most of the time it's something from Adobe or Autodesk) it really won't be that huge of a deal to switch to linux

it's not for everyone, it won't be seamless, but a lot of people paint it as some sort of time consuming hell that you will never get out of. If you have an Nvidia graphics card a lot of stuff will be glitchy and kinda dumb but nothing that breaks your workflow.

if you're interested in trying it out, the two distros I can recommend are Linux Mint if you want a very stable experience that removes a lot of the need to use any command line stuff at all, or Nobara if you are a hardcore gamer and want the latest drivers and stuff

If you mainly use your computer for browsing, editing some documents, talking with people on discord, playing a few 2D games, etc etc... I would recommend Debian, it's very old, you will not get updates that have new features for a while, but it's extremely stable, as long as you follow basic guidelines, it's one of the most indestructible operating systems, it will never randomly die on you as everything is tested to the utmost extreme.

If you don't want to switch up your workflow too much, look into distros that use or can use the KDE desktop environment, by default it's basically windows. also, in the rare case that you have or can have two graphics cards, you can look into making a windows VM with gpu passthrough, it is a huge pain to do though. I don't recommend dual boot because you're just always going to boot into windows.

if you can't switch away from windows, there are still steps you can take to make it a more private OS. lookup into ShutUp10 and BloatyNosy, make sure to disable telemetry in either of them, probably wise to pick one and not use both.

Apple: both iOS and MacOS are both not private at all but also don't have tools to make them more private unlike windows. your only real option here is Asahi Linux if you have an M1 or M2 cpu

Privacy Linux: This is something you can do even if you use windows. You can install some Linux distros made specifically for privacy into an USB, then boot off of that usb to use that operating system temporarily. this is very useful if you're going to do something wacky. I recommend TailsOS, it routes all of your computer's traffic via TOR, and it's amnesiac so everything you do in it will get completely erased when you turn off the PC.

Phone operating systems

if you use iOS you're basically screwed. You can't get privacy in those devices even if you jailbreak. Do not do anything risky in them.

The most secure and private phone/tablet OS is by far GrapheneOS, it's extremely easy to install and not that hard to learn to use. It sadly only supports recent Google Pixel devices though.

If you don't have a Pixel phone the next two best options are /e/OS and LineageOS, check their device support lists. Try to not do anything unofficial.

Messaging

Discord: Discord is inherently unsafe and has full access to all of your messages even if you delete them. Never ever share anything incriminating or unsafe through it. You can block some of the ways the website tracks you with uBlockOrigin, add these to your personal filter list:

discord.com/api/v*/science
discord.com/api/v*/track
discord.com/api/v*/applications/detectable

for the desktop application there is no way to remove the tracking. you have to use a PWA like in this video or use an unofficial client, which may ban your account. the safest one to use is WebCord, other ones are very very risky.

Even if you remove the discord tracking, all the messages are still unencrypted and fully available to discord, they will provide all about you to authorities, so please do not use discord for anything unsafe

WhatsApp: same as discord, they may claim to be end to end encrypted but they are closed source so we don't know for sure and also they are ran by Facebook so...

How do I send a message to another person in a private way???

it depends! The more private and secure, the less convenient it will be to message. generally speaking unless you know you have federal agents on you, Signal is going to be fine, it's encrypted and very feature complete (basically seamless if you come from WhatsApp), but do keep in mind that it's a centralized protocol.

on the other extreme, cwtch is a lot more barebones and inconvenient to use but it's decentralized and uses TOR so it's much safer.

it's always gonna better if you all tell each other stuff IRL with every technological device disconnected from the internet and turned off.

once again do not use email even encrypted email for sensitive stuff.

Good computer practice

Full disk encryption: All this really ends up being is you having to type a second password when you boot your PC. In exchange when you turn off your computer, no one can do absolutely anything to get access to your files and data. You can use BitLocker on windows and LUKS on linux, I don't know if MacOS allows this. I recommend you don't store your disk password, commit it to memory.

Secure Boot: this is a protocol to prevent unauthorized things to be booted on your PC. If you only use windows it's on by default. If you use Linux unless it's vanilla Ubuntu or vanilla Fedora it's an absurd pain in the ass to setup, but it does increase your security a lot as even with full disk encryption someone could technically replace your kernel image into one that logs your passwords. this is an immense level of paranoia but it's worth noting.

SECURE BOOT IS ONLY ACTUALLY SECURE IF YOU SET A BIOS PASSWORD, otherwise anyone can get into the BIOS and disable secure boot and all of your work was for nothing.

Overall on desktop PCs it's not that big of a deal if you don't have this, and having it will only protect you from IRL attacks. if you have a laptop though it's a lot more important that you at least try to set these things up as if you don't anyone that steals your laptop will know everything about you and what you do. even if you set a password to log in, anyone can just boot another OS and look at your bare files.

Hardware

if you're going to buy a new PC prefer AMD cpus or intel CPUs of old generations like coffee lake and before. this is because all intel cpus are embedded with another core that is always on even if you turn off your PC called the intel management engine, it's completely closed source so no one knows how it works but we do know it has networking access and even ways to remotely control your PC. on older intel CPU's you can turn it mostly off with me_cleaner or by buying a laptop (only a laptop) from System76 which ships with the intel management engine curtailed by default.

AMD cpus also have an embedded core that is always on even if you turn off your PC that is also completely closed source called the Platform Security Processor, but at least we know it doesn't have networking features, so it's not actually sending data about you, and it also doesn't have remote control so it's a lot more secure. AsRock Taichi motherboards are confirmed to ship with an option that lets you disable some parts of it, others are unknown.

Do your own research!!!!

again this post wasn't an end all be all, just a lot of recommendations i've learned throughout the years, if you want to dig deeper I recommend these two websites:

https://privacytools.io

https://privacyguides.org/en

you are viewing a single comment's thread
view the rest of the comments
[–] sloppy_diffuser 1 points 1 year ago

I would add rclone and Round Sync (rclone android client) as an alternative option for cloud e2ee storage.

Way more cloud provider options. No reliance on running some agent from the cloud provider (e.g., Dropbox).

It doesn't handle 3 way merges as well as Dropbox. It's more of a manual process. That said, I find the advantages to out weigh the need to be a little more conscious of how I'm syncing.

Round Sync works better than the Android Cryptomater app. It also allows for cron job like backups.

Rclone can make use of versioning with cloud providers that support it even with the encryption.

You can mount local encrypted "vaults" just like cryptomater. You can also mount the remote vault from systems you don't want to store the entire dataset on.

I was able to integrate the Bitwarden CLI app via a wrapper script for some extra convenience. I can unlock my Bitwarden vault in a shell, have rclone source the password from it to decrypt its config which is encrypted at rest, then lock it back up when done. If I edit my rclone config, it also automatically syncs to Bitwarden for when I move machines.