Hi!
2 and 4 months ago @Hellfire103 and @Charger8232 made a post about their privacy setup. So I though I would also share mine.
Remember these rules:
Be respectful! Some people are early on in their privacy journey, or have a lax threat model. Just because it doesn’t align with yours, or uses some anti-privacy software, doesn’t mean you can downvote them! Help them improve by giving suggestions on alternatives.
Don’t promote proprietary software! Proprietary software, no matter how good it may seem, is against the community rules, and generally frowned upon. If you aren’t sure, you can always ask! This is a place to learn. Don’t downvote people just because they don’t know!
-** Don’t focus solely on me!** I want to mention that this thread is not designed to pick apart only my setup. The point is to contribute your own and help others. That doesn’t mean you can’t still give suggestions for mine, but don’t prioritize mine over another.
Be polite! This falls under “Be respectful”, but be kind to everyone! Say please, thank you, and sorry. Lemmy is really good about this, but there will always be someone.
Here is my setup:
Web browsing
I use Librewolf for almost everything.
For 3D stuff (games, 3d modelling) I use Brave.
On mobile I use Vanadium.
My preferred search engine is Kagi.
Most if the time I have MullvadVPN enabled.
Desktop and laptop
I have self-build Ryzen + Radeon PC and Ideapad with Ryzen CPU.
I use Arch Linux BTW!
I have disk encryption and Nitrokey as a decryption key (or a long password of course).
I have secure boot with locked BIOS.
I'm running self-compiled linux-hardened kernel.
I'm using Gnome (Wayland).
I have only open-source apps installed.
Mobile
I have Google Pixel 7a with GrapheneOS.
I have different 5 profiles: main, google, school, finance, anonymous.
I have PIN on every profile and also fingerprint for main and school profiles.
I always use VPN, either Mullvad or self-hosted Wireguard.
I don’t use a privacy screen protector (for now).
Messenger
Signal for my family.
Viber for my schoolmates.
MS Teams for school.
Matrix for help with some open-source projects.
Discord for voice chat and local scouts group. I have Aliucord on mobile and Armcord on desktop.
Online accounts
Passwords are safe in self-hosted Bitwarden (Vaultwarden).
I use 2FA if I can. Either hardware 2FA - Nitrokey, or TOTP with Aegis.
I use SimpleLogin for email aliases and randomly generated usernames and passwords.
Video streaming
I watch only Youtube. Newpipe on mobile and Invidious on desktop.
AI
I do not use AI a lot, but if I do I use locally running LLama3 8B or Duckduckgo's LLama3 70B
Social Media
I had Instagram, Snapchat and Viber accounts, but I've deleted them.
I use only Lemmy on clearweb and Dread on darkweb.
I have Mastodon account, but I don't use it.
Email
I use ProtonMail.
One of the best privacy things you can do is use SimpleLogin (or other email alias service).
Shopping/Finance
IRL I use cash most of the time.
Online I use Monero if I can, otherwise just my credit card.
Cashew app for helping managing my purchases.
Music streaming
I use only RiMusic on my phone, that's it.
TV shows
I use a VPN, that's all I'm gonna say...
Gaming
Minecraft, Veloren, SuperTuxKart, and some Steam games.
Programming
I forgot how to code in Python, because Rust is so much better.
VS Codium.
Productivity
LibreOffice for simple stuff.
Typst for proper documents.
Paid services
ProtonMail - 4$ per month
SimpleLogin - 30$ per year
MullvadVPN - 5$ per month
Kagi - 10$ per month. For 5$ you get 300 searches, I use ~350 searches so I will try to lower my searches.
Domain - 13$ per year
Self-hosted
Everything runs on Raspberry Pi 4 with encrypted micro SD card.
Pi-Hole for blocking ads on network level.
Bitwarden (Vaultwarden) for storing all my passwords.
Wireguard server (with pihole as DNS) for connecting back home from anywhere.
This is missing a critical piece of context. What is your threat model? Its impossible to know if what your doing even makes sense without that. What are you trying to protect and who are you trying to protect it from?
Anything trying to run "private" that introduces anything Google into the environment should be considered compromised. Why would want anything from the biggest corporate ad business in the world in your environment?
GrapheneOS is the most secure mobile OS except things like Ubuntu Touch, or using throwaway phones etc which obviously don't support the apps you need to exist in society these days.