What are your solutions from top to bottom in regards to privacy/security?

Hi all,

What services/programs do you use to ensure that you have a good private and secure time using the net and your computer in general?

For me, currently I use:
Online Stuff:
Email: Protonmail - trying to get rid of Gmail, but it’s difficult, but I’ve moved all my email over to protonmail and now I don’t get anything in my gmail account
Web: Firefox with noscript and ublock origin - if there’s any other good extensions, let me know!
Also, when to use a VPN and/or Tor?
Passwords: Bitwarden, but I am going to migrate to self-hosting it.
Chatting: Matrix - altho I am also on Discord, which I can’t give up because there’s 2 communities on there that are really good(for me).
Website hosting: Right now I am using Digital Ocean. They’re pretty good imho, altho if you know a better one, let me know!
Searching: Duckduckgo - altho I heard Searx is potentially better?
Social networking: Mastodon/Pleroma
Video Uploading: LBRY/Odysee/Peertube(Altho Peertube needs A LOT of work)

Local:
On my computer I encrypt the root drive. I’m going to start learning how to encrypt files using Veracrypt.
Email: Thunderbird. I heard Thunderbird with PGP is good?

For a vpn I use Mullvad. I literally run Mullvad 24/7. As far as I know it is the only vpn service that you can purchase anonymously. Hit their site to generate an account number, then send crypto or even cash with that account number referenced and they will activate the account. One license covers 5 devices. They are based in Sweden so it’s a 14 eyes agreement that binds their activity. Yet, at the same time, they claim that there are no logs of individual user activity.

I do pretty much all those except I don’t have a website and I also use Brave search engine and Start for search.

I also use pfsense for my home network, but I will be moving to a Protectli OPNsense router probably sometime this month. Mullvad will be set up on the new router and a couple vlans as well as a tor vlan added as well. I’m currently using expressvpn but ownership changed last year.

There should be a Proton Bridge for Thunderbird: ProtonMail IMAP/SMTP Bridge - Thunderbird Instructions

1 Like

I have alot of the same configuration as the OP. I run several other extension in Firefox (such as a fingerprint blocker, an extension that immediately deletes cookies upon tab closure, and a random agent generator extension, et al).

I’m using Proton VPN on my phone.

Network-wise:
I run OPNsense on a 4 NIC NUC and I have a segmented network for traffic isolation.

1 Like

I would like to do this some day

1 Like

I’ve been running OPNsense for a little over a year. It’s been very stable.

I would highly recommend the use of Intel NICs. BSD and Realtek don’t always play well together.

?? There is one. I’ve been running it for over a year now… Works great!

I also use the Facebook Container add-on even without a Facebook account.

There is also KeePassXC.

That’s an enormous question probably for most people here.

Just a few…

  • Luks full disk encryption w/ Secure Boot enabled
  • Moving to a USB OnlyKey as my password manager for important passwords I need regularly, pass for the rest.
  • Using VMs as part of my standard workflow
  • Automatic package updates dnf-automatic
  • Drastically minimizing the amount of packages on my host system (outside VM)
  • Using OpenWRT and enforcing VPN at the router level
  • 2FA everything
  • Replacing sudo with doas and experimenting with computing without sudo or doas by switching TTY for root
  • Running steam under a different user in a different TTY/X session.
  • Finding minimal versions of packages that are easy to verify (if not by me then by others), example: replacing startx with sx
  • Shutting down the computer while away instead of lock screen.
  • Opening things like my router, bank, Email, Matrix, ect in separate browser profiles and without Web extensions unless they must have them. Ex: My “General” profile gets Dark Reader, my router do does not.

and the most important by far…

Adjusting and automating things in ways that the security is automatic for my brain, resistant to mistakes and not a pain in the ass.

I think part of that solution is also always asking questions.

Like…
Why does my router need to expose SSH and a full Web stack over port 80 with no encryption if it can just have it’s own screen and keyboard instead? Maybe port forwarding 80 over SSH as a compromise with it firewalled off on the router.

Current situation:

Mail: Protonmail. Bye bye gmail. That’s gone now. (With the proton bridge for thunderbird).
Browser: Firefox with add-ons.
Vpn: Pia
Passwords: Keepass. Either local or on an encrypted usb drive.
Encryption: VeraCrypt.
Searching: DuckDuckGo / Startpage
Chatting: Matrix
Socials: Mastodon

To do:
Implement VPN at router level, learn how to implement and use a hardware firewall (and how it will affect the other members of the household and their traffic).

Desired: (but not succesfull yet)
Get a router to work with OpenWrt. It seems that routers issued for the European market differ from those made for the U.S. market. I bricked a few allready. Seems the serialnumbers don’t match.

LUKS user here as well.

Hi, mullvad ad myself !
I just have a slight problem:
i found no ways of installing the client on urpmi system !
never mind works very well on fc35/Arch./Deb…& android !
Cheers
Fred

As Mageia is not officially supported you could configure it using OpenVPN. The MCC can be of help but I use ProtonVPN so I cannot assist here.

In my case I use some different things, but most are pretty similar

  • Email: Disroot.org, I don’t think getting stuck into protonmail’s ecosystem is worth it, especially if all the people you talk to don’t use it, an unencrypted version of the emails you send ends up in their servers.
    I use GPG keys and Neomutt as an email client, but Thunderbird is a lot easier to setup, although if you want to give Neomutt a try, I recommend using Mutt Wizard
  • Password manager: I use pass and keepassxc as a backup.
  • Web: Firefox with ublock origin and containers, I do not thing that noscript is necessary since ublock can block javascript too
  • Chatting: XMPP, Matrix, Signal, I don’t have a lot of signal friends tho :frowning_face:
  • Web hosting: I have a static blog with Jekyll, hosted using Netlify
  • Searching: I use duckduckgo too, pretty good
  • Cloud provider: I use a self-hosted nextcloud instance for me and family only accesible inside a tailscale network, but I still have some things in Google Drive, I am working on using cryptomator to have it encrypted, easier than veracrypt.
  • Social networks: A mastodon, pleroma and misskey accounts
  • Videos / entertainment: I still use youtube, whatever. I also have a selfhosted jellyfin instance (also on tailscale)
  • VPN: I use ProtonVPN’s free tier, since my internet is already slow anyways I don’t see a reason for paying, at least for now

Thanks for u’r advises…
U understood i’m Froggy so its kind of obvious to use mga…
I’ll find some kind of workaround
Have a nice day
Fred.