My Privacy Toolkit

These are some notes on technology I use to improve my daily security and privacy.

Goals

Stay away from services that reap benefits from using my personal data

Make my communications private

Avoid location tracking

Prevent my ISP or others on wireless networks from sniffing my traffic

Use encryption whenever reasonably possible

Remain a functional member of public society

General technology used on multiple devices

Mullvad[1] VPN- One of the few honest VPN services that respect your privacy.

1: https://mullvad.net/

Bitwarden[2] password manager (self hosted)- I use the docker image vaultwarden/server[3] to host my own Bitwarden instance on a VPS.

2: https://bitwarden.com

3: https://hub.docker.com/r/vaultwarden/server

Criptext[4] email- Criptext is great because it only saves your email locally on your devices, it is not saved on a server. If I didn't already have an existing email setup that works securely I would seriously consider this for my primary email as well.

4: https://criptext.com

Vivaldi[5] web browser- I like this browser for several reasons:

5: https://vivaldi.com

Based on Chromium

Apps for the multiple operating systems I use (Android, MacOS, Linux) so I get a consistent browsing experience

Compatible with Chrome extensions

Encrypted sync- I can see all the tabs I have open on all other devices, bookmarks and extensions are synced across devices

Extensions used: uBlock Origin, NoScript, DuckDuckGo Privacy Essentials, Decentraleyes, PrivacyBadger, Bitwarden

Tutanota[6] email- Encrypted email service for a low price. I use this as a secondary email account. Also has custom domains, 2FA, email aliases, sending encrypted email to non-Tutanota users, full mailbox encryption.

6: https://tutanota.com

Codeberg[7] Git repositories- excellent free alternative to Github

7: https://codeberg.org

PGP[8] public key encryption- for email or other information to keep private

8: https://www.openpgp.org

XMPP[9] with OMEMO[10] encryption over Tor[11]- Secure decentralized messaging. I use Snikket[12] on Android, BeagleIM[13] on MacOS and Dino[14] on Linux.

9: https://www.geeksforgeeks.org/xmpp-protocol/

10: https://conversations.im/omemo/

11: https://www.torproject.org

12: https://snikket.org

13: https://beagle.im

14: https://dino.im

AdGuard[15] or Quad9 (IBM)[16] backup normal DNS provides protection against malicious domains.

15: https://kb.adguard.com/en/dns/setup-guide

16: https://www.quad9.net

DuckDuckGo[17] search engine

17: https://duckduckgo.com

Authy 2FA[18]- I know this may not be the best choice since it syncs from the cloud, but I need access to 2FA from multiple devices. All data is encrypted.

18: https://authy.com

Shaarli[19] Self hosted bookmarks manager- If you remember del.icio.us, this is similar for saving any urls you want to reference later. Make your bookmarks either public or private.

19: https://github.com/shaarli/Shaarli

Jmp.chat[20] second phone number- This gives you a phone number based in North America and any text messages or voicemails to it are forwarded to your XMPP address. You can also use this for VOIP calls but I haven't done that yet. This is a great way to add 2FA to websites or signup for accounts that require a phone number but you don't want to give out your primary number.

20: https://jmp.chat

MEGA[21] encrypted cloud storage- Very reasonably priced plans. I use this to have a cloud backup of important files. There is also an ecrypted chat function.

21: https://mega.io

LinuxServer.io FreshRSS[22] docker image to manage all the RSS feeds I subscribe to.

22: https://fleet.linuxserver.io/image?name=linuxserver/freshrss

Usually whatever built-in system-wide drive encryption is included natively is what I use. I also may use individual password protected virtual drives.

Android devices

Phone ROM: e.foundation[23]- I've been using this since 2017 first on an LG Nexus 5X and now on a Pixel 4a. Many Google parts of Android have been removed and this runs MicroG. Support for devices tends to last much longer with these ROMs than the (greatly appreciated) volunteers that maintain LineageOS.

23: https://e.foundation

Tablet: LineageOS[24]- There is no /e/ ROM for my NVidia Shield tablet, so I am using the last version of LineageOS built for it.

24: https://lineageos.org

FDroid[25]- Open source apps that are mostly free from any tracking

25: https://f-droid.org

Obtainium[26]- Monitor Android app sources for updates- useful for apps that aren't on F-Droid

26: https://github.com/ImranR98/Obtainium

Threema[27] encrypted messenger- Uses the open source and tested NaCl Box encryption model

27: https://threema.ch/en

Molly FOSS[28] open source Signal encrypted messenger fork- Only with people who I trust with my phone number though.

28: https://molly.im

Snikket[29] XMPP messenger with OMEMO encryption

29: https://snikket.org

Tusky (Mastodon)[30]- Federated social platform

30: https://tusky.app

AntennaPod[31]- Podcasts

31: https://antennapod.org

FeedMe[32]- RSS feed reader (syncing to my self-hosted FreshRSS server)

32: https://github.com/seazon/feedme

TorBrowser[33]- Safe web browsing

33: https://www.torproject.org/download/

Orbot[34]- Allows other apps to use Tor

34: https://guardianproject.info/apps/org.torproject.android/

UntrackMe[35]- Redirect links to Nitter or Invidious, unshorten URLs and remove UTM tracking codes

35: https://fedilab.app/wiki/untrackme/

Exodus Privacy[36]- Scan Android apps for trackers

36: https://exodus-privacy.eu.org/en/

OpenKeychain[37]- PGP key management

37: https://www.openkeychain.org

Sophos Intercept X[38]- A free anti-virus and security suite for mobile devices. Includes device security audit, password manager, TOTP Authenticator, QR code scanner, app permissions audit and app access protections.

38: https://www.sophos.com/en-us/products/mobile-control/intercept-x.aspx

Termux[39]- A shell running familiar linux commands

39: https://termux.com

Yet Another Call Blocker[40]- An excellent app to block spam phone calls

40: https://f-droid.org/en/packages/dummydomain.yetanothercallblocker/

No email on my phone! Data can't be leaked if it's not on my device in the first place. Also it saves my sanity.

MacOS

I've been an Apple/Mac guy since the 80s. I also used BeOS in the late 90s and was very disappointed Apple didn't choose them for their next OS. I used Mac Mini machines as my primary device until a few years ago when Apple stopped being privacy friendly. My last Mac Mini is used now only as a networked storage device.

Linux

I have an Intel PC running Fedora KDE on a quad core i5 from 2012. I do most of my fun computing on this device including web browsing, email, chat programs, and it runs some World Community Grid research with spare cycles.

Several laptops of various ages which I usually run Manjaro KDE or Ubuntu.

Financial

OK this may seem a little misplaced but I think this is an important category. Your finances are something that must be protected. I have the following systems in place to help with that.

Instant text alerts on credit card charges. This way I can know immediately if something suspicious is happening with my card. Also I don't need to bother my wife to provide receipts after every purchase.

Separate email account where all my financial accounts send info to. This account is totally seperate from my personal email accounts and used for nothing else. Email aliases provide some level of seperation, so IF one of my aliases got leaked or compromised I would have only a few accounts that I used that alias for so can quickly track down the compromised system.

References

PrivacyGuides.org[41]- Applications and services that respect your privacy.

PrivacyTools.io[42]- Excellent resource for the average person.

The New Oil[43]- Step by step progression of how to improve your security and privacy.

How to Destroy Surveillance Capitalism[44] by Cory Doctorow

41: https://www.privacyguides.org

42: https://www.privacytools.io

43: https://thenewoil.org

44: https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59