My Privacy Journey

Return to Rambling Page.

Return to Main Page.

Last updated: 2019.05.29

I had started getting into the privacy lifestyle and mindset just less than 2 years ago in 2017. I had figured out that even before I got into it that I was a private person in nature - I just didn't understand and wasn't aware about technology then. I am not comfortable of the idea of sharing my life to the world unless I voluntarily do so myself - Especially in the modern era of surveillance capitalism. We now live in an increasingly digital world that sharing everything about ourselves is normal and that being private is seen as a weird thing. Technology has made it easier than ever to communicate and enrich our lives to the point that people will bend over for 'convenience'. Surveillance capitalists take advantage of this and collect all data possible to turn into a profit and to be used against us. Eventually this will turn back on us - And when it is too late - The only thing that we can blame is ourselves for letting it go on. The main purpose of this article will be to show my progression of my technological setup in terms of privacy. Everything listed is crafted by memory and is as accurate as I can remember. ***Note: I have never used any music/video streaming services and other things not listed which is not included in any part of this article.*** 2 years ago (No particular order): OS: Unencrypted Windows 7 All HDDs not encrypted Email provider: Yahoo webmail with no encryption Masked email service: None Email client: None VPN: None Browser: Google Chrome Browser Addons: uBlock Origin Search engine: Google Real life payment: Debit card Online payment: Paypal / debit card Phone: AT&T carrier locked Samsung Galaxy S7 (No rooting or custom ROM possible) / iPhone 6S+ with Discord Mailing/Shipping address is a Military FPO address with PO box Games: Steam Social Media: Technically Facebook Messaging Program: Discord program Spreadsheets: Google Sheets Image hosting: Imgur 6 months ago: OS: Unencrypted Gentoo All HDDs not encrypted Email provider: Protonmail with aliases Masked email service: Blur by Abine Email client: None VPN: ProtonVPN Browser: Hardened Firefox Browser addons: I don't remember but it was more than necessary Search engine: SearX public instance Real life payment: Cash. If not possible, prepaid VISA card Online payment: masked debit/credit card Phone: iPhone 6S+ / OnePlus 3/5T with Discord Mailing/Shipping address is a Military FPO address with PO box Games: None Social Media: None Messaging Program: Discord in browser Spreadsheets: Libreoffice Image hosting: Now: OS: Encrypted Gentoo (serpent-xts-plain64) All HDDs encrypted (serpent-xts-plain64) Email provider: Autistici / Riseup with PGP encryption & Nitrokey Masked email service: Riseup with the use of unlimited aliases Email client: Claws Mail with POP protocol VPN: Riseup Browser: Pale Moon Browser Addons: For privacy - ηMatrix, Decentraleyes, Self-Destructing Cookies, Smart HTTPS, uBlock Origin. For convenience and appearance - Advanced Night Mode, Greasemonkey, Imagus, NoSquint, Stylem Search engine: SearX public instance Real life payment: Cash. If not possible, prepaid VISA card Online payment: masked debit/credit card Phone: OnePlus 5T with LineageOS without Discord Mailing/Shipping address is a Military FPO address with PO box Games: None Social Media: None Messaging Program: Canary Discord in browser, XMPP+OMEMO Encryption Spreadsheets: Libreoffice Image hosting: Disroot === From 2 years ago to 6 months ago === 2 years ago is when it all started. Why it started is something that I don't even remember anymore. My main source of information and gathering of knowledge was Reddit /r/privacy. I would check it almost everyday and click almost every thread and learn about why people use these services and providers. There would also be occasional news articles being posted too. Also learned a bit from which is still a somewhat pretty good resource. OS: Unencrypted Windows 7 to unencrypted Gentoo Linux Actually, it might be because of the horror stories I've heard about Windows 10 that I started to care more about my privacy. They are a pretty evil tech corporation in general. Courtesy of, this webpage sums up a lot of what is wrong with Windows 10 and Microsoft in general with sources. The most mainstream and realistic alternative OS's to use were Mac and Linux. I've always hated Apple and their anti-consumer practices and ridiculous prices so that was already out of the question. And so Linux was naturally the choice. One thing to note - It doesn't matter what Linux distro you choose. They all work in favor for your privacy. I found the Reddit subreddit /r/unixporn and looked at the kool desktop rices. I thought, "Wow look at all these things you can do with Linux! The customization is godly!" Then I noticed that a lot of people were using Arch Linux so I decided to try to install that first despite my non-existent knowledge of Linux. I found out about some unofficial Discord server that was just named "Arch Linux" and joined that. I was stuck on Windows 7 for months after joining until I decided that I was ready to make the switch. Technically Arch Linux was the first distro I installed mostly with the help of Youtube videos and such but I didn't actually learn much and used it for maybe a day or two and went straight back to Windows 7 for a few more months after that. I understand that Arch Linux is for a bit more advanced users but the installation guide on the Arch Linux wiki sucks and is all over the place. After influence of one autistic user that was experimenting with Gentoo I decided to try Gentoo instead. The Gentoo installation guide was MUCH more helpful, user friendly, and easy to follow. Installing Gentoo is even easier than Arch for a complete noob with zero knowledge. I learned a lot and continued to use Gentoo ever since. A bit ironic to join a Discord server based on Arch Linux only to install Gentoo lmao. While privacy was the original reason that I wanted to switch to Linux - Now I would have switched to Linux due to user control and customization. I thought I liked Windows 7 but Linux introduced me to a whole new world when it comes to operating systems. The ability to tinker with every aspect of Linux is amazing. You can actually do what you want and there is nothing that will stop you from doing it. It is simply far more superior than Windows or Mac will ever be. HDD Encryption I have never thought of encrypting my HDDs at the time so theres nothing to say here. Email Provider & VPN: Yahoo/None to ProtonMail At the time I used Yahoo email since my mom created me an email account from them when I was 7 years old. Back then when I was into playing online shooter games in my early teenage years I fell for microtransactions. There was a way to gain the premium in-game currency by filling out your personal information on data broker sites and doing surveys. Holy fucking shit what a mistake now. My email account was filled with tens of thousands of junk and spam emails. When I had a part time job I would use the money I earned into buying premium in-game currency. What a fucking waste of a one or two thousand dollars on drivel. The online game I played the most back then shut down almost 1 1/2 years ago but got picked up by another company. Since I don't really play games anymore I'm not sure if they carried over player account data over to the nice gaming company which would make all that money even more wasted. God what a shitty email provider - Not private at all, has had several data breaches affecting BILLIONS of people, scans your emails for ads, etc. Nobody should use Yahoo at all anymore whatsoever. On /r/privacy there are always threads on people asking what is the most recommended email provider and such which honestly gets quite annoying now. Me not really knowing anything back then I fell for the most recommended email provider which is still ProtonMail. It was most definitely an upgrade from Yahoo considering all factors. I payed some money every month for some aliases so that when I register to websites While I was at it I also used ProtonVPN as well since it was 'convenient' to pay for both at once. Masked Email Service: None I did not know that 'masked' email services existed at the time. Email Client: None I wanted to try to start using an email client but it seems that I chose the worst email provider to do that. I stuck with ProtonMail webmail instead of using their proprietary bridge program shit. Web Browser: Google Chrome to Firefox I was using Google Chrome for whatever reason. I did use Firefox before but there was probably an issue with it that made me switch over to Google Chrome. I switched back to Firefox and got comfy with it again and installed addons recommended on /r/privacy. You could also go even further and harden Firefox through the various settings in about:config. I followed some hardening configuration guides which took hours to read through and change. Honestly, thinking back, its not a great idea to do this. It simply breaks too much shit if you go too far and you won't really know what you're doing. If Mozilla really was for people and privacy you wouldn't have to go through all this crap. Search Engine: Google to SearX Public Instance Google has such a big name when it comes to search engines that I didn't really even know much about other search engines at all. I have found SearX and have used that ever since. It is decentralized, completely open source, anyone can host a public instance, it has a ridiculous amount of settings, it uses other search engines to do the job without tracking, and whatever else is listed on the Github page. Hell, some instances even have an .onion domain for Tor users! Not much cons at all except for the Google Recapcha error that would pop up which would decimate a lot of search results. I stuck with public instance for whatever reason. Real life payment: Visa Card to Cash I used to always use my VISA debit card for purchases in real life but switched to trying out cash after reading about it from /r/privacy. I found cash to be even more convenient than debit cards! It is anonymous, secure, and private. It is quite a bit faster than paying with debit card depending on the situation and technology. I would be pretty annoyed waiting in line because everyone pays with a debit or credit card and it would take quite some time for the transaction to go through. Cash has helped me budget my food purchases. Food is necessary but the reason why I budgetted that is because I am only given a certain amount of money for food every month. The barracks I lived in only has one kitchen for over 200 people and you have to ask for permission everytime to use the kitchen. It was retarded. Pretty much everyone just had to eat out, eat TV dinners, or simple food which ends up being quite a bit more expensive. Its always cheaper to cook your own food but we didn't really have the capabilities to do that. There is no reason for everything you buy in person to have a transaction record to go to your bank or credit union. They don't need to know every little thing you spend money on. I actually put a lot of trust in my credit union but there is still no need for them to know. When looking at all my transactions online it makes it a whole lot easier to look for fraudulent charges since there is MUCH less transactions overall. I actually did have two fraudulent charges on my debit card before from China costing around $150. I reported it to my credit union, they looked into it, they refunded me my money back, and gave me a new debit card. Excellent service! When using a VISA debit/credit card they always take a small cut out of every transaction - Thats how they make money. This deprives local businesses of that small extra cut that should have went to them. Using cash prevents this and prevents VISA from growing too strong. I've never been in a situation that I would have to resort using a prepaid VISA card yet. Atleast in the US, you can buy a prepaid VISA card and load it with up to $500. You could use your own debit/credit card but that defeats the purpose of anonymity. Thankfully you can load it with cash. Online payment: Paypal and Debit Card to Mostly Masked Debit Card Whenever I ordered stuff online I would use Paypal whenever possible and then my debit card. On /r/privacy there were threads about Paypal sharing information with over 600+ companies. Even for legal reasons - It is quite startling. It was also an unnecessary middleman when debit card options were available to use. So I quit using Paypal unless sending money to people I know for services or goods and used my debit card since. I had learned about from /r/privacy that has mentioned it a couple of times and tried it out. It is only available to US customers so unfortunately everyone else can't use it. You have to link your bank account with which may be seen as very suspicious. Their privacy policy is also technically very bad in terms of privacy but they are a financial entity that have to abide by laws. They allow you to create virtual debit/credit cards with whatever nickname you want to put on the card so you don't have to use your real debit card or real name. You can set a spending limit on the virtual cards to prevent overcharges or unauthorized charges from merchants. They also have a 'burner' card variant that can only be used once. Every transaction will appear as on your bank statement so your bank will not actually know what the transaction is. It is basically like a VPN for debit/credit cards which is a neat concept however that means that a 3rd party entity will know all of your transactions instead. Using this service is questionable but I do like the benefits of not giving away real debit/credit card information to merchants the most. I've also never had any issues with ordering online or the service which is another plus. Whether or not it is a good idea to use is left to the user but I think I will continue using it for now. Phone: AT&T carrier locked Samsung Galaxy S7 (No rooting or custom ROM possible) / iPhone 6S+ with Discord to OnePlus 3/5T with Discord Before I joined the US Navy I originally had an unlocked Samsung Galaxy S4. I had wanted it since it was released and the price was significantly cheaper by nearly half of the original price by the time I bought it. After I went to bootcamp I had to part with it since, naturally, phones most definitely were not allowed while in training. When I flew to my job training school after graduation of bootcamp I needed to get a new smartphone. The choices from what I remember were quite limited and so I went with a carrier-locked AT&T Samsung Galaxy S7. Thinking back it was a shitty phone. I didn't know much about rooting and alternate ROMs but when I did I found that I couldn't do these things with the Galaxy S7. Imagine charging your phone to find fucking ads everytime you turn on the screen. Fuck that shit. When I got to my first duty station in Japan I found that the Galaxy S7 didn't work due to the network bands so I had to buy yet *another* phone. Choices were even more limited. They only carried the latest iPhones which was the iPhone 6 line up, Samsung Galaxy S phone series, Sony Xperia phone series. They only had all the fucking expensive top of the line shit. I decided to go with the iPhone 6S+ at the time. It was nice that there was significantly less bloatware and no ads but iOS is so locked down that you can barely do shit with it. At some point I noticed that I don't actually use a phone all that much except talk to people on Discord and read hentai doujinshi on the Firefox browser so I didn't worry about it too much. I used the iPhone 6S+ for a little bit over a year until I found out about LineageOS and MicroG. I wanted that sweet sense of freedom of tinkering with the software and being able to do whatever I wanted. Researching about phone manufacturers and phones with compatible network bands in Japan, I settled on the OnePlus 3 from...OnePlus lol. The fact that they openly allowed you to unlock the bootloader with no hassle for rooting and custom ROMs was probably their biggest selling point. I installed LineageOS + MicroG, F-Droid, privacy apps such as AdAway, IceCatMobile, Hacker's Keyboard, OpenVPN, Signal, XPrivacy Lua, Yalp Store, etc. Unfortunately the phone didn't last long because I had accidentally dropped the phone with the screen straight down on a tile floor which complete shattered the screen and rendered it unusable due to the large amount of LCD crystallization which eventually covered the entire screen. I ended up getting a OnePlus 5T afterwards with the same setup. Mailing/Shipping address is a Military FPO Address with PO Box One unintentional benefit of joining the US Military single and on base is that you are provided with a Military FPO address with a PO box. That means that my real physical location is hidden legally which is fantastic for anonymity (Except using your real name unless you use a coworker's name instead). Even if I move to an apartment or house off base I still have the option of having mail sent to the PO box of my workplace if I wanted to. The downside is that there are certain companies and couriers that don't ship to FPO addresses which kinda sucks. Games: Steam to None As I said before, I used to play online games a lot on Steam. I ended up building a desktop with an Intel i5 6600k processor and Nvidia GTX 1060 graphics card for gaming. Eventually I stopped playing online games and tried to play some single player games to find that I don't play them and end up wasting even more money. I played games so infrequently that I just put more time into anime and music and left my Steam account to collect dust. Steam is technically spyware and collects a lot of information too. At the time it was impossible to delete your Steam account as there was no option to at all. Time passed and all of a sudden you can request to have your account deleted - And so that is what I did. It seems that a lot of gamers wouldn't dare to think to delete their account because of the time they put into Steam and because m-muh gaems and the money I spent on them !!! In my case, I didn't really have many friends on my account nor did I ever talk to them much. Had a fairly small amount of games in my collection - Around 30 or so. There was only one person that I wanted to keep contact of before I deleted my account and he uses Discord so we good. I didn't care about anything else. Goodbye Steam c: !!! Social Media: Technically Facebook to None For social media, I technically used to have a Facebook account that I had made in 2011 due to nagging from my family to create one. I never used it really used it at all. I very, very rarely ever logged on, never posted anything, never put anything about myself, had all my privacy settings on maximum. The most interaction I've had with Facebook is probably adding people I knew from high school as friends which I know now that I shouldn't have. Not like I ever talked to them and whats the point of having an inflated friend's list if they don't actually mean anything to you? For family - I preferred to talk to them directly instead via phone call or text message. After learning just how bad Facebook was on /r/privacy I eventually deleted my Facebook account and never looked back. There was nothing to lose anyway. This was all before the Cambridge Analytica incident happened which was huge. Since then there has been negative press on Facebook pretty much every week. And yet - People continue to use them because 'its the only way to contact certain people', 'nobody is using *insert alternative solution here*', 'I will feel more lonely and isolated', etc. Thankfully this is not my issue. If people cared enough about you they would put in the effort to stay in contact with you through an alternative method. It is mind boggling how so many people leave the communication to a fucking middleman that is only in the business to spy and data mine off of you and monetize your data for money. These people have their heads so far up their ass - Fuck ordinary phone calls, text messages, email, and *insert alternative solution here* because they're too inconvenient. That was the only social media related thing I had. I am glad that I never bothered to tend to other social media. That is mostly because I have lived a rather lonely and isolated life but that is what I chose to do. For everyone else - It would be much, much more difficult to do and I understand. Just put on someone else's shoes and look at their circumstances. Not absolutely everyone can get rid of social media for whatever reason but the majority can. Messaging Program: Discord Discord, Discord, Discord... Now this is one of the few privacy-depriving software that I absolutely can not get rid of. Before I went to bootcamp for the US Navy, I actually used to primarily use IRC for two years. Those were good times. After I got out of bootcamp, suddenly everyone moved to Discord. I was confused and annoyed that everyone suddenly left IRC. After installing Discord as a program on my computer and using it for a few days I understood pretty quickly. It was just vastly superior in terms of features and was much nicer overall. The only con that really bothered me is that it is a massive proprietary spyware chat program. Not too long ago, I guess due to EU's GDPR, they started allowing you to download all the data that they have collected on you. So I requested to download my data and it took them over 20 days to email it to me which is quite a long time. My data apparently amounts to 371 MB total from May 2016 to May 2019. No images or video - all pure plain text in .json format. That is literally fucking insane. There are hundred thousands to millions of other people that are just as active as well - They could monetize this data so fucking hard just like Facebook. They say they don't but that is unprovable. Now I'm in the peoples' situation that can't leave Facebook - I don't want to lose my online friends that I have talked to for years. One thing that I love about the internet is that you can find and talk to other people with similar interests. I love doujin music and like to talk to people that are also into it - And unfortunately almost all real time discussion about it is only on Discord. Online friendship is also a lot more shallower so its even harder to try to convince people to move to a different platform. I would love to move away from Discord to a better alternative but this is one thing that I can't do. I've had the Discord app installed on my phone working in the background and leave Discord open on my computer at home at all times. At some point I had resorted to using Discord in just the browser instead so it doesn't snoop through my computer. I actually like using the browser version a lot better since I can use my browser add-ons and userstyle with it. Spreadsheet Program/Service: Google Sheets to Libreoffice I remember specifically in December 2014 that I decided to make a song rating spreadsheet so that I can 'remember' the good songs I have listened to when listening to doujin music. I had rated everything I listened to up until around 2017. It now spans almost 30k cells long. I would also make event buy lists when the time came to buy albums. And the thing I used to do all of that was... Google Sheets. Why oh why did I use Google Sheets for 3 whole years almost every day. Luckily this was really the only big thing that I used Google for besides their search engine. It didn't contain any personal or sensitive information - Just my music ratings. With the transition to Linux I have downloaded all my spreadsheets off of Google, deleted my Google account, and moved to Libreoffice. Image Hosting: Imgur to I used to use Imgur a lot back when I was on Windows 7 for my screenshots. ShareX is probably still the best program for screenshots overall but sadly it is not on Linux and will never be on Linux due to its use of obscure Windows APIs or something like that. ShareX had the option to externally upload screenshots to image hosting websites and so I would have all my screenshots uploaded to Imgur. After growing more privacy-conscious I switched to and just uploading my screenshots directly to Discord to share instead. Unfortunately shut down recently due to abuse. It was a fairly good alternative. === From 6 months ago to now === Up until 6 months ago not much has changed. Still reading /r/privacy as usual. One day I randomly decided to go to Richard Stallman's website because he keeps a curation of articles and points on why this company or service is bad. Besides the freetardism arguments, a lot of it is spot on. I noticed that he had written about Discord. I was thinking, "Hmmm. I use Discord. I already knew it was botnet shit but lets check it out." So I clicked it and there wasn't actually that much information. Most of the information was actually contained on a Neocities site from a guy named Spyware. While some of the information on his site is kind of over the top - It contains great information on the spyware characteristics of software. A few months later I noticed that he linked someone else's Neocities site named digdeeper. This is where my perception of privacy completely changes. He made me realize that there is much more to privacy - Something that Reddit /r/privacy wasn't really able to do with the amount of numerous trash threads. The root problems of privacy today is surveillance capitalism and the human society that has let it happen. Theres actually more than that but those are the main two that come to my mind. While his writing style is a bit overly aggressive - His information and sources are solid. There are plenty of times that his site is linked on 8chan, 4chan, or Reddit and everyone would write him off as some crazy conspiracy theorist or retard that doesn't understand the internet but not once have I really saw a solid refutal to what hes trying to say to the world. Why is that? The only thing that I can think of is that people are so used to things like 'Supporting Mozilla is the only way to go since it is the best mainstream open source and privacy-centric browser there is!!!', '*insert email provider here* can't possibly not be the best privacy email provider!', 'Only FOSS software can't be bad!', etc. and reading his articles makes them try to defend what they use by hurling insults but with no real refutals. It is most definitely true that almost only Firefox is promoted as THE web browser and ProtonMail or Tutanota as THE email provider for privacy on /r/privacy. Sure they may definitely be better than proprietary web browsers and shit-tier email providers but they are actually not the best - atleast for privacy. digdeeper has looked into web browsers, email providers, and beyond to show a different refreshing perspective that I have not seen before. I'm very much glad to have discovered his website and contacted him personally. If not for him I would not have imagined making my own personal website or have changed some of my privacy decisions. OS: Unencrypted Gentoo Linux to Encrypted Gentoo Linux (serpent-xts-plain64) So I have been using Gentoo for over a year and still enjoying it. Not sure if I really even want to bother trying out other Linux distros but its good to keep myself open-minded in case I am impressed with something else. I've decided that now I want to encrypt my OS. Sure, it may be pointless doing so on a desktop that sits at home locked at all times but it makes for good practice, there is no harm in doing so, encryption is a one time thing which means no maintenance, and 'if' the SSD containing my OS is somehow stolen or lost then I have no fear of any private data being leaked out to malicious entities or just about anybody. My files and data are mine and mine alone unless I voluntarily give it away. Encrypting Gentoo was, admittingly, very frustrating as I have spent several days trying to get it work. I tried searching for my problem but I did not find a solution to my problem at all but then I finally figured it out after almost giving up due to an EXTREMELY minor mistake. In my /etc/fstab file in the 'opts' portion I had mistakenly put 'default' instead of 'defaults' for the root partition which is the reason why this entire time Gentoo has refused to boot. I wasted several hours of every day for almost a week because of a missing fucking letter. After I finally figured it out I was very happy at least. I went with LUKS using serpent-xts-plain64 with Whirlpool for encryption as said in Sakaki's installation guide as it is, if not, the most secure encryption method. The Serpent cipher is more secure but significantly slower than AES in encryption/decryption speeds. My processor encryption/decryption speeds are satisfactorily high enough so those speeds didn't matter and it makes more sense to just use Serpent. In any case that encryption has managed to be broken by the rise of quantum computers it will take significantly more time and resources to break Serpent over AES so it is better for futureproofing as well. Unencrypted HDDs are Now All Encrypted (serpent-xts-plain64) While I was at it I decided to just encrypt all my HDDs the same way. I backed up all of my HDD contents onto a backup HDD, encrypted the HDD, then copied all the contents back onto the newly encrypted HDD, and repeated for two other HDDs. Then I configured Gentoo to automatically boot the encrypted HDDs with a key file that is only on my OS drive after I sucessfully type the passphrase to decrypt my OS drive. As long as everything is configured correctly there is no need to mess with the setup or do any more maintenance unless you want to change some things. Email Provider: ProtonMail to Autistici/Riseup // Masked Email Service: Riseup Aliases Ever since reading digdeeper's email article on ProtonMail, which is what I used from 2 years ago to 6 months ago, he has managed to change my mind on using ProtonMail. His email article is the reason why I started checking privacy policies a lot because they contain a lot of important information that a lot of people don't talk about when they should. Ideally, an email provider will not retain logs or metadata of anything and will fight to protect you from giving up any data at all. In this case, ProtonMail actually retains a lot of email metadata. "We have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, message subject, and message sent and received times." This is straight from ProtonMail's privacy policy. Even worse - "When a ProtonMail account is closed, data is immediately deleted from production servers. Active accounts will have data retained indefinitely. Deleted emails are also permanently deleted from production servers. Deleted data may be retained in our backups for up to 14 days." This is not as private as I originally thought the email provider was. The bit about retaining data indefinitely for active accounts is basically on the same level of all the shit-tier email providers (Gmail, Yahoo, Hotmail, etc.). Looking at their transparency report, they are more than willing to comply with authorities than to protect you. Given their size and userbase it makes sense though. They're still a business, they probably don't have the manpower and time to fight all cases, and its just easier to comply than to fight - Atleast thats what I think since I'm no expert. I do remember a case when ProtonMail closed down an account simply because they saw an image with a ProtonMail email address with the image looking like there was criminal activity involved. So with all these red flags I decided that I wanted to move away from ProtonMail. digdeeper said that they're still pretty good especially compared to the shit-tier email providers which is true. That is when I laid my eyes on the three community-managed email providers Autistici, Riseup, and Disroot. They do not do soulless bussinessmen money talk - They speak from the heart with good intentions. They all also do more than just email but a bundle of privacy-centric services such as cloud storage, pastebin, website hosting, VPN, XMPP, etc. They do not require paying for these services so how do they stay alive? Through donations. There would most definitely be concerns about keeping these services alive purely through donations but so far it has worked because the users truly want to keep them alive. Riseup has been around since 1999. Autistici has been around since 2001. Disroot is fairly new (2015) but they have plans to be in for the long run. It is a very rare but also a very beautiful thing to see and I hope they never stop what they're doing. I have donated a fair amount to Autistici myself and soon need to donate to the other two as well. I have never really donated before but I really do believe in what they do and I want to keep them alive! They are *rare* and more of what we need in this increasingly dystopic and surveillance-filled world. Autistici requires you to write about why you share their principles and what kind of person you are. If you really do believe in their principles and write a thoughtful response they will accept you. It may take time but it is well worth it. Riseup requires an invite code generated by people already using their email service. It is similar to torrenting private trackers - Only invite people you know well and will actually contribute. That is fine by me but it may be hard to find such people willing to give away invite codes. Disroot just requires filling out a 'your story' section. Just describe yourself and maybe why you would like to use their services and they'll create your account. Although this may somewhat contradict what I said earlier - Personally I like this approach of getting into these email services because it weeds out those that don't actually care about their principles and definitely prevents spammers and criminals. My primary email provider of choice is Autistici. Whenever I sign up for a website, service, or whatever then I use Riseup's email alias feature. They allow you to make as many aliases as you want and protect your real email address unlike Autistici (They have aliases but they don't hide your real email address as shown in the email header) and Disroot (Disroot's aliases is a paid feature). You can also type up whatever you want in the alias which makes Blur by Abine pretty much useless and is even better since Blur provides only pre-defined masked email address which can look suspicious to some websites or services. Using email aliases will protect you from data breaches and pinpoint what website or service sold your alias since you can just delete them. I use Disroot for their cloud storage services. Email Client: None to Claws Mail Now that I no longer use ProtonMail and use Autistici/Riseup this means that I can actually use an email client without a proprietary bridge program. I went with Claws Mail partly due to digdeeper's influence and also because I have tried it out before. It works flawlessly and efficiently. You can deeply customize it to however you want and it uses little RAM. What else could I ask for? For the best privacy and security, it is recommended to use an email client with the POP protocol over webclient mail which all use the IMAP protocol by default. The IMAP protocol is a two-way protocol that allows the user to synchronize their email among multiple devices such as a desktop and smartphone. Whatever the user does on their end is also reflected on the emails in the email server. Leaving your email on the email server allows hackers and adversaries to be able to see ALL of your email if you are hacked and/or if the email server itself is stolen or imaged. Your email account contains if not the most personal information on you out of anything else. Almost every single website and service these days absolutely requires an email address when most don't have to. The hacker can look at all the websites and services you're associated with, your online purchases, financial information, etc. if you leave those emails on the email server undeleted. You absolutely must protect your email account! For the best security and privacy, you will want to use the POP protocol. The POP protocol simply allows you to download email from one device and has the capability to delete the email from the email server as configured by the email client. The con is that you won't be able to receive emails on multiple devices but the pros of deleting emails from the email server is far more significant. What can a hacker do if they gain access to your email account to find ABSOLUTELY NOTHING? They will simply have to move onto another person to target. Crisis averted! If you want to take it a step further and reach paranoid autism status you can also use PGP encryption with your PGP key on something like the Nitrokey and forward all received emails to yourself to encrypt them so that even physical access is useless! Forwarding to yourself makes the 'from' field useless since it will be your username and not the sender of the email. The content is unreadable without having access to the Nitrokey (Something you physically have) and knowing the PIN of the Nitrokey (Something you know from memory) to the PGP key of the user. The only useful information they can see is the subject and email header metadata. This is definitely overblown and very overkill for the average person but is useful for high profile or targetted people. It also just makes good security practice. Just be careful not to lose the Nitrokey if you don't have backups or else you're fucked. One thing I forgot to mention - Delete emails that you KNOW you no longer need. Theres no point in keeping emails that notify about change of passwords, change of personal information, stuff you ordered and already received and you know that you won't return it or ship it back for warranty, etc. unless you are keeping track of financial budgetting. All of these useless emails will just clog and bloat your inbox. Keep it neat, manageable, and organized. VPN: ProtonVPN to Riseup Since ProtonMail isn't as good as I thought I might as well stop paying for and using ProtonVPN as well. Riseup provides a *free* VPN service in the United States to its users. While many people worry about the location being in the United States since the country is bad for jurisdiction and is a part of the '5 eyes' - That is irrelevant if you trust your VPN service and its privacy policy. People also worry about the *free* part in a VPN because how else can they stay alive without paying server costs or collecting user data? Donations, donations, donations. I can confidently say that I trust the community-based (And not business-based) Riseup with how long they have been around for with a clean history, their privacy policy, willingness to protect their users' data at all costs, and commitment to fight off the authorities and government. If they didn't have the funds to keep the VPN running than they would shut it down rather than collect any user data and going against the principles. While the VPN is technically free I will most definitely donate in support of Riseup. I have also started using DNSCrypt-proxy. It has a handful of features but the main purpose is to encrypt your DNS traffic and to prevent MITM attacks which provides good security benefits. I still need to wrap my head around how it works and if it is actually useful though. It doesn't necessarily make sense to use a 3rd party DNS over the VPN's DNS if you already trust the VPN. Adding a 3rd party DNS requires you to trust two things instead of one. Web Browser: Firefox to Pale Moon I was pretty neutral with Firefox and Mozilla since they are always recommended. The problem is that nobody actually talks about what is bad about Mozilla or look deeply into what they do. They're painted as the last hope for a privacy-centric browser when that is not the case. digdeeper has uncovered and curated a list of articles and evidence that very highly questions Mozilla's decisions and their actual stance on privacy. Two recent incidents that I found out myself that made me question Mozilla even more was when they emphasized their uploading service Firefox Send and the disabled addons due to expiration of a signing certificate incident. Firefox Send supposedly allows you to upload and share files with end-to-end encryption up to 1 GB without a Firefox account and up to 2.5 GB with a Firefox account. The uploads stay alive up until 7 days or 100 downloads. You can password the upload for extra protection. Remember - In a perfect world there would be no IP or metadata logging while still performing functions. Yet if you look at Firefox Send's privacy policy they will log IP addresses of uploaders and downloaders for 90 days. They will autistically collect your interaction and technical data to 'improve their services'. "Interaction data: This includes information such as number of people sending and receiving files, number of files uploaded and approximate file sizes, percentage of file downloaders who become uploaders, how people engage with the website (time spent, clicks, referrer information, site exit path, use of passwords.). Technical data: This includes information such as operating system, browser, language preference, country, timestamping, duration for file transfer, reasons for errors, reasons for file expiration." Sooo they basically collect information about everything except the file itself. In what fucking planet is that private... They even openly admit that they use Google Cloud Platform. Google is the very antithesis of privacy yet the supposed privacy-respecting company is using them... Yet Firefox fanbois will flock all over that fucking shit thinking that it is private. Using a Firefox account for files over 1 GB just further de-anonymizes you but they are probably the only choice for files that big unfortunately. If you want a REAL privacy-respecting temporary file hosting service - Head on over to Disroot's Lufi service instead. Same concept but without all the bullshit that Firefox does and by a community-based service. As for the disabled addons incident, supposedly Mozilla forgot to renew the signing certificate which disabled almost ALL Firefox users' addons FORCEFULLY and with NO OVERRIDE for a few days. What incompetent 'non-profit' company forgets to do such an important task that ended up fucking MILLIONS of Firefox users and affecting even Tor users - Thats right - Mozilla. I remember Reddit /r/firefox being spammed with hate threads it was hilarious. I was not affected because I had already switched to Pale Moon before that happened. I originally tried out Ungoogled Chromium as one of the recommended web browsers in the top tier as said by Spyware's comparison article. It took a long ass time to compile in Gentoo but I already liked it a bit better than Firefox. For some reason Firefox always had memory leakage issues and causing my Gentoo to freeze and crash despite having 16 GB of memory. It would also occasionally be unresponsive. Ungoogled Chromium solved those issues for me and so I used it for maybe two or three months. Then digdeeper started trying out Pale Moon after finding out that there was a forked version of the uMatrix addon named ηMatrix. uMatrix is singlehandedly the best addon hands down. It can block 3rd party domains, javascript, XHR, cookies, CSS, images, clear browser cache, spoof HTTP Referer for 3rd party requests, block hyperlink auditing attempts, etc. It is absolutely godly for privacy, security, and reducing the downloading of useless resources. Now that there was a fork of it specifically for Pale Moon it was worth it for him to look into it again. Being a early fork of Firefox, not being Chromium-based, and using their own rendering engine named Goanna - They are truly independent. It is FAST, uses SIGNIFICANTLY less RAM, truly customizable, allows you to download and use pre-Firefox Quantum addons, no need to dig through about:config and mess with all those options that you don't understand about, and is one of the best privacy respecting web browsers with a few minor tweaks. Since being an old Firefox fork and with significantly less manpower, people are left to wonder or assume that Pale Moon and the addons is insecure and obsolete. Moonchild, one of the developers behind Pale Moon, has made a thread to dispel such rumors. Even if they are not as secure as thought to be, I will most definitely sacrafice some security for maximum privacy and control. Just as Benjamin Franklin once said: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." This is truly a browser designed with users in mind. Browser Addons Just as I had described earlier, uMatrix/ηMatrix is the most essential addon. I have also configured it to disable cookies, javascript, and XHR by default. If you are not logging into a website and are only viewing or reading news than there is no need to have all that crap enabled - They can't do any deep tracking or fingerprinting without it enabled. For whatever reason people worry way too much about fingerprinting trying to make themselves less fingerprintable at all costs. It is almost impossible to get rid of fingerprinting and you're better off blocking it whenever possible. If you need an extreme amount of anonymity then use the Tor browser instead - Otherwise quit wasting time. The more you use uMatrix the more you will understand what to allow and what to block as well so the learning curve isn't actually that high - It just takes a little bit of effort to unbreak websites. Decentraleyes uses its own local bundled content in place of 3rd parties which improves privacy. Does not require user intervention at all and works out of the box with no configuration needed. Self-Destructing Cookies automatically deletes cookies as soon as you close a tab of the webpage you were visiting but keeps whitelisted cookies. Mostly made redundant by uMatrix disabling cookies by default but still necessary for whitelisted cookies. Smart HTTPS automatically tries to connect to websites with HTTPS but if an error occurs then it switches back to regular HTTP. It makes HTTPS Everywhere redundant since it relies on a list to do its job instead of doing it automatically. uBlock Origin is made mostly redundant by uMatrix for ad-blocking but it still manages to catch some more obscure ads and is useful for the cosmetic filtering feature which blocks elements on a webpage that you don't care about for a cleaner look and less bloat. The list of addons being listed now will focus on convenience and appearance. Advanced Night Mode is great for vampires that don't want to die from bright websites that still haven't learned good website design. Just kidding, its a great addon for dark backgrounds. Greasemonkey is great if you can find userscripts for the websites you visit. It can change or enhance the website's functionality and appearance. Imagus is an excellent addon for viewing images. If you hover over an image with your cursor, it will display the true resolution of the image for better viewing. NoSquint is useful for keeping zooming levels for specific websites which is definitely useful for me since I use two instances of Pale Moon side by side on my monitor which makes it necessary. Stylem is great for theming or changing the appearance of websites the way you want. Search Engine: SearX public instance to SearX public instance Since discovering that Disroot has their own public instance of SearX I have started using instead of since I believe that are highly trustable. It doesn't use and parse the Google search engine by default so you have to manually turn it on if you want to use that. Phone: OnePlus 3/5T with Discord to without Discord Taken from my journal entry: Before the month of May started I had uninstalled Discord, popular chat program geared primarily towards gamers, on my phone so I could focus more at work and be less of smartphone zombie in general. Usually for most people the hardest thing to get rid of are the apps that they think they need but don't because they're addictive. For the longest time I have kept Discord because I like to talk to people on there but the problem is that it causes me to look at my phone too much if I wasn't at home. Randomly one day I just uninstalled Discord and I haven't installed it back on my phone since. It feels a bit liberating to not have to check for new messages and shit all the time anymore. I can just focus on work or read Slashdot and Reddit on the work computer when I have free time instead. I have also developed a habit of turning off both wifi and mobile data when not in use. No more Discord spyware to datamine my phone anymore! Though the best privacy solution is to not have a phone altogether and use a landline phone instead but that is realistically becoming harder and harder as technology starts taking over too much of our lives. To do: Look into postmarketOS. Messaging Program: Discord and XMPP+OMEMO I switched over to the Canary version of Discord in the browser. It is a supposedly more bleeding edge version with some additional features. Besides that there is no critical differences to note. Ever since chatting with digdeeper we have created a XMPP group chat with OMEMO encryption. This is currently the most private and secure method of messaging for now. It is open source, decentralized, federated, requires no personal information/phone numbers/email addresses to use, uses a 3rd party audited encryption protocol, etc. All of these things are not available in anything else right now. Unfortunately we haven't really found a working solution to using XMPP group chat with OMEMO encryption for iPhones/Android phones. Image Hosting: to Disroot Since died and the discover of / Disroot's Cloud storage services I have been uploading my screenshots and images to them instead since they are trustable. Congratulations you have finished reading my long ass article!