Hi! 2 and 4 months ago @Hellfire103 and @Charger8232 made a post about their privacy setup. So I though I would also share mine.

Remember these rules:

  • Be respectful! Some people are early on in their privacy journey, or have a lax threat model. Just because it doesnā€™t align with yours, or uses some anti-privacy software, doesnā€™t mean you can downvote them! Help them improve by giving suggestions on alternatives.

  • Donā€™t promote proprietary software! Proprietary software, no matter how good it may seem, is against the community rules, and generally frowned upon. If you arenā€™t sure, you can always ask! This is a place to learn. Donā€™t downvote people just because they donā€™t know!

-** Donā€™t focus solely on me!** I want to mention that this thread is not designed to pick apart only my setup. The point is to contribute your own and help others. That doesnā€™t mean you canā€™t still give suggestions for mine, but donā€™t prioritize mine over another.

  • Be polite! This falls under ā€œBe respectfulā€, but be kind to everyone! Say please, thank you, and sorry. Lemmy is really good about this, but there will always be someone.

Here is my setup:

Web browsing

  • I use Librewolf for almost everything.
  • For 3D stuff (games, 3d modelling) I use Brave.
  • On mobile I use Vanadium.
  • My preferred search engine is Kagi.
  • Most if the time I have MullvadVPN enabled.

Desktop and laptop

  • I have self-build Ryzen + Radeon PC and Ideapad with Ryzen CPU.
  • I use Arch Linux BTW!
  • I have disk encryption and Nitrokey as a decryption key (or a long password of course).
  • I have secure boot with locked BIOS.
  • Iā€™m running self-compiled linux-hardened kernel.
  • Iā€™m using Gnome (Wayland).
  • I have only open-source apps installed.

Mobile

  • I have Google Pixel 7a with GrapheneOS.
  • I have different 5 profiles: main, google, school, finance, anonymous.
  • I have PIN on every profile and also fingerprint for main and school profiles.
  • I always use VPN, either Mullvad or self-hosted Wireguard.
  • I donā€™t use a privacy screen protector (for now).

Messenger

  • Signal for my family.
  • Viber for my schoolmates.
  • MS Teams for school.
  • Matrix for help with some open-source projects.
  • Discord for voice chat and local scouts group. I have Aliucord on mobile and Armcord on desktop.

Online accounts

  • Passwords are safe in self-hosted Bitwarden (Vaultwarden).
  • I use 2FA if I can. Either hardware 2FA - Nitrokey, or TOTP with Aegis.
  • I use SimpleLogin for email aliases and randomly generated usernames and passwords.

Video streaming

  • I watch only Youtube. Newpipe on mobile and Invidious on desktop.

AI

  • I do not use AI a lot, but if I do I use locally running LLama3 8B or Duckduckgoā€™s LLama3 70B

Social Media

  • I had Instagram, Snapchat and Viber accounts, but Iā€™ve deleted them.
  • I use only Lemmy on clearweb and Dread on darkweb.
  • I have Mastodon account, but I donā€™t use it.

Email

  • I use ProtonMail.
  • One of the best privacy things you can do is use SimpleLogin (or other email alias service).

Shopping/Finance

  • IRL I use cash most of the time.
  • Online I use Monero if I can, otherwise just my credit card.
  • Cashew app for helping managing my purchases.

Music streaming

  • I use only RiMusic on my phone, thatā€™s it.

TV shows

  • I use a VPN, thatā€™s all Iā€™m gonna sayā€¦

Gaming

  • Minecraft, Veloren, SuperTuxKart, and some Steam games.

Programming

  • I forgot how to code in Python, because Rust is so much better.
  • VS Codium.

Productivity

  • LibreOffice for simple stuff.
  • Typst for proper documents.

Paid services

  • ProtonMail - 4$ per month
  • SimpleLogin - 30$ per year
  • MullvadVPN - 5$ per month
  • Kagi - 10$ per month. For 5$ you get 300 searches, I use ~350 searches so I will try to lower my searches.
  • Domain - 13$ per year

Self-hosted

  • Everything runs on Raspberry Pi 4 with encrypted micro SD card.
  • Pi-Hole for blocking ads on network level.
  • Bitwarden (Vaultwarden) for storing all my passwords.
  • Wireguard server (with pihole as DNS) for connecting back home from anywhere.
  • Ntfy for self-hosted push notifications.
  • MollySocket for Signal push notifications.
  • FindMyDevice if I lost my phone.
  • Cloudflare DDNS, because I donā€™t have static IP.
  • Nginx Proxy Manager.
  • Watchtower automatically updates docker containers.
  • My website.

Misc

  • I have Samsung Galaxy Watch 4 classic. Iā€™m trying to do something about itā€¦
  • Iā€™m using Syncthing to sync documents and pictures between my devices.
  • I donā€™t have a car (because I canā€™t - Iā€™m 17) and I wonā€™t have one for quite some time. I have a bicycle and my parents have 2 (smart/spy) cars.
  • Iā€™m into crypto (mostly XMR) and Iā€™m trading a little (making a trading bot) on MEXC. I also have Ledger Nano S Plus.
  • I have a 3d printer and itā€™s fun and usefull :)

TODO

  • self-host Git repos for my projects.
  • Buy a privacy screen protector when I break my current one.
  • Buy a faraday bag, just in case.
  • Do something about my spywatch (maybe sell).
  • Make backupsā€¦ Yep, I donā€™t have any yet.
  • Monitor and harden all my devices.
  • Memorize cryptowalletā€™s private key in case it gets lost.

Thanks for reading!

  • asap@lemmy.worldEnglish
    1Ā·
    2 months ago

    Kagi isnā€™t private and it is misleading to advertise it as such.

    What is your reasoning for this statement?

    Going directly from Kagiā€™s own privacy policy, ā€œTo ensure your privacy and security, we donā€™t monitor, log or store your queries or associate them with your accountā€.

    Of course you have to believe them, but thatā€™s the same for every service that you do not host or compile yourself, and for which youā€™ve read the entire source code yourself.

      • asap@lemmy.worldEnglish
        1Ā·
        2 months ago

        First of all, you can pay with crypto and use a burner email, but secondly, they donā€™t link searches to your payment or sign in. (Assuming of course you take their word for it, but thatā€™s the same for every service that you do not host or compile yourself, and for which youā€™ve also read the entire source code yourself.)

        Iā€™m not saying people should use Kagi, Iā€™m merely pointing out you canā€™t claim itā€™s ā€œmisleading and not privateā€ without providing some sort of proof.

        At best you can say you canā€™t verify for yourself that they are indeed private as they claim.

        • Possibly linux@lemmy.zipEnglish
          1Ā·
          2 months ago

          On Duckduckgo you can use it with Tor and have a totally different session for each search. You canā€™t do that with Kagi. You are stuck with one account for everything.