Hi all - lately I’ve takene some steps to improve privacy. Threat model vise I am mostly concerned about identity theft (ID documents and email), secondly general passive attacks. Reducing data used for monetization is a bonus. The spark for this was looking into options aside from Gmail, and improve privacy at the same time.
Email - went for Tuta and setup 2FA with bitwarden authenticator. Passphrase and recovery code stored physically. Paid subscription. Need 2/3 of passphrase, recovery code or 2FA to recover.
Registrar - used a recommended registrar for a domain to use for email so that changing email provider is feasible without having to update all emails. Password stored in Bitwarden, 2FA with Bitwarden authenticator. Recovery email set to old gmail.
Password Manager - Bitwarden. Password stored physically and using Bitwarden authenticator for 2FA. The vault including login for registrar and 2FA for registrar, Tuta Bitwarden is exported using the password encrypted json file which is stored on my laptop and in google drive
Physical storage - copies of the above mentioned stored in my home and at another physical location. Ive deemed this as “good enough” for now.
When doing the threat model analysis my conclusion was that using good passwords (convenience added by using bitwarden to generate and store passwords) and TOTP 2FA is good enough.
My devices consist of iPhone, macbook pro and a windows computer. Passkey using biometrics on laptop and face id on bitwarden app + authenticator on phone.
However, my fear is that there may be instances where I could lock myself out - i.e. biggest threat is myself.
This worry started with using the bitwarden authenticator as 2FA for bitwarden. However I do believe this is mitigated by storing the recovery key and also backing up the vault.
The second worry is using a custom domain whereby if I lost the domain due to i.e. not paying or something happening to the registrar which would lead to someone being able to receive emails. However, with 2FA in place, I think this is mitigated, and if the domain is lost I would be able to update logins back to i.e. original tuta email or similar.
My question is whether there’s a blunder in the setup or logic whereby I may accidentally lock myself out. I have a fair grasp of the different items on a standalone basis, but no experience with the system as a whole. For now I have implemented the system, but not made it operational.
Well done - you have learnt the most important lesson that we all need to remember - ‘ the biggest threat is myself’
Email - Tuta is good and one of PGs recommended , I have used it for years with no problem.
Password Manager - always good to move away from browser based password manager for all your passwords - just use a PG recommended option as it reduces work of investigating these things yourself
2FA - there will be lots of different views on this - if you are just starting on your journey then maybe just use 2FA on those sites you really want to protect ( and as long as this doesnt reduce usability for your use-case )
Physical storage - another difficult area - I’m not the right person to comment as I often forget to zip my fly or why I walked into the room I just walked into ….
It’s common to start with email but I would also suggest you read the other topic running currently ‘ do I step back from email privacy? ‘ .
You are spending time researching and trying to create a locked down private email which some might suggest may not give you great privacy payback - however as long as it feels right to you , it’s fine .
As a keen Tuta user I am probably only getting a great privacy benefit when I store email as drafts or send to another Tuta user - once the email goes to my Gmail using family , ‘it’s toast’
When starting , I found Techlores privacy quiz really useful - it puts privacy activities into bands (easy and useful > hard and marginal ) - this can help people to ‘pace themselves’ in what can be a long journey
Thanks! I read the thread re “do I step back from email privacy?”. Interesting and I am personally not too concerned with E2EE, but do prefer not to provide my data for free to big tech. So far Tuta has worked fine for me. We’ll see once I ramp up.
For the 2FA and my Bitwarden Vault and Bitwarden Authenticator concern I ended up adding Ente Auth where my 2FAs for Tuta, Bitwarden and registrar are stored. I’ll probably use Bitwarden Authenticator for other 2FA logins for convenience. Backups for these 2FAs will then be included in my vault export.
I created an emergency sheet with all information as mentioned above, including secret keys for the core 2FAs. Will store this at home and at work in paper format and some thumb drives. Not too concerned about theft, but in case of a fire or similar.
My end goal is to be able to recover if I lose my home and any/all devices at the same time.
while using an email aliasing service I suppose? Portability is quite more simple in that situation yes.
If you keep a local database only and no account on their servers, why not Keepass then? I mean, is it even feasible to have a Bitwarden without an account on their servers?
I’m not familiar with this one specifically but I do prefer a good old physical hardware key (ex: Yubikey) for a safer approach. Hopefully you can still access the 2FA authenticator if you lose access to your Bitwarden vault.
Storing physical backups at family/friends/other safe place is indeed the way to go.
Consider doing digital backups of things too, on a cloud somewhere encrypted.
This locks you down to Apple’s ecosystem tho.
Consider having physical backups + trusted family member or alike.
Some registrars allow to buy a domain name for 10 years ahead of time.
And they send plenty of reminders before expiry.
And you can also create a specific bank account that has always just enough money for those yearly checks to go through.
Also maybe a calendar reminder?
Overall, plenty of solutions don’t worry too much.
And even if you get through all of that, it doesn’t mean that somebody will steal it straight away: you can always buy it back from the registrar for a slight fee.
Owning a domain is not as scary as it sounds.
Third-party service providers requiring online connectivity may become inaccessible in the future, so self-hosting would mitigate that dependency as long as you are willing to sustainably maintain those services for yourself.
