This thread is a continuation of My Privacy Journey

Threat Model

So since privacy isn’t security, I’m going to use goals rather than threat models. However, for the sake of conversation, I’ll continue to say threat model.

Initial Approach

My initial threat model was “these things look fun, lets do that” and “f*** corporations” - basically a hobbyist mentality approach with a reason. I’ve sort of meandered on making changes which have generally been good, but I’ve sort of hit a plateau in my journey.

Proposed Approach

Needing to define an actual threat model so I can make intended choices, I’ve decided on the following high level goal:

• Make new choices that reduce the amount of data I provide to tech giants
• Attempt to tackle one issue once a month / once every couple of months, to make change manageable

Current Work

Initial Work

Here are my general tech choices, feel free to clarify if I haven’t listed everything relevant.

1. Email Provider is Proton Mail
2. VPN is Mullvad
3. Home Router runs OpenWRT [DNS is Unbound with TLS to Mullvad, fallback TLS to CloudFare)
4. Router runs an DNS adblocker provided by OpenWRT. Mileage varies, but is good at blocking devices like Smart TVs.
5. FireFox is main browser
6. iPhone [non-negotiable]
7. Password Manager is Bitwarden, and all 2FA is through this
8. I use Ente Auth as 2FA for Bitwarden, with a biometric YubiKey as fail-safe for Bitwarden + Proton in case I lose access to Ente Auth
9. Self Host [Linux] - SearXNG
10. Self Host [Linux] - Invidious
11. Desktop - Dual Boot Windows + Linux. I have Windows-only applications that have a significant degraded experience in Linux and are borderline unusable. No drive encryption.
12. Laptop - Dual Boot Windows + Linux. Same as Desktop. No drive encryption.

Proposed New Choices

1. Figure out how to use Mullvad Browser rather than Firefox for better anonymity online. Laziness is my main factor in this. I need to determine the safety of installing additional add-ons for Mullvad Browser (i.e. Vimium, Bitwarden)
2. Online accounts are registered to an e-mail domain name of mine. However, this domain is linked to me, and I want to mitigate this. I want to find some e-mail alias services that I can hide this. Given the number of accounts I have, its a bit overwhelming so I haven’t given this priority.
3. Invest time in increasing privacy using an iPhone, should really thoroughly read the docs to see what choices I can make
4. Stop using Amazon. The convenience of Amazon is insane, absolutely mind-blowing for finding products. On a side not, I wish there was a “SearXNG for Amazon” that let me find products that link directly to a companies main page, possibly only searching smaller companies. Would be pretty cool.
5. Delete unnecessary accounts. I can reduce my overall footprint by reducing the number of accounts I have registered with online services.
6. Hard delete my old pre-Proton emails. I really have no reason for them to exist.
7. On the windows partitions I have, delete everything aside from the applications I need. I should have 0 confidential data other than what is absolutely necessary.
8. Encrypt the Linux portions on Desktop/Laptop. I really don’t feel like doing this, but I know its a very sensible thing to do for data I own. Especially on the laptop side.
9. Switch note taking from Obsidian (which is amazing) to an FOSS one that has cloud syncing and E2E encryption

Let me know what you think on these incremental steps, or if there are any other smaller steps I might be missing. Also feel free to ask more details on anything I personally have setup (self hosting, OpenWRT, etc).

If you have a powerful computer and your windows-only apps aren’t graphically intensive consider switching windows to a VM. Without access to the network if your apps are offline-only

The bottom line for extensions on Mullvad Browser is that you shouldn’t install any more than what comes with it. One of the core privacy protections it provides above and beyond Brave/Firefox (i.e. the main reason you would use it instead of those) is making you look the same as other Mullvad Browser users, which would be compromised by installing additional extensions.

The way I and many others tackle this is having a second “persistent” browser for logged-in accounts, extensions, and history (in cases where it is beneficial such as a research project). In this browser, if your identity is known by a login anyway, it shouldn’t be a problem to install additional extensions for customization such as your password manager (which you now do not need to install in Mullvad Browser if you’re not logging into anything there).

As for your overall journey, it sounds like you’re already doing a great deal right. If it ever feels like you haven’t achieved privacy because there’s that one thing you don’t think you’re doing “right,” it helps to see how far you’ve come, especially compared to the average person. We’re happy to have you here, and I wish you the best of luck!

I’ve thought about this before. I have both GPU intensive (gaming) and CPU intensive (media applications) that just take a hit in VMs. Given the DNS adblocker I have, and locking windows down as much as I can already, I’ve decided it’s “good enough” for my use case. I’ve considered VMs with GPU pass through, but at some point I’m still running Windows and need network connectivity from it, and now I need to maintain this VM.

For laptops, I’ve considered an M series Mac to dual boot Asahi Linux + Mac, as I generally believe Apple has greater privacy control to Windows, plus I’m already in the Apple walled garden camp. I’ve also considered a Framework laptop as Linux only, but I’m not financially there for either option, so I’ll decide this later.

Thanks for the advice - I’ll think more about using Mullvad Browser as an anonymous non-logged in browser.

As for the journey, I also feel like I’ve done quite a bit well. I think I’ve focused a lot on the tech, and now I want to focus on the data (mainly accounts and logins). I think it’s easy for the community to bike shed on less meaningful things (Linux distros) when there are easier more obvious choices to increase privacy.

Yeah. There’s a security advantage since the software running in the VM should be unable to compromise the host, but not really a huge advantage in privacy

To me it looks like you’re already doing a lot and your proposed new choices seem fine.

As you said, privacy isn’t security. Privacy is a human necessity and a human right. Security is a set of measures to protect life, freedom, privacy, health, wealth etc.

Based on the threat model you outlined, protecting privacy from tech giants appears to be your main digital security goal.

My understanding is Mullvad Browser just like Tor Browser but without Tor, which is based on Firefox. You’re familiar with Firefox, so Mullvad Browser shouldn’t be difficult for you.

VPN + Mullvad Browser don’t really provide web browsing anonymity. Your VPN should protect your IP address from websites, and you’ll have a similar browser fingerprint to other Mullvad Browsers and Tor Browsers at best, but installing add-ons might make your fingerprint unique. Further, the VPN provides some privacy protection from your ISP, but your VPN provider knows what websites you visit using Mullvad Browser at least.

If you want to browse the web privately and anonymously, I suggest Tor Browser. There are downsides to Tor and you shouldn’t install add-ons to Tor Browser, but I don’t know of any other browser that will give you any decent anonymity.

Maybe you can install both Mullvad Browser and Tor Browser, then uninstall Firefox. Use Mullvad Browser when you need your add-ons or when Tor Browser will get you nowhere, and use Tor Browser for everything else. Keep your VPN on for whichever browser you use.

Suggestion, If you have enough Storage and RAM. Consider running a QEMU VM. It’s really like the actual Windows with GPU acceleration. If it’s work, you can do it for sure. If it’s games, nevermind.

SimpleLogin is the way to go, if you want free, use DDG’s mail protection.

QOwnNotes or Joplin.

Full disc encryption is super easy to use and a huge win for keeping your data secure.

What about your file storage setup? Messaging setup (maybe Signal).

Could use VOIP numbers like mysudo instead of giving away your real phone number. Burner sim cards or prepaid phones.

Mullvad browser to prevent fingerprinting especially for privacy invasive sites.

Thanks for the suggestion. In my case, my primary mitigations are generally against the ISP and tech giants. I’ve typically avoided Tor (Browser) just due to the generally slow throughput, and I assume that a VPN solves the anonymity portion as much as I care about. I think I’ll likely use Mullvad Browser for anonymous activity, and continue using Firefox for when I log into accounts.

Games are one aspect I’m quite content with my dual boot environment. I don’t think there is a significant privacy gain for me running Windows in a VM as I need a network connectivity regardless. I aim to have my DNS adblocker take care of the telemetry I can’t disable already

Signed up for SimpleLogin - given the single source of trust with Proton, this is preferred. I’ll see how QOwnNotes or Joplin is. If the UX for those are sub-par, I’ll stick with Obsidian, as I use Obsidian strictly offline (and backups if absolutely needed would be done via Proton Drive).

Thank you for your suggestions!

Full disc encryption is definitely on my TODO list. It would keep peace of mind in case someone stole a device of mine. Its just one of those things that I just haven’t done yet.

What about your file storage setup?

Good question. Currently I have a 2 backup harddrives which I manually backup additional data once in a while. I also use Proton Drive to store vital information that if both hard drive exploded, I wouldn’t be devastated. I’ve thought about NextCloud as well, but I think that is several more steps ahead of my current setup.

Messaging setup (maybe Signal).

iMessage is about all I have. Signal is only as good as the number of connections in real life will use them. If no one uses Signal… well its kind of pointless. At this time, almost all of my connections use iOS, ergo iMessage.

I hope to switch some affiliates of mine to use Signal for a group message instead of social media messaging, but part of the chat is sending eachother memes in a way that is integrated with the social media platform - that is just not present on Signal.

Could use VOIP numbers like mysudo instead of giving away your real phone number. Burner sim cards or prepaid phones.

First is first, burner sim cards and prepaid phones are too extreme for my case. I would reserve this countermeasure only if being compromised would result in a degraded state of well being and freedom. I hope to not find myself in this position.

I’d need to investigate mysudo more, and this general use case. Using a third party VOIP is now trusting yet another entity. I also need to think a bit about whether tying additional accounts to my phone number is a big deal, and which accounts this would really make a difference (i.e. a bank already has all of my information, I don’t really know what the benefit there is to hide my cellular number from them).

To really make this kind of change meaningful, I’d need to get a new cell number and migrate contacts as a clean slate then apply something like mysudo. Its guaranteed my current number is already well circulated and tied to me. However, doing so is quite jarring, so I would have to really think about this decision.

I’d say this merits its own separate topic - how to re-anonymize a cell phone number, and what benefit that has.

Honestly using VOIP is not only useful for privacy but security as well. Targeted sim swap attacks are super easy to do, and pretty common.

This is why I would recommend VOIP numbers if any services require SMS authentication codes.

Typically most people would port the existing number to something like numberbarn, forward any texts to the new number or an email. Then get a new number. That way you keep access to the old one.

I don’t like that one number can be tied to: personal info used to register the number, real world identities, physical location, correspondence with personal contacts.

I keep these in separate ‘buckets’. The number used to register for any real world services is not the same number used to contact anyone, nor is it linked with my physical location. Additionally, the number used to contact me via apps like Signal is yet another number.

Take a screenshot of the meme and send it in Signal?

Hard to take screenshots of videos as well

As for the VOIP, this is a non trivial amount of work to get vested and also costs additional money. I’m not particularly worried about SMS swapping, so it’s only privacy implications. I think I understand a cell number can be a single identifying trace of information, but I need to investigate how pervasive this is for my online presence before tackling it.

I think a better first step for me will be to see how many accounts which I require a number with, scrub ones I don’t require, and reassess next steps then.

Any how your VM goes through the host DNS. Then what’s the problem ?

Who said there wouldn’t be network connectivity.

When you are ready to start replacing all your accounts with SimpleLogin aliases, I recommend a 3-step process:

1. Target the most frequently used accounts. Financial and health, for example.
2. Shift to updating accounts as you happen to log in. Do this for 1-2 months.
3. Set a date to knockout all the remaining accounts not updated.

This way you don’t deal with burnout.

I’ll say it again, I don’t see or understand the significant privacy gain in sandboxing Windows at this time. I also have a perf hit on specific intensive applications, such as gaming.

unpopular opinion, but perhaps, you’ve done enough ? I’m also wondering if I should continue the journey or if … I’m happy with my current tool and privacy and the rest is low hanging task that will ask too much effort for few/small contribution

Not unpopular at all, or at least with me. First, I’ll answer my take on my journey and makes next steps, and then I’ll give discussion for your thoughts.

For me, I’ve heavily been focused on using tools and applications to mitigate privacy concerns. This lets me mostly continue may usual day-to-day but with some degree of protection. For my initial work, a huge chunk of privacy I believe comes from the following:

1. Network wide DNS adblocker on my home network, blocking a degree of tracking (and some ads ) from devices I have less control over like smart tvs. This is probably the most maintance I do as I need to allowlist certain DNS entries to get some sites to work.
2. Using privacy frontends for certain services
3. Using a privacy respecting email provider where a huge amount of personal data comes inbound
4. Using a VPN when not logged into accounts

My current next step is replacing all of my email logins with SimpleLogins so that my domain based e-mail is no longer tied to online accounts. Even then, thats simply a mitigation of still being registered to online accounts.

But what I was not focusing on was reducing online presence. In reality, the next step for me is to give the middle finger to many services that broker my data; I should refuse to use their service. Social networks, and etc. However, without a thoughtful plan, I risk running into burnout and isolation.

I haven’t discussed these next steps, as most of these are personal. This part of the journey isn’t technical (aside from deleting accounts), its re-evaluating how I interact with the world itself, and re-evaluating my hobbies, relationships, and life goals.

We don’t win the privacy game, we just simply get to a level where we feel comfortable. For myself, I am enjoying the journey itself still, and I have no hard end-goal. The only goal is to keep this journey interesting and not burn myself out, as I know its a general net-gain for myself because of the principles I believe it.

If you’ve found that you are happy where you at, the journey can continue in a new ways. With the experience and insight you’ve gathered in your journey, you can help lead others as they try to figure out what works for them. Could be this forum, could be offline. As a developer, I’ve also found another way to continue the journey: I help contribute to some of the tools you see in the recommended section. You can also choose to take the journey political, and see if you can support local politicians who will aid in lawful protections of privacy.