I’m new to posting here, but I’ve been following the forum for a few months now. First, I want to thank the Privacy Guides team and everyone who contributes here. My perspective on the internet has completely changed since I found this community.
I’m looking for suggestions to improve my privacy and security setup. My threat model is simply to avoid the surveillance capitalism of big tech.
Browsers: Mullvad (medium security level with added lists in uBlock) for daily use and Brave (following PG’s recommended settings with Proton Pass and Simple Login extensions) for sites requiring login.
Search Engines: DDG on Mullvad and Brave Search on Brave.
VPN: Proton VPN
Password Management: Proton Pass for passwords and Ente Auth for 2FA.
Email and Calendar: Proton Mail
Cloud Storage: Proton Drive
Photo Storage: iCloud with Advanced Data Protection E2EE (I know it’s not the best option, but the lack of features in Ente and Sting still makes me prefer iCloud).
Video Calls: Jitsi
Based on my threat model, do you have any suggestions for modifications?
With the exception of changing the blocklists in Mullvad Browser (not recommended), it sounds like your setup is pretty reasonable for your goals.
Although when it comes to lowering your exposure to surveillance capitalism, what you don’t do is as important or more important than what you do do. Moving away from invasive services and apps, changing your behaviors/habits, mindset, etc. I assume you are thinking through these things as well, I only bring it up because it isn’t explicitly mentioned in your post, which focuses more on tools you’ve adopted.
I restored Mullvad to its defaults. Is it okay to change the search engine on Mullvad to Brave Search, or is it better to stick with DDG?
Regarding what I should avoid, I’m learning here on PG about the best practices. It’s not an easy task since I’ve been using all the big tech stuff for years. Additionally, I’m an employee of an organization that uses Microsoft’s suite, so there’s not much room to escape.
I’ve also started talking about privacy and trying to educate my relatives and friends. I really believe in the power of knowledge, and discussing it helps the cause.
Thanks again for your thoughts, and if anyone wants to contribute with feedback, I’d be glad to hear it.
I think its fine to change the search engine if you like. (Alternatively you can always just add !brave in front of a duckduckgo search query to search Brave via duckduckgo)
That reminds me, is changing search engines (adding, removing, setting up default one) discouraged when it comes to fingerprinting? I would really like to switch to Brave if it doesn’t go against browser’s privacy design.
You are free to change the default search engine, it has no browser fingerprint implication.
Unfortunately, my friends only use WhatsApp, so I’ve stuck with it so far. I’m trying to convince at least my parents and close relatives and friends to switch to Signal or Threema, but I haven’t had any luck so far.
I have a question about the video call solution. Is Jitsi the best for my threat model, or would it be okay to use one of the more well-known solutions like Zoom, Webex, or Teams?
You could tell them you will leave WA soon and ask them to install Signal additionally so you can keep in contact. Don’t force them to switch completely, this usually will not work.