I’ve been on a quest to create a more privacy-focused online environment. So far, I’ve made some simple yet effective changes, which include:
Replacing Windows with Fedora as my operating system.
Switching from Edge to LibreWolf, with ResistFingerprinting disabled.
Ditching Google Search for SearXNG.
Utilizing ProtonVPN for enhanced online privacy.
Implementing DoH (DNS over HTTPS) via Cloudflare.
The only Google-related service that I’m still using is on my smartphone, the Nothing Phone 1, where I’m logged into my Google Account. I’m considering making the switch to LineageOS to further de-Google myself.
Being a broke college student, there are a few things I can’t completely avoid. I’m stuck with Gmail as my email client, and I’m dependent on my 100GB Google Drive/Photos for cloud storage.
My goal is simple: I want to regain control over my data and reduce my reliance on big tech companies. Is this setup sufficient, or do you have any suggestions on how I can enhance my privacy even further?
I agree w/getting a custom ROM. Until then, i would remove all uneccesay apps. Use web sign-on wherever possible. I disable ALL Google Play Service permissions, except when forced. Disable unnecessary app permissions
Use Fennec, Mull, Brave, Ungoogled Chromium browsers…all of them
Go thru phone settings & shut off all settings that risk privacy (Find My Phone, Google AD ID, etc)
Remoce all bloatware using adb
On your Fedora, use Librewolf, Mullvad, Iridium, Brave…all of them
Alright, thank you for the recommendations. The thing with Phone 1 is comes without any bloatware only the basic Google Suite.
I’ll use Fennec and Stock ROM for now till I manage to figure out how to flash an custom ROM on Linux. (I know how to on Windows but yeah)
All the things are off except the “Find my Phone” in case of an theft.
Thank you again.
If you nevertheless want to use a Gecko-based browser, be aware that security is years behind Chromium and at least use Tor Browser or Mull instead of Fennec.
Why?
If you use Proton VPN, stick to their default DNS to not stand out.
There are plenty of free email clients like Fairemail or K-9 Mail. Self-hosting your photos and files might be an option if you have time to deal with it.
Site isolation and isolatedProcess aren’t the only aspects. Seccomp-bpf-filters, memory allocator, exploit mitigations, JIT and other aspects also need to be taken into consideration.
Maybe, it’s up to you if it is sufficient for your threat model or your use case. You’ve definitely taken more steps to protect your privacy than most people.
That is a subject, but, I would say it is not sufficient.
I don’t recommend using a fork for such a critical piece of software as a browser, and you should not disable that setting.
If you mean doing that in Firefox, I don’t see the point, and I think doing it over Cloudflare is actually hurting you. Generally there’s no need to change your DNS, but, if you do, change it to a recommended one and do it on your whole system (or better, network).
This is obviously pretty awful for privacy, and you should look into alternatives.
But, through the lens of this limitation, your setup is already a big improvement over most, and cannot be made much better without having to pay for things (like cloud storage, or self-hosting that cloud storage).
Well, using cloudflare dns doesnt really accomplish that, does it? Everything else seems good, just make sure to use a third party email client for your gmail account, as @sha123 suggests
I don’t recommend using a fork for such a critical piece of software as a browser, and you should not disable that setting.
To be honest, I don’t like Brave. It feels less secure both being based on Chromium and I don’t feel comfortable with it.
If you mean doing that in Firefox, I don’t see the point, and I think doing it over Cloudflare is actually hurting you. Generally there’s no need to change your DNS, but, if you do, change it to a recommended one and do it on your whole system (or better, network).
I use it on my whole system via DNSCrypt. I saw some people here don’t recommend Cloudflare. Most probably I’ll have to change it.
This is obviously pretty awful for privacy, and you should look into alternatives.
Yep, I know. I’m trying to mitigate it by stockpiling my lecture notes and non critical things like wallpapers etc and if I have to store something critical I just use encryption for that specific file/folder so that Google can’t access it.
But, through the lens of this limitation, your setup is already a big improvement over most, and cannot be made much better without having to pay for things (like cloud storage, or self-hosting that cloud storage).
If I can’t do it even better without paying it, then I have to make some compromises till I have somewhat of an income. Thank you for your reply.
Maybe, it’s up to you if it is sufficient for your threat model or your use case. You’ve definitely taken more steps to protect your privacy than most people.
I’m just a average collage student who needs to translate some “critical” text now or in near future. So I’ll say it’s pretty mediocre/low nothing too important.
This confuses me. Why would you disable this?
Many websites gets broken, prompted with constant are you a bot? Captcha. So I’ve disabled it. I think Firefox therefore LibreWolf uses its Enhanced Tracking Blocking so it’s most probably fine.
Being based on Chromium makes it more secure, not less.
I haves used RFP for many years, and barely had anything break of it. A captcha can happen from time to time, but that’s ok for most users. Would recommend to overthink this decision.
What’s the benefit if you already use ProtonVPN? Will just make you stand out from other ProtonVPN users.
What’s wrong with just using Firefox, rather than LibreWolf. That’s what i was suggesting.
What I would suggest, is prioritising.
For example, Proton Drive comes with 1GB of storage for free. You could store your most important/private documents/photos there, and the rest on your Google Drive/Photos.
As for this, LineageOS has no support for relocking the bootloader, and is generally not an improvement over stock Android in any category here but Google services.
You’re also already using Google services yourself, so I would say the impact of this is minimal.
If you don’t need Google Play Services (which is unlikely to be honest - even Proton Mail requires them for sending notifications, although there’s You Have Mail), then you should disable them. Otherwise, leave them on.
Otherwise, obviously don’t use any Google apps on the device, and turn off every data collection setting possible. You could also disable any Google apps included that you don’t need. Apart from that though, you should stick with it.
For the reasons described above, I would not recommend doing flashing a custom ROM.
I haves used RFP for many years, and barely had anything break of it. A captcha can happen from time to time, but that’s ok for most users. Would recommend to overthink this decision.
It mostly just goes into a infinite loop of captcha.
What’s the benefit if you already use ProtonVPN? Will just make you stand out from other ProtonVPN users.
I only use ProtonVPN on an public Wi-Fi not on my home network. I use it as a anti-snooping thing in public which can happen.
You’re also already using Google services yourself, so I would say the impact of this is minimal.
Only Google service now I’m using is Google Drive which I’ve looked into some recommended options by PrivacyGuides but still the budget is the issue here, being both broke and in a bad country (Turkey) everything that is bought by dollar is out of reach for me. (9.99TL Google Drive Monthly “0.3526 USD” vs Tresorit 11.99 USD monthly “339 TL”)
So best middle-ground I can have is putting my wallpapers etc on Google Drive as it is and other things encrypted with a strong password so that Google can’t snoop in there.
But I’ll just try to disable whatever I can with Google and its permissions over my phone.
For the meantime, you can also use Cryptomator to encrypt your files on Google Drive. But it will break features like editing documents online or sharing files with others.