Looking for a Practical Long‑Term Privacy Stack (Proton, AI, VPNs, Photos, etc.)

Note: For transparency, I’ve also posted a similar thread on the Techlore forums. I wanted to ask here as well to hear from the PrivacyGuides community specifically. If you’re on both forums and have already seen/replied to it there, please feel free to skip this. I’m not trying to spam, just looking for a broader range of opinions.

TL;DR

• I’m new-ish to implementing privacy in a practical way. I’m not trying to evade nation-states, but I do want to regain control of my data and avoid heavily AI-integrated ecosystems and mass surveillance, although I don’t mind some AI features where they would be most helpful.
• Current big subs: Proton Visionary, Kagi Ultimate, Windscribe Pro + ControlD.

I’m looking for:

• Feedback on my threat model and “diminishing returns” approach.
• Help designing a long-term privacy stack (VPN, DNS, email, drive, passwords, notes, photos, AI) that I can stick with for years without constant switching.
• Opinions on: Proton ecosystem vs diversification, pCloud vs Proton/self-hosting, Ente vs Immich, Bitwarden vs Proton Pass vs 1Password/KeePass, data removal tools, and browsers.

Constraints:

• Around 3–5 paid subscriptions max.
• Avoid OS-embedded AI where possible.
• Pragmatic about FOSS (open to both FOSS and proprietary if governance is good).
• Lifetime or one-time purchase is generally preferred for me, but I am fine with subscriptions where they make the most sense.

Hey all!

I’m DTLegit. Some of you might have seen me in Linux/privacy YouTube comments or on Discord. I’ve been aware of privacy and digital rights topics since around 2020, but only in the last month or so have I started seriously working on my own setup.

Right now I’m using macOS and LineageOS, still somewhat tied into Google/Microsoft services, and I also have a ChatGPT Plus subscription (more on AI below).

I have been getting increasingly uncomfortable with:

• OS-embedded AI: Copilot and Microsoft’s “Agentic OS” direction in Windows, Google Gemini on Android, Apple Intelligence on macOS/iOS.
• Expanding mass surveillance: age-verification mandates, content-scanning laws, etc.
• The general trend toward Digital ID mandates (not yet active in US Congress, and hoping it stays that way).

I’m not an activist, hacker, or criminal, and I’m not trying to hide from the NSA/FBI/CIA. I just want a robust, realistic setup that lets me live a normal life while not being constantly profiled, tracked, or pushed deeper into AI-heavy, data-hungry ecosystems.

Threat model & approach

My view is that privacy is a spectrum between convenience and security, and I’m trying to follow a “law of diminishing returns” approach:

• I want to move up the privacy ladder until the gains start to become very small compared to the effort, and stop around there.
• I don’t want to go so extreme that daily life becomes a chore or I can’t reasonably function in society.

Priorities:

• Avoid or minimize OS-embedded AI and “smart” features where possible.
• Reduce exposure to mass surveillance, age verification systems, and Digital ID.
• I’m not assuming highly targeted surveillance by intelligence agencies; I just don’t want to be an easy, always-on data source for big platforms, governments/law enforcement, and data brokers.

What I’m looking for advice on

High-level

• Does this threat model and “diminishing returns” approach make sense for someone like me (US-based, not high-risk)?
• Given my situation, how would you design a long-term privacy stack that doesn’t encourage constant tool-hopping?

More specific questions

Proton ecosystem vs diversification

• If you’re “all-in” on Proton (Mail/Calendar/Drive/VPN/Pass), how has that worked out for you over time?
• Do you prefer to mix and match “best in class” tools (e.g., Proton Mail + separate VPN + separate notes/photos), and if so, what pros/cons have you noticed?
• I’ve heard and considered some of The Hated One’s concerns, that he discussed on a couple of his Patreon podcasts, about going all-in on Proton as a single-vendor ecosystem. I’m not anti-Proton at all, but his points made me think more carefully about how much I centralize there.

Stack design

Based on what I’ve tried (below), what would you personally pick for:

• VPN(s)
• DNS
• Email/Calendar/Contacts
• Cloud storage (hosted vs self-hosted)
• Password manager (single vs hybrid approach)
• Notes (local vs cloud, which app?)
• Photos (Ente vs Immich, or something else?)

I’m aiming for a setup that balances privacy, reliability, cost, and low maintenance.

AI & cost

• I really like Kagi Ultimate (search + assistant), but together with Proton Visionary the total monthly cost starts to bother me.
• Are there cheaper, reasonably private alternatives that still give good access to models like Claude, ChatGPT, and Gemini, ideally without dragging me deeper into Big Tech ecosystems?

Data removal services

• Anyone have real-world experience with Optery, DeleteMe, or Incogni, especially compared to EasyOptOuts and DuckDuckGo Privacy Pro?

What I’ve tried / considered so far

VPN

Tried:

• IVPN
• ProtonVPN
• Mullvad
• Windscribe
• Mullvad via Tailscale
• Private Internet Access (PIA)
• DuckDuckGo VPN

Goal:

• A two-VPN setup:
  • One for general use: streaming, torrenting, everyday browsing.
  • One for higher privacy: when I want stronger anonymity and fewer ties to my identity.

Open to:

• Combinations like ProtonVPN for general use + Mullvad for privacy, or other pairings people recommend.
• Considering others like NordVPN, Surfshark, etc., if they make sense for my threat model and use case.

DNS

Currently using:

• ControlD (Full Control plan)
• NextDNS (paid)

I tend to prefer ControlD, but I’m open to:

• Sticking with a configurable paid service (ControlD/NextDNS), or
• Simplifying down to free options like Quad9 or Cloudflare if that’s better aligned with my needs.

Email / Calendar / Contacts

Currently:

• Tuta (Revolutionary)
• Proton (Visionary, upgraded from Ultimate)

I’d really appreciate opinions on:

• Long-term experiences with Tuta vs Proton for email, calendar, and contacts.
• Given my model and goals, is there a clear reason to lean heavily toward one or the other, or would going with a totally different provider be viable?

Cloud storage / “Drive”

Currently:

• Proton Drive:
  • 6 TB from Proton Visionary, up from 500 GB from a previous Proton Unlimited plan
• pCloud:
  • 5 TB lifetime bundle with the encryption (“pCloud Crypto”) add-on (Black Friday for $600)

I’m unsure whether to:

• Keep pCloud in the mix, or
• Gradually move toward a combination of:
  • Self-hosting (e.g., Nextcloud for files, Immich for photos) for a “local cloud”, and
  • Using Proton Drive mainly as my off-site, end-to-end encrypted cloud storage.

Given that I already have 6 TB via Visionary, I’m not sure pCloud justifies itself long term.

Password manager

Currently using:

• Free version of Bitwarden

I also bought a lifetime Proton Pass + SimpleLogin Premium deal (on top of getting them through Visionary) as a backup in case I leave Proton someday or can’t afford their full plans anymore.

Considering:

• A hybrid setup, such as:
  • Proton Pass or Bitwarden for most accounts, and
  • A separate manager like 1Password or KeePassXC for high-value accounts (banking, government, etc.).

Curious if people think this kind of “split risk” approach is sensible or just unnecessary complexity.

Email aliasing

Currently:

• Proton Pass / SimpleLogin

Pretty happy here, not really looking to change unless there’s something clearly superior for my needs.

Search

Currently bouncing between:

• Brave Search
• DuckDuckGo
• Kagi (Ultimate plan)

Kagi is my favorite in terms of results and experience, but price is starting to feel heavy when combined with everything else.

I’m open to:

• Suggestions on search setups that balance privacy, quality of results, and cost—even if that means using different engines for different tasks.

AI

Tools I’ve tried:

• DuckAI
• NanoGPT
• TypingMind
• Proton Lumo
• Brave Leo
• Kagi Assistant (Ultimate plan with premium models)

Impressions:

• Kagi Ultimate has been the best fit for me overall, but again, it’s expensive next to Proton Visionary.

Least favorites:

• Brave Leo: too tightly integrated into the Brave browser.
• TypingMind: juggling API keys for everything isn’t my ideal workflow.

Looking for:

• Cheaper, privacy-respecting options that still give me good access to Claude, ChatGPT, Gemini, etc., without locking me further into Big Tech ecosystems.

Data removal tools

Currently using:

• EasyOptOuts
• DuckDuckGo Privacy Pro

Both seem to work fine. EasyOptOuts at around $20/year is especially appealing.

Considering:

• Optery
• DeleteMe
• Incogni

I’d love to hear:

• Which ones you found effective,
• Whether they’re worth it as an alternative to EasyOptOuts/DDG,
• Or if they largely overlap.

Browsers

Currently:

• Google Chrome as my main browser.

Have tried:

• Brave
• Orion (on macOS)
• Firefox

Considering:

• Waterfox
• LibreWolf
• Ungoogled Chromium
• Or similar options.

What I want:

• I’m not super ideological about browsers; I just want something:
  • Clean and functional
  • Not packed with random features
  • As little AI bloat as possible

Ideally:

• One Chromium-based browser
• One Firefox/Gecko-based browser

Open to any suggestions that fit these criteria and work well in practice.

Notes

I haven’t settled on anything yet. Considering:

• Notesnook
• Standard Notes (now owned by Proton)
• More local-first options like Joplin or Obsidian

What I’m looking for:

• Strong privacy
• Good cross-device experience
• Something I can realistically stick with for years without migrating my entire notes database yet again.

Photos

I know I could just use pCloud or Proton Drive, but I’d prefer a photo-focused experience with decent ML and search capabilities.

Considering:

• Ente Photos
• Immich (self-hosted later on, likely alongside Nextcloud)

Rough plan:

• Start with Ente Photos as a hosted solution.
• When my self-hosting setup is ready, move to Immich + Nextcloud for more control.

I’d love to hear which one people generally prefer and why, especially for someone moving off Google Photos–style workflows.

Current subscriptions & constraints

Main paid services right now:

• Proton Visionary
• Kagi Ultimate
• Windscribe Pro + ControlD

I’m considering:

• Replacing Kagi Ultimate and Windscribe Pro + ControlD with cheaper alternatives,
• While keeping Proton Visionary if I can, mostly because of:
  • The value and breadth of the bundle, and
  • Visionary’s unique advantages compared to Proton’s other plans with Duo, Family, and Unlimited
  • The likelihood that once I cancel/downgrade, I might not be able to get it back.

I’ve also tried:

• DuckDuckGo’s subscription
• Brave Search + Leo Premium

DDG’s paid option seems like very good value for around $10/month. Brave Search is decent, Leo feels a bit barebones to me and too tied to the Brave browser.

Overall constraint: I’d like to keep my long-term stack to roughly 3–5 paid subscriptions.

FOSS stance

On the FOSS vs proprietary debate, I’m pretty pragmatic:

• I think both have their place. I don’t demand that everything be open source.

What matters most to me is:

• The governance,
• Track record, and
• Overall reputation of the devs or organization.

If something is open source, that’s a plus. If not, that’s okay as long as:

• It doesn’t work against the user’s interests,
• It’s not hostile or deceptive, and
• It genuinely tries to respect user privacy and autonomy.

Or in Louis Rossmann’s words, I just want software and services that “don’t screw me over.”

If you’ve read this far, thank you. I’d really appreciate:

• Feedback on my overall approach/threat model, and
• Example setups or concrete recommendations for how you’d build a sustainable stack in my situation.

Warm regards,
DTLegit

Boy, if every new person on the forum knew how to make a post and properly format with proper punctuation and grammar to boot. Well done. And welcome to the forum (and hope you stick around)!

Okay, so that’s a lot of info. And sometimes, with too much info and FYIs, its harder to decipher the “best route” for one for what they want or are looking for because you clearly seem to know enough about privacy tech to understand (for the most part at-least) the pros and cons for each and for each permutation & combination.

I’m inclined to say you may not receive any conclusive answers for your questions but we can surely provide more nuance to your asks.

What I can currently say here in the moment is to not overwhelm yourself with everything. Use each tool you like temporarily and then decide which one to stick with long term. I’ve found that’s the best way to learn and also decide for yourself of the product you like for all that they can do.

For example: having Proton Visionary + Windscribe is moot to me. ProtonVPN is fantastic and I think you should save money there to stick with Proton (unless you have particular reasons to have Windscribe too). Plus, if using Proton/Windscribe, I usually avoid using a custom DNS with them because VPN DNS is ideal and prevents even the possibility of a “leak” or leak as it should be with a good reputable VPN.

My personal recommendation based on your threat model is the following:

Proton - for all that it offers including VPN, password management, etc. I’d even consider simply using the Docs for your notes if you can get away with it for your use case.

Notes - if you must need dedicated Notes app, Notesnook or Cryptee are the ones to consider. Both are fantastic but Notesnook feels like a better Notes app with all the bells and whistles you’d expect and hope for.

Photos - again, Proton Drive should work fine but if dedicated app/service is needed, I can’t recommend Ente Photos enough. Its a fantastic product.

AI - NanoGPT, Duck.ai, Proton Lumo, and Kagi Assistant. NanoGPT is by far the best as you get the best models in a pay as you use/go scheme that you can access and use as privately and anonymously as you want. For best results, NanoGPT. For everyday use for general knowledge searches, any other AI mentioned here should do.

There are many posts on the forum here with the debate on this. Please read up. But to quickly answer, given your constraints and threat model, going the ecosystem route with a few other subscriptions is ideal and best for you if you ask me. Just follow the best OPSEC recommendations which includes using and memorizing strong password for your password manager (and/or your 2FA app if you want to use a separate app here too). For 2FA needs, Ente Auth is fantastic.

Also, this is a loaded question that would work better as a separate post because there’s a lot to think and say about all that you’re asking. We can write a book on this.

I would consider moving to GrapheneOS if you can manage. Many reasons which again I won’t get into here as this is a “debate” in and of itself. But you can read up on it in the forum. Focus on the quality, features, and functionality of the product when you do. Every company will have people who love and hate them. Evaluate objectively is my suggestion.

Short answer: yes. Good way to go about it. Many don’t even go this far.

I think having your constraint of 3-5 subs for privacy tools is a good way to go about it. Minimal but functional for all you need to be private and safe online and digitally. I think you already know how to do this. Not much I can say here that would be “news” to you.

Works great! I have no complaints. I do have to use a different VPN because where I am currently but otherwise, ecosystem is the best way to approach this for one who has a similar threat model.

Sure, Proton can do a lot to improve their existing products but for a non big tech company, they are doing as fine as I can imagine. 2026 should be a big year with many improvements as nothing new other than Proton Meet is planned I think (as of today as far as I know) so it will only get better.

Yeah, there’s are several debates about this in the forum posts here. Please read up. But again, if your threat model is not high and you want to keep your OPSEC set up simple and minimal while achieving all that you want to, privacy ecosystem is a good way to go about it. Yes, there are legitimate concerns but only for folks with higher threat model. For example, if you were a journalist with a focus on human rights in third world countries and terrorist nation states, I would have completely different set of suggestions for you.

NanoGPT is the tool for you. Trust me if you can for a minute here - use it yourself and get back to me. I can almost guarantee there is no way you won’t like it.

I don’t get this. Why? Proton VPN provides both unless you’ve used your card to pay for it and your settings within are loggin your IPs you use to log in to Proton.

But if you know what you’re doing and you still need two: Proton for streaming and torrenting. Mullvad for the other.

Stop right there. Do not. Not worth it when you have superior options.

Use VPN DNS only please. But if you know what you’re doing, use anything you want knowing the “risks”.

Consider using Posteo for this. They encrypt your calendar and contacts and still use CalDAV and CardDAV with it on your devices. This keeps this info separate and in sync with any device you may want to use in the future as this is de-coupled from others. But you can just as well use Tuta for Contacts sync and Calendar or Proton Calendar. A couple of ways to go about it here. Posteo is only 1 EUR per month only so is very affordable.

I like to use Koofr because it provides me with the most flexibility literally for any OS I want to use it on with Cryptomator. No other solution I know works as well as this for me based on my experience. You can also pay for the affordable Koofr plans anonymously via the ProxyStore. Proton Drive doesn’t have feature or functionality parity between all OS it works. It doesn’t even have a Linux app yet. But my way works everywhere. Been using and have this set up for years and is stable.

–

I think you’re repeating several questions here in your overly long but well written post. And I believe I have answered all your questions and concerns though I think you already had answers for them seeing how much you appear to know about all the tools and products available for all you want to do with and from a focus of privacy & security.

Please read Privacy Guides website, research the forum to learn more, and make the call for how you want to do things and have your privacy set up long term as you say. All your questions and concerns are already addressed here.

Hope I was helpful! Good luck.

Hello. First of all, you seem to be clear about what you want so it’s a nice starting point. You arrive a bit late to the game, there were good Black Friday deals for multiple services you mentionned haha.

Generally, as you might have observed, the costlier services are those which require a lot of storage space : photos, drive. This is where you can spare the most money (by going self-hosted of local for instance), while maybe not being as optimized for the rest.

Does this threat model and “diminishing returns” approach make sense for someone like me (US-based, not high-risk)?

Yes, definitely! Your choices must be sustainable in the long term, while allowing you to reach your goals (regaining privacy).

I see no tangible problem with going all in Proton. However, I prefer to use my really favorito service in each category. This means being a clientes of multiple companies. Doing so, I support more privacy businesses (SMEs).

Before all, I strongly recommend you move away from LineageOS. GrapheneOS is a very solid option privacy wise and it is very usable. Have a look into it. Maybe for the next time you buy a smartphone.

I also recommend you take into account to some extent at least PG’s recommendations. There are reasons why LineageOS, Waterfox, Librefox and Ungoogled Chromium are not recommended for instance.

Browsers

If you want a Chromium and a Gecko browser, I would go for Brave + Firefox. They are low maintenance. I advise against Waterfox and Ungoogled Chromium. Search the forum threads about them to know why. Brave is quite “packed with random features" but you can avoid using them and hide them, and the quality of the browser make it worth it IMO.

If it suits your use cases, replace Firefox by Mullvad Browser. I don’t know Orion.

Notes

Since you want cross-device notes, I recommend you avoid locally stored notes. I use Notesnook since years and really recommend it. You might be fine with the free version. I believe it’s much better than Standard Notes usability wise. Obsidian can also be a good option but there is a bit of a learning curve and it is not open source, and there is no free sync. Notesnook is also selfhostable.

Photos

For a similar experience to Google Photos, I would go with Ente Photos. Depending on the storage you need, it might be expensive. However, it is worth it in my opinion because it makes photo storage sooo seamless ! I very like this service.

Immich looks good but never tried it. FYI, you can also self host Ente.

VPN

If you want to bring down the costs, I would recommend using only one VPN. Some VPNs are good for privacy and security while being perfectly fine for everyday browsing. If you are interested in using streaming services with a VPN, I would opt for ProtonVPN or Windscribe. Windscribe is not recommended at the moment. They often have aggressive deals (and the renewal price is the discounted one forever).

DNS

From my understanding, it’s best to use the default DNS of your VPN provider, for fingeprinting reasons. However, since your threat model isn’t very high, you’re probably fine using a 3rd party DNS if you want it. Windscribe VPN supports custom rules (whitelist, blocklists,…) and you can select pre-existing blocklists (malware, ads and trackers, porn, gambling, social medias…).

Password manager and email aliasing

I would personally recommend using Bitwarden free version (or pay the very cheap subscription to benefit a few pro perks) + addy.io or SimpleLogin. Addy has a cheap Lite plan that might be enough for you? HOWEVER, since you have a lifetime subscription for SimpleLogin and ProtonPass and that you like it, I recommend you stick to those.

Bitwarden supports third party email aliasing services with API keys so maybe you can use it in conjunction with your SimpleLogin lifetime subscription, in order to be less dependant of Proton, if you decide that this is important for you.

Email, contacts, calendar and Drive

The only good options for contacts integrated in your OS, for now, is Tuta. I believe that both Proton and Tuta are good services. I use Proton since a few years and I can’t complain.

• If you opt for Tuta, choose which one do you like more between Proton Drive and pCloud. You could save money cancelling the Proton subscription.
• If you stay with Proton for email, contacts and calendar, it might be more convenient to use Proton Drive. But you could stick to pCloud without additional cost since you bought a lifetime subscription.

To sum it up, if you stick to Tuta, the cheaper would be to use pCloud. If you stay with Proton for email, choose the one you like most.

However, seeing that pCloud is not recommended by PG, that you are like SimpleLogin and ProtonPass, and need a good email and drive, the simplest is to go all in Proton.

The options where you would split the most would be :

1. addy.io, Bitwarden, pCloud and Tuta or ProtonMail.
2. addy.io, Bitwarden, ProtonDrive and Tuta.

I strongly think that it is unnecessary complexity and that it is not a sensible approach. Think more about how you’ll protect your PM instead (master password, 2FA).

I would only use 1Password if it has specific features you really value (SSH key, travel mode, …) because it has some issues and Bitwarden and ProtonPass are good enough for almost everyone.

After deciding all of these, I recommend you look if you can afford Kagi Pro or not. If you can, then go on. If you can’t, choose you preferred search engine. And for saving money, use the AI provided with the search engine.

Please search the forum.

I’m aiming for a setup that balances privacy, reliability, cost, and low maintenance. Based on what I’ve tried (below), what would you personally pick for:

* VPN(s)

Windscribe VPN

* DNS

Windscribe VPN’s default DNS

* Email/Calendar/Contacts

ProtonMail free or Plus

* Cloud storage (hosted vs self-hosted)

* Password manager (single vs hybrid approach)

ProtonPass-SimpleLogin lifetime subscription

* Notes (local vs cloud, which app?)

Notesnook free or paid

* Photos (Ente vs Immich, or something else?)

I never used Immich but Ente is maintenance-free, feature packed and secure so Ente.

And for cloud, pCloud if you want to be less dependant on Proton and to save money, so you don’t pay Proton Drive Visionary.

Yeah, subscriptions can add up quickly. I went from being fully on Proton to diversifying and self-hosting. If you’re able to, I recommend self-hosting what you can. That said, it can get pretty technical at times so I understand it’s not for everyone.

Do you feel like self-hosting with a homelab by yourself?
Quite a lot of services could be managed at home by yourself.
Can you/do you feel like doing so or not?

I’ll mainly talk about ecosystem vs diverse providers since for most services, I’ve only tried maybe 2-3 providers at most, so I don’t tend to hop between different privacy-oriented services.

Proton vs diverse:

I do use Proton’s ecosystem, but I also self-host, so not all my data is on Proton. For example, I don’t use Proton Pass or Calendar, but I do use Proton Drive and Proton Mail. From my time on this forum, I think most users here would discourage putting all your eggs in one basket, but you’re also paying for Proton Visionary, so it seems like for your money’s worth, you value the convenience of using Proton’s ecosystem. If you’re looking to diversify, think about what Proton products you use the least and see if you can move that data to another provider. Then look for a cheaper plan, but this depends on how much you value security over convenience. Don’t think about the “likelihood” of not getting the same value because that’s how you get trapped in their ecosystem. Given your subscription services so far, maybe downgrading Proton should be one of the last options.

Personally, I have a Proton Drive and SimpleLogin subscription and don’t need to subscribe to another Proton service for now. I use a separate VPN and notes app, as well as a separate password manager. While I do self-host Photoprism and use Syncthing to sync my photos to my NAS, I do prefer Proton Drive’s photo backup and photo management on my mobile device. Proton Pass is great for creating new aliases, but I feel my passwords will be safer on KeePass, so I only use Proton Pass for Passkeys. And while I love Mullvad VPN, connection issues and 5 device limits may get me to switch to Proton VPN.

I don’t notice many cons with diversification because I don’t need software integration. I don’t need to send e-mail invites so I can use a separate calendar app and sync my calendars to my Nextcloud. If I’m not using Nextcloud, I would use Proton Calendar since I don’t see the point of using Proton Mail with a separate calendar. Furthermore, I don’t need to share my notes so I can keep it in a separate app and not lose any convenience. That’s probably what you would have to consider before spreading your data across different providers, and since cost is a factor, you may even end up paying more because you’d be using different providers. But for me, diversifying makes the most sense. I make the most out of their free plan before getting a subscription, if I want more from my providers.

Cloud vs self-host:

For my threat model, I self-host and keep all my data on my NAS and the bare minimum on my Proton Drive. If my NAS goes offline, or my house burns down, or my place gets robbed, I can access my most important data and not be left with nothing. You don’t have to go all-in on self-hosting, especially when you consider which instance you can or can’t maintain. My workplace has its own servers, but we also integrate Microsoft to offload some data and save storage, so my model is sort of based on that workflow. You can integrate cloud storage and self-hosted if you want. It’s another way of diversifying while still using Proton as an ecosystem.

If you would like a “photo-focused” cloud drive, I would start self-hosting instead of getting another subscription. You might pay a lot upfront if you decide to start self-hosting, but it will put your mind at ease since you’re constraint with 3-5 paid services. And there’s very little benefit in getting a photo-oriented subscription like Ente when it’s difficult for you to move out of Proton. If you decide to start self-hosting, photos would be a great start. I use PhotoPrism, but I think most users here prefer Ente because of E2EE. The only reason Immich isn’t recommended is that it was in beta, but they released a stable version about 2 months ago, so it might be another viable option.

Passwords:

I’m in favour of using a local password manager like KeePass and using Syncthing to sync your passwords between different devices. I have tried self-hosting Bitwarden, but then decided I’d rather not maintain another instance when KeePass and Syncthing have caused me fewer headaches. Still, you might prefer a cloud provider because they’re generally more reliable. I don’t think you can go wrong with either Bitwarden or Proton Pass, so unless you’re looking to switch to a local password manager, I would keep Proton Pass for now. You could use local + cloud-based, but with Syncthing, I don’t see much point in a hybrid approach. If you want to separate your high-value from your low-value accounts, you can create two different KeePass. It’s also the cheapest option.

Browsers:

As for browsers, though I’m not a fan of Librewolf, it might be your best option. It’s clean, free of bloat, and not packed with random features. I can’t say the same for Brave Browser, even though I prefer it as a daily driver. You might run into issues with functionality, but ymmv. My favourite is Firefox + Arkenfox, but users who aren’t fans of Arkenfox generally prefer Librewolf. You can also try Zen Browser, which is in beta, but that’s what I would use if not for Arkenfox. For Chromium browsers, I really don’t think there’s anything better than Brave, but de-bloating only takes around 5 minutes. I think Techlore made a video on this.

Notes:

I mainly use Notesnook, but also keep my most sensitive notes locally encrypted. I don’t need easy access to those notes. You could use both local and cloud-based notes, but since you need “good cross-device experience”, picking a cloud-based one probably makes more sense.

For data removal, I’ve always done it manually and there’s no substitution. EasyOptOuts is recommended because it’s the best value, so don’t think about it too much. You’re already overwhelmed with monthly costs, and other providers will likely result in diminishing returns. If EasyOptOuts isn’t enough, do it yourself.

As for reducing monthly cost, I would start by using only one VPN. I understand the setup, but that’s another example of diminishing returns. You’ll likely end up using one a lot more than the other. For hybrid password set-up, I don’t think the set-up is “unnecessary complex”, but I would NOT subscribe to two different password managers for this set-up. Just pick one provider you would pay for and keep the high-value accounts on KeePass (don’t bother with 1Password). Or create two different passkeys. That leaves Proton Visionary (which includes VPN, Email, Calendar, Drive, Pass, etc.), Kagi Utimate, ControlD, SimpleLogin, and ChatGPT Plus (unless there are others I’m missing). I wouldn’t include EasyOptOuts as part of your constraints because it’s only $20 a year.

How to reduce your cost from here? I don’t have any opinions on AI since I’m looking for the same thing. Might give Duck AI a go eventually. I also don’t use Kagi, so I don’t know the benefits of paid search vs DDG. If you get a lot of value out of Kagi, start cutting other subscriptions first. If Kagi has AI, how does it compare to ChatGPT? Maybe keep one based on the difference in value you get between the two of them and then get a notes app subscription once you’ve settled with one. If you need to reduce costs even further, cut ControlD since you can use your VPN’s DNS. OR get a cheaper Proton Plan.

Oh wow, saw this post this morning, shocked by the wall of text, checking back in just now, shocked by walls of text… I will try with a short reply.

To me the simpler the better, the best approach is the approach that is easy to stick with, also cheap and easy to maintain.

So:

1. Email ( +Calendar, & Contact) VPN, Photo, Notes, Cloud, Password Manager, Email Aliasing: Proton
2. DNS: NextDNS free tier should be enough for most people
3. Data Removal: I don’t use one but I think you can check out Consumer Report for ideas.
4. AI: IIRC You can use ChatGPT without an account (US IP only), if you want a privacy respecting one, cant think of one except Proton.
5. Browser: Brave + Mullvad on desktop, Brave + Ironfox on android
6. Search engine: DDG

If you like to use many different service, thats totally fine, I personally prefer simplicity.

If you are knowledgeable, have good and reliable network (uplink is very important here) as well as power computer , you can self host DNS, AI and Password Manager if you like.

One good thing about Proton is it offers emergency access for paid users. I personally sync my KeePass vault between my devices, NAS and Proton, and authorized multiple closed ones for emergency access. So even if I loss everything I have, I will still be able to retrieve my crucial information from trusted ones.

Hey all!

First off, I wanted to thank everyone for all of the replies. I sat down and read all of them and took a bunch of notes, so thank you all again — I really appreciate it.

I apologize for the long original post; I tried to keep it as clean and well‑structured as possible, including the TL;DR at the top. I hope it didn’t give anyone too much of a hard time. For any future posts I make here, I’ll definitely keep things more concise and focused.

Just to clarify: I’m definitely not crazy enough to be subscribing to and using everything I mentioned at the start. I was trialing a lot of services during an “exploration and testing” phase of my privacy journey. Long‑term I’ll only be sticking to maybe 3–4 of those services max.

From what I have read in JG’s and Mango’s responses, I think that I will definitely go the Proton plus a couple of other services route then, as like they have mentioned, it would make things simple and not super complicated.

To answer on why I wanted two VPNs, it’s mainly for two main reasons: One is just to avoid entrusting all of my VPN traffic to just a single provider, and the second is just so that I could utilize the benefits of two VPNs that would specialize in two different areas. For example, as mentioned ProtonVPN seems better for general day-to-day activities while tools like Mullvad look to be superior from a pure privacy perspective, where both have tools and features specifically designed for their specialized use cases.

So from this and after giving some time considering, I think ProtonVPN and Mullvad win out for me overall. I like Proton’s feature set overall and I particularly enjoy that Mullvad has an overall larger network and more connectivity options, all while being generally cheaper with a much simpler pricing model than IVPN.

For everything else, I will very well be keeping Proton Visionary then, as honestly I really like the sheer incredible value and unique advantages that it brings for me compared to Unlimited, for that $360/year ($30/month). I will strongly look into Ente Photos, Notesnook, and NanoGPT in addition for notes, photos, and AI as you guys have suggested as well, so thank you so much for that! I will drop Kagi, as to be honest it is kind of expensive with features I realistically don’t find myself using much.

As for password management, from what I have been seeing, yes it definitely makes sense to move from Bitwarden to Proton Pass, but I am pondering still somewhat on maybe using it in combination with KeepassXC for keeping an offline backup of my password database and for important financial, banking, and government related accounts just for peace of mind.

Alright, thanks! I will definitely let you know what I think of it in a dedicated post in the future. I’ve heard a lot about it, and it seems for good reason too. Also like the fact that they have an API so that I can use it with TypingMind as well.

Noted. I am looking into upgrading to a Pixel 10 anyways, and quite ironically enough it looks like GOS now has an experimental build for it. I will be excited for when the Pixel 10 series builds become stable. I am almost certainly going to be hopping onto the Linux + GrapheneOS train all the way, especially with all of the AI “features” stunts that Google and MS have been pulling lately.

Once again, thank you everyone for the responses back. I will be keeping this forum post bookmarked for future reference.

- DTLegit

I am planning on experimenting more with self-hosting once I can afford some proper hardware for it. I have a couple of UnRAID licenses that I would like to put into good use. Once I can self-host, I would love to start experimenting with using Nextcloud, Immich (or self-hosted Ente Photos), and a media server to replace the streaming services that I have currently.

Thanks for the suggestions man! I appreciate it! I reckon that my end game setup will very likely be a similar hybrid approach to yours that you described at some point, with using a combination of self-hosted and Proton eventually.

Thanks! Probably for an offline database and for crucial accounts I will be doing exactly this.

Noted. I have messed around with Librewolf and I do quite like the experience of it. Another Firefox-based browser that I may look at also is Waterfox, but I wonder if you have any thoughts on it or if there have been any other discussions on it in the forum. It’s sort of another de-Mozilla’d Firefox fork. It does certainly look like Brave and Vivaldi are the two good Chromium-based options, short of just opting for vanilla or Ungoogled Chromium.

I agree with you here. Thanks! I will drop DDG Privacy Pro and just go all in with EasyOptOuts + manual removal.

Appreciate it man, and I hope you have a good one.

Happy Holidays!

Note that this is a forum where people view privacy as a hobby, but you’re a new user. You’re way overthinking everything and need to take a step back.

Self-hosting is almost always a terrible idea unless you’re already super tech savvy. It’s highly unlikely that you need a VPN. Brave is the best browser, but you need to use a local group policy to clean it up. Only buy proton plus and a custom domain so that you’re not tied down to them should you choose to switch later. For everything else just try a few recommended tools from the main site and consider whether you really need them.

Right now you’re suffering from severe analysis paralysis. You don’t need to pre-plan your entire life today and you can take things slowly and change along the way.

You’re thinking about VPNs all wrong if you ask me. Proton is just as good as Mullvad from a privacy and security POV. The two offer different things feature or functionality wise but as far as what a VPN is supposed to do and be, they may as well be the same. The only difference is in the experience of using them.

Please don’t think one is better or superior than the other. They both are fantastic for what they can do. Also, try not to develop pre conceived notions of them reading about it from others. Always try them out and experience it for yourself to then decide how and what you like more.

This is wrong. Mullvad has the smallest network among IVPN and ProtonVPN comparisons. ProtonVPN has the largest network by far and the most server options.

All three are properly priced if you ask me if you use the best plans they all offer.

This is also good advice. This is marathon, not a sprint.

I actually disagree with this. If we look at some of the features Mullvad has implemented in recent years from DAITA to post-quantum servers, while not forgetting their anonymous account creation, it seems clear to me that when it comes to privacy features, Mullvad is currently ahead of Proton. There are also smaller things, such as better kill switch on macOS, which all together make the difference quite apparent.

When was the last time Proton introduced some new innovative privacy feature for their VPN? For me it seems that their focus has been on other things, such as growing their server network and enabling streaming support for more services.

Having said this, I have recently switched from Mullvad to Proton because I got a great deal on Black Friday, and see Proton as one of the top VPN providers, but I still don’t think it is the best one privacy-wise.

Mullvad has actually more servers and locations than IVPN who has the smallest network from these three.

My contention is with calling one superior than the other when they both are fantastic and equivalent from a product and VPN POV.

I personally don’t see the difference large enough to make a case for one being measurably better than the other here.

Good question. It’s coming though, given their roadmap. All will happen in 2026 I’m sure. Mullvad has 2 products to develop and maintain. Proton has several so them taking time is normal but I do agree that sometimes they do take way too much.

Yes. Thus far. I agree. But even they are now seeing the need to significantly better the VPN from other POVs, hence their roadmap with exiting new upgrades planned.

Last I checked this wasn’t the case. Or perhaps I am misremembering. They both appeared to have similar number of options. Proton however has always had a lot more.

I’m sure there are many discussions you can find here on different web browsers. I haven’t tried Waterfox because it’s a fork of Firefox ESR, which is behind on features and security patches compared to main Firefox. This is an acceptable compromise for Mullvad and Tor browser because of their anti-fingerprinting features, but unless you’re still running Windows 7, there’s not much of a reason to use ESR over main Firefox as a daily driver.

My guess is Waterfox is for those who wants a more usable browser compared to Librewolf and with better defaults than stock Firefox, such as disabled telemetry and their own metasearch as the search engine. Other than that, I don’t think there’s anything else that makes Waterfox stand out. It’s probably the next best option if the other Firefox forks I’ve mentioned previously are not suitable for your use case. There’s also Floorp browser, which I’m even less familiar with than Waterfox, but that’s also an ESR build.

I have tried Vivaldi and it has the best tab management in any browsers I’ve used, but it was too slow for me. When I click on hyperlinks, sometimes it would take around 15 seconds to load the web page, or if it loads quicker, the performance was laggy. My guess is Vivaldi has too many features, but just like Librewolf, ymmv because the last time I used Vivaldi was over a year ago. And as a long-time Firefox user, I think open-source should be the bare minimum for web browsers. Even if I’m just considering features, Firefox containers makes it difficult for me to switch to anything else.

Thanks. Yeah I agree, and I think that you’re right. I was just mainly testing out the different options to see which ones I liked and disliked, so everything I tried was mainly just trial runs really. This forum thread though has really helped me significantly narrow down my options, and I have pretty much already made up my choices because of that. But yes, like you said I will not be afraid to change tools as my needs change in the future.

I second this. I have actually bought and tried both VPNs for about a week each. From their applications, I personally have found that Mullvad’s app has way more servers and countries that I can picked between, whereas IVPN also has a good amount but only has a about a handful compared to Mullvad. However, I know this is due to IVPN having all first-party servers that they alone control where Mullvad has a mix of rented and first-party servers on their network. So, that could be more important for people who value VPNs that have entirely their own independent VPN network with servers they fully control themselves. However, a couple of things that I do like about IVPN are that they have nicer applications and full support for DoH Custom DNS, which is one of the reasons I think Techlore used IVPN for so long since it worked the best with NextDNS. I think both are good for privacy-focused VPNs and I like them both. I guess the choice between the two is a matter of focus really.

Alright, thank you so much man! Appreciate it!

It’s highly likely he needs a VPN. ISPs are not trustworthy and many VPNs are much more trustworthy regarding if they log/profile/sell your activity. It also changes your IP address and thus helps against IP-based fingerprinting. Read Privacy Guides knowledge base.