So I’ve decided to make some further changes to my privacy setup given the recent move by the UK govt (UK Citizen), and I just wanted to see what the community thinks, and suggests.
Phone:
GrapheneOS - Multiple profiles focusing on mostly offline apps for things like music and photos, WhatsApp will be in its own profile, all profiles will be routed via either Tor or Mullvad.
No email on my phone unless its via a browser, calendar is fine as it will be offline.
Maybe syncthing or easysync (web dav) via Lan to make sure there are multiple copies.
Laptop:
Framework 13 AMD likely with Secureblue, I could run something like Whonix or Qubes, but Secureblue is looking good as it takes a lot of inspiration from GOS.
Following same idea as the phone, focus on offline only unless its via the browser, and then mullvad VPN to tunnel traffic outside the LAN.
Services:
Email i’m not sure, I use email for services, I was going to use proton, however given their recent blunders they are putting me off, plus their slowness with development is a worry, I was thinking maybe tuta with addy for alias if required.
Syncing - As mentioned either syncthing or easysync, if you know of any syncing services that will work over lan only this would be preferable, unless syncthing can be forced to LAN only?
Start removing services, my gmail is going to be the difficult one I suspect as usual.
I think this is a pretty sound setup, not something thats too restrictive, and should just work once its all setup.
Having an app on Graphene is not an issue. Don’t need to be that hardcore about it.
I recommend cloud storage of your choice with Cryptomator. But do what works for you and your use case. But explore options before you fully decide on anything.
What exactly does put you off. It was only a miscommunication from them and potential exacerbation from the community. They product is still fantastic. It is unnecessary to cut yourself off unless morals and even small mistakes are too much for you. You do you but I don’t get it.
Syncthing not working over LAN is not an issue. It’s all private and secure. I don’t understand your worry here.
Smart man. Make sure to access only in private browsing mode. My only recommendation is don’t use the same VPN provider for mobile and desktop. Switch it up.
Start removing services, my gmail is going to be the difficult one I suspect as usual.
Start searching for verification and signup emails. Get to changing or deleting those accounts. When updating your email for accounts remember the gmail may not be fully disassociated from that account and it’s always better to make new account with new email.
If you’re using a trusted “encrypted” email provider you’re better off using their mobile app.
This comment came at the right time when I’m now wondering about why Proton Mail app wasn’t in the recommendation of PG. On GOS, I used their app since it’s just more convenient for me, but on my Mac, I used their PWA since the UI and “smoothness” are rather similar.
But, now I’m wondering if I should use their app too? Sorry, the article is a bit over my head to make an informed decision.
From my memory, the point is that web apps which use E2EE or client-side encryption don’t provide strong security guarantees because it’d be trivial for them to send you malicious JavaScript which backdoors or doesn’t properly perform the encryption as they advertise.
So yes, using the Proton desktop app would be more secure, but it’s only available to paid users. It’s probably not a big deal either way unless you’re trying to have super secure email, in which case it’s probably best to give up and use a secure platform instead.
The best thing you can do is having as little personal stuff as possible on your devices and only have stuff you on your devices that you don’t mind sharing with the police and government and don’t use services from the UK.
Do as much as possible in a browser.
You can have a dummy OS and a hidden OS for personal stuff and for plausible deniability.
Yes it can be a issue. You can get up to 3 years in jail if you refuse to unlock your devices in the UK.
Got it, thanks! Yeah I’m a paid user so I’ll reinstall it back.
Btw, do you think in general (incl. closed sourced), it’s better to use an app (on GOS, Mac, Windows) vs their PWA? Or are there any considerations I should take into account when making a decision?
Lmk if this is off topic and I’ll make a new thread instead. Thought this should still fall under the realm of privacy setup.
If the app is protecting you (Proton, Signal, Standard Notes) it’s best to run it locally. If you’re protecting yourself from the app (Instagram, YouTube) it’s best to run it in a browser.
I completely left Tuta for Proton. Mainly because Tuta works like a service from the 90s, feels bad to use, also they put too much behind paywall (well you might can argue proton too). When they released the new domain they did not give me my name with the new domain but I had to pay to have the opportunity to get my name. (I had xy@tutanota .com but did not get xy@tuta. com by default)
When protonmail .com became proton. me they just gave everyone the proton .me version of their main name.
All that said: tuta seems good for privacy too. Choosing email provider is really about trust. For me proton just works much better.
I would recommend actually analysing if you need an encrypted email service at all. If you are contacting anyone and require that to be secure, just use encrypted messengers. If it is email from services you have signed up for, your data is already in systems far more invasive than simple email based advertising. Just find any privacy respecting email (most countries have one that provides local government email services) with encryption at rest and buy an aliasing service. Encrypted email is heavily overpriced, especially since the encryption doesn’t work outside their ecosystem and/or PGP.
So encrypted email is snake oil anyway, but Tuta more so than others. At least Proton has legal precedent saving it from implementing backdoors (so some reassurance, although I don’t buy the Swiss privacy magic they sell) or capturing data outside of its privacy policy, Tuta does not (and have had previous backdoors).
My main thing was: I need an email address but I do not want to use Google, Microsoft etc services. Tuta seemed promising, but it was really bad to use and the name change was the last nail for me.
I just resurrected my very old proton account and use that as main email account. I am happy my data is stored encrypted in Europe and not used for advertising. UX is just right there, works nicely in browser and in app too and become the same daily routine background technology google was before I felt the creepy vibes from getting ads based on emails I typed.
But I am public with that address. If I would need secret messaging and would do anything hush hush (that I do not) I would not use an email address with my legal name on it, or email at all.
Part of me want to pay for a VPS and run my own email server, but other than a hobby thing and the fun of making it work it seems like a hassle to keep it working, and usable. Proton is enough to send emails, receive system notifications and newsletters (through aliases, so I can just off the alias if a site breached) and have the piece of mind my data is (might be) secure with them.
What exactly was bad about it? I’m considering switching to Tuta from Proton because after years of waiting, Proton still hasn’t implemented offline mode for mobile, notifications on GrapheneOS, and email body search for the mobile app. My understanding is that tuta has all of these features.
It feels very clunky to me. Bad UX, everything feels like it is breaking. When I read an email and delete it, it immediately opens the next one (which I want to keep unread until I decide to open it). Lots of little things like that. Bugs also last for months. Also, the thing I mentioned with the name change, they also changed the subscription model while I was subscribed under a different agreement. I used it and paid for it for almost 2 years, all the problems built up for me to leave it for good.
All that said if they are offering something to you that you find useful I will not tell you not to use Tuta. On security level they are not seem bad at all, I never lose that trust in them in that. I just simply use email publicly, proton works much better for me, I do not have to fight their software every day to work the way I expect from almost 30 years of intuition. For me in case of email it is much more important now.
I’m planning on switching to GOS and was wondering if you could clarify. Do you mean you need to install Google Play to get Proton Mail notifications working on GrapheneOS? Or do you mean it literally cannot work?
If you enable sandboxed google play services and give it internet access permissions, then it will work. There is also a dedicated app called “you have mail” that works pretty well to enable proton notifications even if you don’t go the google play services route.
So long as you trust the developer, otherwise the app should definitely be firewalled (no network access) especially if it comes from the Google Play Store.
K9/Thunderbird is a fantastic email app for Android though.