My Privacy Journey

I was thinking that it might be interesting to have a running thread of my privacy journey. I was thinking this might help out others see how someone navigates their own journey and reflect what may work for them. I’m thinking I would use this thread to post updates on things I’ve tried, succeeded or failed, and try to get some feedback from the community before trying the next thing. My disclaimer is that I am already tech savvy enough to navigate most things, so I suspect what may be easier for me may be harder for others depending on their skill level.

Does this sound interesting to anyone? Or would this thread just be annoying to see periodically bumped, and would be better as separate topics when I have updates?

To me, it is always good to see people sharing their experience, knowledge and opinion.

And to me, I never mind seeing old post getting bumped as long as the post is still relevent.

Of course I am not sure if it is the best thing to use PG as kind of a blog for yourself

Yeah that is also what I was thinking, it becomes sort of a blog. if everyone wants to make a blog thread, well now we need a whole new place for that haha.

I’ll think about this concept more - maybe it will be better as a string of different threads with a unique tag so its easy to filter on

Make sure the first thing you share about it is your threat model

Yup, what was going to be my first topic. I actually don’t have a well defined threat model at all, so I need to come up with one that is solid. I’ve actually been coming at this at a hobbyist point of view, whereas any improvement in privacy has been quite rewarding to me, and has generally been fun. I’ve definitely taken the iterative approach which is working well - its been years in the making, nothing overnight, and definitely make mistakes that can be improved later.

This is why I typically don’t post questions myself currently, as I kind of meander around in improving privacy, and opt out of improvements if they aren’t executed. This style isn’t quite the same one as this forum, so I have been contributing in other ways.

Sounds interesting to me. I say go for it. Most of the forums I participate on are more DIY oriented and often center around people sharing their personal projects, sometimes spanning years or more. I find these types of personal long running threads interesting to follow, often informative or relatable, and help wit community-building.

If anyone is really annoyed from that, that person can „Mute“ this topic.

That really shouldn‘t be a problem

Sure, as long as you are still interested in following through.

I didn’t necro-bump this thread

But now that it’s up, I’ll give an update soon.

Great, looking forward to at least an entire year of them.

Do keep us updated. What kinds of challenges or compromises you run into day-to-day while trying to maintain privacy?

It has been quite some time since originally posting, and most importantly I’m somewhat lazy. My threat model is geared towards surveillance capitalism, and stakes are low if I fail. No stress on my part, and incremental gains are welcoming.

Accomplishments

Most of my strongest gains were likely low hanging fruit, in no particular order:

• Delete social media, even LinkedIn (for better or worse)
• Always on VPN, aside from streaming services
• Switched entirely to Proton
• Use Email Aliases entirely
• For officially shared email usage, I have a domain name and not giving my Proton mail directly
• Reduce the number of apps on my phone to a bare minimum

Still using iOS, but with E2EE RCS between iOS and Android, it unblocks me from switching over, so I’m hoping to do that soon.

On more granular notes

• Utilizing SecureBlue for driving distro for laptop, albeit some pain with this as its messes my development flow I’m used too
• Already run OpenWRT on LAN with DNS adblockers (albeit most providers bypass this a lot more nowadays on first-party DNS serving for ads)
• Also utilize profiles on browsers, periodically cleaning data on them from time to time
• Create separate Discord accounts for OpSec on different uses
• Migrate from Windows => Linux for gaming

And yeah, the above points aren’t entirely too special, but privacy gains start to have smaller increments on gains with increasingly more friction.

Next Steps

• Remove dependency on Amazon, utilize individual retailers, and reduce online shopping when possible. Focus on local stores when possible.
• Migrate to GrapheneOS, because I want to
• Do a formal threat model (made an example for someone else, might as well do the same for me) to figure out whats next for me
• Onboard close social network to also switch to low hanging fruit (i.e. Signal)
• Migrate Phone “cloud” storage, ideally even just Photos. May pay for Ente, but its kinda expensive, considering self hosting, but also a pain

Thoughts

If I’m honest, most gains are from reducing digital footprints, not trying to mask them. Every day its getting harder and harder to anonymize oneself online. The default operating idea of the internet is that you will be tracked unless your communication is encrypted, and ultimately it feels like the equivalent of CCTV following movements as you visit most sites. Therefore, most of my “next steps”, aside from migrating to GrapheneOS which I think is fun, I want to target the idea of “do I really need this”, and take a step back. After that, its really securing communication with my social circle.

My main gripe is still using Windows. There are some windows specific apps I have I’m not quite ready to part ways with, and can’t be bothered with half-broken Wine. However, I’m deciding if I want to bite the bullet for not-as-good alternative on Linux.

As I said, the more I lean into digital privacy, the reality is it’s simply easier to not use it when you can. There is no OpSec around social media if you have no social media. Less is more. But less digital presence means more effort in meatspace. i.e., switching to brick and mortar stores is not as easy as having something shipped to your home in 3 clicks.

Primary challenge is that most businesses, especially local ones, primarily communicate through social media, and it can be difficult to stay active and aware of what’s happening in your local area. This also applies to friends, who communicate through memes for staying in touch in a fun way without needing full conversations which can also shift to de-prioritzing hanging out, cause why hangout when you can chat online and watch Netflix by yourself at home? It is a shift to be intentional with communication, and the desire to be in person with people more as I don’t get the social dopamine hit from social media.

Other compromises are things I don’t have viable alternatives for, or don’t feel like taking the time to deal with. Ride sharing apps are just too convenient for me and almost necessary. I connect my SmartTV to the internet (though have opted out of everything possible). But most of this is largely media, and its currently more convenient than constantly working with a self hosted Jellyfin. However, the blunt alternative to streaming is offline activities, and watching less television for say books, or tabletop games.

Let us know if you would like assistance along your journey.