New here, an introduction and sharing some of my recent efforts

Hello peeps. I’m new here, my first post. I’ve been browsing the forums for a month or so and really just began my more deliberate effort to protect my privacy two months ago. I thought I’d share a bit about my efforts. A somewhat lengthy post.

A bit of background. Before February I’d been an Apple user for 30+ years. In the past 8 or so years I’d mostly transitioned to the iPad for most of my computing. With the political winds shifting and seeing Apple’s willingness to go along with the new regime I decided it was time for some changes.

Luckily I’d deleted my Facebook account long ago, 2015ish. I deleted my Twitter account in 2022 and Instagram account in 2025. I switched from Google search 5ish years ago to DuckDuckGo and stopped using gmail around then too though I still had a lot of email stored in Gmail.

In February I installed GNU/Linux on an old Mac and after a couple weeks using it decided to make that my primary work computer (freelance web and graphic design). From March to April I pulled all my data out of iCloud. Photos, files, email. My May I’d downgraded to the free iCloud plan and had stopped actively using that email account for anything but junk. All the important stuff was moved to RunBox. At the time I was not thinking so much about encryption as just getting my email off of US-based services. RunBox seemed reasonable and offered support for using my two domains.

March: I let my friends/family/clients know that if they wanted to message with me that I would only be using Signal beginning in April. Anyone that didn’t want to use Signal could email me.

May: In conjunction with the switch to Signal I stopped using Apple Cash/Apple Pay and logged out of iCloud on the iPhone/iPad.

From June-July I pulled all of my old email out of Gmail and saved two local copies on two computers. I’ll leave that account open as a catch-all for any old contacts that might get in touch but, like iCloud, I no longer consider it an active account. I’d had a few forms and files still in GDrive. Those have all been deleted or saved locally.

I did not want to move from iCloud to another cloud service, choosing to create my own local synch “cloud” based on Syncthing. Why use the cloud at all if I can build a local cloud that is more reliable, private and secure. I work from home. When I do go to out to work I know that my Linux laptop or iPad is synched with all current files when I leave and that any changed files will synch again when I get home. It’s been easy and flawless.

Also in July, I deleted a Microsoft 365 account and LinkedIn. In August I deleted my Amazon account. The goal up to that point really had just been to reduce my public/social footprint. It was as much about wanting to withdraw any connection/use/support of companies that I deemed fascist friendly.

In August I agreed to do an introduction to digital privacy and security presentation at the local library. I wasn’t really qualified so spent a month on a deep dive to prepare.

So here’s where I’ve landed in the past few weeks. My general goal is to actively remove my exposure to data collection and location tracking. If I were in an urban setting doing the kind of active political organizing as I once did I would add some additional security measures. As it is, I’m in a rural setting and don’t consider myself at particularly high risk.

Email
I’ve opened a Tuta account and will use that for email/calendaring for certain emails/contacts. Still evaluating how I’ll use it.

Started using alias email addresses in my RunBox account for online accounts.

Browsers
Linux: LibreWolf/Brave in Mint, ABrowser/LibreWolf on Triskel. I’ve gone through various threads, articles here and elsewhere to revise settings.

iPadOS/iOS: Mostly Brave, Safari as a back-up. Again, settings tweaked for privacy

Passwords:
All local storage now. KeePassXC on Linux, Apple’s Passwords app on Apple devices

Measures/settings on the Apple devices:

• Logged out of iCloud completely
• Complex alphanumeric passcode
• All location services off
• All app tracking and analytics off, turned off personalized ads, restricted Siri and Apple Intelligence
• Apps removed unless needed and used regularly All apps that can be replaced with website removed
• Open source apps chosen where available: Collabora Office, NetNewsWire (RSS), Code (html/css coding, markdown, text editor) Tuta
• iPhone has very minimal data/documents stored

Phone specific changes
The most significant changes were here. I don’t do many phone calls nor do I use the phone as a computer. Mostly I use it for taking photos and for music/podcasts when walking or working outside. I changed my carrier plan to a voice/text only plan, way cheaper than a plan with mobile data I didn’t use. Only $20. My initial plan was to just leave the phone in Airplane mode and just check once every few days for calls/voicemails. Basically, keep it around for the occasional call and/or emergency.

But I’d also got curious about MySudo and decided to experiment with that and I’m glad I did. I’ll keep my $20 carrier plan for awhile but have turned that eSIM off. I don’t intend to use it. Instead I set-up a virtual card in MySudo and spent $4 on an eSIM and 2GB of data with no expiration. And $5 for a MySudo subscription that will give me more than enough minutes for the odd call here and there. I still keep the phone in airplane mode 99% of the time but can use that data only plan when I’m away from my home internet and need to make a call or use Signal.

On all devices I’ve started using ProtonVPN most of the time. It really screws with a few websites and Signal on Linux so sometimes I’ve got it off when using one of the two Linux computers. On the iPad it’s on full time.

If you notice any obvious precautions/gaps in my strategy please comment.

Thanks to all for creating the great community here.

Good write up, but you might want to ask your question (for comments on your setup) at the beginning of the post, so others have an easier time figuring out on what to focus.

Always nice to see when people put effort into their posts.

First, welcome to the forum!

Please share your experience with this. Linux + creative tools don’t mix well or when it does, it’s so darn difficult for the vast majority as they are not used to apps like GIMP and others available. I’m sure this is one of the biggest hurdles some people have when considering their move to desktop LInux along with some gaming and reliable office work (as MSFT Office is needed because Microsoft fonts really fuck up docs when using alternatives like OnlyOffice or LibreOffice).

Please also share about this if you can go into any detail for how you went about it and what your experience thus far has been - if there is anything more that is.

Apple Pay is more secure if not private. You could have kept this going.

I envy you. I need these two for my profession and in my field of work.

Please tell us more about this.

Why not with a cloud provider like Bitwarden or Proton Pass? They are much better for all that they offer.

I’m not entire sure if that’s the phone set up I’d gone with for calling and whatnot but if works for you, great. I think there are better alternatives and another path you could have taken that had more privacy - atleast as I see it.

This really shouldn’t happen. Can you explain what happens? What’s your VPN set up like and how?

I sure am. But before I pretentiously give you my advice here, please explain what you’re trying to go for with privacy and security, your threat model a little more, and if there’s more/farther than what you’ve done thus far you’re willing to go. And I can then appropriately guide as best I can based on what I think you ought to do more. I’m sure others will have their own ideas and opinions.

–

Overall, excellent job! Few do these many things so kudos!

Adding to my own low effort reply:

Depending on your jurisdiction you might also want to submit delet4e requests for your already gathered data. GDPR in EU and I think California has some pertaining laws as well.

keep in mind that this is not a real cloud, but a filesync setup. All data is stored on all devices redundantely, which might run up against storage limitations on smaller devices at some point.
An alternative to this setup would be for example a server in your home network that you can make accessible via SSH. You can then integrate this server via sftp into you linux or phone file explorer. This is easily set up, functionally a cloud and very secure.

You might want to take a look at alias vault in this case. The dev is active here, and there is a thread where he gives updates on the dev process. Not yet in 1.0.

That’s what I was thinking too. I always go encrypted cloud storage or Cryptomator + any cloud storage. My preference is Koofr + Cryptomator as Koofr can be bought anonymously too and they have very affordable plans.

Syncthing is not ideal for everything though it can serve its purpose for select things.

Oh, it’s been fantastic. I’ve bolded a bit of your text that I think is key. Going into my switch I fully expected things to be different. I knew I would have to learn new apps and that those apps likely would be different from what I was used to! Honestly, I think this is the approach and perspective is essential for a successful transition. I’d already taken that approach years ago with the iPad. I accepted it would be different and that I would need to adapt. I consider it a challenge and learning opportunity.

I did struggle a bit but I expected it and kept at it. Scribus and Inkscape have been really great. I’ve only used GIMP a bit and yes, like the other two apps, it was different from the Affinity Apps I was used to using on the iPad. I spent a few weeks rebuilding some of my regular client jobs in Scribus and learned as I went. I’ve got no problems using it now.

I don’t often work with Microsoft Office/Word but the few times I have these first few months I’ve had no problems with LibreWriter, maybe I’ve just been lucky.

About switching to and using RunBox:

I’d previously used my webhost CPanel for email with my two domain-based email accounts. I backed those up locally using Thunderbird on one of the Linux computers. I also made a backup on the M1 Mac Mini where I used the Apple Mail app to copy those emails to local folders. Setting up my domain with RunBox was fairly easy using their instructions. As I recall the import of email from the imap server was automatic though I could be misremembering as that was 5 months ago. It’s possible manually copied email over via folders.

Once done with the Cpanel domain email moved on to importing all my iCloud email. I used the Apple Mail app on the M1 Mac Mini to copy over all the iCloud email over to a local folder for a back-up. Then I copied the same mail over to a folder in RunBox.

Finally, I did have to configure DKIM for the domain hosted email because initially sending email from those accounts was resulting in errors when sending to services like gmail/iCloud. Once it was set-up Runbox has been excellent in the four months I’ve used it.

Apple Pay is secure but I wanted out of iCloud and any other Apple Service so I drew a line in the sand. Apple Cash was on the wrong side of that line.

Regarding the library presentation, you can find that here: https://beardystarstuff.net/Introduction_to_Privacy_and_Security_10-28-25.pdf

On password management, I didn’t want to use a cloud provider. As much as possible, going forward, I’m done with cloud services. If I can do it locally, that’s the option I’ll choose. Synchthing keeps the KeePass library in synch between both Linux computers. I do have to manage the two Apple devices manually, it’s not too difficult.

On making calls with the Phone, my goal there is to minimize my pinging to the carrier to avoid location tracking. It seems like using third party data and VOIP calls via MySudo accomplish that. Is there another way to do that?

VPN on Linux, yeah, I’m using the Proton app on two computers, one running 22.2 Mint, the other running Triskel. In both cases Signal will receive messages but will not send. Some websites just never load with the VPN on. I’ve turned on Wireguard in the app and have enabled Split Tunneling and have added Signal as an excluded app. In both cases it still fails to send. Searching around others mention it as a problem as well. I’ve not yet found a solution.

I was happy to get your advice, thanks for taking the time to share your thoughts. I haven’t actually developed a threat model, I suppose I need to look into what that entails exactly. I’ve seen the term a bit. But my initial, general goal has been to take myself off the map so to speak. I’d like my carrier to think I fell off the planet. I’d like my daily location to be private. I’d like to minimize the data that is collected from my browsing. I’d like to make it difficult for anyone to collect my data to sell.

I’m open to going further provided it doesn’t make the online experience of browsing intolerable but, of course, everyone is going to have a different idea about what is tolerable. Thanks for the kudos!

Correct. All my devices have a minimum of 256GB of storage and I don’t keep big media stored on them so Syncthing has been perfect. My iPad and laptop both do two way sync to the LinuxMini. Once a week I back that Mini up to an external drive. What I like about this set-up is that it feels like a cloud. I sit down to one of the three screens and within a few seconds to a minute the files are up to date. Apple’s iCloud was generally pretty good in the few years I used it but that sometimes had a delay in sync and often more of a delay than my new Syncthing-based system.

I do also use the third party FileBrowser iPad app in conjunction with VLC to play movies/tv/music off of an external media drive attached to the Linux Mini, shared via smb. That also has been seamless.

Thanks for the mention of alias vault, I’ll have a look!

Excellent. What you’ve done is called digital sovereignty. I like reading about these things.

Just to mention the following points:

1. Completely abandon Apple devices and migrate to Android with GrapheneOS.

2. I don’t recommend using Tuta, I prefer Proton, it’s superior in terms of security.

3. Always stay connected to a VPN such as Mullvad.

4. On Android, use a firewall such as RethinkDNS to monitor suspicious connections.

Thanks for your comments! My Apple devices are still in working order so I’ll keep using them until they’re not. I likely have at least 3-4 more years of use for the phone and 5 years or more for the iPad. I don’t want to waste good hardware not to mention the cost.
I know a lot of folks here recommend GrapheneOS I don’t think I’ve seen a list/comparison to the iPhone or an explanation as to why that would be better in terms of privacy. Or, more specifically, why/if it would be better in my particular use case. As mentioned above my phone is my lest important device and is used primarily offline for the camera and playing locally stored music/downloaded podcasts.
At some point several years away I’ll need to replace the phone and will evaluate what’s available at the time as it seems much could change by then. Same for the iPad.

Proton is problematic in that it has US operations. I don’t think I’ve seen that mentioned much or at all on these forums but it probably should be. From what I’ve read any company wit US offices/operations is subject to US law. Given that I wouldn’t use Proton for email or any data storage.

Yeah, as mentioned in my initial post, I stay connected to the VPN as much as possible, full time on the iPad, less on Linux due to problems. I have a one year subscription and will evaluate Mullvad when that time comes. Thanks for the suggestion!