Thank you Jonah, understood. Some of the essential tools discussed in the knowledge base, happen to be in the recommended tools section and they are explained more in detail, as you go down to the bottom of the recommended tools section, the explanations become less present. So, this clarifies why. Thanks again.

Well said, thanks @overdrawn98901!

Thanks @sha123 as always, so I have learnt to, ideally:

• Use a VPN always, except for when my internet connection is a critical factor, like doing an online exam or gaming.
• Use Tor whenever I can, although Tor is really slow, so this would not be good for productivity.
• For online shopping, perhaps I could truncate my last name as an initial, and spell put my first name, in Australia, I have had no issues with this, the post men never check your name they just leave the parcel at your front door without knocking.
• I can’t avoid unencrypted order confirmation emails. Bummer. Seems like a huge hit to privacy.
• Always use email aliases.
• Use passkeys > TOTP
• Harden Thunderbird. However, I don’t know whether this will require updating like Arkenfox.
• Feel free to send email and register for accounts on smart phones as they are safer than personal computer against malware.

In regards, to using Bitwarden as an extension you say:

Could you expand on what you mean and how to accomplish this?

Interesting, you seem to be implying that by configuring Firefox it becomes more private than Mullvad browser, making Mullvad redundant. Cover Your Tracks seems to corroborate what you are saying.

Ironically, configuring Firefox to be more private can make it less private. If you change certain settings in a way that makes you unique, albeit stopping tracking, you may gain a more unique fingerprint. Others may have different recommendations, but I’d say Firefox with Ublock Origin, and that’s all, would be the best option.

• Feel free to send email and register for accounts on smart phones as they are safer than personal computer against malware.

I wouldn’t use the term personal computer. I would start referring to specific Operating Systems. Using Linux on a computer is likely way more privacy respecting than iOS or default Android. Sorry to be pedantic, but safer isn’t the right word you are looking - all methods would be generally safe and secure. Its likely more private in your scenario. A smart phone is just a type of computer, what its running is generally what we worry about.

• I can’t avoid unencrypted order confirmation emails. Bummer. Seems like a huge hit to privacy.

Meh, just opt out of e-mail of what you can. If your data is sent to a trusted email server, I don’t think you’d have a privacy loss (considering the business already has the info).

• For online shopping, perhaps I could truncate my last name as an initial, and spell put my first name, in Australia, I have had no issues with this, the post men never check your name they just leave the parcel at your front door without knocking.

Definitely! This is a case where simple free things can lead to quick small privacy gains.

Key takeaway: It seems the optimal solution is for people to understand the technology better.

This is why I think this should be a key focus for the developers of this site. Thanks to @overdrawn98901 I have got one resource to help me accomplish this, are there any other recommended resources? I have been recommended the Hitchhiker’s Guide to Privacy as well, along with other resources in my post here: Data Privacy and Security Educational Resources - #5 by Paranoia.

I am using Proton VPN for free, it seems to work fine, would you suggest paying for it? Regardless, I already have access to a VPN and from what you said, it appears that I should be using one, especially on public networks.

If these order confirmation details are not E2EE, doesn’t this mean that any of the infrastructure relaying the message in the middle of the pathway (sender to receiver), will be able to see the contents of this email, and if they are breached all my information could be stolen?

So, you reckon I ditch skip redirect? I then I will probs use Bitwarden extension for convenience.

Afaik, the Tor project themselves recommend Orbot. I am using Proton VPN for free, as for what is in it for them, under their freemium model, potential subscribers is what is in it for them, plus I assume it’s like bait, they want to reel customers in.

How does this work?

Interesting…

Thanks for clarifying this!!!

Key takeaways I got from your detailed reply which I truly appreciate:

• Preferably, go to stores and pay with cash.
• Use email aliases, for everything? Including important stuff like bank accounts … Wherever allowed. I noticed Apple would not allow me to use an addy.io alias for my Apple ID.
• Use Apple Mail over canary for non-proton mail accounts.
• After reading up on OpenPGP it looks like you need two people to use it, and it is a hassle, so it seems I should forget about it for now. However, OpenPGP is the best way to encrypt emails.
• Buy a new router. Sigh, this will likely be very beneficial (improving itnernet speeds + privacy), but expensive money and time wise.

One question that remains unanswered is whether using a client like thunderbird or outlook is different privacy-wise, when using a non-proton mail email account.

Again, thanks to you and sha123, for clarifying a lot of my questions!!!

So, do you recommend settings up Firefox like PG recommends, minus using arkenfox, and use only ublock + bitwarden?

Sorry, to clarify, wdym by they already have the info?

Doesn’t this mean they will text message me, which is equally not-private?

If you provide your first name, last initial, e-mail address, and shipping address, they already have plenty of data to expose your privacy technically. A confirmation e-mail isn’t going to pwn you, the business already has full power to do so if they choose. But we generally trust business not to do that, and we have laws to protect us from that (somewhat).

I’ll refer to what I’ve been saying - depends on your threat model. If a confirmation e-mail or SMS message is going to pwn you, then don’t do online shopping. Otherwise, mostly everyone agrees this isn’t a significant enough risk.

I think there have been plenty of answers in this thread to help you along - I think you should start asking yourself not is this 100% private but rather is this private enough for me.

So let me ask you, is a confirmation e-mail or text message not private enough for you?

Just saw there are more questions, I’ll answer a few more.

I am using Proton VPN for free, it seems to work fine, would you suggest paying for it? Regardless, I already have access to a VPN and from what you said, it appears that I should be using one, especially on public networks.

Proton VPN is a rare case that I would trust, as Proton Mail is a generally trustworthy company imo.

If these order confirmation details are not E2EE, doesn’t this mean that any of the infrastructure relaying the message in the middle of the pathway (sender to receiver), will be able to see the contents of this email, and if they are breached all my information could be stolen?

Someone would have to intercept the confirmation e-mail as its transmitting and snoop on it through some means. If you’ve got the NSA level ghosts hacking Gmail or requesting Google to to listen on your confirmation e-mails, you’ve already lost and you should probably leave the country.

Afaik, the Tor project themselves recommend Orbot. I am using Proton VPN for free, as for what is in it for them, under their freemium model, potential subscribers is what is in it for them, plus I assume it’s like bait, they want to reel customers in.

In that case, I trust Tor and their recommendation, so go ahead with Orbot as well if you want.

How does (physical key) work?

Read Bitwarden Docs - PS. doing a quick google search before asking is generally polite.

• Buy a new router. Sigh, this will likely be very beneficial (improving itnernet speeds + privacy), but expensive money and time wise.

Don’t have to do everything all in one go! To start, log into your current router and change the DNS to another one. Boom, you’ve gained some small experience in configuring routers.

One question that remains unanswered is whether using a client like thunderbird or outlook is different privacy-wise, when using a non-proton mail email account.

Outlook sends a lot of information about what you do to their servers, Thunderbird does not. All in all, just don’t use Outlook unless your job makes you.

Yeah, but don’t they have to relay that information to another server before it gets to me?

Fair enough. I just found it fascinating how on Earth a physical key could do anything once your phone explodes.

Already tried, my router does not allow me to do this, using the web UI.

To stop bothering everyone with questions, I think people in my shoes, including myself should read the answers here, and the recommended resources provided within those answers.

However, I am noting discrepancies between peoples’ feedback, which does make everything more confusing. Moreover, direct answers are always appreciated, and their value cannot be understated.

Business ↔ Gmail Business (server) ↔ Your Email Server ↔ You

The above are areas of trust. If you want to play “Do I trust the entity” ask at each phase “if they can have some of this information, do I care?”.

If the business decides they want to give all your information to fliers to everyone on the corner, e-mail doesn’t matter. Google engineers won’t access the confirmation e-mail, there are millions on millions, but at best they might pull metadata on it. Or a government entity could cease the e-mails. If that’s a concern for you, don’t shop online ever. If you don’t trust your e-mail server, then you can change them (or be crazy enough to host your own - seriously I don’t recommend that).

You can only control your e-mail server, how you communicate to your e-mail server (Tor, VPN, etc), and whether or not you decide to do business in this scenario. If you are worried about someone intercepting the information between the business and the gmail server to your server, you are at a threat level where you should never have done business in the first place.

I think the hard part is always going to be that the level of privacy matters differently for different people. I’m a bit more lax, and enjoy tinkering with self-hosting certain things, and I’m absolutely not doing everything I can. It will come down to understanding the technology, the implications of the choices you make, and what you are comfortable with. Once you understand how to navigate the waters, I think you’ll find that you’ll have different opinions on whats good enough as well.

Agreed, most people connect to VPN on demand (for media steaming services). And most do not carry around many devices, hence there’s no real kill switch, as their banks probably don’t happy with VPN. Therefore, they toggle VPN on and off as needed, and with all online accounts intact. I could be wrong, but VPN is most likely useless for any real threat other than to stream foreign movies/TV shows that’s not available in the residency country. It may also prevent a surveillance from ISP, though.

I could be wrong, but regarding fingerprint issue, would it be better to use Brave instead of Firefox + uBlock Origin, since Brave has 50 million monthly active users as of Jan 2022, while uBlock Origin only has all time 7.5 millions users downloaded?

This is the MAIN point of using a (paid) VPN for privacy reasons. Especially so if you happen to live under a facist regime or dicator ruled shite hole of a country.

Somehow the people who say VPN is a must have and should always be used never really explain why.

I’m using Mullvad myself for torrents and to visit pages that are blocked for europe. But to preserve your privacy online (assuming you’ve a decent ISP) it’s far down the list of actions to take.

If you’re running android or windows with an online account you’ve given up your privacy long time ago and attempts to “fix” it without making yourself a new online presence is futile.

I agree, except for the fact if you cease giving away your information, you haven’t “given up your privacy” they might know what you did in the past, but not what you are doing now. My two cents.

There is no such company like ProtonMail anymore, they are now just Proton AG.

Orbot is developed by the same people as Tor itself.

While this is generally true, its not forbiden to ask.

In this case, just change job.

Exactly Thats what BitWarden is worth… Nothing.

Im more than sure that every decent router has the ability to change DNS somewhere.

Exactly. Second this

Dont really know whats other way of connecting; you always have to perform some kind of action.

Not true at all. Brave fingerprints user left&right without even hinting.

+1

Because not all of VPN users are IT guys with indepth technical knowlege how things run under-the-hood…

Not necesarily…

Exactly this