Hello there!
I am kinda newish in my journey to a private internet experience and would like some feedback on my current setup that I have been working on for a little while c:
My threat model is basically to stop being tracked big greedy tech, counteract the surveillance by big greedy tech and to try protect my privacy.. from big greedy tech xD
Proton Mail (Gmail for personal/banking stuff, will switch over to proton when I can)
Paid Proton Pass (using aliases for all my logins, passkeys and TOTP for everything)
Proton Calendar
Proton Drive (for basic backups of some files)
GrayJay/Invidious for YouTube, no account connected
RSS feeds for local news
Phone:
Aurora Store and F-Droid for apps
MicroG
Uninstalled all bloatware
For now I don’t have the ability to get off of Discord due to every single one of my friends being on it, I have looked into stoat (revolt) but there is no e2ee yet, but currently I am just using Vesktop and in the near future ill figure something else out.
Another thing that I need to work on my phone, I’m using a rooted samsung phone (I know samsung is shit for privacy) and my device isnt supported with any custom roms, I would like to get a Google Pixel and flash GraphineOS on it at some point but for now that isnt possible.
All of my pictures, notes and contacts are stored locally with no backup to the cloud, it’s just mainly photos of pretty clouds and screenshots, and I barely keep any notes.
I have (and want to) use Mullvad VPN and really enjoyed it, but due to recent financial struggles I had to cut that off temporarily, hoping to get a few months of credit soon. I have also deleted a lot of social media + other accounts that I don’t need to limit my footprint, I am keeping my Microsoft account open for my Minecraft account.
With all of this in mind, how am I doing? and if there are any improvements that I can make please let me know!
Pretty good start. Don’t install more extensions than necessary. Three is good, but do you really need LibRedirect? At least from my own experience, typing the URL manually is more reliable.
Not even Discord has E2EE, just for audio / video calls. Stoat has no roadmap for E2EE, and most likely won’t have one anytime soon.
Since you store your data locally, you need a back-up system, which is what I would work on next if you haven’t already. 3-2-1 backup is standard, and you can use Proton Drive as part of your backup. Seems like your contacts are pretty important, if not your photos or notes.
Proton VPN has a really good free plan. Riseup VPN is another solid free alternative, they don’t even have a paid plan and no registration is required. I would also audit your Microsoft account. Last time I checked my Microsoft account, it saved all my search history without me knowing, so I deleted my account. This is most likely the case if you have used your Microsoft account with Windows, but it doesn’t hurt to check for any personal information you don’t want on there.
Samsung phones have better security now with S24 / S25, but is there a reason why you have a rooted phone? A rooted phone is more vulnerable to malware as it typically requires you to unlock the bootloader or disable verified boot. If you can, I would reset your device unless you’re getting a new phone soon.
Thanks for the feedback! LibRedirect is more of a convenience thing but I could just bookmark, or like you said type out the URL, so I will remove that.
I did see at some point that Stoat had E2EE on the roadmap, but maybe they cut that out. I might just say I’m deleting my discord account and if people need to contact me use Signal or another alternative.
With the backups I will look into the 3-2-1 and figure something out, I have a old Macbook Pro (early 2014) with Linux Mint on it right now so I could store stuff there, and then of course have a copy on Proton Drive and then keep the original on my phone. I have a 500gb HDD that I could back some stuff up too and keep it off-site but that might take a while to fully set up.
With how I have setup my networking on Arch Linux I use iwd, and at least the GTK app of Proton VPN requires NetworkManager, I did try to use a WireGuard config file but the speeds where very unusable and slow. Riseup VPN isnt on the recommended list on Privacy Guides but I will have a look into their service further and decide between the two.
Also I will audit my Microsoft account and have a look into that, I doubt anything will come up in the last year I haven’t used Windows in a while. I have already tried my best to remove as much personal information already, but I’m sure they keep a log of all account changes. If i do decide to remove it I know there are other ways to play Minecraft.
The best answer I can give you on the rooted phone is I was just messing around, I probably won’t be able to get a new phone anytime soonish so after I back some stuff up I will go and revert that.
It’s a great start. If you haven’t already, I would look at the uBlock Origin tweaks arkenfox recommends. I use the cookie notices filter list too. I think you’re going to struggle using the web with js disabled but at least you can easily toggle it with uBlock Origin. DuckDuckGo has a js-free version and a no AI version that you might prefer.
I don’t know about Proton but I can recommend khal, khard and vdirsyncer for contacts and calendar on Arch.
Alternative frontends are declining in usefulness since Big Tech changes the inner workings of sites to mess with devs. yt-dlp and FreeTube are great alternatives to alternative frontends.
Instead of a VPN, use the Tor browser - it’s free so it works with your financial situation. Just remember to not log into personal accounts on the tor network.
Does your rooted phone still have Google Play Services? I thought MicroG was for custom ROMs without Google Play Services. I don’t know if it’s recommended to install them side-by-side. I’m probably wrong here.
I forgot to add the URL Shortener into uBlock when I did a fresh install of Arch to add LUKS to my home directory, but I have had a look at the arkenfox recommendations in the past. I also will look into the js-free and AI free DuckDuckGo, didnt know that existed.
Calendar sync between my phone and laptop would be handy, plus I love to use the terminal for most things so those are awesome, thanks c:
For now GrayJay is working and haven’t had any issues with it, but if all goes south I have heard of those, I have seen people use the RSS feeds and yt-dlp to download the videos, then use mpv to play them, which could be something to look into if I have issues with GrayJay.
I would rather use Tor with a VPN due to potential backlash from my ISP for using Tor, I did just set up NetworkManager and Proton VPN (free plan) on my arch install until I can get more credit on my Mullvad account, but even then I probably wouldn’t use Tor for a little while until I finish off some other stuff.
Also for Google Play Services, you can use Universal Android Debloater which uses adb commands to “remove” selected apps (it just stops them from being loaded into memory from my understanding) and then you can use MicroG as a replacement. I could probably remove Google Play Services entirely because I am rooted but from my other comment I am gonna re-flash my phone so it isn’t rooted, don’t have much use for it anyways xD
To addition, You may be interested in Firefox Relay (relay.firefox.com) or a similar service.
Also, Proton Pass add-on may make your browser more finger printable. The alternative is to copy-paste passwords manually - in my opinion it’s worth it. To the sites where you are logging in anyway, you can use any other browser and install them as PWA (that’s what I do personally).
For Libredirect: I do advise keeping it purely for the fact that it is possible to do decentralization of frontends with it (multiple instances of say invidious for example)
Discord: I would advise you limit yourself to DMs or Group DMs Voice Chats (not DM/Group chats, just Voice chats) as those are E2EE especially when you use the native client, there are solutions out there to also do message E2EE but I would advise assessing if the risk is worth it. Personally if you can get the other person on the line to use the solution (and safe one of course) could be worth it and even if action is taken by discord, you can use this as an opportunity to switch to platforms as for examples: Stolt & Matrix
I think other advises are otherwise sound, I would go against rooting the phone and if you need debloating that’s what Shizuku + Canta is for, until of course you get a Pixel with GrapheneOS Which then you won’t need Canta
I have to say keeping libredirect is more than fine, one of the primary reasons is not necessarily convenience to keep it but it is decentralization, having multiple instances set can be good to segregate the data between hosts.
As others said, Phone rooting is not recommended and I may advise backing up important data and resetting the phone, for debloating just use Canta + Shizuku instead, while you wait to get your pixel and use GrapheneOS
And as others said, Discord only has E2EE (and Inly DMs or Group DMs) on voice calls natively so I would tell them I am limiting to tha, alternatively you can also get band aids for messages like: An0 / SimpleDiscordCrypt · GitLab
Just keep in mind that external E2EE plugins like it is not endorsed by Discord, and the risk of caught is unknown, you’ll get a warning at best, at worst your account is suspended, I would asses if it’s worth the risk. It is also the fact that you may have users not agreeing to install plugins like it (in my experience that was the case, which is annoying, ok you don’t wanna move to another messenger, I give you a band aid solution and you still refuse? Wow, anyways). Personally I would take the risk if others agree on it, as like if I get suspended, well ok, let’s go to an alternative now that actually does respect more (eg. (And this is examples): Matrix, Stoat).
Backups is recommended too yes, Ideslly you wanna execute a 3-2-1 backup plan of your data
I will have a look at relay and see if it is for me, and also could be worth ditching Proton Pass (extension) and just copy paste the passwords, i’ll have a thinker around with it, but my only issue with that is I do need the passkeys on it due to not having physical hardware keys (2 is like 100 dollars which for now is wayyy out of my budget).
I have never used PWAs but always worth looking into though and trying new things c:
LibRedirect does have that (which is handy) so it could be fine to keep it long term, I removed it from another recommendation but not thinking about manually going to the frontends is a time saver and also just very convenient xD
For Discord I do know it isn’t E2EE for chats, only voice chats and I would ideally like to move people onto Matrix, Signal or even Stoat, also fully aware of the message E2EE stuff, issue with that is I highly doubt that I could convince everyone I need to message to use it, already had some push back from people about getting off discord. If communication with them doesn’t work I might just delete my account and say that it got suspended and then get people to move that way, although that’s a if all goes wrong plan.
Also fully aware of the rooting issues, will revert it back c:
I have discussed most of this stuff already but still great points! I have tried to get some people to move to a different platform but have got some pushback already, or like I said in a different replay just delete my account and say it got suspended xD
I have started to implement a 3-2-1 back-up system for my photos, got a old macbook pro (early 2014) to self-host immich, I also have a copy of them on proton drive, will work on off-site storage at some point. I think next should be Radicale for Calendar and Contacts.