Building a Practical Privacy Setup When You Can’t Be Anonymous
I’ve been refining my personal security and privacy approach for a couple of years now, and I think I’ve landed on something that actually works in the real world. But there’s a catch - I’m a photographer, which means I can’t just disappear from the internet like most privacy guides assume you can.
The Professional Privacy Paradox
As a photographer, my real identity isn’t just online - it’s legally required to be easily discoverable. My business address, phone number, real name, and work are all public by necessity. Clients need to find me, legal requirements mean my business details must be accessible, and maintaining a social media presence tied to my real identity is essential for getting work.
This creates a completely different privacy challenge than most guides address. I can’t be anonymous, but I still want privacy for everything that isn’t part of my professional life. Most privacy advice assumes you can just “go dark,” but that’s not realistic when your livelihood depends on being publicly findable.
My Current Setup
The solution I’ve built separates my necessarily public professional identity from my private personal life through compartmentalisation.
Computing: I run Qubes OS for both personal and work admin, with separate qubes for different contexts. Qubes is quite difficult to set up initially - I have limited technical knowledge when it comes to command line work, but I managed to get it working with tutorials and forum advice. The key is that once it’s properly configured, it’s actually quite simple to use day-to-day. The Mac is almost purely for photo editing - just Adobe tools and processing work. For business social media and client communications, I actually use an iPad (or the iPhone when needed), which keeps that activity off the main editing machine. Everything else; personal admin, work admin, research, private email, browsing that has nothing to do with photography - happens in properly compartmentalised Qubes environments.
My home setup includes a Synology NAS for photo archiving and self hosted applications, which I can access remotely when needed.
Mobile: Here’s where it gets interesting. My main phone is GrapheneOS, which I use almost like Qubes for mobile, different profiles for different contexts. I use the Tidy Owner method, meaning I handle all app updates from there using Accrescent and Obtainium (except Google Play, which I keep profile specific). Then I have my main secondary profile running only FOSS apps. I have a private space on there with Google Play sandboxed when I need something from the Play Store. There’s an anon profile with Tor for maximum privacy browsing. I have a car profile specifically for parking apps and mapping; when I need reliability, live traffic, and camera warnings for longer journeys, the FOSS alternatives just aren’t good enough. For this profile, I start navigation apps in a layby with vague arrival points, then switch to private solutions for the final approach. There’s also a finance profile for banking apps, with an offline private space for sensitive notes I use RethinkDNS to block network access for this entire private space profile, keeping it completely air-gapped. The whole system uses profile specific always on vpns - I use proton as I use that for the drive and the rest of the suite. I also have a couple of anonymously set up free proton accounts for the vpn and separate emails if I want something to be unrelated to me. For example my recovery account email for recovering my various accounts, or a more private vpn along with openVPN for usages I don’t want tied to me at all I set these up years ago, I don’t know how easy it is to set these things up particularly privately as of 2025.
I also have an iPhone that stays at home, paired with an Apple Watch. The iPhone handles all the business stuff l; client calls, work emails, social media notifications from my photography accounts, all the noise that comes with being a public facing creative professional. The watch lets me stay reachable for genuinely urgent work matters without carrying the full surveillance apparatus around, and I do use Apple Pay on it for convenience. I can turn the watch off completely when I want to move about untracked - not just for business quietness, but for genuine location privacy. I also use it for running, which is handy for fitness tracking without carrying a phone. Apple has known about me for years as I used them way before my privacy journey started in earnest - I figure due to the fact there are no real privacy respecting alternative anywhere near Apples level of design or functionality, it’s better to stay with the devil you know rather than switch to something like Garmin which comes with its own set of issues
Browsers: Different contexts get different browsers, and this becomes crucial when you have both public and private digital lives. For general personal browsing that has nothing to do with my work, I use Mullvad Browser in disposable VMs routed through a VPN qube. When I need maximum anonymity for research or sensitive topics, it’s Tor Browser in disposables.
For logged in critical services like banking and email, I’ve just started using Trivalent, it’s hardened Chromium with security patches from GrapheneOS’s Vanadium project. I’m only early days with it, but it’s been excellent so far. I discovered it because I’m not entirely pleased with Brave’s business model and approach, even though Brave still works well for my pseudonymous news and forum browsing where compatibility matters more than theoretical security benefits.
I’m also testing something interesting for research; setting up a self-hosted qube with Perplexica/SearXNG/Ollama running Llama 3.1 8B. This gives me both online and offline query abilities, so I can utilise LLM capabilities privately without sending my research questions to external services. Still experimental, but the privacy implications for research are compelling.
On the business side, iPad and iPhone handle the social media management and client communications that are tied to my real identity anyway, keeping that separate from both the editing workflow and the personal computing environment.
Emergency prep: I keep a Tails USB stick on my keyring for domestic use. Probably overkill, but if I ever need to use a public computer or want complete anonymity for personal research, I can boot into a completely clean, Tor-routed environment that has nothing to do with my professional identity or anything else.
Cross-border strategy: When travelling internationally, I leave both the GrapheneOS phone and Qubes laptop at home, along with the Tails USB. I only carry the iPhone and iPad, which I reset beforehand and add a few bits to make them look used rather than suspiciously clean. Once I’m across the border, I restore them from an iCloud backup. The iPad gives me remote access to my Mac and home network if needed, including the NAS for photo retrieval or other self hosted applications. It’s a completely clean travel setup that doesn’t compromise my home privacy infrastructure.
Why This Works for Public-Facing Professionals
The setup creates a clean separation between my public professional identity (which has to be exposed) and my private personal life (which I can actually protect). This addresses a challenge most privacy guides ignore - what do you do when anonymity isn’t an option professionally, but you still want privacy personally?
The physical separation helps enormously. The work iPhone stays at home with all the business chaos - client notifications, social media alerts, marketing emails, everything that comes with maintaining a public professional presence. My GrapheneOS phone only handles genuinely personal communications and activities. The Apple Watch acts as a selective bridge, filtering down to only truly urgent business matters.
The browser strategy makes sense because different activities have fundamentally different privacy requirements when you’re a public figure professionally. Work related browsing happens in an environment where my real identity is already known and tracked, so I optimise for functionality and client service. Personal browsing happens in compartmentalised environments where I can maintain actual privacy for activities that have nothing to do with my photography business.
The Reality of Compromises
Nothing’s perfect when you’re balancing public professional requirements with private personal needs. The Apple Watch is still a surveillance device when it’s on, even if it’s controllable. The work Mac means professional activity goes through Apple’s data collection, and maintaining social media accounts tied to my real name means accepting surveillance on that front. The car profile on GrapheneOS uses Google services for navigation reliability, trading some privacy for practical functionality when I need accurate traffic data and camera warnings.
But these are conscious trade-offs for practical benefits, not accidental privacy leaks. My business legally requires public exposure of my identity and contact information anyway. The key insight is that just because your professional life can’t be private doesn’t mean your personal life has to be equally exposed.
The Trivalent browser is theoretically more secure but sometimes breaks web apps in annoying ways. I had to disable site-specific features to get Standard Notes working properly, for example. For business use where compatibility matters more than theoretical security benefits, standard browsers often make more sense.
What I’ve Learnt
Security that you actually maintain beats theoretical perfect security that you abandon, especially when you’re juggling public professional requirements with private personal needs. The key is building habits rather than relying on willpower to make good choices every time.
Physical boundaries reinforce digital boundaries. Having separate devices for professional and personal contexts makes it much easier to maintain proper compartmentalisation when your professional life requires exposure. It’s harder to accidentally mix business surveillance with personal privacy when they’re on completely different machines.
The biggest insight is that most privacy advice assumes you can choose anonymity. But creative professionals, consultants, small business owners, and anyone with a public-facing career can’t just disappear from the internet. You need a strategy that acknowledges this reality while still protecting what can be protected.
You can’t have privacy for everything when your job requires public exposure, but you can have privacy for the parts of your life that aren’t inherently public. Building a system that separates these contexts, rather than trying to apply maximum privacy everywhere (which isn’t always realistic) or giving up on privacy entirely (which isn’t necessary), creates something you can actually live with long-term.
It took a couple of years to get this dialled in, but now it feels completely natural. Context switching between public professional mode and private personal mode becomes automatic. And when everything works together properly, you get genuine privacy for your personal life without compromising your ability to run a public facing business.
Edited for typos