Where noob == myself. I’m having a hard time devising a plan.
My goal is to, as much as reasonably possible:
Have a “good” level of privacy and security (I want to be able to do something online without dozens of companies eavesdropping and creating my digital twin, minimizing the risk of being pwned). My strategy: as much as possible, switch to PG’s recommended software as possible, reduce dependency on big tech
Reclaim sovereignty over my digital assets (I want to own my stuff and do with it as I please, no third party snooping) My strategy: selfhost when possible
On the other hand, it is NOT my goal to:
circumvent censorship
go to extreme lengths to be safe from targeted attacks
be super anonymous
protect against physical threats any more than currently
Changes I’ve made so far were mainly focused on GOAL #1 PRIVACY AND SECURITY:
Windows to Fedora (this was fun)
Using Mullvad VPN, basically to mask my IP in the WWW for non-logged in sites
Chrome to Brave
GMail only to GMail as throwaway, and proton+simplelogin as main
Learning python to be less dependent on excel/google sheets, which I use quite a lot
Evernote to local Obsidian
Lastpass to Bitwarden cloud
Authy to Ente Auth
Quit discord
Activated encrypted backups in whatsapp and asked people to do the same (whatsapp is unavoidable)
Still using iPhone, but using Advanced Data Protection and other iOS and Safari hardening suggestions from PG, hopefully will be able to switch to Pixel+GOS in the future
Doing self custody on a FOSS wallet of the cryptocurrency I intend to own
Freetube and Yattee through Mullvad VPN
Next step would be to focus on GOAL #2 DIGITAL SOVEREIGNTY. I’m thinking about selfhosting on a local machine that could be accessed remotely just by me:
Google Drive (files) and iCloud (photos) to Nextcloud
Google Suite to LibreOffice and python (locally after mounting Nextcloud)
Google Calendar to ???
Netflix, Disney+, etc to Jellyfin
Spotify to Navidrome plus some iOS client
Kindle webstore only to kindle webstore + Calibre-web
Audible to Audiobookshelf?
Bitwarden to Vaultwarden
Gmail,Proton,Simple Login to ???
Ente Auth to ???
Run my own nodes for the cryptocurrencies I intend to own
I also use quite a lot of ChatGPT, although I need to research a better substitute for that, as I’m not sure I’d be able to self host an AI.
Obviously all of this would take a few weeks/months, as I have to learn how to do the self hosting in a way that is secure and convenient (advice appreciated).
Self hosting your own e-mail server is wrought with issues and difficulties. The main reason I wouldn’t choose to self-host e-mail is that you need to maintain a high uptime and reliability. Things like Jellyfin can go down because these aren’t as critical to our daily lives, and we can get them up whenever we need. There is also the issue of getting blocked by other e-mail providers. E-mail reliability is important for most individuals, so unless you are ready to take on this responsibility, I would suggest sticking with E2EE e-mail providers like Proton.
Obviously all of this would take a few weeks/months, as I have to learn how to do the self hosting in a way that is secure and convenient (advice appreciated).
Happy to have a chat with you on my opinions. In my opinion, the safest way is generally to only allow access to your LAN from WAN via VPN, such as WireGuard. The downside is that you now need to ensure all your client devices have setup the VPN correctly. I would say this is the best approach if you don’t plan on setting up active monitoring and alerts for possible intrusions into your network.
Learning python to be less dependent on excel/google sheets, which I use quite a lot
Learning to program is a different than using a spreadsheet - LibreOffice would be an alternative here to solve the immediate problem. But general purpose programming can work for some of these tasks too.
Quit discord
If you have a community on Discord, be careful not to isolate yourself. Consider using a throwaway account so you can stay in touch with friend sif needed.
Overall, the changes you’ve made so far are good, but I would say your should start your self-hosting journey as an isolated task to get to the point where you are confident with hosting NextCloud. I would recommend at least…
Deploy your server, LAN access only. Install some non-sensitive application on it (say a YouTube frontend like Invidious). Access this on your LAN with confidence
Try hosting multiple non-sensitive services on your server, see how that works out and if you can access
If you want to access this outside the LAN, now try setting up a VPN and seeing if you can access these services outside your LAN
Run this server for at least a few months, and due frequent upgrades for this time. An upgrade may cause your server not to boot - this will be a fun time learning how to fix it. This is when you will think about which Linux distros are more reliable, and now Debian and Rocky Linux start to look enticing
Ensure you’ve got backup scenarios covered. What happens in a power outtage, and sensitive data gets corrupted? Do you have a UPS running, redundancy? Things you’ll need to think of.
I suggest you use Mullvad DNS with your Apple device. It has hagezi apple tracking blocklist which is the most comprehensive up-to-date one I could find. It won’t give you grapheneOS level privacy but it’s still better than nothing
If you are looking for an alternative to google calendar, then proton’s is pretty much right there, and it looks like you already got proton so you have nothing to lose by trying it.
as for chatgpt, you can use it through duckduckgo’s ai. For your threat level, it seems like it’d work. I consider this feature a positive, but it recognizes you as a new user every time you open the page since it forgets your history of what you type every session. It also allows you to use mixtral, llama, and claude if you so choose. I believe (someone correct me if I’m wrong) your info that you type in the chat bar is still sent to openai and facebook etc, but it is an anonymous request since it is relayed thru duckduckgo. IF my understanding is correct, then using a good vpn shouldn’t make this an issue.
I think if we are going to recommend or not recommend, we should have some context as to why. There are cons to self hosting, specifically time, money, and knowledge.
I generally recommend avoiding self hosting sensitive applications as that puts a lot more pressure on not messing up, while say Jellyfin it’s OK to have a server go down.
RTFM. Learn to search properly. Stop relying on a language model fundamentally owned by microsoft and also scraping up tons of data across the web. Also - wiki.archlinux.org is the superior source for any technical Linux stuff (i know you are using fedora but arch wiki advice can apply across distributions).
Ente Auth to ???
Ente Auth seems to be recommended by PG, but if you want to switch, Aegis is pretty good.
Mild disagree. ChatGPT is great if you are already a somewhat domain expert, and can leverage it to point you in the right direction quickly. As for learning foundations, definitely don’t rely on the hallucinations of it and RTFM.
ChatGPT (like any AI model) can be prone to hallucination, and, for more weird bugs and errors, it may give wrong advice or advice too generic to apply.
(And personally I don’t like AI ethically, but above points are objective reasons to not use it.)
Some suggestions on not overcomplicating everything:
Why not just stay connected to VPN all the time? Would be less hassle switching on/off.
Fossify Calendar is a local option.
I don’t understand the purpose of a throwaway Gmail account when you have Simplelogin. Unless you wanted to give someone a normal looking email. For a website it doesn’t make sense.
