Share Your Privacy Journey: When, How, and Why Did You Start?

2009, I operated a KG-175D that encrypted traffic over SIPRNet and was one of the two holders of the physical CIK key on our FOB in Iraq. I thought, maybe I should start encrypting my passwords too.

2010, I set up a veracrypt vault with passwords, tax info, and… Other material.

2013, Snowden revelations got me all concerned but then I dug my head in the sand because… i wasnt that interesting and not a criminal™.

2016, I saw a friend using LastPass and I wanted to be as cool as him, moved to LastPass.

2017, was on a big data team and started realizing even companies got a lot of information on people too. This is terrible… Oh well, ill be lost in a sea of people and what’s the worst that’ll happen targeted ads?! Oooooo scary

2020, first kid

2024, I notice my kids will be getting a chrome book for school, connect the dots and see how much power this gives wealthy and gov elites.

Deep dive into every privacy resource available, buy a Yubikey, move from LastPass tp KeePassXC, buy a Firewalla, Find Privacy Guides, post this post, get the fam on Proton and pcloud, explain to my wife what a VPN is, build my homelab to get us off as many subscriptions as possible, replace blink cameras with Reolink connected to home assistant, sell my iphone, buy a pixel then install GrapheneOS, buy a Framework install Debian, buy a pixel tablet, install GrapheneOS. Reach out to library and build an outline to present to mh community of parents.

2025, surprisingly not much yet.

I helped throw a 3 time Ex-con back in prison (he had 7 active warrants at the time, one of them Federal). He used my home address as he needed to list a residence, along with other con-artist schemes. (he was never a resident at my home!)
I was amazed to learn that he is a lifelong criminal (40y/o) and knows tricks I could never have imagined. He gets out very soon. With help from this community, I learned the best way to reduce my exposure to the best of my ability.
This led me to following you all as you discuss things way above my head, but I am absorbing what I can. For that, I thank this forum and community.

About two years ago I was getting more interested in computer security. I was fortunate that my employer at the time prioritized it and gave us lots of seminars and training.

At the time I was extremely naive and uninformed, and thought that security was all about getting a good anti-virus and not clicking on phishing links. But I was already using a password manager and occasionally a VPN, so I had at least some knowledge.

Somehow my interest in security morphed into an interest in privacy. I’m not sure how that happened, but it did. I discovered the work of Michael Bazzell and went down the rabbit hole.

From there I started making changes in bursts, with quieter periods between bursts when I was busy with other priorities. I started by deleting all kinds of accounts which I wasn’t using anymore. One of the best parts was deleting social media accounts, as the experience of using them was crap anyway. I’m a lot happier for it now .

I made the shift to Linux because of Michael Bazzell as well, along with other things like his two-router model with a firewall and VPN in one of them, so every device in the home that connects to it has a VPN. Also, I have a PO Box and have done a few other things. For months I’ve been using cash almost exclusively, using electronic payments only when I don’t have a choice. I used to work in banking, so I’m well aware of how much information can be gathered about someone from their financial records.

Right now I have another priority to deal with, but as soon as that’s finished at the end of February I’ll work on another burst of activity, which should include finally getting a Pixel and installing Graphene OS on it.

don’t fall into degoogling, anti-big tech nonsense

Lukas I fully agree when you say that we need a Threat model, but why do you consider Degoogling a nonsense?

I mean, I still a believe a degoogled device improves our privacy

I can’t speak for Lukas, but I believe he’s referring to the fact there’s a minority in the privacy community who (essentially) say, “THROW BIG TECH OUT NOW. DE-GOOGLE CUZ GOOGLE BIG BAD COMPANY!!1!1!1!11!1!”

This causes confusion for those new to privacy, thinking, “I use Microsoft Word and that means my privacy is completely compromised ,” or something similar with whatever software they use from those companies.

I myself fell into this, as said earlier, and wasted substantial amounts of time.

But does it maintain or improve the security as well? That’s another question. Overall, it depends on what de-googled OS. Some, such as particular Android OSs, can actually worsen the security of your device.

Always remember: you can’t have privacy without security, but you can have security without privacy. Therefore you need a balance of both. It’s essentially privacy vs security, a struggle between, “Should I erode some privacy for this?” or “Is it worth losing security for this privacy gain?”

Honestly if any custom Android distribution advertised “DeGoogled-ness” for me that’s a no-go (I’ve learned to never make the /e/OS mistake). Actual ones that are worth my time documents what this operating system does and what limitations does it has for each device (part of why I really liked DivestOS)

I fell into that as well, I stopped using MS products, I stopped using whatsapp and fb and ended loosing contact with some old friends, I fell into deleting my Steam account because I purchased games on my name, I fell into so many stupid things just because I was listening to every youtuber back then

I agree that google products are among the most secure products available, also I know that open source products usually offer a good level of security, so as you said, it is important to find balance for using products without compromising the security.

personnaly, I dont like the idea of big tech companies harvesting my data and building a profile on me, so using Graphene Os is important for me, but it is a personal choice, it does not mean that if someone uses google phone, that they cannot be private, it is about their needs.

Online privacy is not limited to big tech companies I get that, but it is important to also address that (my opinion )

If one wants to deGoogle, then they should be using iPhones and Macs exclusively. Also no Chromium, so either Firefox or WebKit browsers.

For firefox i trired zen before and i liked more than ordinary firefox.

Zen Browser I would say is good if only the user is deciding on Arc Browser and desperately wants a browser like this
otherwise I Stick by PG and other’s recommendations.

Yeah zen doesn’t support drm and might have some other issues but i think it’s fine

2010 I stumbled upon EP’s report on the ECHELON system. Got interested in the subject and started heavy reading.

2010-13, I researched the topic extensively, and worked on a privacy guide. Then Snowden docs dropped which would’ve meant a massive rewrite, and since the topic finally had public attention and guides were popping anyway, I saw that work as redundant.

2012 I studied isolated systems and drafted the initial schematics of TFC’s architecture.

2013- TFC development and later, maintenance. Lot’s of reading from academic papers to books, to Snowden files, to said files’ analysis by researchers.

2014 I translated the entire PRISM Break (early PrivacyGuides-like site) to Finnish.

2015 I wrote an eight page article on the technical side of mass surveillance to the Finnish IT-magazine Skrolli.

2017- Small contributions to other projects (Cwtch, OnionShare, Tails, Tor, possibly Signal).

Lot’s of stuff omitted so don’t take this as a CV :>