I’ve been thinking about the idea of separating digital activities across different devices — for example, one device for everyday use (social, shopping, casual browsing) and another for more privacy-sensitive tasks. For those who’ve tried this approach, did it meaningfully improve your threat model, or did it mostly add complexity? How do you decide what belongs on which device?Curious to hear practical experiences and whether people feel this separation is worth the effort.
2 Likes
Using difference devices is overkill if you ask me.
Using different browsers, PWAs, browser profiles, user accounts on your device, etc. are all better or good enough options to compartmentalize your activities.
To me its not worth the effort nor the cost to maintain multiple devices for each type of use case.
3 Likes
I think it depends on what for. If I could afford it, I would definitely use separate devices for separate things. I don’t think it’s strictly a privacy issue, though.
WORK DEVICES
Work Laptops
Many people have had jobs where they have been issued work laptops, including myself. Many of them do a lot of personal things on their work laptop, even NSFW things, which is insane. I know this because the head of IT in my last company told me so many stories of the kind of personal info past employees leave behind. Some people left hundreds of photos from their personal life on their work laptop.
I myself, have only allowed myself to check my personal email on my work laptop, beyond that I never saved any personal information and I never visited controversial sites on it, which from a professional perspective can include NSFW sites, file sharing sites, but also sites that badmouth your employer or are clearly on the opposite side of them politically. I would never visit a union site on my employer’s computer, not even from home.
Work Phones
I’ve never had a work phone, but I know many people who have. I also know many people who were required to use their personal phone for work stuff like social media. Hence, the need for separation.
SHARED DEVICES
I personally do not like lending my computer to anyone, or even letting someone use my computer for something. Although I haven’t had to do that in years, it sometimes happens. Having a second computer where none or most of my personal life is visible is preferable.
I feel the exact same way about external hard drives and thumb drives because I always fear that someone will mistreat them or drop them. Hence, I try to have one that is for lending, so that if whoever I lend it to breaks it, or accidentally install a virus on it, or loses all my personal files that were on it, the damage is contained.
FINAL THOUGHTS
IMHO, unless you have unique needs, having more than 2 devices for separating certain aspects of your like is overkill. But 2 IMHO, is perfectly reasonable if you can afford it and if it works for you. Two computers plus two mobile devices.
5 Likes
If you have cash to burn then absolutely get another device.
If you don’t, and aren’t expecting a targeted attack, then hardening your regular device is fine.
If you don’t, and are expecting a targeted attack then time to install graphene and qubes, reject all un-encrypted phone calls, etc etc.
1 Like
Me after reading this message from @KathyM, thinking what all users from PG community with a work + personal GOS phone are in real life 
3 Likes
The idea can work if you are able to sustainably maintain both devices’ separation, but the practice itself may not necessarily decorrelate your digital identity across devices depending on your threat model.
1 Like
I’ve been thinking about how to best do this since I just got my third phone in preparation to install GrapheneOS on it. I’ve used two phones for years as a way to separate work from personal data. So now I’m going to have iOS, Google Pixel, and GrapheneOS. How would you guys approach this if you’re me? If you were going to pick one phone to install apps like Facebook and Instagram, which OS would you pick?
1 Like
TLDR; You have two options:
a. Use the proprietary apps on your iPhone and isolate all sensitive and private data onto the GrapheneOS phone. (In this case you can stop using the stock Android phone, or use it for a dedicated purpose like work or travel.)
b. Install the proprietary apps in the private space or a secondary user profile on the GrapheneOS phone. While this will be a “more secure" platform to install the apps, you risk weakening the security & privacy of the device by installing such invasive apps.
I would lean towards option a.
With their new AI integration and enshittification, the gap is closing fast, but I believe Apple still has a slight privacy edge over Google in their mobile OSes.
Personally I would only ever use proprietary apps (especially social media) on a dedicated device that was only used for those apps, and then could be turned off and stored in a Faraday bag when not in use. I understand not all people are going to do that, but design your system to isolate those apps as much as possible, as they will be harvesting data from your phone and from other apps if they are used on a stock OS.
Using them on the GrapheneOS phone (preferably in the private profile or a secondary user profile) will somewhat contain their data harvesting, but the reality is we know that software from tech giants doesn’t work like they say it does (we know this from hundreds of lawsuits over the last decade where they have repeatedly been found guilty of lying about the data collection practices of their software). Because of this, I personally believe that installing apps like this, even on a hardened OS like GrapheneOS, is too much of a risk for certain threat models.
3 Likes
Unless you are paying 2026 RAM prices I don’t see why not. Used Windows 10 PCs are affordable and cost less than a KVM to share screen and periphials. You will need a KVM for instant switching but I’d recommend if you run 2 PCs to play games with anticheat or download untrusted files.
1 Like
Yes, I agree, and I buy used so the costs aren’t too bad.
What is a good high-quality KVM? It needs to be Windows, macOS, and Linux compatible.
1 Like
The GrapheneOS phone and have the FB IG apps in a second profile.
3 Likes
I have to admit, it’s tough figuring out which phone to put the apps on. On the one hand, GOS seems really hardened and might be the better choice. However, for communication, I would prefer GOS over the other two OS due to GOS’ commitment to privacy and security.
I guess prioritizing apps like Google and Facebook on iOS. Whatever isn’t available on Apple, install it on stock OS Pixel. Keep web browsing and communication on GOS. Only install the bare minimum and FOSS apps on GOS.
For the desktop computing environment, I would do most web apps/browsing, video/voice calls, and Signal on a Linux build. I also have a M4 Mac Mini. I’ll only use Mac apps and whatever web activity that can’t be conveniently done on Linux. Adobe and Microsoft apps will be used on Windows. I’ll also game on this machine. This will be a new build and, despite RAM prices, I also want to play and learn AI. No web browsing and communication will be done on the Windows machine.
So this is sort of a rough game plan to isolate things. It’ll be a mix of new and used components/parts to keep costs as low as possible.
1 Like
This is my approach. Some people feel this is overkill and like it’s fine to install whatever you want in a separate profile.
If you’re worried about your comms being secure, running Signal on a Linux machine is almost certainly going to be your weakest link. Like, there’s not really a lot of benefit to compartmentalizing your comms all to this separate GOS phone just to run Signal on Linux. (Ignore this advice if you’re somehow planning to have separate Signal accounts, which is totally an option.) Also, I think your best bet for Signal on Linux is either running it on a .deb based distro or running it in a .deb VM. The containerization options (like Distrobox) I think mostly (or all) significantly reduce the sandboxing of the app (by design). I tried running Signal that way and ultimately decided it didn’t feel like a good solution for me.
2 Likes
That’s how I operate. One “clean” device, one “dirty” device. Former has important stuff, later privacy invasive. Both are hardened. At one point I was using three devices but it was too much of a hassle to keep up. You can pair up iOS and Android and get the best of both worlds if you wish so.
2 Likes
When I’m home, I prefer to use a computer so that’s why I said use Signal on Linux. I need a physical keyboard. I’m not against using macOS if it makes sense. Definitely not Windows. I don’t trust Microsoft!
1 Like
It’s an option to connect your GOS phone to a monitor and bluetooth keyboard & mouse. I think it’s honestly a good option for a lot of people. Then you can game and stream stuff and do all your more insecure stuff on a Linux laptop/desktop.
1 Like
If you don’t have a very high threat model, then I think this is not worth the effort.
Put every proprietary app in private space and shut it down when it don’t need to run and your fine
1 Like
Is that really usable, though?
1 Like
For simple things like messaging, absolutely. It’s not a full desktop replacement, but if you need security it’s a good option to look into.
1 Like
Another example of a phone being infected after clicking on a link. I know the solution is to obviously not click any links or download any software from unknown sources. However, sometimes we do inadvertently click on something sent from a trusted contact. Is there a safer way to do that? I know I can avoid downloading or clicking anything with my phone. However, can I do this on a PC with WhatsApp in a VM or something so that I can check things out?
1 Like