I’ve been getting interested in online privacy recently and am feeling overwhelmed and unsure what level of privacy I can reach given my situation. I’m sorry if these questions have been asked before, I have tried to search past posts and either my searches have been poorly worded or the search function isn’t great.
My threat level is low, I don’t have anyone after me, but being on the wrong side of the last US election and the path the current administration is taking, I’d like to blend in and be as inconspicuous as I can reasonably achieve.
So as to not post a million questions at once, I’d like to ask only a few questions of my questions.
As a baseline, here’s what I’ve done so far.
Bought a Flint 3 router and hooked up VPN at the router level for all of our devices at home.
Bought a Mullvad subscription
Use ProtonMail/ProtonPass to Setup Email Aliases for most of my accounts (real IP associated, though)
Stopped using Google for primary email
Is it achievable to have two or more “identities”? Up until about two weeks ago, all my online activity has been tied to my IP and real name. Would it make sense to continue with activity like banking, investing, remote work, rent payments - really all the stuff that is more “essential” to have real identities linked to, under my normal IP, and all my other online activity separate? I do have some email aliases I’ve created through Proton but those were all done without the use of a VPN so I wonder if that’s even doing anything for my privacy, really.
Is it impossible to play online video games and have privacy? All the accounts I’ve made have been under real names and without a VPN. Often they require a subscription as well. I’m assuming using those accounts would mean any other efforts to hide myself would be made undone by simply logging in. I also only have 1 PC that I use as a daily driver and a separate laptop for work. So unless I just quit gaming altogether, it’s not feasible to just use a different device to keep things separated.
Is it reasonable to achieve privacy if my spouse continues to use YouTube and Instagram? They only use YouTube on our TV, so using a frontend isn’t feasible as far as I know. I’m working on expressing the importance of online privacy to them, but in the meantime I wonder if its worth it to continue down this path given everything my spouse does online. Surely all of their activity would link back to myself?
That’s actually a lot of progress and change you’ve made already! You may want to consider migrating away all your old accounts from GMail, preferably to separate aliases each. While at it, it’s a great idea to consider if you need the accounts at all. Most GDPR/CCPA deletion buttons / forms / requests don’t actually check or even care if you’re in EU or California, and you can just (ab)use them to remove unneeded accounts.
I think you should focus less on IP. It usually doesn’t mean shit in the age of CGNAT. Strictly regulated things like banking or renting you can’t do much about. You should still do the bare minimum and use mail aliases, but that’s about it.
It’s hard to give one-size-fits-all advice here. However I do have some tips:
Payment processors are separate entities from the services you pay for. Data you give them will often not be transmitted to the services. The “name on credit card” for example is likely never going to hit them.
Slightly relevant, but you’d want to choose the payment processor that sells your data to the least people. For example with Apple Pay it’s only Visa/Mastercard and your bank, and not Apple. (An additional pro is that it’s a bit more resistant to false positive fraud detections that you may otherwise suffer from when using a VPN.) Obviously crypto is even better.
Billing addresses are only for tax reasons for the companies. You can just make up whatever (maybe in the same taxation jurisdiction as else it may be technically fraud), no one really gives a shit.
Consider using gift cards where possible. They can be purchased both offline for cash and online for crypto.
Also consider your privacy regarding 3rd parties linking your identities, it’s a much more realistic threat to the average player. Use different usernames, don’t link your accounts across platforms, and obviously don’t plaster your real name everywhere. Bonus points for using unsearchable names, like short or number only names.
Privacy is not something you either achieve or not. Advances you’ve made aren’t going to be erased because they watch a youtube video, and in fact they’re often completely orthogonal issues.
I know this is a bit unrelated, but as far as I know with CGNAT your public IP address is often shared among a pool of ISP customers unless it’s using IPv6. I was wondering about this today, and I came across this post. Is what I know accurate?