The Ultimate Privacy Guide (with a great user experience) [Long-form]

Introduction

I have been interested in privacy since quite a long time now. Not caring about privacy, is in my opinion certainly one of the biggest mistakes one can make. Especially in a future made of AI algorithms fed with data.

As the world evolves, data is going to become increasingly important. While it's already very valuable, data is step by step becoming the 21st century's oil.

Our AI-powered society isn't here yet, but your data (already) matters. Hundreds of companies have a data-based business model.

While I haven't anything against these companies, they are literally stealing your data. Online shops are tracking your behaviour to determine what your interests are, and to determine who you are.

Chances are that if you are looking for a stroller, and shortly after for pregnancy clothes, our dear friend Jeff Bezos will know thanks to Amazon's algorithms that you are a women, you are pregnant, you are likely in your 20s and 30s, and that you are going to have a baby pretty soon. This means that in a few months, they are going to make a ton of money by placing diapers on the front screen of your Amazon webpage, which you obviously will need.

If this currently already the case, what will it be when our society will mostly only rely on AI algorithms to move forward? This shows the need for modern, user-friendly privacy solutions. And this precisely what you will find in this blog post.

Because some will still not be convinced by the need for online privacy, I'm going to ask you the following questions: Would you be willing to reveal everything you do when you are at home? Would you be willing to reveal all your discussions with your friends, family, and partner? Would you be willing to reveal what you did last Saturday, when you left your home for a few hours?

I don't think so. So why would you want that online?

Though, your online privacy will never perfect, because that's simply impossible. There will always be a way to find you. The goal, is to make this as complicated as possible.

Some will think that this is only achievable using the Tor Browser 24/7, paying with cash, and using encrypted letters.

This is definitely not the case, and after having read this guide, you will learn how you can have a private life online, while still using the websites you love, and while not destroying the awesome user experience you have come to expect.

Threat model

In the privacy community, you will often hear people speaking about their threat model. The threat model, is against what you want to protect yourself.

I want to protect my data from being exploited by companies for example. That's my threat model.

While I feel uncomfortable knowing that my data is in the hands of the NSA, I'm realistic, and being able to escape the NSA (or the CIA in that regard), is nearly impossible, even if you were neglect the user experience.

This is why I mostly focus on protecting my digital identity from big companies, because that's entirely possible. On top of that, you can still have a great user experience while doing it.

1.0 Privacy on your computer

1.1 Operating systems

In terms of privacy, Linux distributions are by far the best. Of course, it depends on which one you use, but your online privacy will already be enhanced by simply using one. However, most of them lack one thing: a great user experience.

When you take a look at Ubuntu for example, one of the most used Linux distributions, it feels quite old. The interface doesn't feel "fresh", and while they do a great job at presenting you a lot of known and widely used apps once the installation of Ubuntu is complete on your machine, there are still a decent amount of tools which you simply can't find on Linux.

Besides, Linux has the advantage/disadvantage, that knowledge regarding how the Terminal works, and how to use it properly, is required. While this is awesome for experienced users, as you can configure nearly everything through the Terminal, it's really not for new users, who aren't familiar with the Terminal.

I'm personally using Fedora, a Linux distribution, and I really love it. Though, I must also say that I have some knowledge regarding how the Terminal works, and I'm clearly the kind of person who is able to spend hours to find a fix for something! But not everyone is like that.

And this precisely the main reason why I recommend the use of macOS to those who share my threat model (protecting my data from being exploited by companies), but who haven't the necessary technical knowledge or enough time to setup a Linux distribution.

While Apple is of course using your data for analytics, and improving their products to sell even more of them, Apple would never take the risk to sell your data, as they wouldn't be able to recover from it. Apple is all about marketing, and marketing is all about trust. Trust is something which takes ages to build, but which can be destroyed in a fraction of a second.

Speaking about marketing, a funny thing about Apple, is that they position themselves as caring about your privacy, but in the meantime, they are removing the VPN option for Chinese users, and even moving iCloud keys to Chinese state-owned datacenters. While this is just the case for Chinese Apple users, it just demonstrates that their "privacy focus", is nothing more than a marketing trick. But they would never do something like that with the data of European, or US users, as their reputation would simply be... well, they wouldn't even have a reputation anymore.

And yes, macOS is clearly not ideal in terms of privacy, but it has the advantage of being by default pretty secure, especially when compared to Microsoft's Windows. And again, Apple is there to protect your data from being exploited by companies.

If you are using a Windows computer, I would strongly suggest to install Ubuntu (Ubuntu is pretty accessible for beginners), or any other easy-to-use Linux distribution out there (Fedora is great too by the way). Because you really don't want to use Microsoft Windows. Alternatively, you can try installing macOS on your laptop, by making it a hackintosh.

1.2 Browsers

Your browser is incredibly important. I would even argue that it's more important than your OS. This is because you want to use as much as possible your browser, instead of installing an app on your laptop, or on your phone.

Websites have the advantage of not being able to access your computer's data. This is not the case when using an app.

There are some debates about whether or not you should be using a Chromium based browser (like Google Chrome for example), or Mozilla's Firefox. But the easiest way of doing things, is to simply rely on Firefox, as its default version respects much more your privacy then Chrome's default version..

Though, there are a couple of things which need to be configured inside of Firefox, to ensure that as much data as possible remains private while you browse the internet.

First, you don't want to use the default Firefox configuration. Here (to download it, simply click on "Raw") is the Firefox configuration file we will be using and here is how to install it. If you want more info about this configuration, you can read a Reddit post introducing it here. Though, please keep in mind that you will likely need to change some things in the code, as there are a few things which can be annoying when using this version of Firefox.

Now you have installed it, you will see that there are a couple of changes we can already see when starting it. First, the websites are resized. This is to prevent websites from being able to track you, through the size of your screen. Second, you will see that it's sometimes slower, and sometimes less responsive than you are used to with a "normal" browser, however, it should work perfectly fine overall. And it's actually quite smooth for such a hardened way of using Firefox.

Now, let's add some add-ons to our browser.

1.21 Add-ons

When using a browser, the less add-ons you use, the better. This is mainly because websites can track which add-ons you are using, and the more add-ons you use, the more you are becoming unique, in the sense that the less people will have the same amount, and the same add-ons you have.

Simply put, you want to keep the amount of add-ons you use as low as possible.

uBlock Origin

uBlock is a highly effective ad-blocker, which does much more than block ads, as it allows you to filter third-party scripts, connected domains to the websites you are using,...

Decentraleyes

Decentraleyes protects you against services tracking you through content delivery networks (CDN), as it emulates them locally by intercepting requests, finding the required resource, and injecting it into the environment.

HTTPS Everywhere

HTTPS Everywhere is an add-on which encrypts automatically your connection in HTTPS.

ClearURLs

ClearURLs does only one thing, but does it incredibly well: removing trackers from URLs.

Firefox Multi-Account Containers

Firefox Multi-Account Containers is certainly one of the most useful add-ons in this list, as it allows to keep all the data of one website, in one container.

If you have a container for Facebook, and another one for YouTube, Facebook will not be able to know that you are using YouTube, as it's in another container.

To make it effective, you will need to create a container for every website you use regularly.

1.22 Search engines

There are multiple privacy focused search engines out there, but there is one which really stands out.

The search engine I recommend is StartPage. Based in the Netherlands, StartPage is fully private, and has the advantage of using Google search results. This makes it really awesome, especially when compared to DuckDuckGo, SearX and Qwant for example, where the search results are simply terrible.

1.3 VPNs

There is a lot of controversy in the privacy community on whether or not VPNs should be used, and on whether or not the Tor Browser is a better solution.

Let's face it, Tor is 10x better for your privacy then a VPN. Though, it's also 10x worse in terms of user experience. Besides, the use of add-ons dramatically decreases the advantages of Tor, which makes it really not a good idea to use it with a password manager as an extension for example, because your identity will become unique because of that, even if your IP is "hidden" thanks to the Tor network.

And this is precisely the reason why, even if it's clearly not ideal, I would strongly recommend the use of a VPN. Using a VPN is always better than not using one, and you are much more likely to stick to using a VPN, than to stick to using Tor.

There are multiple VPNs out there, but what matters the most, is that you trust your VPN provider. This is essential, because your VPN is going to receive all your data. You don't want to use highly commercial VPNs, because these often lack explanations regarding what happens behind the scenes, and suffer from regular data breaches. You especially don't want to use a VPN wgich starts with "Nord" and ends with "VPN" for example.

Mullvad

Mullvad is an affordable, and impressively fast VPN. Based in Sweden, Mullvad is one of the most transparent VPNs regarding what happens with your data. You can find their (very) easy-to-read privacy policy here. Besides, Mullvad doesn't even require an e-mail to start using it.

ProtonVPN

Made by Proton, the company behind the popular privacy-focused e-mail provider ProtonMail (which I will cover later in this post), ProtonVPN offers a free offer, and is based in Switzerland.

IVPN

IVPN is a Gibraltar-based VPN. An audit has proven they aren't logging your data, and their apps are fully open-source. Though, IVPN is quite expensive, as their pricing plan starts at 5$/month, and it only gives you access to only two devices.

1.4 E-mail, contact, and calendar providers

There are two main e-mail providers focusing on privacy. What's great is that these are also offering contact apps, and calendars.

ProtonMail

Made by Proton, the company behind ProtonVPN which I presented earlier in this blog post, ProtonMail is an e-mail service focused on privacy, security, encryption, while still having a relatively decent user-experience.

Tutanota

Based in Germany, Tutanota is by far the strongest competitor of ProtonMail. Like ProtonMail, they focus mainly on privacy, and security, while also having a decent user-experience.

1.5 Note apps

There aren't a lot of encrypted note-taking apps unfortunately. The two major privacy-focused note-taking apps are Joplin and Standard Notes.

While Joplin is great, its user-experience is not. Besides, it lacks the ability to protect the app through the use of a password, or a PIN.

This is why I strongly recommend the use of Standard Notes, which has an awesome user-experience, and has a transparent Mullvad-like privacy policy.

1.6 Cloud providers

By default, cloud providers are definitely not a good idea, as you are literally giving them your data, and on top of that, you are paying for it. The best way of doing things, when using a cloud storage provider, is simply to use a tool like Crytpomator, which will encrypt your files before they access the cloud. This way, you will ensure that, even if your cloud provider isn't "safe", you will still not suffer from data breaches.

Because of the fact that Cryptomator is needed, if you want to privately store data in a cloud storage, some may think that there is no point of using privacy-focused cloud providers, and that they would better use things like Google Drive, OneDrive,... Though, these people have to keep in mind that, by doing that, they are support companies who are openly not respecting your privacy. Because of that, I strongly encourage you to take a look at the cloud providers below, who offer at least some privacy, and security "guarantees" (even if we can never be a 100% of that).

Self-hosting Nextcloud

Nextcloud is an open-source cloud platform which is entirely free to use. The major disadvantage, is that you need to host it yourself, or rely on third-parties, but this really destroys the point of using Nextcloud.

Sync

Sync is a Canadian cloud provider, focused on privacy and secured. Being impressively affordable, Sync is clearly a cloud provider to consider.

Tresorit

Based in Switzerland, Tresorit is a fully encrypted cloud provider. It's quite expensive, as you only get 500GB of storage, while paying the same price as you would when using Sync.

Jottacloud

Jottacloud is a Norvegian secure cloud provider. They are insanely cheap compared to Sync and Tresorit, as they offer "unlimited" cloud storage, for 7.50$/month. However, after having uploaded 5 TB to your cloud storage, the upload speed will progressively go down.

ProtonDrive (not live yet)

Being developed by the company behind ProtonMail and ProtonVPN, ProtonDrive is an upcoming cloud storage provider. It should be coming by the end of 2020.

1.7 Password managers

Bitwarden

Bitwarden is a fully open source password manager, which has the advantage of being incredibly easy to use. Bitwarden allows you to self-host it, or to use their free cloud-based service.

LessPass

Like Bitwarden, LessPass has a great user experience, and is also fully open source.

1.8 Replacing YouTube, Twitter,...

There are a few ways to bypass the use of YouTube, Twitter,... I'm not going to cover social medias such as Instagram, Facebook, Snapchat or even TikTok, because I think that it's ridiculous to use them if you care about your privacy. There is no point of doing all of this, if you are still using these social medias. Besides, none of them (except Instagram with Bibliogram), have privacy-focused front-end alternatives.

Replacing most content platforms: MiniFlux

MiniFlux is a privacy-focused, and minimalistic RSS reader. You can host it yourself, or pay a cheap yearly subscription, your RSS reader will then be hosted on the servers of the app creator. Using a privacy-focused RSS reader like Miniflux, is the best way of doing things in my opinion, as it removes the ability for the websites to directly track you.

I see an RSS reader as a kind of tunnel, where the websites can't see the other side of the tunnel. The advantage of RSS readers, is that you can use them for nearly everything, whether it's having a Twitter feed, following your favorite blogs, or watching videos of the YouTubers you like.

Replacing Twitter: Nitter

Nitter is a free and open source alternative to Twitter, focused on privacy. Javascript is removed by default, and the client never talks to Twitter.

There are a few ways to use Twitter, one of them is to create a list, which you can do by adding usernames after "nitter.com".

Example: "https://nitter.net/elonmusk,BarackObama" will give you a feed of Elon's, and Obama's tweets. You can bookmark the link in your browser for example, which allows you to directly have a Twitter feed, but without using Twitter.

Replacing YouTube: Invidious

Invidious is front-end alternative to YouTube, which protects your privacy. It can sometimes be quite slow, but is overall reliable.

Replacing YouTube: YouTube

I personally don't like the interface of Individious, which is the reason why I still use YouTube, without going through any front-end alternative. Though, there are a couple of things to take into consideration.

First, I don't log into my Google account when going on YouTube, and I have created a specific container for YouTube. Second, all my browser history, cookies,... is deleted when I quit Firefox/when I shutdown my computer.

As I close Firefox everytime I have done what I needed to do, and in the evening, when I'm done for the day, YouTube really can't create a profile of me on a long-term perspective. Finally, as I use a (very) hardened version of Firefox, with a custom user.js profile which I introduced earlier in this article, I'm doing pretty well in terms of privacy, even if I use YouTube.

Replacing Reddit: Old Reddit

There aren't any front-end alternatives that I'm aware of for Reddit. The best way of doing things, is simply to use the old version of Reddit. Though, I must admit that the interface just looks horrible. So I personally still use the latest version of reddit. Besides, I have a Reddit account, but I just use it when I want to post something, otherwise, I'm not logged into my account. I have bookmarked the subreddits which I like. And finally, I have obviously created a container specifically for Reddit.

I just found this tool actually, which allows you to browse Reddit through your Terminal. Though, it's sometimes a bit tricky to use, and as pictures don't load directly in the terminal, it's not that good in terms of user experience.

Alternatively, you can also use Reddit through an RSS feed. Though, to view the comments, you will still need to access Reddit, which isn't ideal.

2.0 Privacy on your phone

There are several options regarding your phone. The best way of doing things, is to simply have a flip phone. It's simple, it doesn't track you, and it's just what you need at the end of the day.

Though, I know that as our society is evolving, we will more and more need a smartphone. Ideally, you would buy a Google Pixel (ironic, right?), and install Graphene OS. Though, most people don't have a Google Pixel, nor have the required funds to buy one. This is why I will not be covering that in this blog post.

Besides, there is also LineageOS. LineageOS has the advantage of being compatible with much more devices than Graphene is, however, it suffers from some security issues. On top of that, there are still plenty of devices not compatible with LineageOS. This is why I will not be covering that in this blog post.

On the contrary, I'm going to cover things that work for every Android-based smartphone, including ways to remove Google bloatware from your smartphone, isolating apps which you don't trust, and introducing you to a set amount of apps which could be useful, all of this, without rooting it.

2.1 IOS VS Android

First, before going into the following parts of this guide, I think it's quite important to take a look at the IOS vs Android debate.

On one side, you got IOS. IOS, made by Apple, is supposed to protect your privacy. While IOS is actually not that bad at protecting it, it's definitely not ideal. The problem with IOS, like it's the case with nearly all Apple products (but IOS in particular), is that you can only do what Apple wants you to do. If you have an iPhone, there is no way of configuring it extensively. And there is no way to remove system apps, which is pretty annoying.

Besides, most privacy and open-source initiatives in the smartphone landscape, are made for Android. If you want to only use open-source apps for example, you will need to use F-Droid, which you can only access them from Android.

2.2 Removing bloatware through Android Debug Bridge (ADB)

One of the great things about Android, is that nearly everything is configurable. You don't like this pre-installed app? You can remove it. But sometimes, your phone will not like that, and will disable the possibility of doing things. This is where ADB comes in the spotlight. ADB is a tool which allows you to quickly remove packages (apps essentially), through your computer's terminal.

Here are three guides on how to do this. This the first one, here is the second one, and finally the third one.

2.3 Installing some apps

There are a couple of must-have apps for Android.

Hermit

Hermit is an app which allows you to create web-apps. If you are planning to use social medias on your smartphone, I strongly suggest to use them as web-apps through Hermit. For most of them, the experience is really similar, and the advantage is that they can't access your data stored on your phone.

Additionally, you can create a web-app for MiniFlux for example, or Nitter. This way, you can simply access your RSS feed, and have directly access to your Twitter account.

Shelter

Shelter is an app which is using your work-profile on your phone, in order to isolate specific apps. If you absolutely need to use WhatsApp for example, make sure to isolate it through Shelter.

Signal

Signal is an end-to-end encrypted messaging app, which focuses on security and privacy. It has honestly a much better user experience than it's non-encrypted competitors (WhatsApp for example), which is not always the case for these types of apps.

Tor Browser

As the configuration possibilities of browsers on smartphones are quite limited, I strongly recommend the use of the Tor Browser, to still have some protection online.

F-Droid

F-Droid is a catalogue of free and open-source apps. Through the F-Droid app, you can easily install, update, and manage your favorite FOSS apps.

Simple Keyboard

Simple Keyboard, is just a simple keyboard. That's it. It doesn't track you, and it just does what a keyboard is supposed to.

3.0 Additional stuff

A lot of people in the privacy community give a lot of attention to online privacy, but just a few also give attention to their "In Real Life" (IRL) privacy. And it's ridiculous to create a guide for privacy, if you don't cover this.

3.1 Pictures

Never, ever, let someone publish a picture online of you. This is fundamental. If it's required for your job, simply post an old picture of yourself, but never an up-to-date one. Another way of doing things, is to pay an artist to draw a portrait (or do it yourself if you have some skills), and use that as your profile picture.

3.2 Names

Avoid as much as possible giving your name to websites when asked. Some will require it for legal reasons, which is fine, as long as your profile on that website isn't public, and that you always use on other websites a nickname.

You don't want these websites to be able to link your name with these other websites.

3.3 E-mails

Avoid the use of one e-mail for all your services. ProtonMail and Tutanota offer, when using respectively Plus and Premium for Protonmail and Tutanota, the possibility of having up to 5 aliases. ideally, you want to use one alias for work, another one for shopping,...

Alternatively, you can of course also use services like AnonAddy or SimpleLogin.

3.4 Phone number

Avoid as much as possible to give your phone number to websites asking for it. If you haven't any choice, do it, but just keep in mind that the use of a phone number is an incredibly efficient way to track you across the internet.

Otherwise, you can still pay for a prepaid sim card of course, but that's going to cost some money.

Conclusion

I'm a firm believer that our online privacy is as valuable as our IRL privacy is. I think that a lot of people underestimate the importance that data is going to have (and already has), in a future made of AIs, blockchains,...

Always remember that it's never too late.

0xtardigrade's Privacy Table

Items aren't ranked in a particular order. These are all privacy-friendly apps and services, which also all have a great user experience. If you have a particular app/tool/service/... which you like, which is 1. privacy-focused, and 2. user-friendly, you can send me an anonymous message through my Guestbook and I will make sure to add it.

Though, please keep in mind that if your favorite privacy-focused service isn't in this list, it's most likely because it hasn't a good user experience.

1 2 3 4 5
Desktop OS Fedora Workstation Ubuntu Linux Mint Manjaro Linux macOS
Browser Firefox (Hardened)
Add-ons uBlock Origin Decentraleyes HTTPS Everywhere ClearURLs Firefox Multi-Account Containers
Search Engine StartPage
VPN Mullvad ProtonVPN IVPN
E-mail,... ProtonMail Tutanota
Notes Standard Notes
Cloud Self-hosting Nextcloud Sync Tresorit Jottacloud ProtonDrive (not live yet)
Password Manager Bitwarden LessPass
RSS Feed MiniFlux
Twitter Nitter
Youtube Invidious YouTube [2]
Reddit Reddit [1]
Android OS Graphene OS LineageOS IOS Android
Android Apps Hermit Shelter Signal Tor Browser F-Droid
Android Keyboard Simple Keyboard

[1] Use it with a container, and only log into your account when you want to post something. For those who are really paranoid, you can always setup a virtual machine in Fedora in just a few clicks (with "Boxes" which is pre-installed on Fedora), and solely use it to browse Reddit. But that's really the ultimate level of paranoia.

[2] See section 1.8 for YouTube.


You'll only receive email when SpaceTardigrada publishes a new post

More fromĀ SpaceTardigrada