licol1

If you have no idea what the first steps towards improving your overall Digital Privacy are, this is for you. UK now requires ID for websites, EU is working on Chat Control and other countries are trying to replicate this. You have limited time to put these measures into place. [LONGFORM] Before we start, please RT this post. It helps spread the message and more people need to hear about this. Devices Computer For Your computer, You don't need anything expensive or powerful, neither some special features, to start with improving your privacy. Even something like second hand ThinkPad for $200 dollars will do it, since what you will be installing doesn't have high requirements. If you have some older PC or laptop around, buy some extra RAM and switch to SSD. Again, this upgrade will cost you not even $100. If you're brave, you can go all in on your main device. Phone For Your Phone it is little bit trickier. What you'll be installing is GrapheneOS, which so far only supports Google Pixels due to security requirements. I personally use Pixel 8a and the "a" version is probably enough for you unless you need larger display and better cameras. You can get 8a/9a for $300-$500 or less if you wait for Black Friday. Operating System Computer On Your computer, install any Ubuntu based distribution you like. - Mint Cinnamon - PopOS - ZorinOS Or any other. You can use Ventoy to put all the distributions you like on one USB and then try each one of them without re-flashing the disk every time. And yes, unlike Windows, you can use the Linux distribution from the USB without installing them on the full disk. After you choose your distribution, install it. Make sure to enable Full Disk Encryption during the installation. You might have heard about distributions like Qubes, Whonix, Tails, Kali or Fedora SecureBlue. I do not recommend them for beginners. They have either specific use or steep learning curve, so You will probably quit Linux altogether after using them for 5 minutes. Phone On Your Pixel, install GrapheneOS. The full installation guide is on their website. It is nothing hard. Initial Setup Installed Linux? Now finish the setup: In Terminal run: sudo apt update sudo apt upgrade sudo apt purge -y apport In Settings: - Enable Automatic updates - Disable File History - Disable Lock Screen Notifications On GrapheneOS, find and configure these settings. - WiFi auto turn off - Bluetooth auto turn off - LTE only mode - Auto reboot Many others available, but these are highest ROI with no downside. Managing Applications On Linux You have basically three options to install new apps: - DEB(/RPM) packages - AppImages - Flatpaks Usually one of the is available for installation. For managing Flatpaks permission use Flatseal. For managing AppImages use Gear Lever. On GrapheneOS - App Store - basic apps provided by the OS - Accrescent - limited to some apps, but install from here if possible - Obtainium + AppVerifier - for (not only FOSS) apps that have OFFICIAL public APKs (don't install from mirrors), make sure to verify hashes if possible - Play Store - anything else (With anonymous account in Private Space/Different Profile) Backups Make sure to backup: - home folder - email account - contacts - chats - 2FA code - (website) On Linux 1. Create VeraCrypt container or LUKS your whole backup drive 2. Use Back in Time/Pika Backups to backup your home folder 3. Follow 3-2-1 Rule On GrapheneOS 1. Create VeraCrypt container or LUKS your whole backup drive (or use the container you created for your computer) 2. Export data from apps on your phone (Chats, contacts, 2FA codes...) 3. Connect your phone to computer 4. Transfer the files to your backup media using computer Web Browser You're one quick installation from browsing privately. Stop using Chrome or poorly hardened Firefox. Daily driver: → Brave → Zen "But Brave is Chromium" That's why it has: - better sandboxing - better exploit protection Just turn off the stuff you don't like and you're good to go... Temporary/Disposable → Mullvad Browser → Tor On GrapheneOS use Vanadium or Brave if you want. Avoid Gecko (Firefox) based browser on Android since they have almost nonexistent sandboxing there. VPN Go to Mullvad(.)net 1) Go to Mullvad(.)net 2) Create account and login 3) Pay with Monero or Cash 4) Download the app 5) Login 6) Connect No logs, no email, no credit card, no two year plans. Easy as. Password Manager Use legit Password Manager. Avoid: Build-in browser Password Manager LastPass Use: Bitwarden KeePassXC KeePassDX And backup your password vault regularly. Two Factor Authentication Core tenets for 2FA: - 2FA for all accounts - only FOSS apps where you can export codes backup codes frequently What to use? Apps: Aegis, Ente Auth HW Keys: YubiKey, NitroKey Email Avoid it for any communication that could be on encrypted messenger. Use it only for receiving corporate emails, bills, subscriptions... For Email: → ProtonMail → Tuta For Alias: → SimpleLogin → Addy Email will never be private, so make sure you have some decent email strategy. 1. Personal email (Your name in address) 2. Pseudonymous email (Pseudonym in address) 3. Others (Job, Business...) Cloud & File Sharing If you can, use Syncthing: 1. Download it on your computer 2. Make sure to enable Launch on start-up 3. Download Syncthing-fork on your phone 4. Connect your phone and computer 5. Now you can sync folders between your devices Which ones? My recommendation is KeePassXC vault or Obsidian Vault. For Cloud: - Ente - Proton Drive For self-host: - Nextcloud - Immich Metadata Removal On Linux Install it with this command > sudo apt install mat2 Now you can just right-click files and then select "Remove metadata". On GrapheneOS Install ExifEraser from Accrescent store. Open, add photo or video, remove metadata. It's not everything, but this should put you ahead of 99% others who don't even know they're being robbed of their privacy. Stay Private. Not only Online. Marconius Solidus