Not much and I don't plan to do much.

It's easy to think "I have nothing to hide", but that's not what I mean. A better analogy is risk analysis/attack surface area you expect. The privacy requirements of someone doing investigative journalism are wildly different from a regular joe who only needs to worry about targeted ads.

I'm generally in that bucket, where my only real privacy concern is ads, and I'm ok with tailored ads... Especially since ad blockers remove over 95% of them anyway. And since I rarely buy stuff.

I take significant steps for security (yubikeys, password managers etc.), and mental health (regular social media breaks and such). But "privacy" is too vague a word without a risk assessment.

One thing to think is that new ways to use data will be created in the future.

Some companies (e.g. Google) by default will capture multi-gigabyte decades-long records of information about us. We might let them do it thinking that it is not much threat to us.

But new technologies can be invented, for example things like widespread use of facial recognition, or deepfakes, or AI, which could make the trove of data we gave away become more dangerous in the future.

I don't feel like I do much either, but I loathe advertising, so I do run a (to me) modest suite of defenses. I run uBlock Origin, set to default block all third-party content, and DuckDuckGo's extension in Firefox. I have the Tor Browser installed for when I'm feeling particularly paranoid, and a blocking VPN on my Android phone. There are certainly leaks, but I never see any malicious content.

Similar approach here. Adblockers and permissive loading of JS by domain are the only steps I bother with. Anything else is coincidental or done for security/peace of mind.

It matters to me that my digital data (PII or not) is not tracked aimlessly and sold to 3rd parties without my consent. So,

I use a VPN because I don't trust my ISP.

I use LineageOS with microG because I don't trust the phone manufacturer and Google to not track me.

I use Linux coz fuck Windows. Hardened with secureboot and FDE with TPM.

I use ungoogled chromium with uBlock and NoScript.

I also selfhost most of the services that I can replace with FOSS alternatives. Can be a PITA maintaining them at times but I sleep happy at night knowing my data is not on some Google(-like) farm. E.g For Youtube I do make use of public invidious instances etc.

Any app (on phone and PC) that doesn't need internet permissions (or any other unnecessary permissions) has them toggled off. Flatpaks and flatseal makes this so easy on Linux.

Any social media app that works well as a PWA is not installed. And if needed on my phone, it's installed into the secondary work profile where it can't read my files/contacts/etc.

All data I consider private is encrypted at-rest. Same is routinely backed up to different cloud storage providers.

Any account that I consider important has 2FA behind it. Most accounts I just use disposable emails to register.

Ads are all effectively blocked on the devices I use courtesy of dns filtering.

I'm gonna pick out one thing I'm always really curious about; what makes you trust a VPN provider more than an ISP? I've never quite understood this especially with how iffy and downright wrong VPN marketing (e.g. ad-reads on YT) can be.

- Why trust a VPN company more than your ISP? To me it seems like a commercial VPN could have equal or more incentive to do questionable things with your info.

- Is it somehow easier for an ISP to track my activity vs. a single VPN company whose servers I'd tunnel all my traffic through?

Sure, the ISP knows where I live and all that but it seems like a VPN could easily identify/know me to the same degree.

( - or is it like a self-hosted VPN sitting in the cloud, and would such a thing be practical/effective at all)

Obviously people have different reasons for using VPNs. But how I see it, between the ISP and a commercial VPN, which provider would you trust more with your internet activity?

The one with more PII data on you or the one with less? Noting that some VPNs even allow you to pay with Bitcoin.

My ISP knows where I live right to my doorstep. A VPN only knows roughly from which city I'm accessing the service from. And for mobile data, it is worse since the carrier I use has a copy of my govt issue ID (as mandated by law).

Between the two, do you trust the one whose core business is competitively providing privacy products? or .... the local private entity (some operating as a market monopoly) susceptible to government interference & anti-privacy laws .... and who basically answers to no one with regard to customer data/privacy?

Am sure all this PII data could be made to be used against you on a worst-case scenario basis but still...

I do have a self-hosted VPN tunnel that I use occasionally, but it's not as effective for privacy as a commercial VPN is if we put all device fingerprinting aside. And besides, the cloud provider still has my credit card so this route doesn't provide any greater privacy benefits than a VPN does.

I use a single device most of the time. Eliminating the need to sync calendars/mail/contacts/… across devices greatly reduces my dependence on big cloud providers.

On the other hand, I mostly work on open source software, so all my work is publicly available in timestamped commits. It is easy for anyone to guess my working hours, timezone, and time off. And all the comments I write can tell you a lot about my views of the world.

I think the privacy impact of open source is not talked about enough.

Fully agree. Om this note, I had a brief discussion with an employer I collaborated with once, about some potential employees being forced to work in the open because they open sourced their work. I was terribly surprised to get no understanding that this could be perceived as a problem. Especially since work tasks may not be something you would want on your public record necessarily.

In this case, I would recommend that you get an employer-specific GitHub account, so you can compartmentalize it that way. A bit of a hassle, yes, but then, you're definitely not tying yourself in git history to that employer for your entire career.

Can't find it now but I faintly remember this being against their ToS, maybe even before the Microsoft days.

Docs say that it's no problem now, but they "suggest merging multiple accounts" but probably because of less fuckups and support questions.

That's interesting. I wouldn't be surprised. Thank you.

That's of course a good solution. Thank you.

I mostly minimize using products from the big tech companies - I found I don't need their stuff nearly as much as I thought. There's a lot of incidental tracking going on there that's hard if not impossible to tackle.

I use ad/tracking blockers, but having worked in this space, they don't/can't exactly offer complete privacy.

Beyond that, I think about the biggest risks and try to tackle them: It's for example pretty easy to send someone a link and as soon as they click on it you know roughly where they live. Any information about where you typically hang out, what you do and what your kids look like stays off social media - it's pretty easy to be stalked with just a hand full of these signals, if someone really wants to.

I don't feel I have much to hide, like others here, but you never know when someone decides to have a personal vendetta against you or something. Can't make it impossible to be stalked, but I can make it difficult enough for people to not bother. I think about it the same way as I think about securing my residence, really.

Some concrete stuff I use:

- Personal NAS and server for files/photos (Syncthing works great for me)

- Ad/tracking blocker (it's usually a matter of the lists, so just one extension)

- Firefox (I have some background with Mozilla so I personally trust them more than anyone)

- Caution / VPN for weird links

- No Gmail (I like FastMail, but there's a lot)

- No Amazon, e commerce is enough of a commodity

- Not using social media actively, not posting personal stuff

- Linux (PopOS and Ubuntu)

> If you don't take steps -- then what are your reasonings why? (Beyond the staple excuse of "I have nothing to hide").

I have nothing to hide except of when I run Tor browser.

> Do you run any specific kind of operating system (say, Windows, Mac, etc) and why? Does it matter to you personally whether you are tracked?

I quit Windows since 7 became outdated because modern Window's tracking bothers me, not because of somebody gets informed about something I do not want to be known but because it messes me with using my device (I have to decide when to update, when to reboot and when to change some settings, not a vendor). Debian may have some pesky settings which make OS leaking some data about me, but at least it doesn't bother me when I am trying to use my computer.

> For example, do you store files on cloud storage as-is?

No, because upload is always easy and download is always hard. A lot of HDDs works great for me.

> Do you avoid or block social media? If so or if not, why?

I do not find any of these interesting except of Youtube. And I try avoid using it too much because torrents have better video and not video content.

I host everything privacy related on a server in the basement. Email, XMPP, mumble, calendar etc.

I mostly use OpenBSD these days, but any security is a bonus. I mostly do it for the minimalism. The pledge and unveil stuff built into the browsers is nice.

I have at this point dumped pretty much everything but self curated Reddit and HN, not just for privacy but for general sanity as well... That is also mostly the reason that I keep my phone (which is dumb anyway) turned off unless I need to use it.

I just use what they taught us old timers at school.

Don't put your real name or face on the Internet. Don't tell specifics of your life to strangers on the Internet.

That's about it.

Oh, and I always say "ask app not to track" when iOS asks :)

I also use different nicknames for different contexts so my personal and semi-professional accounts can't be trivially linked.

You can prevent apps even having an opportunity to ask if you like. Just go to Settings -> Privacy & Security -> Tracking and turn off the ‘Allow apps to request to track’ switch.

Apologies in advance if you already knew this!

- Use FF + lots of blocker addons

- Use Linux

- Encrypt files

- Use signals

- Use Android without a google account or a play store

- Use google products as little as possible

- No whatsapp, no Insta, no FB

- Use pcloud encrypted solution for online storage

But even with all that, I'm pretty sure the impact is limited, real privacy would require a lot more. Not to mention banking, power companies and so on are going to sell your data no matter what.

Besides, most people would not even do 10% of this. Not even switch to FF.

And if they are transparent and knows you, they give a lot of data on you anyway.

It's a battle we are loosing.

Nothing. Nothing bad ever happened to me due to lack of privacy protection. I am only happy if I get ads tailored to my interests. Even if Backblaze, where I store backups of all my data, would be hacked and leaked – nobody would probably care enough to dig through my personal data. People wildly overestimate how much other people care about them or their secrets.

This is fascinating take and I love that this view is being represented on HN, specifically because it is not a minority opinion in the real world based on my interactions with my social circle.

<< People wildly overestimate how much other people care about them or their secrets.

People may not care about your secrets now. Right now you may be young. Right now you may have not pissed anyone off sufficiently to hire a private investigator to dig up stuff on you. Right now you may not be a party to a lawsuit.

All those things may be true right now, but things change. You have no idea how valuable right information can be at a given time. And here you are, volunteering it on a silver plate for anyone to pick as they please.

<<Nothing bad ever happened to me due to lack of privacy protection.

In other words, I think you are missing a key word here:"Yet". Nothing happened to you yet.

I have a few friends who are very privacy minded. They even refuse to use most of the big social media networks out of privacy concerns. But most people spend a larger and larger proportion of our social life online. So what ends upp happening is the privacy minded folks become more and more isolated from old friends.

I would argue you have so much more to win, than you have to lose, from letting go of that fear to share your life online.

You do have a point; I do not think I can reasonably dispute that a lot of people will spend more time online.

I am not sure if it is fear though. I personally feel I already spend way too much time online as it is. It was beyond awful as I was going through school, where I ended up doing work/school/fun by effectively just switching screen throughout the day. After years of that pattern I eventually severely cut back ( and even now I think I am overdoing it, but baby steps ).

I am ok with losing some people and some of the artificial online relationship that brings ( I accept that some online relationship may actually be stronger than generic RL ones ).

That's my strategy exactly, fall squarely in the masses. I also started treating all my online conversations as public, if all my online life went public, it might be awkward but it would be "ok".

And while I'm diametrically opposed to the "if you have nothing to hide" argument, I really don't have anything to hide, so individually it doesn't impact me.

Because the effects are subtle and not obvious (Like climate change). If revealing your address meant hooligans would come over to your house and throw bricks through your windows every time you did that, you'd pretty quickly stop doing it. But spending more money over time and social cooling aren't bricks through the window.

As you said, let's not confuse privacy and security. In regards to privacy, I've given up on absolute privacy. However, I still self-host various things such as email, calendar, contacts, password managers and whatnot, but it's less for privacy reasons at this point, a bit for security reasons, but in reality it's mainly for control.

I won't lose access to my data if a company shuts down, or if some bad actor decides to maliciously send child pornography to my email and get my whole Apple/Google account cancelled (with no easy support for getting it back)

All in all, being able to export (data portability) comes first and foremost, regardless if it's not the most privacy-friendly program. If I can self-host it? All the better.

I used to self host everything (nextcloud) but it was a pain, so I stopped. I just use google drive and fastmail because Im locked in with my fastmail email addresses. Firefox is still the privacy browser, despite its recent dying gasps it still goes hard. Ive taken to just doing things the frictionless way as I dont think my personal risk is very high and the extra effort taxes my productivity. E.g. if I let firefox store passwords (in addition to keepass) I can instantly log in everywhere, but anyone/thing on my PC could hijack my life. There is no single right approach, only various tradeoffs. Time and effort being spent causes direct harm, vs only risk of an inconvenience like identity theft. If I need to really cover my tracks I use tails and tor, but the better opsec is just not to do anything illegal/embarassing in the first place. I use windows because gnu/linux is too distracting to be my daily driver (endless config and rough edges and too easy to lose data, and windows has better bare metal gaming experience for competitive), though I've had several years using as my primary os. I use iDrive to clone all my data as a fire back up.

Oh, and ublock origin and use social media apps in a browser on my phone and at a minimum with fake details.

- only Linux in my home network (which I prefer either way)

- only using my own cloud (NAS, Home Automation)

- heavily filtering internet (Pi-Hole or AdGuard + ublock when possible)

- no public social media (FB, Twitter, discord, whatever)

- Only throwaway accounts on some social media

- Not having a real phone number

- Using rented throwaway phone numbers when necessary

- Only use credit card for a few trusted services.

- Avoid services with questionable business practice (Forced 2fa over SMS being one common reason) but also things like Amazon, Microsoft, ..

What do you mean by "not having a real phone number"?

I don't have a phone number. My SIM card has only a data package.

In the context of privacy it mostly means you can't easily link my accounts trough my phone number.

As of why is a long story that mostly resolves around how bad and annoying a phone number as security measure is and how you have no way of actual owning your own number.

Support Firefox. The last independent browser resisting Google. I don't need to list all the things that Google are doing to undermine the web and adblocking. Safari is also fine in my book, but it's obviously proprietary and you may not trust Apple. Enable strict HTTPS and use an adblocker.

Encrypted cloud storage is fine but it's simply not convenient and sadly lacks good usability.

If you don't trust your ISP, use a VPN. Ideally a VPN you have full control over.

Social media needs and deserves to be handled separately from the rest of your life. Firefox Containers are one way for handling this. Or use Qubes if you deeply worry about advanced attacks.

Finally, use a different e-mail for each site you register for. This can be transparently automated using Firefox Relay or Apple's Hide My Email.

Of course, everything above are what I consider lightweight protections. There are heavier measures. Whatever you do, it's important to be clear about _who_ you want to keep your data private from. Because that entity may have more than way to gain access to your data. There is no such thing as absolute privacy in the virtual or physical world.

> The last independent browser resisting Google.

The irony is it's probably only still alive courtesy of Google.

I take privacy pretty seriously and to protect my privacy I do the following: * Use GrapheneOS on my smartphone with nearly no third-party apps * Use a VPN, because I don't trust my ISP * Use NoScript & uBlock * Use several ProtonMail addresses I change on a regular basis and use one-way trash mails. I also try to be on as few services as possible. If an email is leaked (didn't happened yet) delete it and create a new one. * Use Qubes + Whonix with FDE on a seperate laptop for things, which should stay private. I classify every other data from other devices as public. * Regulary check my home network traffic on my firewall. Especially when I do nothing on my devices or got a new device. * Destroy every camera and microphone in devices which can only be bought "smart" like every new TV. * Be aware that if I use an online service my data gets collected and act like someone is looking over my shoulder. Its not so bad, if you are aware of that. * Glueing my finger domes on a regular basis * Scan my house regulary for new WIFI and bluetooth devices in range

FTFY:

* Use GrapheneOS on my smartphone with nearly no third-party apps

* Use a VPN, because I don't trust my ISP

* Use NoScript & uBlock

* Use several ProtonMail addresses I change on a regular basis and use one-way trash mails. I also try to be on as few services as possible. If an email is leaked (didn't happened yet) delete it and create a new one.

* Use Qubes + Whonix with FDE on a seperate laptop for things, which should stay private. I classify every other data from other devices as public.

* Regulary check my home network traffic on my firewall. Especially when I do nothing on my devices or got a new device.

* Destroy every camera and microphone in devices which can only be bought "smart" like every new TV.

* Be aware that if I use an online service my data gets collected and act like someone is looking over my shoulder. Its not so bad, if you are aware of that. * Glueing my finger domes on a regular basis

* Scan my house regulary for new WIFI and bluetooth devices in range

- 1Password

- Fastmail (block images in email, which are often used for tracking)

- Privacy.com

1Password integrates with both of the above, so that any time I sign up for a new service it will get a random, unique email from Fastmail (masked email), a unique credit card from privacy.com, and I use 1Password to generate not only a unique, strong password but also a unique username (hence my current username here, squeegee_scream).

- sync.com for online storage. it's e2ee

- MFA everywhere it's available

- 1Blocker

- nextdns

- use privacy-respecting alternative frontends:

  - use invidious instead of youtube
  
  - libreddit or teddit instead of reddit
  
  - nitter instead of twitter

- macos, following https://github.com/drduh/macOS-Security-and-Privacy-Guide for hardening (I haven't compared this to other hardening guides, but doing something is better than nothing)

- rotate my usernames on social sites on a regular basis. I'm really only active on reddit and HN, but I'm still concerned about being doxxed

- avoid buying things from amazon

- Signal app for communication as often as possible

> Let's not confuse anonymity vs privacy vs tin-foil hat level paranoid.

First I set out a threat model, which allows me to switch context depending on level of opsec needed. (Do I really need a disposable VM in Qubes just to read a PDF document versus opening it in Google Docs, for example).

Then any number of tools and best practices from these fine websites:

https://www.privacyguides.org/

https://ssd.eff.org/

https://www.amiunique.org/

https://www.youtube.com/c/TheHatedOne/videos

https://anonymousplanet.org/

https://www.whonix.org/wiki/DoNot

I have given up on privacy.

Any steps I take to preserve my privacy are negated by my inactions of years past, the current actions of my friends and family, and the actions of my government

That said…

I use an adblocker because it makes the browsing experience better and I use Firefox because it makes me feel better about browsing the internet.

I’m in the apple ecosystem which makes me feel slightly more private and occasionally use signal to have certain conversations with certain people

Of course at the end of the day I know whatever I do doesn’t really matter and the worst thing that could happen is I get more targeted ads.

Sure, I could get targeted by the government should it turn evil, but I don’t believe that online privacy would prevent that from happening anyways. I’m just not that interesting of a person so I take solace in that.

Now that I’m writing this.. I’m non religious and I believe in the right to own firearms. These opinions could make me a target or make me more interesting to an evil government. I guess I just hope the checks and balances we have are enough.

>Any steps I take to preserve my privacy are negated by my inactions of years past, the current actions of my friends and family, and the actions of my government

Well pester your friends and family to move to Signal and install uBlock on their browsers x)

Ha in a perfect world.

Honestly I used to try and convince people to be careful about online privacy but I found it made people like me less

>inactions of years past

Completely untrue. Data becomes less valuable as time goes on to the point that it becomes worthless.

Does it? Even old data could be used to build a psychological profile on someone and be extrapolated to present day if I dropped off the map

It is valuable, you can tell because companies like Google and Facebook have no intention to automatically forget old data, instead they are intent on keeping it forever. I expect they see data=money.

- Firefox with First Party Isolation, resist_fingerprinting, uBlock, Cookie Autodelete (with manual exceptions), and LocalCDN. This is the basic set up to have at least some degree of privacy on the www. I wish there was a simple way to have this all set up out of the box, or 99% of technical users won't be able to do this unless their techy friend does it for them.

- On the phone, besides a similar setup for the browser, I run LineageOS+microg, AdAway (system-wide ad-block), AfWall on allow mode (block internet access for all apps except whitelisted), and XPrivacyLua (fakes permissions for apps which refuse to run without them). Absolutely NO google apps whatsoever.

- Social media I mostly don't do, for my privacy but also for my sanity x)

- Email I use ProtonMail, storage I use my NAS (not ideal, I know, need offsite backup)

I don't have accounts at any major online businesses, except Visa. Can't really avoid that one easily.

My browsers block connections to trackers and 3rd party cookies. Sometimes scripts too, for good measure, and some selected stuff from user.js (https://github.com/arkenfox/user.js). Separate profiles for each service just to make really sure important stuff doesn't get affected by casual browsing, and vice versa.

No google- or apple- owned phone. Phoning home from the PC is also at minimum - just Firefox does it and the package manager.

It's not total privacy because for some interactions you want to share your details, like payment info, but what I get is that I know where I pierce the boundary.

> No google- or apple- owned phone.

What device do you use, then?

No mobile device at all. But there are Linux phones like the Librem 5 or PinePhone, as well as degoogled Android phones.

How do you deal with phone calls and such?

I try not to get any. I have a backup Librem 5 and a SIM card for the one time in the year when I have no other choice.

I'm not doing enough :( I'm not sure what I can do.

I have two browsers, Firefox and Chrome. On Firefox I run add blocker, on Chrome I don't run it. Why? My job requires sometimes to help marketing team and if you block adds you don't see the whole picture or our and competitors activity.

I don't encrypt files before upload. Why? I'm not sure how to do it and my biggest fear is what if my encryption key stops working. I got locked out my Windows because I run a system update and I didn't disable bit locker before that. So I had to go through recovery procedure.

I use Twitter and LinkedIn. I'm not very social on social media. I don't create content.

It's not much, but I do a couple of things:

- NextDNS configured to block ads, trackers and unnecessary domains (including all Facebook domains) across my home network and mobile devices

- Use multiple browsers on desktop and mobile, all configured with privacy settings, to keep Google-related tasks separate, i.e. use Chrome only for Google stuff, Bromite/Vivaldi/Firefox for everything else.

- Use uBlock Origin on all my desktop browsers.

- Sticking with Windows 10 for the time being. But highly configured to turn off telemetry and remove Microsoft's general crap they include in Windows.

- Been learning how to self-host stuff and slowly migrate apps and things to my server where possible.

Absolutely nothing at all. I do not mind being tracked, all that happens I get targeted (better?!) ads for it. If I'd have something to hide, it's the government I would want to hide it from, not corporations. And you can't really hide from the government...

That being said I do run ad&popup blockers for a better browsing experience. Those idiotic cookie prompts are the bane of web browsing inside the EU and I run the "I don't care about cookies" extension to get rid of them.

I also encrypt sensitive private folders on all my machines.

use a network snitch[1] on desktop and mobile. the original slogan says it all: makes the invisible visible. i’d love to use a filesystem snitch too, but none exist yet afaik.

it’s interesting to observe firefox or any other legitimate app i’m using make many unsolicited requests to weird domains. it feels good to interactively deny those connections.

make sure that cloud[2], which includes git hosts[3], are untrusted. unencrypted data should never hit remote. keys should never leave local.

consider the tradeoffs with online interactions. engaging with other humans in public on github and hackernews is likely worth. engaging in impassioned op-ed debate with bots on engagement monetization platforms like twitter or youtube is likely not.

pay for things like kagi search. trading money for a product or service that improves your life is a good deal. no free lunch.

cover unused cameras with black stickers. ios faceid still works without a forward facing camera.

1. https://github.com/nathants/mighty-snitch

2. https://cryptomator.org/

3. https://github.com/nathants/git-remote-aws

I spent the last two years slowly deleting profiles or stripping them of information. I used maigret and Firefox' saved logins to list my profiles.

I also used Redacted to wipe my social media profiles clean. It was hard because I didn't want to delete the useful advice I wrote for others.

I reviewed the privacy settings of all the profiles I kept and turned off as much tracking as possible. I enforce the rest with browser extensions, and by staying logged out.

Enclose a small form factor, passively cooled, low power, computer in a enclosure made to block all covert communication that silicon trojans inside the CPU could use. No, a faraday cage does not work against all (very large) wavelengths, so absorbing is better.

Doubles down as protection layer against electromagnetic damage.

Once I confirm this works, I will build living quarters equally protected at all sides. Protects the brain equally.

Every comments talk about what you guys do, or do not do on your computer/phone. I have another aspect too: I avoid under any circumstances to buy or use “smart” things. The fridge, the heating thermostat, the bathroom scale, the vacuum, the running shoes, the bike computer is all a huge privacy risk, if they are connected to the internet. Maybe bigger than anything on your computer. Keep theese guys offline!

Apps - I selfhost most of my stuff. Very similar to https://axbom.com/indieweb/

OS - Ubuntu everywhere

Online Storage - This is part of my selfhosting stack. My server is in my house (but accessible from internet), no need for at rest encryption.

Social Media - Not much apart from some reddit and HN. Never got into other things.

At rest encryption helps if your threat model includes someone stealing your server. Junkies probably aren’t going to go through your files, but would you rather worry?

Similarly, offsite backup for if your server is stolen / house burns down /you accidentally rm -rf everything

At rest encryption also helps when disposing of the HDDs since there's no need for extra precautions.

well, I also have my passport, visa, house documents and what not. I don't lock them up in a safe. So, yeah, all this really depends on how much you worry about robbery. Atleast , where I live, there is practically 0 robbery.

I used to think like that too but I think it’s flawed. By that logic you should withdraw all your money and pile it up next to your passport and unencrypted drives because they could pilfer your drives to get bank passwords anyway.

Just because something doesn’t offer complete security, doesn’t mean it’s a bad idea.

The server is in my house though. I don't think it will get stolen.

Wouldn't a VPS make you more of a target?

I don't use a VPS, I selfhost with a home server.

The easiest and most straightforward advice is:

- Avoid cloud services

- Avoid services that require an account

- Avoid installing proprietary apps

- Use Free and open-source software (FOSS) if possible

There are of course always situations in which it is unavoidable to do one of those mentioned not-to-do things, but if you stick to those simple rules most of the time, you should be able to avoid the bulk of the undesirable stuff out there.

* GrapheneOS on a Pixel as Phone, for all people in my household - only FOSS apps from FDroid, no proprietary app such as banking (only in web browser)

* Linux with Firefox, uBlockOrigin and whitelist of JS enabled sites, off by default.

* Network wide DNS blocklist

* OpenWRT on Router

* Multiple VLANs to isolate black boxes such as TV when I can't avoid it

* I self-host a lot of services

I'm not that serious about it, since I think online privacy is kind-of a farce. PiHole on the home network; AdGuard Home on my travel router; Tailscale into my home network as an exit node if I want more protection; AdGuard DNS on my iDevices when they are on 5G.

I found this quite useful, and follow some of the ideas.

https://github.com/Lissy93/personal-security-checklist

Credits: to HN homwpage post I saw months ago

I use Peergos[0] for E2EE storage, doc editing, sharing media, calendar, kanban boards and social media. (Disclaimer: I also work on Peergos).

[0] https://peergos.org

Try https://purse.io with paying Bitcoin Cash (BCH) after using CoinShuffle. Purse.io uses Amazon to fulfil your orders. And you get a nice discount.

My main goal with my digital hygiene is less about privacy and more about trying to avoid surveillance capitalism. I try to avoid using any systems where someone will try to collect data as a way to get some economic advantage. With that said:

OS/Applications:

- Linux on the desktop since 2007.

- I was using Firefox with uBlock, switched to Brave because I like the model: it lets users "vote with their wallets" (by collecting the rewards and giving back to content creators they like) while keeping their personal data out of reach from advertisers.

- Went through a series of Android phones that could be rooted, installing Lineage OS whenever possible. I'm now on /e/OS, and I use only the apps that are available on F-Droid. I keep an old android around just for my banking app.

Online Storage:

- Avoid external cloud service at all costs. If the data is not on a server that I do not directly control, I treat it as a liability. No Google Drive, no Dropbox, no Spotify. Instead of being dependent on webapps, I prefer to sync my data between my machines with Syncthing and use the "proper" application to work/consume the data. I wrote more about it at https://raphael.lullis.net/thinking-heads-are-not-in-the-clo...

Social Media:

- Still using Twitter and reddit, but using libredirect. On mobile I browse through Fritter and Infinity for Reddit.

- Heavily encouraging anyone I can to switch away to the Fediverse. I may be biased though becuse I run a managed provider for Mastodon and Matrix (https://communick.com)

1. Use Simplelogin across services

2. My countries openly shared my history with Government so I use VPN all the time.

3. Kagi search for privacy search.

4. Mozilla browsers with extensions.

5. Ente for Image storage

And ofc don't use much of social media

linux distro with full disk encryption, unique password for every site (self managed), nextcloud provider + cryptomator for cloud storage, opensnitch or similar for firewall, agressive ad/tracker blocking at dns and browser level, lineageos for mobile devices, preference foss software, pirate all media, mullivad vpn sometimes

what do you use for nextcloud provider? self-hosted or a third party?

third party, cheap and offshore

Change your name every 10 years like Eric Schmidt suggested.

### Applications and operating systems

- Brave browser

Privacy by default

-- Brave Search / SearXNG

- Pi-hole

Block trackers and ads network wide

- ProtonVPN

I use this to route connections through z morf private country with stricter data laws like the GDPR for example.

- Gnu/Linux

A system that I can trust, and isn't motivated by stocks but rather value.

I won't say its perfect, its not, but it works for me.

- CalyxOS

I also run CalyxOS, a privacy focused OS that is actually usable, and supports SafetyNet, its a very normal experience, apart from the complications of using a work profile for closed source apps(which I'm thinking of removing because its just annoying).

Its of course very important to me not to get stalked by for profit companies.

Privacy is a human right.

### Online storage

I mainly use a local Nextcloud server for this.

The upload speeds are great because its local, and I'm working on backing it up to object storage like R2 or scaleway archive.

Another option is using privacy cloud like ProtonDrive or Mega.

### social media

I don't avoid it fully, and unlike others I personally think HN is a form of social media, maybe more accurately a social network.

I used to use Reddit a lot, but its honestly a crappy platform with tons of negativity and anything inevitability turns to NSFW.

I liked the tech communities on it, so I replaced it with HN.

I also use Twitter, which I think is(was) the best mainstream social media.

Probably gonna setup a mastodon account soon.

No other social media other than these.

Also, not using my public name everywhere. Where possible I use a random username.

- firefox with antitracking extensions and containers

- neovim

- linux

- dumb phone

- DeFi

My habits are mixed; it depends on the scenario. I tend to balance privacy with convenience. For example, I have a discount through work for mobile phone service. Technically, it's a company account to get the discount, which means the company has access to the account. But practically, we have too many employees for them to care, so I believe them when they say they won't access it except to find me if I skip out and don't pay.

For browsers, I use Firefox personally and Chrome for a few NPOs that use Google Workspace. Though I might switch back to Firefox for those, too. I use VMs to isolate the NPO stuff, and Chrome often crashes in a VM. I use VMs because my volunteer work is pretty heavy duty, technically; application adminstration, bookkeeping, etc. Lots of logins and accounts and what-no that I don't want to get mixed up with my personal stuff. My laptop runs Fedora. It used to be Debian, but some rando change they made set me off one day, and I quit it. It would be FreeBSD, because I'm nostalgic, but I can't find a decent laptop that works well with FreeBSD. I have a Yoga 6, which is almost there; just waiting on support for the Wi-Fi card, which is actually being worked on (yay!). I tried Qubes; it was neat, but the laptop is not beefy enough for it.

At home, I have two boxes running FreeBSD and a router running OpenWRT. The Ethernet and Wi-Fi networks are isolated, and I use Wireguard to connect to the boxes on the Ethernet network, even when I'm on the home Wi-Fi. This was more because I wanted a fun project, and also a bit of a convenience factor: I don't want to toggle Wireguard on my laptop or phone when I come and go. [Side-note: Thinking about this sent me down a rabbit hole, out of which I came with a better Wireguard setup. I had issues on the phone when changing networks, and realized it was DNS. So I fixed it, and now I don't have to restart the VPN when I change networks! Yay.]

I run Nextcloud on one of the BSD boxes; again, only accessible via Wireguard or Ethernet. I made it public once just to try out Nextcloud Social, but as much as I want to like the app, it's still a bit of a mess. I don't think is has even been updated to be compatible with the latest version of Nextcloud.

In addition to the machines at home, I have a low-rent VPS running Debian. It would run FreeBSD, too, but it was too much work to figure that out with that particular provider. It was also cheap enough that I didn't care ($23 a year or something). I use it to host my email, Postfix+Dovecot+Postgrey with regex aliases for unique email addresses for sign-ups, etc. Again, more fun project than paranoia. But honestly, I don't like giving random people my actual email address; even humans I know and like send me junk mail. I still have Gmail as a throwaway and because I have an Android phone, but I'm slowly moving things over to my other email address(es). I wouldn't mind switching to something like a Librem 5 or a Punkt MP02, but the convenience (not a requirement) of workplace apps keeps me on a mainstream smartphone.

As for storage, mostly Nextcloud. The laptop disk is encrypted, but I don't do disk encryption on the BSD boxes. I need them up and running automatically after a power outage when I'm away. The router also has some external storage, mostly for music and movies (via minidlna).

I try to stay away from too much social media. I quit Twitter before quitting Twitter was cool (long before Musk was even considering buying it). I quit Facebook before the pandemic, then rejoined during the pandemic. I figured if the world was ending, it wouldn't matter. Sadly, the world did not end. I'm planning my second exit from Facebook.

For me, privacy is less about what I need and more about, "why do you need this?" The answer is usually, "you don't." I will turn off location services for apps that don't need them. I once deleted my bank's mobile app, because it wouldn't let me log in without turning on location services. I get it, you probably want to show me where your branches are or something. Hey, guess what? I work for you, so I know where they are: Everywhere I don't live. I complained, "our competitors don't do this." They fixed it, and I downloaded it again once they stopped requiring location. I do similarly with other mobile apps; unless there is a clear need or convenience, baleted.

I'd say I'm a bit concerned with this, but without being paranoid. I try to follow security "best practices", but more so that my devices don't become part of some botnet. If given the chance, I'll go for the privacy-protecting option, but only to a point. I don't consider all my computing devices equivalent: I can tolerate much more invasive apps on my phone, which I basically only use to make calls and to find my way around town, than on my computer, which has access to a bunch of personal things. But I do deny all requests to access my contacts to any and all 3rd party apps, and only allow them to use GPS if at all necessary (say for a navigation app) and then only when I'm using them. No access to my pictures, either.

> ### Applications, Operating Systems

I mostly use Linux for reasons unrelated to tracking: I genuinely enjoy using it the most, since it just gets out of my way. The only thing that had a better OOB experience was my macbook pro. Windows annoys me to no end and doesn't fully support my bog-standard HP laptop (!). I still use it on my gaming PC, though. I used to like macOS, but it's becoming more and more windowsy, so I got back on Linux when it stopped supporting my aging MBP.

I don't do any particular hardening, apart from using OpenSnitch (which doesn't seem to catch anything interesting - but I use a basic system). My servers do use linux-hardened kernel and have a default deny firewall with containerized (lxc) everything, but it's more "because I can" and some are on the internet. My laptop runs linux-zen because I value responsiveness and figure it's secure enough.

I mostly use local applications, since I value comfort. For me, that means not having to wait around for a browser to load 1 GB of JS just to show me a list. But if there's no other option, I'll use online apps.

I use Firefox because I'm not comfortable with Google's push of accounts and whatnot on the browser. I also think it's important for there to be a diversity of browsers, and Firefox works well enough for my needs. I run UBO and uMatrix on it.

I use an iPhone because I find it gets out of my way. Android is sluggish, and the interface is janky. Moreover, my iPhone 7 works as good as when it was new, and still gets security updates (installed one yesterday). I'd be hard-pressed to find an equivalent Android phone. I don't care to change phones every other year.

I used to mess around with custom ROMs on my older Samsungs GSs, but I'm past that. To me, my phone is basically an appliance. Its most important feature is getting out of my way. I only have a few apps installed that weren't there in the default install. I sympathize with the people who are angry about not being able to install whatever they want. But I just don't need to do that, so I prioritize other factors much more, so the iphone comes out on top.

> ### Online Storage

I use paid GSuite (or whatever it's called now) for the email of my company. I chose it so I can use Google Drive for my backups, since it's the cheapest way to get email + storage (for the amount I require). I back up my photography to it via Arq, which encrypts it before sending. Other than that, I use a bog-standard Linux on a geriatric server as my file server. No XCloud distro or whatever, just Arch Linux + (encrypted) ZFS + Samba. I try to have all data encrypted at rest and move it around encrypted (wireguard).

I also try to avoid depending too much on my internet connection, so all my home automation (lights + temp sensors) are running locally on a Home Assistant VM. My lights are set up in such a way that I can still use them when all the computers and internet are down.

> ### Social Media

Don't block it. I don't avoid it, so much as I just don't care about it. I simply never got any use out of it. The longest I used TikTok was like 10 minutes when I saw an HN thread about how the algorithm learns and got curious. After the Nth half-naked dancing girl and people screaming at police (I'm not even in the US), I just got bored and deleted the app. Ditto for twitter / facebook / reddit: I'll go see a post if someone sends me a link, but I don't have the patience to "browse" them and never just open them up. The only social-media I regularly use is HN, because I find the content interesting.