Any Extreme Privacy Enthusiasts Here? Share your setup.

[Vishnu2jd]

Are there any extreme privacy-conscious people here? Just wanted to share my setup and see if anyone has suggestions or feedback. Also share yours.

I know a lot of people will say, "Why so much effort? This is overkill!" But honestly, I like having peace of mind. In today’s world of mass surveillance, political targeting, and data brokers selling everything, it is more important than ever.

Since I live in a tier-2 town(fully remote job), I don’t even need most of the Play Services-heavy apps like Uber, Rapido, Ola, Zepto, etc., so de-Googling has been quite easy for me. Honestly it is suprising so many apps work without play services. Now, here’s my setup:

Phone: GrapheneOS (Pixel 7a)

• No google play service on my main profile. Rethink DNS (NextDNS DoH) blocks ads, trackers, and all Google & Facebook DNS (except WhatsApp).
• Some FOSS apps like Aurora Store & NewPipe need Google servers, so I have excluded them from blocking in rethink dns.
• Work Profile (with Island) with GrapheneOS’ sandboxed Play Services, but I use it maybe once or twice a month only for apps that absolutely need it. It stays turned off most of the time.
• Hardened Firefox fork(Ironfox) for private browsing. Main Firefox for a few services where I have to stay logged in and don't have apps or want to use their apps.
• Network & Sensor Restrictions: If an app works offline, I block its internet access. Also, disabled sensors for apps that don’t need them.
• Mostly use foss apps from f-droid(droidify).
• Email: moved from gmail to protonmail

PC/laptop: Arch linux kde on pc and fedora kde on laptop.

• Not much to say. I use it normally with firefox. I allow data collection on kde as I want them to improve it.

Home Server: Raspberry Pi 4B

• SSH hardening: Non standard ssh port(yes, I opened the port externally because I depend on my home server and need to access it remotely). SSH keys or password+totp login, Fail2Ban, ufw firewall
• Services running: Arr setup(jellyfin, prowlarr, radarr,sonarr, qbittorrent), Immich, Authelia etc. All data sensitive services behind authelia with totp.
• Nginx Geo-blocking: Only allows access from India IPs
• Weekly backups because data loss sucks.

Network & Router: OpenWRT (TP-Link)

• Not much to say: Running default firewall rules with network-wide ad/tracker blocking via NextDNS and some ports opened.

I know this setup is not for everyone. But it works for me.
What do you all think? Any suggestions for improvement? Also, what’s your setup like?

 

[tirth0jain]

Off topic, how do you backup your server. Raid or software backup?

 

[Vishnu2jd]

Currently, I back up manually. I connect an external SSD to my PC and use rsync to back up my data. Right now, I’m only backing up Immich data as it is the only important data, but I plan to automate the process in the future.
I’m also considering encrypted offsite backups.
In the long run, I’ll be moving to a proper x86 server since the Raspberry Pi isn’t powerful enough for my needs.

 

[evilsmirker]

I was just recently reading about Graphene OS for Pixel 6a, and wondering what it would be like to switch to it- I finally chickened out and told myself that I'd play around with it when I upgraded or found a spare phone first. I've been looking to privacy-conscious stuff myself lately, but have been mostly reading up and shifting apps/software to FOSS stuff wherever convenient. It's easy to fall into the "But they already know everything and have my data, so how does it matter?" trap- I have myself, and I'm trying to get out. It does make you feel like a conspiracy theorist when you talk about it among friends, though.

Did you have difficulty adjusting to Graphene OS? Also, how is it working with immich? I've also recently started running a Pi4 server, and moving away from Google Photos would be brilliant. I'm only using Jellyfin on it for the time- running all the other *arr stuff from my windows laptop for now cuz my ironwolf 4TB isn't ext4 yet.

 

[Vishnu2jd]

I get what you mean—it’s easy to fall into the "they already have all my data, so why bother?" mindset. But honestly, taking back control, even step by step, is always worth it. And yeah, talking about privacy with non-tech friends can make you sound like a conspiracy theorist, but at the end of the day, it’s just about being mindful of where your data goes. Most people don’t even think about online privacy.

GrapheneOS wasn’t too hard to adjust to (It does have some drawbacks, like being a bit slower by default due to its extra security measures, but you can disable some of them if needed). The biggest change is losing full Play Services, but I was surprised by how many apps work fine without them (for UPI, only PhonePe and BHIM work, but they’re enough). Some apps may show a "requires Google Play Services" popup, but many still function normally. It really depends on what apps you rely on the most. I also try to use web versions instead of apps whenever possible, as missing Play Services doesn’t matter for web versions. And for apps that absolutely need Play Services, I just use them in the Work Profile with sandboxed Play Services, keeping my main profile completely Google-free.

Immich on raspberry pi.
It works ok. But when running ML tasks, it struggles. I initially have tens of thousands of photos . What I did is setup immich on pc and ran all ML tasks on it and migrated the database to rpi. Now it only needs to run ML tasks on newer uploaded files.

 

[Dhanush]

Mostly use foss apps from f-droid(droidify).

Use Obtanium, as it is directly synced with the GitHub repository for faster updates. Although I also use Droidfy, Obtanium appears to be more reliable and offers quicker updates.

Also, what’s your setup like?

As a long-time advocate for privacy, I have made a conscious effort to minimize the amount of data I share with big tech companies, despite relying on their apps for various purposes. My interest in digital privacy is inspired by notable figures such as Aaron Swartz, Edward Snowden, Kevin Mitnick, Linus Torvalds, and Richard Stallman, who have all contributed to the conversation about online security and freedom.

In terms of my mobile setup, where I replaced spying apps with FOSS alternatives. On my PC, I continue to use Windows for specific purposes, including gaming, as well as utilizing Adobe Suite and Microsoft Suite for productivity. Although I have experimented with Linux, running a game via Wine, I believe that Linux still requires further development to become a seamless replacement for Windows. My experience with Fedora and GNOME, which I used as a dual-boot setup, has shown promise, but there is still room for improvement.