Any Extreme Privacy Enthusiasts Here? Share your setup.

[Vishnu2jd]

Are there any extreme privacy-conscious people here? Just wanted to share my setup and see if anyone has suggestions or feedback. Also share yours.

I know a lot of people will say, "Why so much effort? This is overkill!" But honestly, I like having peace of mind. In today’s world of mass surveillance, political targeting, and data brokers selling everything, it is more important than ever.

Since I live in a tier-2 town(fully remote job), I don’t even need most of the Play Services-heavy apps like Uber, Rapido, Ola, Zepto, etc., so de-Googling has been quite easy for me. Honestly it is suprising so many apps work without play services. Now, here’s my setup:

Phone: GrapheneOS (Pixel 7a)

• No google play service on my main profile. Rethink DNS (NextDNS DoH) blocks ads, trackers, and all Google & Facebook DNS (except WhatsApp).
• Some FOSS apps like Aurora Store & NewPipe need Google servers, so I have excluded them from blocking in rethink dns.
• Work Profile (with Island) with GrapheneOS’ sandboxed Play Services, but I use it maybe once or twice a month only for apps that absolutely need it. It stays turned off most of the time.
• Hardened Firefox fork(Ironfox) for private browsing. Main Firefox for a few services where I have to stay logged in and don't have apps or want to use their apps.
• Network & Sensor Restrictions: If an app works offline, I block its internet access. Also, disabled sensors for apps that don’t need them.
• Mostly use foss apps from f-droid(droidify).
• Email: moved from gmail to protonmail

PC/laptop: Arch linux kde on pc and fedora kde on laptop.

• Not much to say. I use it normally with firefox. I allow data collection on kde as I want them to improve it.

Home Server: Raspberry Pi 4B

• SSH hardening: Non standard ssh port(yes, I opened the port externally because I depend on my home server and need to access it remotely). SSH keys or password+totp login, Fail2Ban, ufw firewall
• Services running: Arr setup(jellyfin, prowlarr, radarr,sonarr, qbittorrent), Immich, Authelia etc. All data sensitive services behind authelia with totp.
• Nginx Geo-blocking: Only allows access from India IPs
• Weekly backups because data loss sucks.

Network & Router: OpenWRT (TP-Link)

• Not much to say: Running default firewall rules with network-wide ad/tracker blocking via NextDNS and some ports opened.

I know this setup is not for everyone. But it works for me.
What do you all think? Any suggestions for improvement? Also, what’s your setup like?

 

[tirth0jain]

Off topic, how do you backup your server. Raid or software backup?

 

[Vishnu2jd]

Currently, I back up manually. I connect an external SSD to my PC and use rsync to back up my data. Right now, I’m only backing up Immich data as it is the only important data, but I plan to automate the process in the future.
I’m also considering encrypted offsite backups.
In the long run, I’ll be moving to a proper x86 server since the Raspberry Pi isn’t powerful enough for my needs.

 

[evilsmirker]

I was just recently reading about Graphene OS for Pixel 6a, and wondering what it would be like to switch to it- I finally chickened out and told myself that I'd play around with it when I upgraded or found a spare phone first. I've been looking to privacy-conscious stuff myself lately, but have been mostly reading up and shifting apps/software to FOSS stuff wherever convenient. It's easy to fall into the "But they already know everything and have my data, so how does it matter?" trap- I have myself, and I'm trying to get out. It does make you feel like a conspiracy theorist when you talk about it among friends, though.

Did you have difficulty adjusting to Graphene OS? Also, how is it working with immich? I've also recently started running a Pi4 server, and moving away from Google Photos would be brilliant. I'm only using Jellyfin on it for the time- running all the other *arr stuff from my windows laptop for now cuz my ironwolf 4TB isn't ext4 yet.

 

[Vishnu2jd]

I get what you mean—it’s easy to fall into the "they already have all my data, so why bother?" mindset. But honestly, taking back control, even step by step, is always worth it. And yeah, talking about privacy with non-tech friends can make you sound like a conspiracy theorist, but at the end of the day, it’s just about being mindful of where your data goes. Most people don’t even think about online privacy.

GrapheneOS wasn’t too hard to adjust to (It does have some drawbacks, like being a bit slower by default due to its extra security measures, but you can disable some of them if needed). The biggest change is losing full Play Services, but I was surprised by how many apps work fine without them (for UPI, only PhonePe and BHIM work, but they’re enough). Some apps may show a "requires Google Play Services" popup, but many still function normally. It really depends on what apps you rely on the most. I also try to use web versions instead of apps whenever possible, as missing Play Services doesn’t matter for web versions. And for apps that absolutely need Play Services, I just use them in the Work Profile with sandboxed Play Services, keeping my main profile completely Google-free.

Immich on raspberry pi.
It works ok. But when running ML tasks, it struggles. I initially have tens of thousands of photos . What I did is setup immich on pc and ran all ML tasks on it and migrated the database to rpi. Now it only needs to run ML tasks on newer uploaded files.

 

[Dhanush]

Mostly use foss apps from f-droid(droidify).

Use Obtanium, as it is directly synced with the GitHub repository for faster updates. Although I also use Droidfy, Obtanium appears to be more reliable and offers quicker updates.

Also, what’s your setup like?

As a long-time advocate for privacy, I have made a conscious effort to minimize the amount of data I share with big tech companies, despite relying on their apps for various purposes. My interest in digital privacy is inspired by notable figures such as Aaron Swartz, Edward Snowden, Kevin Mitnick, Linus Torvalds, and Richard Stallman, who have all contributed to the conversation about online security and freedom.

In terms of my mobile setup, where I replaced spying apps with FOSS alternatives. On my PC, I continue to use Windows for specific purposes, including gaming, as well as utilizing Adobe Suite and Microsoft Suite for productivity. Although I have experimented with Linux, running a game via Wine, I believe that Linux still requires further development to become a seamless replacement for Windows. My experience with Fedora and GNOME, which I used as a dual-boot setup, has shown promise, but there is still room for improvement.

 

[kaniamutan14]

I am starting to learn about self host and I have few questions,
Do you run rr setup on pi how is the performance
Did you have any issues with nextdns, I had some issues like instagram gif not working so i changed to mullvad dns
How do you find what causing issue if some website breaks, it happened to me once I cannot login to thehindu website, I cannot find what causing problem for three days I tried turning dns off, changing firefox settings, changing browsers later then I found out it is due to a filterlist in ublock orgin that deals with paywall how do you deals problem like these

 

[ninjenstein]

Love the write up. Why Graphene over Calyx? I discovered them first many years ago, when the Pixel 4a was in production. The irony that Google devices are the best to de-Google yourself never gets less ironic.

What laptop are you running Arch on?

And how are you accessing are suite + Jellyfin setup from outside home network? I have the same setup but limited to home network. Don’t know how what’s the best way to access it remotely.

If possible could you please write a tutorial or share a rough roadmap? I’m sure many people here must be interested.

 

[Dhanush]

Why Graphene over Calyx

Hope this helps: https://eylenburg.github.io/android_comparison.htm

 

[Heisen]

OP has too much free time on his hand, what you gonna do when some police man gonna come to your house regarding some random investigation which has nothing to do with you and asks you to unlock all your devices. If you say >>no<< you are going in.

My opinion, don't bother with all this, we have bigger problems at home. By home I mean country.

 

[ibose]

what you gonna do when some police man gonna come to your house regarding some random investigation which has nothing to do with you and asks you to unlock all your devices. If you say >>no<< you are going in.

That is true everywhere. If they want to catch you they will do it anyways, irrespective of what you do or don't do with your mobile.
PS : While I think we don't need to go to extremes, I don't see any problem in using some common sense or at least having knowledge about this subject. Privacy awareness is sorely lacking here.

 

[kaniamutan14]

OP has too much free time on his hand, what you gonna do when some police man gonna come to your house regarding some random investigation which has nothing to do with you and asks you to unlock all your devices. If you say >>no<< you are going in.

My opinion, don't bother with all this, we have bigger problems at home. By home I mean country.

we don't need to be in the far end of spectrum but we must take some limited actions from our end like using adblock, good dns for blocking ad, tracker, malware, phising sites, using foss apps, self hosting for our needs, these are now turning must for clean internet usage not only for privacy

 

[desi_gamer]

My opinion, don't bother with all this, we have bigger problems at home. By home I mean country.

"Arguing that you don’t care about the privacy because you have nothing to hide is like saying you don’t care about free speech because you have nothing to say." - read it somewhere.

Allow me to introduce you to Cambridge Analytica in UK. The firm used datasets created by the Facebook (now Meta) to target voters with messages on the basis of their political leaning. The goal was to sway public opinion to leave EU. And they succeeded.
Next was US presidential elections, though I have no conclusive proofs for the same.

What I have proof of is our government using the same tactics to sway election results. My batchmates are working for them. They are PhD from US top 10 institutions and get paid more annually than some of you will earn in a decade, maybe even lifetime. These operations utilize techniques such as:

• Micro-targeting voters with customized messages based on demographics and online behavior
• Sentiment analysis of social media conversations to gauge public opinion
• Geospatial mapping to identify voter density hotspots and election battlegrounds
• Predictive analytics to forecast voter turnout and election outcomes
• Profile creation based on data from retail purchases, utility bills and government scheme beneficiaries

If you think I'm bluffing, here's a report on India's own Cambridge Analytica.

I used to be like you. I was in college when I first realised what was happening. It has since completely changed my worldview. I have immense respect for OP for trying to bring up this conversation.

 

[Kloud]

That is true everywhere. If they want to catch you they will do it anyways, irrespective of what you do or don't do with your mobile.
PS : While I think we don't need to go to extremes, I don't see any problem in using some common sense or at least having knowledge about this subject. Privacy awareness is sorely lacking here.

Yes, I agree. We use common sense. Anything more, and life will get in the way.

When a bear is chasing, being the fastest in the group is usually enough.

Are there any extreme privacy-conscious people here?

My dear friend, you put your real name on an internet forum. They don't need to get into the phone if your life is already public. Not just you, anyone can locate anyone with a bit of Googling. You are not an exception. If it was the state who is after you, they can have your bank statements in just 10 minutes.

I also want to become "extreme privacy-conscious" but this exercise is futile. Give up!

 

[desi_gamer]

I also want to become "extreme privacy-conscious" but this exercise is futile. Give up!

You're looking at it wrong. If the state is after you, no way in hell you're escaping that. But as a collective society, the state can't be after all of us. The point is to make it infeasible for them to do so, though various privacy practises on individual level. Just do your part, with whatever you can. With enough of us, things will fall into place.

 

[buzz88]

I am baffled by some of the responses here. The OP has posted a nice writeup of their own setup and practices and asked other like-minded people to share theirs. Nowhere they are asking for a debate on -- if at all one should follow extreme privacy measures or not. Not saying that other people cannot express their views and opinions on the requirement for privacy measures, you certainly can and should, but this is not the place to do so. Open a new thread and discuss it. Why dissuade someone who only wanted feedback and sharing of knowledge on their own setup?

I just saw an old thread of mine pop up on the main page in which I asked for coffee espresso machine recommendations. Imagine if instead of replying to provide feedback and sharing experiences, people just went on saying why drink coffee. It's useless. Coffee is too much hassle. Just drink tea like everyone else.

Let's not discourage people from posting stuff just because we may not have an interest in it.

 

[privateer]

I used to run Adguard Home with DOT/DOH to mullvad DNS servers. VPN when needed. Fedora/debian on personal computers. Phone is one thing I could not change. I am too old to work with custom ROMs and custom problems. Always check privacy settings on whatever apps I am using. I know the big corps will get some data from me, I can't stop living my life because of that, but minimise what they can get and what they can use. Very little social media presence.

 

[Kloud]

But as a collective society, the state can't be after all of us. The point is to make it infeasible for them to do so, though various privacy practises on individual level. Just do your part, with whatever you can. With enough of us, things will fall into place.

And, what else did I say?

We use common sense. Anything more, and life will get in the way.

When a bear is chasing, being the fastest in the group is usually enough.

Let's not discourage people from posting stuff just because we may not have an interest in it.

Roger that.

 

[sheepai]

Pretty similar setup. Lineageos(changed captive portal, agps etc) with no google play services, selfhosted services (syncthing, photoprism, pihole etc). I also block all google domains (wildcard, pihole) except youtube on all of my devices.

Not having google maps, and android auto is the only annoying part.

 

[Heisen]

"Arguing that you don’t care about the privacy because you have nothing to hide"

You are misinterpreting what I said. At no point did I claim I don’t care about privacy. What I said was that these surface level privacy tricks, like scripts to avoid data collection, don’t really matter in the bigger picture. Sure, they might help you dodge some tracking, but they don’t protect you when it truly matters.

What happens when someone in authority shows up at your door and demands access to all your devices and apps? You will have to comply because you have no choice, and the very act of overly securing your data can be easily twisted into suspicion and can be used against you in our country. Police have too much power here, they can bend the laws against "probable cause" at their will, and can get anything they want from your secured folders. That, to me, is a far more serious problem.

I see it as it's like you know tsunami is coming, which will take your home with it, but you are still fixing the damaged stilts, which is supporting your house, because dealing with other problem is very hard or impossible, you choose to fix the smaller problem.

Perhaps I consider this aspect of the privacy problem more serious, am I wrong for pointing it out? I hope not.

is like saying you don’t care about free speech because you have nothing to say.

I did have something to say, and I said it, because I believed this forum valued free speech.

I made a comment by saying what I feel, which is directly related to OP post.

OP has too much free time on his hand,

The I asked him a question, what you gonna do in this hypothetical situation?

what you gonna do when some police man gonna come to your house regarding some random investigation which has nothing to do with you and asks you to unlock all your devices.

and then using the universal safeguard keywords to not offend anyone I used "In my opinion" I made the third statement, which is not directed towards anyone in particular.

My opinion, don't bother with all this, we have bigger problems at home. By home I mean country.

---

I just saw an old thread of mine pop up on the main page in which I asked for coffee espresso machine recommendations. Imagine if instead of replying to provide feedback and sharing experiences, people just went on saying why drink coffee. It's useless. Coffee is too much hassle. Just drink tea like everyone else.

Let's not discourage people from posting stuff just because we may not have an interest in it.

Okay, as an example check this thread's title and post - Fastest way to do UPI payments with fewest taps?

and check this reply from the member @blr_p

I've never tried UPI because of the scams associated with it.

So this thread and title makes me think..

How can I get robbed in the fewest steps..

Because he said what he thinks, would you call this "How can I get robbed in the fewest steps.." discouraging? Even though it is direct opposite of what the tread is about.

Not saying that other people cannot express their views and opinions on the requirement for privacy measures, you certainly can and should, but this is not the place to do so. Open a new thread and discuss it. Why dissuade someone who only wanted feedback and sharing of knowledge on their own setup?

So according to you the user @blr_p should open a separate thread to say what ever he thinks about the subject if his views are opposite?

How is the situation here any different?

---

Apologies @blr_p for dragging you in this by using your post as an example. The is the latest one I could remember from top of my head.