Are there any extreme privacy-conscious people here? Just wanted to share my setup and see if anyone has suggestions or feedback. Also share yours.
I know a lot of people will say, "Why so much effort? This is overkill!" But honestly, I like having peace of mind. In today’s world of mass surveillance, political targeting, and data brokers selling everything, it is more important than ever.
Since I live in a tier-2 town(fully remote job), I don’t even need most of the Play Services-heavy apps like Uber, Rapido, Ola, Zepto, etc., so de-Googling has been quite easy for me. Honestly it is suprising so many apps work without play services. Now, here’s my setup:
Phone: GrapheneOS (Pixel 7a)
- No google play service on my main profile. Rethink DNS (NextDNS DoH) blocks ads, trackers, and all Google & Facebook DNS (except WhatsApp).
- Some FOSS apps like Aurora Store & NewPipe need Google servers, so I have excluded them from blocking in rethink dns.
- Work Profile (with Island) with GrapheneOS’ sandboxed Play Services, but I use it maybe once or twice a month only for apps that absolutely need it. It stays turned off most of the time.
- Hardened Firefox fork(Ironfox) for private browsing. Main Firefox for a few services where I have to stay logged in and don't have apps or want to use their apps.
- Network & Sensor Restrictions: If an app works offline, I block its internet access. Also, disabled sensors for apps that don’t need them.
- Mostly use foss apps from f-droid(droidify).
- Email: moved from gmail to protonmail
PC/laptop: Arch linux kde on pc and fedora kde on laptop.
- Not much to say. I use it normally with firefox. I allow data collection on kde as I want them to improve it.
Home Server: Raspberry Pi 4B
- SSH hardening: Non standard ssh port(yes, I opened the port externally because I depend on my home server and need to access it remotely). SSH keys or password+totp login, Fail2Ban, ufw firewall
- Services running: Arr setup(jellyfin, prowlarr, radarr,sonarr, qbittorrent), Immich, Authelia etc. All data sensitive services behind authelia with totp.
- Nginx Geo-blocking: Only allows access from India IPs
- Weekly backups because data loss sucks.
Network & Router: OpenWRT (TP-Link)
- Not much to say: Running default firewall rules with network-wide ad/tracker blocking via NextDNS and some ports opened.
I know this setup is not for everyone. But it works for me.
What do you all think? Any suggestions for improvement? Also, what’s your setup like?
Great write up.
I'm using Calyx OS on my Mi A2. I really want a KDE Plasma phone, but it looks like that project is dead.
Debian on all my machines. Firefox with ublock as my browser on all devices. Along with multi-account containers so that my tabs can't spy on each other.
Got a Raspberry Pi 3 running Nextcloud for my contacts, notes and calendar. (I need to get some web hosting so that I have access when I'm not on LAN.) I haven't bothered about security except allowing access only from local IP's.
I backup my files to Mega, because they've got a Linux desktop application. Dropbox does too, but sometime back I decided to go with Mega instead. I can't recall why, but its been a good experience so far.
I used to have a DD-WRT router, but it died, so now just using the one Airtel gave me.
I use outlook.com for most of my emails - with aliases for different services, and login through only 1 address which isn't used for mailing. I used to use Migadu for my domains but have since shifted to mxroute.com.
It's becoming increasingly difficult to maintain privacy on ones phone. The only phones that support secure (ish) OS's like Graphene and Calyx with bootloader relocking are the Pixels. My phone's almost 6 years old now, and I'm thinking of picking up a Pixel in the next BBD sale. How's your experience been?
If it wasn't for banking and UPI apps, I could have chosen any phone and installed a custom ROM without google play services, but we can't do without them now.
I began thinking about privacy when about 10-15 years ago the Congress government began arresting people for random social media posts. All political parties have since followed suit.
I also began worrying about the power of the social media giants to direct human behaviour, by targeted posts that amplify misinformation. My fears have since proved to be well founded.
My experience has been great so far.
When I look at my wife's Samsung phone, or anyone's Windows computer, I get the feeling that I'm the product, and not the other way round, and that makes me glad that I've chosen Debian and CalyxOS as my operating systems.
