Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
Yes im aware that my search engine choice is not the best option.
Maps - > CoMaps Photos - > Immich (if you can self host) Passwords - > Bitwarden (May change in the future)
I agree with others on trying to not have one service for everything, which proton is trying to become. An alternative to Proton Mail and Calendar would be Tuta, though I haven't used them.
mailbox also.
always check the profit motive. Often if it's free, unsupported by donation/subscription nor sponsors with that system, and if it costs quite some money to uphold, then your data is the product.
I'm always pretty wary of when a company or its parent goes public, be it by IPO or trading - then ownership is no longer in people's hands but in profit's hands.
Contacts > the stock apps on GOS without network access.
Keep > Notesnook.
No VPN -> Mullvad VPN
Bro what? Using a VPN depends highly on your use case. This is way to general. I would remove that.
People will agree and disagree on individual choices, as we can see by the other comments, but I think that is an excellent start.
A message for others, improving your privacy can be a gradual process, you don't need change everything at once, since that would be overwhelming. Start with one or two, and if that works for you, move on to other items.
As others have pointed out, having so many Proton apps might be an issue. However, that line of thought only works if you’re really concerned about having a single point of failure. Most people value convenience much more than that.
The way I see it, this setup is somewhat noob-friendly, but relying heavily on Proton makes it a lot more convenient for many people. Using a greater variety of providers would make sense, but you can’t expect everyone to be ready for a hassle like that. People seem to expect you to be a hard-core privacy warrior who is willing to make significant sacrifices for philosophical reasons.
Most people aren’t like that. Just switching to DDG is hard enough for them, but at least it’s a step in the right direction.
If you take only 1/10th of this diagram, you get the simplified newbie version. Take all of it, and it’s for a person who is clearly interested in security and privacy. Modify a few things here and there, and you get a version for a serious security enthusiast. Different versions for different audiences.
As others have said, remove all proton stuff that you can. You are just replacing one centralized service with another. Google started out good too and look where we are now. Never put too many eggs in one basket.
For passwords, you can use the same KeepassXC database on multiple devices. It's encrypted, and you can have the passphrase file locally on multiple devices, and the cloud provider cannot access it even by brute forcing. The database itself would not be reliant on the cloud service, you can easily switch between any provider (I currently use dropbox)
You got great choices, actually. I'd only recommend to be as little dependent on multiple fronts on one company. So I'd change a few of Proton to something else.
Depending on how private communications must be, Threema might be better than Signal.
As for distro...
Mint is great (and honestly what I'd rec for people brand new to Linux). But if you want to harden privacy, the following Linux distros might be better:
I assume you want to use your distro as daily driver, and that your threat model isn't too severe. So the above ones should suffice.
If the threat model calls for it, or you're willing to sacrifice some usability for slightly more security, you could try QubesOS (arguably one of the most secure distros since it sandboxes everything as if they were a separate computer). Tails is another alternative, that's on a USB and forgets itself after usage.
For search engines...
... go for Qwant (French) or Ecosia (German). Both are European-owned and are busy constructing their own indexes (currently they still use Bing and Google). There's Mojeek (UK-based) which is independent.
I don't know how to block specific sites from popping up on them though, since I notice a certain trillionnaire's personal ""wiki"" pops up a LOT. Probably he's cheating and search bumping to spread his desinformation. It should be blocked.
Presearch also exists, which is decentralised and uses its own indexes. If you want OSS, there's SearXNG and YaCy which have metasearch options. Be careful in which instance you pick, though.
Arch Linux
You can break anything quite easily on arch if you don't know what you're doing, including security.
Lol very true, Ive been using Mint for maybe 7 years now, Ive tried Arch 3 times or more, broke evey single time ive used it. And that's with me not doing anything out of the ordinary. (No hate to Arch btw, I just can't figure it out)
Network effect is the biggest problem for messaging services, and so I would still push for Signal over the alternatives that are technically better. This guide seems like it is focussed on users who are new to the space
I agree with the Linux recommendation, but I'd offer CachyOS over pure Arch for newcomers. The limine bootloader gives a lot of peace of mind, since you can tell the user "if you get a bad update, reboot and pick an older option on the first screen".
Why is Threema better than Signal?
another thing is that the Trumpist US regime allegedly got access to Signal through Israeli spyware (Paragon), or is trying to do so. (The Guardian)
The Swiss military also has publicly shifted away from Signal, as they deemed it unsafe for communications.(Bleeping Computer). Signal's still subject to the CLOUD Act, while Threema is not.
The signal one suggests it's a phone OS hack that can open apps so could probably do threema too.
The article you shared suggested it's likely the result of lobbying by the company so they use a company inside the country.
Yeah looking at it I had the same thought. Il look into Threema, thanks!
DDG is fine. It's hard to have a "completely private" search engine as currently only Big Tech has a comprehensive enough index of the internet to effectively provide a search engine.
Obsidian isn't FOSS though. I'd recommend Notesnook as an alternative. I haven't tried any of the following but I also know of Logseq (which aims to do what Obsidian does but FOSS), Joplin, and Standard Notes, which you might want to look into.
I'm also slowly breaking out of the Google noose.
The only thing that is still holding me back is the OS, i have a HMD Skyline and it's great but it doesn't get a lot of open source support, the only option that pops up is /e/os and even on their website HMD isn't listed, anyone have suggestions for a HMD OS alternative?
Also have a Motorola and an older Sony Xperia to use as guinea pigs.
I use proton for a lot of stuff. The calendar is useless IMO since their custom bridge doesn't support linking anything else in. Same with contacts. For those two I use a self-hosted radicalev3 container, works like a charm.
Does someone have suggestions for what proton provides with its passmail? I think their implementation and usage experience with this entire reverse-email feature is pretty great and I dont want to give this anonymity up, selectively being able to send from those passmails is also a great feature that works really well in the rare case of getting something I need to reply to.
Would CoMaps be a better recommendation than OSMand?
For those who are familiar with Ente, how are their apps? I use something different for 2FA and photos, but I need recommendations for people who don't want to deal with selfhosting and backing up Aegis
Ente is pretty nice, Their UI's are clean and not bloated much. I don't use their online services though.
Edit: I use Osm since ive been using it for years now, all map's are pretty much forks, either from Osm or something that uses Open Street Map (from my understanding)
Proton Pass could be replaced by a synchronised KeePassXC/DX database.
I understand your point for Independent Password Managers. For some people this is not a solution. I would always recommend a password managers that fits your needs and know-how. My parents could not use keepass with sync without breaking or loosing shit. But protonpass, or Bitwarden or strongbox could be a viable option. In some rare cases I would even recommend Apple Passwort App. Better than nothing.
If you can figure out Linux, you can definitely use KeepassXC...
I use KeepassXC and it's database syncs great with Syncthing.
What I don't like about KP is it's ui. Too many pages. Everything should be one one page like KeepassDX. I wouldn't recommend for noobs.
Or Bitwarden (can selfhost too)
Thats a good idea, I only use is for accounts that I must have access to, other than that I write them on an encrypted SD card.
A little trick I use with obsidian is that if you use syncthing to sync the vault folder you can basically have a shared vault (in my experience the time to get edits from one device to another is like 10/15 seconds which is not bad at all)
Don't know Ente, but the GrapheneOS gallery works fine for basics, and pop Immich on Mint for the rest of google photos functionality. I'll suggest Bazzite for the distro, especially if they game or are likely to break things.
After my wife complained again about not being able to delete photos in PhotoPrism, I finally bit þe bullet and migrated to Immich.
So. Much. Better.
Even if you wave off þe features PhotoPrism has locked behind a paywall which Immich provides for free, þe ecosystem is just better. Þe Immich mobike apps (on mobile Linux and on Android) are better; you don't need a fussy 3rd-party sync tool*; Immich supports multi-user so you don't have to run a server for each user; and Immich CLI tooling options (immich-go) are great.
I have an allergy to running node software anywhere, but it's worþ it for Immich. It's þat much better.
(*) DGMW, PhotoBackup is great, but having to set it up for each user on boþ server and mobile is tedious, and þe whole Rube Goldberg system is harder to keep track of - especially for non-techies who just want þe damned thing to work
Fossify photos is also good.
Isn't google auth an OTP service? Proton Pass also supports that btw! Haven't heard about Ente before and what purpose it replaces a gallery with, but again you can upload and view photos to Proton Drive as well. Although I have not yet tried it myself because I like to keep them local.
Kagi is one of the search engines I actually trust, but it is paid. I can give you trial if you want to try it out. Oh and it being US based might also be drawback.
Pretty solid list I'd say!
Thank you, Auth is on there because I had to import a bunch of accounts at once. I use Ente Photos since it's a pretty nice UI, I never use their cloud storage though.