this post was submitted on 04 Jul 2026
17 points (100.0% liked)

Ask Lemmygrad

1355 readers
88 users here now

A place to ask questions of Lemmygrad's best and brightest

founded 3 years ago
MODERATORS
 

I only really know the basics about metadata, VPNs, and the fact that your phone is basically a walking tracker. I get that if you want true privacy, the answer is just "don’t use electronics lol"

But I also know that abandoning technology entirely is counterproductive these days. So… what should I actually use and keep in mind? I’ve heard Tuta isn’t trustworthy either

top 8 comments
sorted by: hot top controversial new old
[–] FinnTheComrade@lemmygrad.ml 7 points 1 day ago* (last edited 1 day ago) (2 children)

Comrade, privacy is quite a bit more than metadata tracking and such. In the modern internet, it really depends on what you're trying to hide from, and how much you're trying to hide from them. Identity theft? Just use 2FA for everything, have a local password manager randomly generate passwords, and don't click on suspicious links. The NSA? Burn your SSN card, convert any and all payments or savings to cash, Monero, or precious metals, wear anti-camera facepaint when you go outside, put rocks in your shoes so you walk funny around Flock Cameras, don't carry any mobile technology that isn't fully open source or made after 1995, and line your clothes and walls with tinfoil or lead.

In being a bit less hyperbolic, and assuming you mean staying private from government, private corp surveillance, and law enforcement orgs as much as possible while also being able to keep your sanity (something I'd be very jealous if you managed to actually keep), you should take a read of the following. Fair warning, walls of text.

1. Operating SystemsANY AND ALL operating systems you use should be open source. This means no Windows, no iOS or non AOSP Android operating systems. It's a Linux distribution (Pop! OS is good for beginners) and some FOSS (free and open source) Android phone OS for you. A phone with GrapheneOS, CalyxOS, or /e/OS is your best bet. Fair warning, GrapheneOS can only be installed on Google Pixels. If you're scared to download the operating system yourself and in an area that gets coverage for it, I would get a Fairphone that comes preinstalled with /e/OS (or wait for the 2027 Motorola flagship GrapheneOS phone, but by then anti-privacy laws will have likely fucked everybody lol). If you're hiding from the feds, you especially want to make sure that your data is encrypted, so get LUKS2 Full Disk Encryption for Linux systems at install (it is almost always an option in the install GUI). Make sure your phone always requires a secure Password or PIN to unlock and that you have Full Disk Encryption or File-Based Encryption enabled on whatever Android OS you're using. Do not use Biometric (Face or fingerprint) unlocks. Aside from potential privacy concerns—which may be a bit overblown in certain circumstances—they are big security gaps as anyone can lift your fingerprint from a cup or table. The cops especially can get your biometrics whenever they want you in particular.
2. EmailEmail is... not private. There is no way to make email truly private, it's simply a form of communication not designed with that possibility in mind. 'Private' email providers will give over whatever metadata they have on you or sell you out the next time you log in when government push comes to shove. The best way to make email privacy respecting is to not do sensitive communication over it at ALL. Just pick the best and most convenient option for yourself. ProtonMail, TutaNota are fine. Migadu allows you basically unlimited aliases and is a pretty good alternative to those two. If you wanna get somewhat technical, you can purchase a domain name and self host your own email service and run it through Thunderbird with encryption on. Alternatively, you could get just ProtonPass premium or anonaddy which also allow for unlimited aliases in tandem with ProtonMail/Tutanota.
3. CommunicationAll communication you have, but especially sensitive communication should be done through, Open Source, End to End Encrypted services like Signal, Matrix/Element, Briar, or Threema (DO NOT USE WHATSAPP). The less centralized the better. All apps you use should be open source, and any non open source apps should be heavily limited in permissions by your (FOSS) operating system or cut off from the internet entirely unless absolutely necessary.
4. The InternetIn terms of connecting through the internet, you should be using a VPN at all times. ProtonVPN is fine for newbies, but try to stay away from keeping everything in the Proton suite (also generally just don't trust corps). The day they sell out will put you into a panic if you rely on them too much. Mullvad, Windscribe, Hide.me, AirVPN, and IVPN are good VPN services (take IVPN with a grain of salt as I have looked into it the least). For maximum privacy you should pay them in Monero or cash mailed to them with no return address. Let's also not bring 'vote with your wallet' bullshit into a leftist space. Mullvad had a recent controversy for a cofounder funding a far right party. Thing is, they give a battle tested service for a great price, and allow cash payment. Every company plays into this system in some way anyways. Also look into setting up PiHole or NextDNS to block outbound signals from trackers and keep your internal network nice and clean.
5. Web BrowsingDon't use Chrome, OperaGX, Safari, Edge, or any other big time web browser. Only use, as previously mentioned, open source software. I like Waterfox as a daily driver, but there are still good options out there. LibreWolf and Zen Browser are also recommended for desktop and Vanadium or IronFox for Android. Keep an eye on Ladybird browser as it is built from the ground up off of neither Chromium (Google) or Gecko (Firefox) and set to have an alpha release this year. Make sure you read up on what a DNS is and the potential leaks that it can cause when behind a VPN. When you download a Firefox fork of choice set your default search engine to DuckDuckGo, or if you want to be techy selfhost SearXNG. Of course, get uBlock Origin and trick it out with a nice set of antitracker additions, also get LibRedirect so that, if you so desire, you can access things like YouTube, imgur, and Reddit without touching proprietary tracker-heavy Javascript. If you really hate the idea of your browser being fingerprinted, which is very hard to mitigate completely, consider getting JShelter. Both JShelter and LibreWolf are known to cause some sites to break, so be prepared to fiddle a little bit if you need to. TOR is the only truly anonymous web browser, but it's slow, breaks everything, and definitely should only be used for highly sensitive actions.
6. Compartmentalization and Physical SecurityWhen using the same device, web browser, or even desktop user profile extended period of time, you give off unique identifiers that can be traced from site to site. The best way to mitigate this is to compartmentalize your activity. For example, you can only use basic Firefox/Waterfox for innocuous activities—like scrolling instagram or shopping for clothes/on Amazon—that require you to log in. You can use LibreWolf for activities that are more sensitive, like looking into therapy, reading theory, researching medical conditions, consuming porn, etc. For highly sensitive activities you could go as far as using TOR. This logic applies to everything. You can have a crappy old Huawei trap phone for organizing people in your community and a sexy new cutting edge iOS phone for just talking to family or scrolling Twitter. On your computer (or your new FOSS Android operating system wink wink ;)) you could set aside a profile specifically for gaming, or even partition your hard drive/get an external drive with another Linux distro installed specifically for that purpose. Browsers like Waterfox can allow this to a smaller scale with container tabs for work, banking, and shopping. The only rule is that you must be careful with how you compartmentalize. Remember that old Huawei trap phone? Yeah, when you're not using it, it stays in a Faraday Bag. You don't connect to public WiFi with it. You don't put a SIM card in it unless that shit is a secure SIM provider (whole new can of worms) or a prepaid SIM paid for in cash or Monero. You don't even text mee-maw on it, that's what the iOS phone is for. You may as well seal that Huawei in fresh concrete every night and break it out in the morning. If you extend something like this to laptops, where you're doing something highly sensitive, you can even buy a kill-cable that scrambles your data or locks it all down it is suddenly disconnected.

[–] Moidialectica@hexbear.net 2 points 21 hours ago

Wouldn't self hosting SearXNG only work if you have privately acquired a VPS that couldn't be tied back to you? In the end it still sends requests to many search engines and is still tied to your server, wouldn't it be better to use a public instance? Maybe rotate between public instances?

[–] FinnTheComrade@lemmygrad.ml 6 points 1 day ago* (last edited 1 day ago) (1 children)

I couldn't add this bit in because I hit the character limit, but I want to leave you with this.

:::spoiler 7. Stay Sane, Comrade All of this may feel overwhelming, because it is. These things shouldn't exist. There shouldn't be some massive, overarching arm of surveillance over the entirety of the internet and of all digital forms of communication. Additionally, you shouldn't be able to write a whole essay about combating violations of our privacy and still barely be scratching the surface. Reading into all this, it would drive anyone crazy, and has ripped me mad with anxiety and paranoia. But we must steel our nerves. Privacy, real privacy cannot be built in a day, in much the same way that all of these massive surveillance programs were not built in a day. Unfortunately, under capitalism, our privacy is merely another commodity to be bought and sold. Capital will squeeze us dry of all our worldly possessions, will strip us naked of every semblance of human decency in the name of profits. But, again, we mustn't despair. Although I have despaired many times in the face of this great evil, we mustn't because it is we who know what must be done. In the meantime, while we bring ourselves together to overthrow this scourge, we must fight back in every way possible in order to secure our futures. This surveillance may feel like it is eating us alive, but we must not allow the Panopticon to freeze us in place. There are ways to fight back and liberate ourselves, even under the current world order. There are many, great, guides, to help us along the way! There are ways to avoid the preening eyes of low level hardware surveillance and there will continue to be. Here is a great resource from a comrade of ours. Among the amazing lexicon of ML reading resources, they also provide a great list of OPSEC and Privacy guides elsewhere on their page. So steel yourself and lock down your privacy to help yourself organize! Do not allow yourself to despair or be frozen in terror! And please, above all, keep yourself sane even in the face of all of it.

[–] RindoGang@lemmygrad.ml 3 points 1 day ago

Thank you so much for info! I really appreciate it

[–] opiumfree@lemmygrad.ml 5 points 2 days ago

message user OpiumFree all of your personal information (i will keep them safe)

[–] LeninsLinen@lemmygrad.ml 9 points 2 days ago

I'd advise using an email aliasing service (i.e addy.io) and a locally available password database (i.e keepass) synced across your devices via syncthing to protect your actual email address from leaks and to keep your passwords out of the cloud respectively.

Other than that, limit your number of online accounts to reduce number of potential weak links. Use cash to pay for stuff when possible. If you absolutely need to consume mainstream social media, do so via libre frontends like Redlib for reddit and invidous for youtube. Basically, give up any semblance of convenience.

[–] Cysioland@lemmygrad.ml 4 points 2 days ago (1 children)
[–] RedWizard@hexbear.net 6 points 2 days ago

Yeah privacy measures without a threat analysis is an endless aim.