this post was submitted on 04 Jul 2025
65 points (98.5% liked)

Privacy

39616 readers
233 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
65
Best privacy preserving measures (lemmy.dbzer0.com)
submitted 2 days ago* (last edited 2 days ago) by moe93@lemmy.dbzer0.com to c/privacy@lemmy.ml
39 comments fedilink hide all child comments
 

Considering the current intrusive cyber climate, what are the best ways to preserve privacy?

For example, I have been exclusively using a VPN connection network-wide at home setup on OpenWrt, which in turn has a PiHole as its DNS, with the PiHole using Unbound and NextDNS (redundant I know, but I use it to encrypt my requests more than anything else).

I also have Wireguard setup so I can VPN all my devices to my network while I am on the road (also have a NextDNS profile installed. Yes I know, it’s redundant).

I also basically have all my “smart” devices (TV, lightbulbs, air purifier, etc…) at home cutoff from the internet using OpenWrt’s firewall to prevent them from calling home.

I rotate web browsers frequently to try and attempt avoiding getting fingerprinted, not sure how useful that is.

I switched email providers to mailbox.org because f*** Google and Microsoft.

I also am hosting my own cloud drive on Nextcloud to avoid using services like GDrive, OneDrive, Dropbox, etc…

I own Apple devices which aren’t the best for privacy but migrating from a whole ecosystem that I have been embedded in for MANY years is easier said than done. Hopefully in the future that’s my next move.

I feel like there is a lot more I can do but I am not sure what else. I would appreciate any and all suggestions ya’ll might have.

EDIT: I’m not being too extreme with my caution as some comments are making it sound to be. I am a very average person who is privacy conscious yet realize being cut off from the internet and society is not realistic. I guess my threat model is your basic “day-to-day it’s non of your business who am I online or what I do, please don’t profile/fingerprint me, I am just a passerby” kinda threat model.

all 40 comments
sorted by: hot top controversial new old
[–] Zerush@lemmy.ml 10 points 1 day ago (1 children)

Don't use localization or weather apps, don't use soft or services from big (US) corporations, don't use discount or banking apps in your mobile, use a good VPN/SPN or Snowflake, use Pi-Hole or better Portmaster on desktop, InVizible Pro on Mobile, don't store sensible data on your Mobile....the most important, use your common sense, PEBCAK

[–] monovergent@lemmy.ml 4 points 1 day ago (1 children)

What do you think of weather apps from F-Droid?

[–] Zerush@lemmy.ml 4 points 1 day ago (1 children)

All weather apps need your location, well from your GPS data or entering it manually and this is always an security hole, even if the app don't share it. If you want to use it, is preferable an FOSS app from F-Droid than one from Google Play, but the best apps are from the official meterologic agency of your country (in Spain AEMET), these are the most accurate and reliables and not driven by commercial interests, other apps anyway use their info from these agencies.

[–] monovergent@lemmy.ml 8 points 1 day ago (1 children)

Sadly, NOAA is prohibited from making their own weather app. God bless America.

[–] Zerush@lemmy.ml 2 points 1 day ago

That's sad. the US is really turning into a third world banana republic 💩

[–] pound_heap@lemmy.dbzer0.com 6 points 1 day ago

You have taken a lot of useful steps. May I suggest email aliases? Using same email address on many services is too easy to track

[–] Shamot@jlai.lu 10 points 1 day ago (1 children)

Use cash. A card payment allows your bank and the shop to track you.

[–] sunzu2@thebrainbin.org 5 points 1 day ago

This is a big one. Going back is a bit painful but nobody said fighting the class war would be easy

[–] stupid_asshole69@hexbear.net 2 points 1 day ago

I wouldn’t worry about moving away from the apple devices. Just turn on lockdown and keep it on, do the privacy checkup or whatever it’s called and use a doh profile.

On the other hand, which is to say stuff you should be doing to enhance your privacy, stop voting. Assuming you’re in the us, voter rolls with your home address are free for any advocacy group to peruse. Consider moving your home under a trust or something so that your property taxes are not tied to your name. If you rent, stop renting, if you can’t, consider renting a place from your local credit union instead of from a company. Banks have more chance to protect your privacy than a rental company will r an individual.

[–] SheeEttin@lemmy.zip 16 points 2 days ago (2 children)

The best way?

Get rid of all the connected stuff entirely, delete all your online accounts, get rid of your cell phone and similar devices, start paying cash for everything. Close your bank accounts and keep your money under your mattress. Move into the woods, grow your own food, and don't talk to anyone.

[–] edgesmash@lemmy.world 5 points 1 day ago

The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it.

-Robert Morris

[–] moe93@lemmy.dbzer0.com 8 points 2 days ago

Not taking it to the extreme here, being more realistic with what can be done in today’s society.

Can’t really move to the woods and be cut off from the internet, sadly enough that’s not something we can do nowadays.

[–] rodneyck@lemmy.dbzer0.com 10 points 1 day ago

You are still exposed by using Apple products. Use linux for PC's with encryption, vpn. For a phone, switch to device, such as a Google Pixel, or several other manufacturers that can use a privacy android rom. I use CalyxOS, private, secure and de-googled.

Lets not forget...operation PRISM which was exposed by Snowden.

[–] scytale@lemmy.zip 12 points 2 days ago (1 children)

The measures you’ve taken are more than enough for your threat model. I think it now depends on your data hygiene. Weakest link kinda thing, where it doesn’t matter if your home network is locked down and you use privacy friendly services if you’re careless with your data anyway; which I assume you aren’t.

[–] moe93@lemmy.dbzer0.com 2 points 2 days ago (3 children)

Thank you.

To your point, one example that comes to mind is that I have read many people complaining about cloudflare, saying it’s “evil” and over extending. While I agree on the aspect of Cloudflare being sort of a monopoly, I am not sure what else to use to route some of my traffic to my services running at home without explicitly opening up ports to the internet by using a reverse proxy for example.

In that regard, Cloudflare has access to my traffic and data could theoretically leak that way, but I am not sure what is a safer and better alternative to it.

[–] colournoun@beehaw.org 3 points 1 day ago

Tailscale (https://tailscale.com/) works great for remote access to your private services. Once the wireguard tunnel is established, then the traffic is peer-to-peer (assuming it’s configured correctly) and not through their centralized servers. Even from a mobile device.

[–] warm@kbin.earth 4 points 2 days ago (1 children)

All data is routed through somewhere you don't have control over at some point. If everything is encrypted then you are fine. You could setup a vps and proxy through that instead of Cloudflare, but you are just relying on the vps provider to protect any data/not snoop then rather than Cloudflare.

The only real way to be completely private is to just avoid connecting to the internet at all, but that's not really feasible. Just get to a point where you are comfortable, you've already done more than most to protect yourself (as much as you can without it getting silly anyway). Good job!

[–] Auli@lemmy.ca 2 points 1 day ago

What bs if I have a reverse proxyy data gets decrypted by the person who it should be. Cloudflare MiTM the data.

[–] Giblet2708@lemmy.sdf.org 3 points 1 day ago* (last edited 1 day ago)

Check out Pangolin with a cheap Racknerd VPS. More info over in c/selfhosted@lemmy.world

https://lemmy.sdf.org/post/35616968

[–] colournoun@beehaw.org 9 points 2 days ago (2 children)

You might enjoy reading Extreme Privacy by Michael Bazzell

https://www.goodreads.com/book/show/217289412

[–] Giblet2708@lemmy.sdf.org 5 points 1 day ago

This book is amazing. Every other resource I find refers back to Michael Bazzell as the expert.

[–] moe93@lemmy.dbzer0.com 5 points 2 days ago

I ordered it yesterday 😂

Thanks for the suggestion though. I really appreciate it.

[–] autonomoususer@lemmy.world 9 points 2 days ago (1 children)

Removing anti-libre software, like WhatsApp, Instagram and iOS, from your friend's devices.

[–] moe93@lemmy.dbzer0.com 5 points 2 days ago (2 children)

Aside from iOS, I am already there. Soon enough, I hope, I will migrate from Apple’s ecosystem. Already have my Linux box setup and functional recently. One step at a time.

[–] Broken@lemmy.ml 3 points 1 day ago

The clarify, they said to get rid of all that stuff from OTHER peoples devices. The point being that you're not the weakest link in this chain.

To illustrate, I have a phone number for less than a year that maybe 20 people have. All friends and family. I still had a sales call on it who was targeted and addressed me by name.

[–] Jason2357@lemmy.ca 0 points 1 day ago (1 children)

There’s a lot you can do to lock down iOS using official features. Go through all the app privileges, especially location, get rid of widgets, lock down your iCloud authentication and enable e2e, disabling web access to iCloud, etc.

[–] Jason2357@lemmy.ca 2 points 1 day ago

Use a web shortcut to the website for the forecast of your town, not an app.

[–] calidris@hexbear.net 7 points 2 days ago (1 children)

You pretty much got the foundational stuff plus a little more established. Aside from getting away from Apple, which you already mentioned, there's not much more I can think of without going full tinfoil hat. The main thing, in my opinion, is just not being a wide open door and giving away your personal data freely. Sounds like you're there, so long as you don't have social media accounts.

[–] moe93@lemmy.dbzer0.com 2 points 2 days ago (1 children)

I feel I am missing out on other things and that I could do much better though.

Like you said, aside from a tinfoil hat, I think my setup is very basic and can be improved.

[–] calidris@hexbear.net 3 points 2 days ago

More encryption is the only thing I would think worthy of mention since I don't see that listed anywhere. Encrypted messengers, encrypted storage, encrypted emails.

[–] relic4322@lemmy.ml 5 points 2 days ago (1 children)

There is a lot, and there are a lot of levels. I am working on this now as well. Escalating from where I was, its a learning process. Too much to type in a single comment/response.

If you would like more info on removing your info from the internet, reducing the amount of spyware on your android phone, de-googling yourself, or limiting how much info you spill while you browse, we can connect and I can share what I have been doing. Ive got plenty I still need to do beyond this, but I am happy to share my lessons learned as it were.

[–] moe93@lemmy.dbzer0.com 1 points 2 days ago (1 children)

I would be more than glad to connect and learn from more experienced people. DM is fine or do you prefer something else?

[–] relic4322@lemmy.ml 1 points 2 days ago (1 children)

or XMPP would work as well

[–] basilisa@lemmy.dbzer0.com 1 points 1 day ago* (last edited 1 day ago) (1 children)

Hey fellow XMPP user!! lol

[–] relic4322@lemmy.ml 1 points 1 day ago (1 children)

hahah, nice. try and message me when you get a chance and ill share my notes.

[–] sic_semper_tyrannis@lemmy.today 1 points 1 day ago (1 children)

How do you firewall specific devices with OpenWRT? That's something I'm about to start attempting myself.

[–] moe93@lemmy.dbzer0.com 4 points 1 day ago* (last edited 1 day ago) (1 children)

I used the IP + MAC address of the devices I want to block.

[–] sic_semper_tyrannis@lemmy.today 1 points 1 day ago (1 children)

Do you set static IPs for everything you wish to block?

[–] ohshit604@sh.itjust.works 2 points 1 day ago* (last edited 1 day ago)

Setting static IP’s is generally a good practice to take if you want to keep track of or monitor any device.