Achieving Privacy on the Internet
birbsophone
Before I begin, I will say that for most people this is more a case of damage control than absolute true privacy.
By damage control, I mean using “evil” services as little as possible and opting for better alternatives instead; and maybe still using some of these services.
Of course, I have also compiled some of the very best choices for privacy. These sacrifice convenience heavily, however.
I will begin to list with a very base level privacy, with convenience being first priority, and privacy second. As it goes on, these priorities will switch places.
Keep in mind that every piece of information might not be accurate, may be outdated, and/or non-comprehensive. So don’t take everything at face value here.
Let’s begin with a base, and a low threat level.
Daily Drivers Without Sacrificing Convenience
Mobile Operating System: iOS, GrapheneOS
Desktop OS: Fedora Workstation, OpenSUSE Tumbleweed, MacOS
Browser: Trivalent, Firefox + arkenfox or Librewolf (desktop), Safari on iOS (optional for MacOS), Vanadium (Android), Brave Browser if you cannot install Vanadium
E-mail Service: ProtonMail, Posteo, Tuta Mail
Social Media Services: Pixelfed (instagram), Mastodon (twitter), Revolt (discord), Lemmy (reddit), just don’t use Facebook
Messenger: Signal, Google Messages + iMessage
Cloud Service/Drive: Proton Drive
Notes and My Reasonings:
Vanadium is mainly for GrapheneOS users, but prebuilt binaries are available on their gitlab. I believe it’s unavailable on older Android versions, so if that’s the case, you can instead use Cromite or Brave (available on Play Store).
If you have to use Google Chrome, you can follow this hardening guide.
Also, for android users, I recommend using Droid-ify (available on F-Droid) and Accrescent as an alternative to Play Store. You still may need to use Play Store itself, though. I do not recommend Aurora Store for security reasons.
I personally cannot recommend LineageOS, as sandboxed Google apps are a better choice for security, and this is only implemented on GrapheneOS as of right now. MicroG has security issues compared to sandboxed Google services. If you do not have a Pixel, it may be a better idea to stay on the stock OS, depending on the vendor, your threat model, and more importantly your personal preference. There needs to be a balance between privacy and security.
Fedora and OpenSUSE are both Linux distributions that work well out of the box.
Hardened Firefox works pretty well on desktop. On Android however, it severely lacks any sandboxing, so I recommend Chromium based browsers. Also, Firefox on Android is really, really slow.
ProtonMail is more than enough for an e-mail service. If you’re willing to pay, I recommend Posteo instead.
Google Messages’ RCS service is end-to-end encrypted, so it’s not the most private solution but it is decent, paired with iMessage.
I don’t know much about cloud storage, but Proton is decent.
Also, some of you might need Windows, and that’s okay. However, make sure to debloat it.
Leaning Towards Privacy
Mobile Operating System: GrapheneOS
Desktop OS: Secureblue, Void, Gentoo (You need to harden the last two yourself)
Browser: Trivalent, qutebrowser, Mullvad Browser
E-mail Service: ProtonMail, Disroot, Riseup, Posteo, Tuta Mail
Social Media Services: Same as above
Messenger: Signal, XMPP services, Matrix
Cloud Service/Drive: Same as above
Notes: Apple is a giant corporation that still cannot be trusted and has gotten caught spying [1] [2], so I only recommend Graphene for here. I also don’t like Apple introducing opt-out privacy breaching features in updates.
Secureblue is my main recommendation for desktop. It’s as convenient as it’s secure.
Signal is arguable here, because of the requirement for a phone number, but it’s still included thanks to its excellent encryption protocol, and you can still use it if you have burner phone numbers available in your country.
At this point, you should consider using a VPN provider like Mullvad.
Maximal Privacy and Security
Mobile Operating System: GrapheneOS, and your Pixel’s camera and microphone is removed.
Desktop OS: Tails, QubesOS with Whonix
Browser: Tor Browser
E-mail Service: Riseup, or none at all
Social Media Services: None.
Messenger: Briar, Meshtastic (Android app)
Cloud Service/Drive: None.
Notes:
Briar and Meshtastic can work without an internet connection. Very cool! I think Meshtastic has better real-world usage.
While connecting to the internet, use Tor or I2P.
Conclusion
You can mix and match from what I’ve provided. I usually advocate for the first tier, as it is easier to spread for me, and easier to get started for people.
Take small steps to switch, and don’t rush it. Most people are entirely Google dependent these days, and it’s a slow process to get through.