Browsing on the Web today means being tracked by advertisers and other bad actors. And it means having other harmful code running on your computer.
What strategies do you use to protect yourself online?
I use Firefox, Vivaldi, and Lagrange to browse the Web. I use different profiles with Firefox. My default profile does not have JavaScript or cookies. I use a different profile for each logon. And I use Vivaldi to browse sites normally. Then I delete my browsing data when Iām done with Vivaldi.
One thing that makes this easier is the about:profiles URL in Firefox. I can search for and launch my profiles from there.
I also use these add-ons:
- NoScript
- DuckDuckGo Privacy Essentials
- Privacy Badger
- OptMeowt
- Firefox Multi-Account Containers
1 Like
Desktop: I use Vivaldi browser, locked down with built in ad blocker. DDG Privacy Essentials, Privacy Badger, Canvas Fingerprint Defender. Mojeek is my default search engine. Linux is now my OS.
Mobile (/e/OS): Vivaldi for Android is my main browser with DDG set as default search engine (because it has maps for local business locations.) I also have DDG browser.
When I switched to eOS I became very cautious about what apps I installed, so I donāt have many apps, many are FOSS or rate 9 out of 10 or higher for privacy on the /e/ app store. Things like Twitter I just use the browser. I do have two apps that are not private: 1. a Doppler radar app to tell me rainfall amounts, and 2. a Wunderground weather app that I prefer over more private alternatives. Otherwise, Iām content that at least my mobile OS and most apps are not reporting where I am and what Iām looking at to Google every few minutes.
2 Likes
Mine is the also boring Ubuntu. I wanted something that just works, no fuss.
I use Firefox Stable channel for web browsing with uBlock Origin blocking 3rd party, 3rd party scripts, 3rd party frames, 1st party scripts, inline scripts, and Javascript disabled (on another computer I have also disabled remote fonts). I enable Javascript for websites if required (or, if I donāt think itās worth it, I just donāt visit the site), but itās off by default.
I use Bitwarden and its extension to generate and store my passwords with a local Keepass backup. I tend to use different email aliases for sites to further reduce the effectiveness of credential stuffing. The only other extension I use is Yomichan with audio sources disabled.
I clear cookies periodically; once every 1-2 months.
For websites that I just need to work, I use Brave. I donāt install any extensions but keep shields to strict. Rarely used.
I donāt really expect privacy on the internet; these are more security measures due to JS representing the largest attack surface on the web and to speed up websites with junk. I try to do things locally or more minimally, such as RSS feeds instead of checking the site manually for updates.
I donāt browse on my mobile phone, which uses iOS, a non-free operating system.
2 Likes
I use a Pi Hole on my network in order to keep out a long list of different things, as well as keeping as much data as possible on my home server, doing my best not to rely on anyone else for that. I also run my RSS setup from there.
Iām in the process of switching over to Linux and have two work machines, with one of them running Manjaro (a PineBook Pro), but I need a more powerful machine to properly relegate the MacBook to being the second choice. Much like @gnome I use Firefox Stable with uBlock, properly doubling up on something there with the Pi Hole but I guess better safe than sorry. I also use Bitwarden. Iāve been trying to transition over to hosting that myself via VaultWarden but as with everything, itās a slow process which takes place when Iām not working or resting.
More security but I also have a YubiKey that I try to use for as much as possible, physical hardware tokens are quite interesting pieces but Iāve found it to not be something you can use across everything you need to log into, sadly. I push friends and the like to Matrix or Signal where possible, itās hard and it means a lot of people just donāt bother talking to you because they donāt accept anything bad or care re: WhatsApp.
My phone is an iPhone SE 2020, I donāt want that to be so for too long, but itās an expensive year for me personally as everyone seems to want to make up for lost time.
2 Likes
Yeah they so often are like that, as time goes by more and more of this proprietary stuff seems to freeze out these options, normally under the guise of it being safer for the end user. Iāve been a bit of a pain on more than one phonecall to an ISP 
2 Likes
Iāve only recently been turned on to RSS, and itās something that Iām sure never would have happened if I didnāt become concerned by wide-ranging and systematic data collection and aggregation. Likewise, GNU/Linux isnāt something I would have tried for years otherwise, Iām sure. Trying to find software and technologies that respect their users has lead me to some interesting discoveries, such as RSSāeven if others have been using it for decades.
@Josh, you bring up the internet beyond the web browser, something that slipped my mind when I wrote my response. I also use Yubikeys, but few of the services I use support them. I really only use it for Bitwarden. I use Signal with my family and some friends, SMS for everyone else. I briefly tried using my /etc/hosts file for blocking (for internet-facing software outside of the browser) but found it cumbersome to change in the moment I needed to access something.
Partially related, I use macOS for Adobe PS, AE, AI, and ID, and DaVinci Resolve, and thatās probably not something thatās going to change. My other computers run Arch because itās the only distribution I havenāt broken yet.
Until I can find a reliable way to run Signal on Mobian and the like, itās not something I can use instead of iOS or Androidāand Signalās other limitations are particularly frustrating. Mobile-app based check-ins have finally come to an end where I live, so thatās one less thing to worry about. Most-everything else I can do in a browser.
1 Like
Itās kind of eerie how similar this is to my current situation and my situation going forward. My intention is to flip over to Arch this year, but I will have to keep the MacBook about because of the very same - with AE and AI being replaced in my case by PR. I dislike Adobe the company a lot, but Iāve built up too much familiarity and skill within their products to switch.
As with above, this was also my issue, (near) all of my messaging has been put through Signal, so when I found various PinePhone distros unable to handle it, it kind of knocked my ability to use it. I keep checking back though.
Thanks for all the great feedback. There are many new and interesting things here.
@gnome Do you use an online service to manage your e-mail aliases?
I use Manjaro with XFCE. I recommend Ubuntu if you canāt use a terminal to troubleshoot.
Asahi Linux has been making progress on allowing Linux to run on Apple M1 chips. Donāt forget about virtual machines. There might be some combination of hardware, OS, and VM which makes life easier.
I store documents in a virtual encrypted disc before I synchronize with my online file service.
I use RSS daily. But I donāt associate RSS with privacy. Instead, it is a much better way to organize and deduplicate news. I use Mozilla Thunderbird where the keyboard shortcut n will show the next unread message. Vivaldi also supports RSS in its āFully Loadedā configuration.
One nice thing about Gemini is it uses TLS client certificates for authentication. So I get FIDO-level of security but the software keys are disposable. I can create as many as I need locally. I can use different keys with different services. And if I want to end a relationship with a server, I can delete my key.
References
- FAQ | Astrobotany (HTTP proxy)
- Specification | Project Gemini (See ā4.3 Client certificatesā.)
- TLS, client certificates, TOFU, and all that jazz
- help.gmi | Lagrange (See ā## 1.6 Identities (client certificates)ā.)
- Trust on first use - Wikipedia
- Death of the Password? FIDO Alliance Reveals Its New Plan | WIRED
1 Like
<Data_Dump>
My default browser is Tor Browser, then Firefox as the fallback. I am tracking arkenfox for extensions(4.1 Extensions Ā· arkenfox/user.js Wiki Ā· GitHub) and using the user.js from GitHub - arkenfox/user.js: Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening with the hard mode settings for uBlock Origin. Using keepassxc for password manager and use unique, complex, long passwords everywhere.
Transitioning from an old iPhone to a new Murena phone and exploring /e/. (Would like to figure out how to get GrapheneOS on the Murena phone.) Plan on getting a SIM from Purism and and porting my current phone number to the new SIM and using that on the Murena phone. Minimum apps loaded on the phone. Keep Bluetooth and WiFi turned off except on those rare occasions when I am actively using them. Keep Location Services turned off except when I need it, then turn it off the minute I stop needing it.
Using ProtonMail for email.
Donāt use Google, Facebook, Twitter, LinkedIn, cancelled and closed the Amazon account. I will look up and research stuff on Amazon but then I go to the manufactureās site or EggHead.com to buy it there.
Currently using Devuan on the Purism laptop with apt-get, etc routed over Tor for system updates.
The only Big Tech that I am using right now is my ISP, Netflix, and Apple (Phone, laptop & tablet), and I am working on getting off Apple and using only Linux and BSD.
At home, I mostly avoid WiFi and prefer a wired connection. My ISP is Big Tech so I, also, use a VPN, by default, so they can do all the deep-packet inspection they like. 
</Data_Dump>
2 Likes
@mike I use a self-hosted Microsoft Exchange server that has been in place for ~20 years for my aliases. Eventually, Iād like to self-host an email server with free software, but itās low on my list of priorities. Iām not an advanced user of Microsoft Exchange; itās more inertia than anything else.
My reason for using RSS isnāt privacy-related either, but the reason I discovered it was because I was looking for new and different software than what I used before. I use Newsboat with Vim keys as my RSS reader, and itās quite nice. Very easy to move to a new computer.
I tried out Gemini with the Lagrange client you recommended a few days ago, and itās quite neat. The only gemlog I find myself frequenting is gemini://drewdevault.com. Iād like to use it more. Unfortunately, though perhaps Iām misunderstanding something, there doesnāt seem to be an easy way to find Japanese sites in geminispace. gemini://geminispace.info, for instance, doesnāt allow me to input ę„ę¬čŖ characters to search.
Related to macOS, the Mac I use is the ill-fated iMac Pro (2017), so itās not an M1. The nice thing about macOS is that you get access to most of the software available for GNU/Linux because of POSIX, as well as access to proprietary applications like Adobe and Affinity Creative Suite not on GNU/Linux, without any of the badgering Windows is known for. But GNOME is a much nicer desktop for various reasons.
Itās not so much the applications, however, that keep me thereāitās the file formats. As I collaborate with people who use .PSD, .INDD, and .AEP files, thereās no good alternative to Adobe software. Given that Adobe wants to bring their applications to the web, maybe I wonāt need to use macOS or Windows just for these programs in the future.
1 Like
but I will have to keep the MacBook about because of the very same - with AE and AI being replaced in my case by PR. I dislike Adobe the company a lot, but Iāve built up too much familiarity and skill within their products to switch.
I was a previous user of Premiere Pro, but I actually ended up learning DaVinci Resolve and liking it much more. Itās a workflow I really appreciate now that Iāve gotten used to it, but yes, there unfortunately is a learning curve. I learned it originally because I thought Iād be able to use it on GNU/Linux, but I didnāt yet know that DR doesnāt support H.264 decoding/encoding on ONLY GNU/Linux, and that itās something that will be unlikely to change in the future. I only work with H.264 generally, as thatās what my clients provide me. But Iām still glad I learned it, at least for use on macOS.
Affinity Creative Suite is a great alternative to Adobe PS, AI, inDesign that is very familiar, is very cheap for a lifetime license, with none of the same invasive DRM. Many of the keyboard shortcuts are the same, although the interface is a bit different. .PSD import/export support is pretty good, but unfortunately text layers will be rasterised. Itās something thatās too complicated to support well.
Affinity makes sense as an alternative if only you are using it, or everyone youāre collaborating with uses it too. I actually like AFPhoto more than Photoshop and use it for some projects. Vector graphics, thankfully, have a much better transport file format in .eps, so itās probably workable as a replacement for Illustrator. For inDesign, Affinity Publisher doesnāt offer great compatibility, Iāve heard. Iām not a big inDesign user.
Of course, this is just as an alternative to Adobe. Affinity isnāt supported on GNU/Linux, or through WINE/CrossOver. But it would probably be a privacy improvement, given how much monitoring Adobe does.
As with above, this was also my issue, (near) all of my messaging has been put through Signal, so when I found various PinePhone distros unable to handle it, it kind of knocked my ability to use it. I keep checking back though.
Iāve heard Ubuntu Touch (which was my favorite) works with Axolotl (Signal implementation), but I couldnāt get Axolotl working at the time. Even if I could, Iād probably need to have two Signal accounts and setup a group chat with everyone I direct message (them and my 2 Signal accounts) because you canāt have more than one phone with the same Signal account. Iāll have to give it another shot sometime.
1 Like
I have made it a habit to do most, if not all browsing that does not require an account, in Tor Browser. Overkill? Maybe, but itās a quick and easy solution to mitigate pretty much all forms of tracking. I do the rest of my browsing in Firefox with the privacy.firstparty.isolate flag in about:config set to true, an uBlockOrigin on top of that. I have also switched from Windows to Linux.
1 Like
I PMād gnome about this issue and wanted to share the result.
From the Lagrange capsule:
Prior to version 1.8, Lagrangeās font library was harcoded and all the fonts were bundled together with the binaries. The number of fonts was limited by needing to keep the packages suitably small for distribution.
gemini://skyjake.fi/fonts/classic/
In our private thread, I was able to demonstrate searching with Japanese characters because I inherited the classic font pack from Lagrange v1.7 and earlier. And gnome fixed the issue by installing the CJK font set.
If you have an issue with input or missing characters, visit the URL above and try the āClassic setā of fonts.
Lagrange manages these fonts via
about:fonts
Mike
2 Likes
sorry, i canāt post more than 2 links so iāll add them as codeā¦
if one cares about privacy, that eliminates Windows, Google services, Facebook, Twitter, Instagram, YouTube and all the other mainstream platforms iām forgetting
at the PC level i personally moved to Manjaro or, as i affectionately call it, Arch for Dummies! - itās a rolling release thatās easy to install
mobile i no longer use, though if i did, itād have to be an open-source phone like PINE64, Librem, WiPhone or something along those lines - the baseband needs to be isolated else i donāt think there can be any expectation of privacy regardless of the user-facing OS/ROM
at the browser level i use the normal Firefox release version with a āfewā tweaks https://12bytes.org/articles/tech/firefox/ - in my personal opinion there is (unfortunately) no other mainstream browser that is as well suited for privacy tweaking - if you want to keep it a little simpler, check out LibreWolf https://librewolf.net/
email is Thunderbird, again with a āfewā tweaks https://12bytes.org/articles/tech/the-thunderbird-privacy-guide-for-dummies/ - i want my mail stored locally where i have control over it, so no web-only services and certainly no āfreeā services such as hotmail, gmail, etc. - personally i use runbox https://runbox.com/ primarily - there are better providers if privacy/security is paramount, but runbox has a decent privacy policy, theyāre cheap and the service has been stellar for me
@mike - if you want you can dump all of the add-ons you mentioned by using the arkenfox https://github.com/arkenfox/user.js user.js and uBlock Origin - some additional privacy add-ons may very well decrease privacy - for example, with the newer versions of Firefox, Privacy Badger is not needed, nor are container add-ons
absent arkenfox, i might suggest installing uBO, enabling Strict Enhanced Tracking Protection in Firefox settings, and resist fingerprinting ( privacy.resistFingerprinting in about:config ), OR you could simply go with LibreWolf which does all this for you, and much more, including installing uBO
also see personal-security-checklist, Privacy Guides and my site, https://12bytes.org/articles/tech/, which also has Firefox privacy and uBO setup guides
2 Likes
To avoid personalizations, I try to do search engine evaluations in a disposable Whonix VM. I disable JIT compilation, WebGL, WebRTC, the Battery and Peripherals API, Graphite rendering, and a bunch of other stuff in my āmainā non-anonymous browsers for security; I stick to defaults in the Tor Browserās āsafestā setting when possible for anonymity.
Iāve written some bubblewrap scripts to provide rudimentary sandboxing. Unfortunately, Iāve been using the Firefox bwrap script less often because it breaks screen reader support.
I keep my addon/extension usage to a minimum since even the best-intentioned addons significantly weaken the isolation-based browser security model. I make JavaScript, cookies, and localstorage disabled by default in my day-to-day browsers.
Since Linux doesnāt provide robust sandboxing of its own (youād have to rebuild userspace a la Android to do it properly), Iāve been experimenting with ways to run programs like the browser in little disposable VMs. Qubes-lite, if you will.
2 Likes
I have amended your trust level so that this one shouldnāt be a problem anymore. Weāve kept it pretty similar to the initial setup in that respect, but wherever anyone flags itās an issue for them Iām more than happy to adjust it. Most of the earlier parts of that are to protect against bots (I believe) which you patently are not 
good to know - i was starting to worry about myself 
off-topic - i didnāt see any Mojeek beta test stuff on the forum - i was invited to test the next beta and iām wondering if thereās a place where thatās being discussed
thanks Josh!
This is 100% on the way, and a good part of the reason behind setting this up. In terms of the when I donāt have any specific date, but we are working on it. Iām also eager to hear your thoughts.