How do you protect yourself online?

1

Browsing on the Web today means being tracked by advertisers and other bad actors. And it means having other harmful code running on your computer.

What strategies do you use to protect yourself online?

3 Likes
2

I use Firefox, Vivaldi, and Lagrange to browse the Web. I use different profiles with Firefox. My default profile does not have JavaScript or cookies. I use a different profile for each logon. And I use Vivaldi to browse sites normally. Then I delete my browsing data when I’m done with Vivaldi.

One thing that makes this easier is the about:profiles URL in Firefox. I can search for and launch my profiles from there.

I also use these add-ons:

1 Like
3

I never got as far as making different profiles, but I do a few things:

On mobile I use Mull and Privacy Browser. I don’t know which I prefer. Mull has ublock origin, PB has built-in filters. They get the job done. I used universal-android-debloater to get rid of the Google bits and I use some other apps that are known to not have trackers. On top of that I have tried out different things like Blokada and InviZible Pro.

On my computer I use qutebrowser mostly, and sometimes Librewolf. qutebrowser is not really a secure browser, but they don’t pretend to be. I have some ad filters and host filters set up with qutebrowser.

Filters 
c.content.blocking.adblock.lists = [
    "https://easylist.to/easylist/easylist.txt",
    "https://easylist.to/easylist/easyprivacy.txt",
    "https://secure.fanboy.co.nz/fanboy-cookiemonster.txt",
    "https://easylist.to/easylist/fanboy-social.txt",
    "https://secure.fanboy.co.nz/fanboy-annoyance.txt",
    "https://easylist-downloads.adblockplus.org/liste_fr.txt"
    ]
c.content.blocking.hosts.lists = [
    "https://energized.pro/unified/formats/hosts.txt",
    "https://raw.githubusercontent.com/d3ward/toolz/master/src/d3host.txt",
    "http://sbc.io/hosts/alternates/fakenews-gambling-porn/hosts",
    "https://pgl.yoyo.org/as/serverlist.php?showintro=0;hostformat=hosts",
    "https://someonewhocares.org/hosts/hosts"]

On Librewolf I use some extensions, like LibRedirect and LocalCDN and uBO.

I don’t use Dropbox or Google Drive. To keep things synced I just use Syncthing.

On all devices, I use a password manager, 2FA, etc.

RE: gemini — I used to have a gemini capsule. I still take a look around from time to time. I use amfora though. Lagrange is great, I have it on my mobile.

2 Likes
4

Desktop: I use Vivaldi browser, locked down with built in ad blocker. DDG Privacy Essentials, Privacy Badger, Canvas Fingerprint Defender. Mojeek is my default search engine. Linux is now my OS.

Mobile (/e/OS): Vivaldi for Android is my main browser with DDG set as default search engine (because it has maps for local business locations.) I also have DDG browser.

When I switched to eOS I became very cautious about what apps I installed, so I don’t have many apps, many are FOSS or rate 9 out of 10 or higher for privacy on the /e/ app store. Things like Twitter I just use the browser. I do have two apps that are not private: 1. a Doppler radar app to tell me rainfall amounts, and 2. a Wunderground weather app that I prefer over more private alternatives. Otherwise, I’m content that at least my mobile OS and most apps are not reporting where I am and what I’m looking at to Google every few minutes.

2 Likes
5

Which distro? I’m a boring old Debian Sid user.

6

Mine is the also boring Ubuntu. I wanted something that just works, no fuss.

7

I hear that. Used to be one of those Arch users, tweaked and riced my system with a tiling window manager and custom theme… Lost interest after about a year and realised that it was a of fussing to just browse the web. Now I put my fussiness to use elsewhere.

8

I use Firefox Stable channel for web browsing with uBlock Origin blocking 3rd party, 3rd party scripts, 3rd party frames, 1st party scripts, inline scripts, and Javascript disabled (on another computer I have also disabled remote fonts). I enable Javascript for websites if required (or, if I don’t think it’s worth it, I just don’t visit the site), but it’s off by default.

I use Bitwarden and its extension to generate and store my passwords with a local Keepass backup. I tend to use different email aliases for sites to further reduce the effectiveness of credential stuffing. The only other extension I use is Yomichan with audio sources disabled.

I clear cookies periodically; once every 1-2 months.

For websites that I just need to work, I use Brave. I don’t install any extensions but keep shields to strict. Rarely used.

I don’t really expect privacy on the internet; these are more security measures due to JS representing the largest attack surface on the web and to speed up websites with junk. I try to do things locally or more minimally, such as RSS feeds instead of checking the site manually for updates.

I don’t browse on my mobile phone, which uses iOS, a non-free operating system.

2 Likes
9

I feel like a number of people who become interested in digital privacy use RSS. Checking my RSS feeds is still one of my favourite rituals after nearly 20 years of using them to stay up to date.

1 Like
10

I use a Pi Hole on my network in order to keep out a long list of different things, as well as keeping as much data as possible on my home server, doing my best not to rely on anyone else for that. I also run my RSS setup from there.

I’m in the process of switching over to Linux and have two work machines, with one of them running Manjaro (a PineBook Pro), but I need a more powerful machine to properly relegate the MacBook to being the second choice. Much like @gnome I use Firefox Stable with uBlock, properly doubling up on something there with the Pi Hole but I guess better safe than sorry. I also use Bitwarden. I’ve been trying to transition over to hosting that myself via VaultWarden but as with everything, it’s a slow process which takes place when I’m not working or resting.

More security but I also have a YubiKey that I try to use for as much as possible, physical hardware tokens are quite interesting pieces but I’ve found it to not be something you can use across everything you need to log into, sadly. I push friends and the like to Matrix or Signal where possible, it’s hard and it means a lot of people just don’t bother talking to you because they don’t accept anything bad or care re: WhatsApp.

My phone is an iPhone SE 2020, I don’t want that to be so for too long, but it’s an expensive year for me personally as everyone seems to want to make up for lost time.

2 Likes
11

I miss my pihole. When I switched ISPs the “box” they supplied doesn’t allow changing DNS. There are ways around this, but no matter what I tried I could not get it to play with the pihole.

1 Like
12

Yeah they so often are like that, as time goes by more and more of this proprietary stuff seems to freeze out these options, normally under the guise of it being safer for the end user. I’ve been a bit of a pain on more than one phonecall to an ISP :sweat_smile:

2 Likes
13

I’ve only recently been turned on to RSS, and it’s something that I’m sure never would have happened if I didn’t become concerned by wide-ranging and systematic data collection and aggregation. Likewise, GNU/Linux isn’t something I would have tried for years otherwise, I’m sure. Trying to find software and technologies that respect their users has lead me to some interesting discoveries, such as RSS—even if others have been using it for decades.

@Josh, you bring up the internet beyond the web browser, something that slipped my mind when I wrote my response. I also use Yubikeys, but few of the services I use support them. I really only use it for Bitwarden. I use Signal with my family and some friends, SMS for everyone else. I briefly tried using my /etc/hosts file for blocking (for internet-facing software outside of the browser) but found it cumbersome to change in the moment I needed to access something.

Partially related, I use macOS for Adobe PS, AE, AI, and ID, and DaVinci Resolve, and that’s probably not something that’s going to change. My other computers run Arch because it’s the only distribution I haven’t broken yet.

Until I can find a reliable way to run Signal on Mobian and the like, it’s not something I can use instead of iOS or Android—and Signal’s other limitations are particularly frustrating. Mobile-app based check-ins have finally come to an end where I live, so that’s one less thing to worry about. Most-everything else I can do in a browser.

1 Like
14

It’s kind of eerie how similar this is to my current situation and my situation going forward. My intention is to flip over to Arch this year, but I will have to keep the MacBook about because of the very same - with AE and AI being replaced in my case by PR. I dislike Adobe the company a lot, but I’ve built up too much familiarity and skill within their products to switch.

As with above, this was also my issue, (near) all of my messaging has been put through Signal, so when I found various PinePhone distros unable to handle it, it kind of knocked my ability to use it. I keep checking back though.

15

Thanks for all the great feedback. There are many new and interesting things here.

@gnome Do you use an online service to manage your e-mail aliases?

I use Manjaro with XFCE. I recommend Ubuntu if you can’t use a terminal to troubleshoot.

Asahi Linux has been making progress on allowing Linux to run on Apple M1 chips. Don’t forget about virtual machines. There might be some combination of hardware, OS, and VM which makes life easier.

I store documents in a virtual encrypted disc before I synchronize with my online file service.

I use RSS daily. But I don’t associate RSS with privacy. Instead, it is a much better way to organize and deduplicate news. I use Mozilla Thunderbird where the keyboard shortcut n will show the next unread message. Vivaldi also supports RSS in its “Fully Loaded” configuration.

One nice thing about Gemini is it uses TLS client certificates for authentication. So I get FIDO-level of security but the software keys are disposable. I can create as many as I need locally. I can use different keys with different services. And if I want to end a relationship with a server, I can delete my key.

References

1 Like
16

<Data_Dump>
My default browser is Tor Browser, then Firefox as the fallback. I am tracking arkenfox for extensions(4.1 Extensions · arkenfox/user.js Wiki · GitHub) and using the user.js from GitHub - arkenfox/user.js: Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening with the hard mode settings for uBlock Origin. Using keepassxc for password manager and use unique, complex, long passwords everywhere.

Transitioning from an old iPhone to a new Murena phone and exploring /e/. (Would like to figure out how to get GrapheneOS on the Murena phone.) Plan on getting a SIM from Purism and and porting my current phone number to the new SIM and using that on the Murena phone. Minimum apps loaded on the phone. Keep Bluetooth and WiFi turned off except on those rare occasions when I am actively using them. Keep Location Services turned off except when I need it, then turn it off the minute I stop needing it.

Using ProtonMail for email.

Don’t use Google, Facebook, Twitter, LinkedIn, cancelled and closed the Amazon account. I will look up and research stuff on Amazon but then I go to the manufacture’s site or EggHead.com to buy it there.

Currently using Devuan on the Purism laptop with apt-get, etc routed over Tor for system updates.

The only Big Tech that I am using right now is my ISP, Netflix, and Apple (Phone, laptop & tablet), and I am working on getting off Apple and using only Linux and BSD.

At home, I mostly avoid WiFi and prefer a wired connection. My ISP is Big Tech so I, also, use a VPN, by default, so they can do all the deep-packet inspection they like. :stuck_out_tongue_closed_eyes:
</Data_Dump>

2 Likes
17

@mike I use a self-hosted Microsoft Exchange server that has been in place for ~20 years for my aliases. Eventually, I’d like to self-host an email server with free software, but it’s low on my list of priorities. I’m not an advanced user of Microsoft Exchange; it’s more inertia than anything else.

My reason for using RSS isn’t privacy-related either, but the reason I discovered it was because I was looking for new and different software than what I used before. I use Newsboat with Vim keys as my RSS reader, and it’s quite nice. Very easy to move to a new computer.

I tried out Gemini with the Lagrange client you recommended a few days ago, and it’s quite neat. The only gemlog I find myself frequenting is gemini://drewdevault.com. I’d like to use it more. Unfortunately, though perhaps I’m misunderstanding something, there doesn’t seem to be an easy way to find Japanese sites in geminispace. gemini://geminispace.info, for instance, doesn’t allow me to input 日本語 characters to search.

Related to macOS, the Mac I use is the ill-fated iMac Pro (2017), so it’s not an M1. The nice thing about macOS is that you get access to most of the software available for GNU/Linux because of POSIX, as well as access to proprietary applications like Adobe and Affinity Creative Suite not on GNU/Linux, without any of the badgering Windows is known for. But GNOME is a much nicer desktop for various reasons.

It’s not so much the applications, however, that keep me there—it’s the file formats. As I collaborate with people who use .PSD, .INDD, and .AEP files, there’s no good alternative to Adobe software. Given that Adobe wants to bring their applications to the web, maybe I won’t need to use macOS or Windows just for these programs in the future.

1 Like
18

but I will have to keep the MacBook about because of the very same - with AE and AI being replaced in my case by PR. I dislike Adobe the company a lot, but I’ve built up too much familiarity and skill within their products to switch.

I was a previous user of Premiere Pro, but I actually ended up learning DaVinci Resolve and liking it much more. It’s a workflow I really appreciate now that I’ve gotten used to it, but yes, there unfortunately is a learning curve. I learned it originally because I thought I’d be able to use it on GNU/Linux, but I didn’t yet know that DR doesn’t support H.264 decoding/encoding on ONLY GNU/Linux, and that it’s something that will be unlikely to change in the future. I only work with H.264 generally, as that’s what my clients provide me. But I’m still glad I learned it, at least for use on macOS.

Affinity Creative Suite is a great alternative to Adobe PS, AI, inDesign that is very familiar, is very cheap for a lifetime license, with none of the same invasive DRM. Many of the keyboard shortcuts are the same, although the interface is a bit different. .PSD import/export support is pretty good, but unfortunately text layers will be rasterised. It’s something that’s too complicated to support well.

Affinity makes sense as an alternative if only you are using it, or everyone you’re collaborating with uses it too. I actually like AFPhoto more than Photoshop and use it for some projects. Vector graphics, thankfully, have a much better transport file format in .eps, so it’s probably workable as a replacement for Illustrator. For inDesign, Affinity Publisher doesn’t offer great compatibility, I’ve heard. I’m not a big inDesign user.

Of course, this is just as an alternative to Adobe. Affinity isn’t supported on GNU/Linux, or through WINE/CrossOver. But it would probably be a privacy improvement, given how much monitoring Adobe does.

As with above, this was also my issue, (near) all of my messaging has been put through Signal, so when I found various PinePhone distros unable to handle it, it kind of knocked my ability to use it. I keep checking back though.

I’ve heard Ubuntu Touch (which was my favorite) works with Axolotl (Signal implementation), but I couldn’t get Axolotl working at the time. Even if I could, I’d probably need to have two Signal accounts and setup a group chat with everyone I direct message (them and my 2 Signal accounts) because you can’t have more than one phone with the same Signal account. I’ll have to give it another shot sometime.

1 Like
19

Unlikely to happen. The makers of Graphene are not going to make ROMs for too many devices. They focus on the Pixel phones, which is one of the things they are criticised for. But, I guess it is all free and open source, so not fully impossible. I think they released 2 of their apps and you can get them through the appstore (forget what /e/os calls their appstore).

1 Like
20

I have made it a habit to do most, if not all browsing that does not require an account, in Tor Browser. Overkill? Maybe, but it’s a quick and easy solution to mitigate pretty much all forms of tracking. I do the rest of my browsing in Firefox with the privacy.firstparty.isolate flag in about:config set to true, an uBlockOrigin on top of that. I have also switched from Windows to Linux.

1 Like