I think we all draw a line between privacy and convenience and I think I found mine and settled into a comfort zone of sorts. I use Fedora 38. My browser is Mozilla Firefox with it’s “strict” setting. uBlock origin and uMatrix. When I need/want to use a site that doesn’t work due to blocked connections I relax the restrictions in uMatrix or temporarily disable it entirely if I get frustrated or I’m in a hurry. I watch videos on YouTube. Don’t use social media, but I do use Facebook messenger (although I prefer to use Signal with the handful of people I can). I use a Xiaomi phone with custom ad blocking DNS (I’d like to get a Pixel with GrapheneOS someday). I look for an app on F-Droid first, but install it through Google Play if I can’t find what I need there. I use Qwant and DuckDuckGo. I use ReVanced. I do not use a VPN. I think that’s all the relevant information. My question is: how easy do you think it still is for big tech to track me? Are there any suggestions you would have for a person like me that wouldn’t sacrifice too much convenience?
Don’t use social media
If you wrote this post, you do use social media.
Only if your younger and lump every form of communication as “social media”. The rest of the people that have been around know what a message board/forum is.
They used social media to destroy social media
They also use Facebook messenger, which famously is not social media.
I think that’s a good setup. If you must have Facebook Messenger, my advice would be to maybe use a work profile for apps that track you. Compartmentalization is the key word here. Apps like Shelter make it really easy. I have to use WhatsApp and that is an app that is in the “unsafe” profile, aka work profile.
I have a question about the work profile: would it make sense to isolate the PlayStore too, as it‘s google? Because this is the main painpoint for me, as I cannot move to a custom rom with my phone currently
Afaik Google Play store and services are always installed as an admin app. I’m don’t think there is much we can do without custom roms
Got it. Thank you
If you dont root that will Not be possible. Playstore is a key Feature of most Android Roms that ship with the phones. I run grapheneos. There i have Google Services disabled im my core Profile and have a separate Profile with Gplay. I know, that due to imei and other factors Google could easily track me possible but that’s Not my worry
Thank you very much, will definitely look into it.
Firefoxes strict settings are okay but not perfect, have a look at librewolf for an easy solution, or my Arkenfox softening tool to modify arkenfox to be easy to use.
Did you debloat your xiaomi phone already? May help with some things, but of course not much, but
- do you have google play services enabled?
- what keyboard do you use
- what mobile browser
Facebook messenger is cancer as its unencrypted afaik, so they read everything. Poor you.
An adblocking dns is good, do you have android tracking blocklists, to make xiaomi phones usable? But to be fair, samsung is way worse
Try shelter and isolate all these bad apps and disable them when not needed
I hadn’t thought about the keyboard! I use SwiftKey (which I now realise is a terrible choice) from way back before I started caring about my privacy. Do you have any good recommendations? The main thing I need is the three word suggestions to have dictionaries for multiple languages. I use Firefox on mobile as well, with pretty much the same settings and uBlock. I’m not sure what you mean by having Google Play services enabled, as I did say I use the store. Is there a way to use it and have the services disabled? Won’t that mess with banking apps? Also not sure what you mean by android tracking blocklists, but I think my dns blocks ads and tracking. I also don’t get any ads in system apps like settings for example. Tbh, I am a little afraid of debloating as I tried that ages ago on a Sony M5 and after uninstalling the apps, my phone started running insanely hot and slow. I had to put it right next to the air conditioner to be able to use it, reinstalled all the apps and the problem went away :D
Florisboard.
Its default settings are not perfect, you can theme it OLED black which is nice, it has an internal clipboard with the action bar for “mark all” “copy” “crop” “paste” “delete last entry” “show history” and even cursors. Its brilliant for privacy as its internal clipboard cant be seen by apps if you disable “sync to system”
It doesnt have autocomplete and after a quick rise and development its very rarely developed anymore. But I dont miss anything, just autocomplete and maybe Sayboars Speech to text would be nice addons
And no, debloating doesnt cause overheating normally
Florisboard is great. Internal clipboard function.
NextDNS has presets to block OS tracking, this is different from just Ads. Any DNS with variable blocklists can use these. There is a windows one, but not sure about Xiaomi.
You dont need google services to use Aurorastore. It works currently.
Also try creating a shelter profile and then disabling the play services using adb in the main one with
adb shell pm uninstall --user 0 APPNAMES
you find commands online.
Google play services spy on everything with privileged permissions (all) as they are system apps. On GrapheneOS you can install them as regular user apps, and they still work.
I recommend Mull from F-droid instead of firefox. Try adding my custom addon collection:
https://addons.mozilla.org/firefox/collections/17446767/Fenix-Addons/
Piped for desktop would be a better option for youtube imo, but really depends on which “Big tech company” you’re trying to hide from and what information do you want to share with them. For example, Google probably has your ip tied to your gmail account, which has whatever information you used, since you didn’t use a vpn when first creating it. Also unless you disabled the bloatware via adb that came with your xiaomi device some other third party company may also have your ip and whatever info you inputted into those apps, if at all. Again just depends on what you want so your setup might be fine.
Edit: if wanting to protect from google then your mobile device is the biggest issue. Getting an always on vpn is a must (look at proton or mullvad), remove your personal account and create a burner with fake info and use something like aurora store with that burner account should help a lot. Would be really inconvenient if you still use your personal gmail account so maybe before doing anything start migrating to a different email provider
Edit 2: if protecting from meta then facebook messenger is the biggest issue. Getting an always on vpn that comes bundled with protection from trackers/ads (mullvad and proton i think does this) maybe your best choice unless you want to recreate your account and lose all of your contacts/messages which would be really inconvenient. So just treat facebook messenger like a public forum and dont give up too much info. If its possible maybe use a hardened browser, like mull +ublock, instead to use facebook messenger again if thats possible
My goal is to reduce the information collected about me (increase my privacy) as much as possible and at the same time keep as much of my convenience as possible. I’m not sure how much of an effect this has, but I never used any of the Xiaomi bloatware apps, because when you first open any of them you have to agree to their terms & conditions and when I tap disagree the apps just close (even the calculator, for example). Piped sounds like an interesting thing I should look into, I keep seeing it being mentioned everywhere. But I would assume that if there is a way to login to my account to get all my subscriptions and recommendations the privacy aspect will still be heavily compromised.
Havent personally created an account with piped since I like to limit accounts where ever possible but I believe you create an account with the piped instance that you choose so you dont login to your google account at all. You’ll have to do a google takeout iirc inorder to get a copy of your youtube subscription which you can then import.
Easy, but I wouldnt suggest you make things too inconvenient (I personally am fine with unbreaking things).
Some thoughts/suggestions:
- uMatrix is dead fyi.
- Librewolf is arkenfox but with less fiddling if you want to give it a try.
- Set your browser to us a DNS over HTTPS (like mullvad).
- You can use NewPipe as a youtube app alternative, FreeTube on desktop, and Invidious or Piped in browser.
- ProtonVPN is free and trusted.
ProtonVPN is full of lies and will get you no where. You can’t just pay to make yourself invisible
Willing to expand on that? They are well audited, and changing your ip helps to disassociate from your approx location (also allows for multiple browsers to come from a common ip).
Also of course a vpn isnt going to make you invisible. Fingerprinting can allow you to uniquely identify browsers through using a handful of metrics.
VPNs were never intended to make you anonymous, if you expected a VPN to make you anonymous you were very mistaken
Here is an alternative Piped link(s):
VPNs were never intended to make you anonymous
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Examples?
Rethink for Android is an app firewall, DNS solution, and ad/malware/spam/etc blocker.
Might be worth giving a try.
You’re well above average. I’d say pretty good. One thing you didn’t say: Are you often logged in into the services like Google, Facebook, YouTube, Discord, … Because if you are, they can tie everything together with your account. And did you sign up for those services with your phone number? That’d be bad because it’s a unique identifier. Regarding the phone it depends on which apps exactly you installed from the Play store. Most have trackers and there are shady apps out there. I also mainly rely on F-Droid and that’s the way to do it. Another thing is email. If you use gmail, all your correspondence gets scanned, regardless of what you do at home. And you shouldn’t use membership programs for discounts in real life.
Other than that. I think I do more or less the same things you mentioned. Plus I replaced the Android my phone came with.
That’s a very solid setup
What’s umatrix for?
Thank you! uMatrix is a browser extension that makes it very easy to block any third party requests a website makes by category. For example, if example.com loads fonts from Google that is considered a third party request. Or if it tries to set a Facebook cookie. uMatrix shows a table (or a matrix) of all the request addresses and categories and you can click on them to block/allow them.
You can do the same with ublock :)
http://digdeeper.club/articles/addons.xhtml#umatrix Read the update from January 2022
uMatrix is no longer maintained. Please see the link:
https://github.com/arkenfox/user.js/wiki/4.1-Extensions#-dont-bother
It doesn’t need to be maintained if it still works on the latest update of the browser. Also, uBlock is not a full replacement, if there will be a full replacement that is maintained, I’ll gladly switch
Define track?
Good rules of measure is to do public searches on yourself. See what’s in public databases, but to answer your question depends on who/what you consider big tech? And track
Mostly yes, the setup sounds good.
By track I mean collect information about me, my browsing habits, my interests. By big tech I really mean any company, but mostly the FANG ones. Could you provide some good resources on how to do these public searches? I assume you don’t just mean to look up my full name on Google.
This is a very simple question to answer:
- https://www.amiunique.org/fingerprint
- https://fingerprint.com/demo/ - visit this one in a regular tab, private tab, container tab, etc to see if the fingerprint persists.
Hey, i used a fresh version of Tor, Mullvad and on moblie the browser Vanadium. Every time it says I am unique. How do you become “not unique”?
As far as I understand, if you wanted to not be unique you would have to not use any special privacy tools. Use default Chrome installation and Windows 10/11. There will be millions of people using the exact same setup as you.
@[email protected] This is what I would’ve said. Hiding in plain sight is the solution. It gets tricky when you want to send a message and not leave a trail at all, but in essence - privacy != anonymity.
Ok so that will defeat my goal of Not getting ads.
Yes, it would.
I don’t think the answer is that simple. I can’t access my computer at the moment to test with the websites you provided, but yesterday I wanted to find out the resolution of my browser and I went to some website that prints it. It didn’t work at first because it used some third party script for that which uMatrix blocked. I wouldn’t be surprised if most websites don’t do a lot of “first party” tracking.
What you’re saying here is very different from what you’re saying in the OP.
How private am I?
how easy do you think it still is for big tech to track me?
most websites don’t do a lot of “first party” tracking.
These are all very different questions. I guess my bad for only answering the second one.
I sorry if I came off confusing, I’m not a native English speaker so putting my thoughts into English writing is a bit of a barrier for me. I guess I’m just looking for people to point out flaws in my setup and have a discussion on best practices while keeping the comfort factor in mind.
In short.
- You’re fairly private, I don’t see maths just getting broken - i.e. the stuff you do is not visible to the outside.
- You’re very easy for big tech to track. They don’t know what you’re doing directly, but inference engines are very powerful nowadays.
- Most websites do not, indeed, do first party tracking.
prefer Signal
Signal will force you into using an Android or iOS mobile device—no alternatives—and you couldn’t have 2 Android devices (like a tablet, e-reader). You are forced to have a SIM card which gives away part of your identity. Servers are centralized & closed-source (closed for 2 years, rewritten history)—so did the NSA force in a backdoor? …We may never know. On Android, by default notifications are sent thru Google Service’s Firebase (fork Molly supports UnifiedPush now tho). The ToS is questionable with “don’t break the law” language.
Your ideal chat would be free software, P2P or federated+self-hostable servers, E2EE, & the only required personal info you share is your account ID (no phone or email).
You’d think Matrix fits the bill, but its high system requirements (especially storage) & majority Matrix.org mean defacto centralization around an org that controls the spec, the largest server, reference server, & most popular client.
What you are looking for is good ol’ XMPP with OMEMO or PGP set to required in all clients. Its server options run on a toaster, has years of smart engineering & open governance guiding the project, & being extensible by nature, means it’s not purely limited to chat/conferencing. XMPP appears to be the common chat option on the dark web for a reason. You can use gateways to puppet accounts on these untrustworthy networks too (such as messlidger to puppet Facebook Messenger is needed, but also Signal, Telegram, etc.).
Alternatively, Briar & its ilk are gotos, but P2P has some downsides (brains your battery hard on Android).
XMPP sounds like a good idea, however, switching to Signal and convincing the 3 contacts I have there to switch as well wasn’t very easy and I don’t think I could pull it off again in the near future.
Comrade, I have the exact same issue with family :(
deleted by creator