Yet another guide how to increase your privacy
DM_RoninIn the span of few months, Conservative government have announced several bills that pose a huge threat to our digital rights and privacy. Unfortunately, it doesn’t face any meaningful opposition from any mainstream political parties, which is sad for me as a former member of the Labour party who I think could’ve done more in that regard.
But the UK is just a part of this trend. The European Union and the United States don't fall behind with the attacks on our digital privacy with things such as messengers’ interoperability (on which Alec Muffett wrote why it’s damaging) and such measures are moving us towards something we used to see in totalitarian countries like Russia or China. Hence, it is important to take the matter in our hands and make sure our data is protected as much as possible.
That’s what I’m intended to do with this guide. But before that, let’s clarify threat model.
Threat model
To explain: threat model is a process of identifying the potential attacks vectors, threat actors and countermeasures against that.
This threat model contains 3 questions and answers.
1. What do I want to protect?
- Private correspondence with my family, friends, relatives;
- Access to the social media accounts;
- My location and whereabouts;
- My files, e.g photos, videos, documents;
2. Who do I want to protect it from?
- External/foreign attackers known for breaking into the databases of companies;
- Big tech known for collecting enormous amount of data;
- Government (but not secret services as this is totally different threat model!)
3. How likely is it that I need to protect it?
Very likely, as the amount of data being leaked or companies hacked are increasing every day.
All things considered, this threat model is designed for those who’re worried about the increased data collection by the companies and those worried about government’s goals.
Why is this important?
There are two reasons to be worried and take necessary measures to increase your level of privacy.
Today, EU and UK politicians have decided to regulate how internet must work, and some of those bills (like Online Safety Bill, Data Protection bill or Digital Markets) will hurt the basics of user’s privacy.
To give you specifics:
- Both EU and UK propose to make CSAM (Child Sexual Abuse Material) scans. I will omit the hypocrisy about the fact that any attempts to limit privacy are explained by “protecting children”, because what’s important is that your devices will be scanned 24/7. And if you think you’re safe – well, Apple’s CSAM algorithm was proven to be tricked, and NYT broke a story about a man who made a photo of his son’s penis because it was swollen, and sent it to the doctor. It helped to get the diagnosis correctly and only later to be locked out of all his Google accounts https://www.nytimes.com/2022/08/21/technology/google-surveillance-toddler-photo.html
There is another threat: big tech companies and those who collect your data unknowingly to you, all with your own consent. For example, recent Fog Reveal scandal unveiled the scale of how much data is collected and, even if it's not much, it can still be used to track your smartphone and, therefore, your movements.
All guidance provided in this guide will help you to increase your level of privacy without sacrificing much of usability. There is an axiom on digital privacy: the more secure you get, the less usable it becomes. It is a balance that’s hard to find, and obviously each person has its own usability requirements.
Messengers
End-to-end encryption by default has become a basic requirement for today’s messengers, however one thing that is usually missed is metadata that every message contains. It includes the contact details (e.g phone number) of sender and recipient, IP address, and sometimes metadata would be enough to reveal whom you’re talking with, when, and where. Imagine an envelope with a letter inside it - while your message is like a letter sealed in the envelope, the sender and receiver’s contact details, as well as size of envelope, is the metadata.
Here is an example. Consider the situation in USA with Roe vs Wade reversal and how it will affect women who want to do abortions. A woman calls a gynecologist, speaks with him/her for some time – let’s say, one hour – and consults about an abortion, or asks about the procedure. After the advice from gynecologist, this woman calls the abortion clinic. And the government may not know the content of talks, but considering that metadata is unencrypted and they have access to it, they can draw a conclusion a woman wants to do an abortion.
Last year, an FBI document was leaked, in which you can see what metadata each of today’s mainstream messengers contain - moreover, unlike access to the account, police won’t need subpoenas to request it. Therefore, I’ll list the messengers with the least amount of metadata.
Signal
The most famous privacy oriented messenger as of today, Signal has been enormously improved and polished as a user-friendly messenger that can be used daily. It supports self-destructing messages, voice and video calls, and the encryption algorithm has been considered as a gold standard that even WhatsApp implemented it. Also, it is cross-platform so you can install it on your desktop as well. Recently they’ve added an option to “seal” metadata, to make sure it won’t be exposed to others.
In addition, it’d be useful to harden Signal for good measure. I suggest four things to do:
1. Setup PIN code, so that if you change a device, you will have additional layer of authentication and prevent any external actors to access your account by cloning your SIM card. It was actually illustrated when Twilio got hacked, and thousand of phone numbers were phished because they didn’t have PIN enabled. In order to do that, you need to go to Settings → Account → Signal PIN → Create new PIN, then enable Registration Lock. But don’t forget to store your PIN, because if you forget it, your Signal account will be locked!
2. You can enable Screen Lock so that if someone gets a hold on your device when it’s unlocked, he will have to provide additional authentication, be it fingerprinting of passcode. Settings → Privacy → Screen Lock
3. Make your notifications private. When new message arrives, you usually can see in it who sent it and what is the message. Signal allows it to mask completely – both sender and the message, so that you have to enter the account and see the author and message itself.
Settings → Notifications → Show
4. Enable screen security so that no one would be able to screenshot your screen and somehow get a hold on your messages. Settings → Privacy → Screen Security
Here’s a small caveat for Android users though: instead of its official app, I would suggest using a “hardened” Signal fork…
Molly (Android only)
Besides standard Signal functionality, it adds few more useful features, such as:
- lockdown the app automatically when you are gone for a set period of time;
- voice and video calls via Tor or proxy;
- application password to encrypt all your local data;
- FOSS version which full removes any Google proprietary software, including push notifications via Google servers
I’d suggest enabling both options they provide, e.g lockdown the application authomatically, and application password.
Session
Recently gaining popularity, Session was created initially as a fork of Signal. However, in time it went through massive changes, resulting in its own protocol and architecture. It has several advantages over Signal.
One, it is fully decentralised and uses an onion routing called Lokinet, meaning that even though Session developers are based in Australia (known for its draconian digital privacy suppression and anti-encryption laws), they wouldn’t be able to submit any data requested by authorities even if they would’ve wanted to.
Two, unlike Signal where you have to register your phone number (that can be identifiable), Session doesn’t require anything. It generates a unique hash that can be used to exchange with each other and initiate a conversation.
Session isn’t perfect though - the application is still working not as flawlessly as Signal, and only recently they’ve added voice and video calls. However, with more polishing and improvements, it can be as great as Signal.
Matrix
This isn’t exactly a messenger, but an open-source protocol released in 2014 that offers a decentralised federated end-to-end encryption solution without requirement to tie to a specific mobile/desktop application and fairly simple API. They position themselves as an “email” of private messaging. By making the group private, you can ensure that all messages inside are E2EE.
While their recent lobbying to make messaging interoperability mandatory in EU is questionable, the technology itself is good to use, especially for group end-to-end encryption chats. They have several clients for as much platforms as possible, so choose whichever you’d like – my preference is Element.
Briar (Android only)
This fully anonymous messenger works via Tor when it’s using internet communication; however, unlike traditional messengers, Briar allows users to communicate securely via Bluetooth, creating a “mesh network” independent of the cellular carriers or Internet service providers.
It has proven its effectiveness for Hong Kong protesters in 2019, and was also recommended during Belarus protests in 2020 when the internet was shut down. However, for daily communications it might be hard to use, hence keeping it as a failsafe.
Cwtch (PC and Android only)
Translating from Welsh as “a hug that creates a safe place”, Cwtch is another very recent P2P messenger with focus on decentralisation and privacy. While it’s still raw messenger, its concepts are very attractive - besides using Tor routing, it also allows to create multiple profiles without any identification with option to set a password, and run your own Cwtch server.
Browsers
This section will cover both desktop and mobile versions, and what extensions could be used to raise your privacy.
Desktop browsers
There is a stereotype that Firefox browsers and, consequently, its forks are better at privacy and security than Chromium-based browsers. While in some aspects it is true (for example, unlike Chromium browsers, Firefox is more flexible with settings and configurations), in terms of security Firefox is much worse. Particularly when it comes to sandboxing and different exploit mitigations, as it has been explored by many security experts. Therefore, the overall suggestion is to look at Chromium-based browsers first because they have the best security practices.
Obviously, that doesn’t mean we all should use Google Chrome, as it contains many trackers of your activity. Fortunately, there are some options which allow to keep Chromium experience.
Ungoogled Chromium (PC)
I personally think this is the best option for a desktop browser right now. It is completely open source, recently the developer finally started dedicating much more time for its development, and the updates are coming with just 2-3 days delay from official Chromium ones. It disables every single Google-based features such as Google Host Detector, Google URL Tracker, Google Cloud Messaging, Google Hotwording, and extensions. It also imports features from other Chromium browsers, like Bromite, that enhances your privacy (such as protection against browser fingerprinting). Since it’s open source, if you're a tech-savvy person, you can even compile it yourself. You still need to remember also that Ungoogled Chromium heavily depends on base Chromium codebase.
However, in order to use this browser to the fullest, some additional tweaking has to be done. For starters, you need to add support for extensions - fortunately, there is a workaround for it without the requirement to log in your Google account. Also, by default you can’t use search engine as it added search provider "No Search" to allow disabling of searching in URL text fields. Also, on Windows you will have to install additional tools like Chromium Notifier to notify about updates.
Note: it is not recommended to use the Android version because it wasn’t updated for a long time!
Brave (PC, Mobile)
If you prefer a singular experience with a synchronisation between your desktop and smartphone and adequate privacy and security out of the box, Brave is for you. Unlike Chrome, it doesn’t require to use your Google account or, in fact, any account - instead, it uses Sync Chain to keep browsing history, bookmarks, passwords etc. on all of your devices. Its mobile version is one of the best in Android and a solid alternative to Safari in iOS.
What is the small cost of your privacy? To start with, Brave is known for its pretty aggressive cryptocurrency advertisements (albeit it can be completely disabled, which actually is a must-do!). Also, it has some built-in telemetry, which can also be disabled.
Recommended configurations (using the ones from PrivacyGuides):
- Select Prevent sites from fingerprinting me based on my language preferences
- Select Aggressive under Trackers & ads blocking
- Use default filter lists
- (Optional) Select Block Scripts
- Select Strict, may break sites under Block fingerprinting
SOCIAL MEDIA BLOCKING¶
Uncheck all social media components
PRIVACY AND SECURITY¶
Select Disable Non-Proxied UDP under WebRTC IP Handling Policy
Uncheck Use Google services for push messaging
Uncheck Allow privacy-preserving product analytics (P3A)
Uncheck Automatically send daily usage ping to Brave
Select Always use secure connections in the Security menu
Bromite (Android only)
A Chromium fork with focus on digital fingerprinting resistance, Bromite is a solid Android-only alternative for daily browsing while preserving Chromium experience and keeping away from Google Play store. It is easy to install (download .apk file and launch it), and the updates are coming directly.
LibreWolf
For those who still want to keep using Firefox browser, then at least I would recommend using its fork that disables as much telemetry as possible by default and includes uBlock Origin extension out of the box. It also removes the majority of Firefox services, such as browser synchronisation using Firefox account, and is completely open-source. As a Firefox-style out of the box browser, you won’t miss your regular Mozilla experience with this.
I have to point out though that, just like Ungoogled Chromium depends on Chromium codebase, LibreWolf has the same dependency over Firefox.
Why not use regular Firefox even in terms of a privacy angle? One, they have a lot of telemetry; two, recently they began including the unique token in installer files; three, during the first launch after installation they make dozens on telemetry requests.
Useful extensions
uMatrix / uBlock Origin
Both these extensions allow to control the content filtering and block social media trackers. The difference is uMatrix is a bit more advanced than uBlock Origin and provides an option to allow/deny even specific elements of a domain, while uBlock Origin is more focused on domain name filtering in general. For example:
Any one of those extensions are must have for daily web browsing.
Decentraleyes
These days, many websites force you to load files through third party services, or Content Delivery Networks (aka CDNs) from Google. There is also a danger of CDNs tracking you web activity or at least contributing the collected information about you, especially from public ones.
Decentraleyes allows to bypass this step by packing most famous libraries so that website would load faster and not make your browser send a request.
ClearURLs
Have you ever noticed or get irritated by long URLs in address bar? Thing is, they’re also tracking elements that also mark your online activity: for example, when you browse your Twitter feed and click on any external link, it contains a tracker that identifies you found out about it from Twitter.
ClearURLs, as the title says, removes such trackers and many others.
Cloud service
The only option that I can more or less recommend right now with the best attitude to privacy and data ownership is NextCloud, which can be described as the Mastodon of cloud service. It is an open source software that can be used to self-host your own cloud storage on any server, or sign up with any available provider. Also, its flexibility with configurations allows you to customise it as much as you would like.
It isn’t without downsides though:
- in order to raise your own cloud storage, you may require some IT knowledge (but as I stated, you can sign up with any other provider, some of them allow to do it for free with limit of 2-5 Gb storage);
- end-to-end encryption is still in experimental stage
However, across the current existing solutions, this is the best one.
Another alternative is MEGA, a New Zealand provider that supports end to end encryption of all files in the cloud you uploaded. Initially I used them, but in time moved to Disroot’s Nextcloud – still, as out of the box solution, it will be fine.
VPN
Perhaps this is one of the hardest topics to analyse.
Many commercial VPN providers are being marketed as privacy protecting tools. And, well, who could blame them? They are able to hide your real IP address from the websites you browse, or Internet Service Providers. Some of them even claim about no logging policy or that they’re anonymous. However, many of such providers, including most famous ones, write in their privacy policy completely opposite things. To make things worse, few of them even use advertising trackers, including third party ones, and sometimes Google Analytics.
Mullvad and IVPN are one of very few transparent VPN providers which keeps as less information as possible. In fact, it doesn’t require any contact details to create a VPN account - instead it generates a 16-digit number that can be used to log in and manage. Moreover, they even accept payment in cash by mail and in several currencies. Even if you pay with debit card, they delete the records in 40 days.
Search engine
DuckDuckGo
The most famous mainstream privacy preserving search engine, DuckDuckGo has grown up in recent years enormously, providing a successful alternative to Google’s search engine. However, even though they have their own search index (i.e web crawler), DDG also uses others’ search indexes. They still collect some information from the search history though, it’s much less than Google. However, they were working with Russian big tech company Yandex (which, btw, was doing Russian authorities’s bidding on Ukraine war), and signed an agreement with Microsoft to allow some tracking of search requests.
Mojeek
If it wasn’t for its search results (which are still behind DuckDuckGo or Brave), I’d have used Mojeek as my primary search engine. They explicitly state about its unbiased search results, do not store IP addresses and do not give access to any stored data for any third parties. In time, when its search index gets better, I think this can be a search engine to use every day.
SearX instances
Mastodon of search engines, SearX is a collection of public instances with many different search engines that behave like a proxy. It takes a search query, asks search engines you choose to use, and then returns a collection of results from those engines. While the UI may be too simplistic and not particularly user friendly, this is probably the best alternative to DuckDuckGo as of today.
Email provider
Proton Mail
Best known email provider with the focus on better privacy and security. While it still has some issues such as unencrypted email subjects, Proton is still one of the best out of the box email providers today. All email messages sent between Proton users are end-to-end encrypted, and if you’re sending an email to a non-Proton user, it can be protected by either PGP encryption or a password. You can also “mask” your real email with an alias thanks to SimpleLogin, which was bought by Proton this year.
Protonmail is also under Swiss jurisdiction, known for its most strict privacy laws.
Disroot
This one is less known for a wide audience and is, in fact, more than an email provider. It is a platform of various online services (cloud storage via Nextcloud, XMPP server, upload service etc.) that takes a strong stance against advertising or trackers and attempts to create a system where data-mining is not a thing. It doesn’t store IP addresses persistently, any logs of recent activity are destroyed in 24 hours, putting it in advantage over Protonmail, and it supports PGP encryption which can be configured easily. Also, unlike Tutanota, VPN usage is allowed.
Securing your credentials and sensitive data
Password manager: KeePassXC (PC) / KeePassDX (Android) / Strongbox (iOS/macOS)
Today, password managers are a must-have tool for using online services in order to avoid any duplication of your passwords, which is a big privacy risk. You can remember just one password - to your password database - and then copy-paste password for each service to log in. The best option is to keep it locally and to use an open source solution, and that’s where KeePassXC comes in.
All passwords are stored offline, removing the possibility of your passwords leaked when using online services such as LastPass. Also, Keepass data is encrypted using secure algorithms such as AES-256 or ChaCha20.
Aegis / Tofu (Android/iOS)
Another must-do privacy rule today is to enable 2-Factor Authentication for your accounts, and not via SMS as it has poor security and it has been proven multiple times that it can be bypassed with different methods: SIM swapping, capturing unencrypted network traffic etc. Even Microsoft at one point completely disabled 2FA via SMS codes.
Currently there are two options: using specific applications that generate time-limited one-time codes, and hardware keys such as Yubikeys. While hardware keys are the best solution, not so many services support them just yet - therefore, mobile applications are the main option which works with all of them. andOTP and Tofu are designed specifically for Android and iOS operating systems respectively, both of them are open source, and unlike Google Authenticator or Authy, don’t require any information such as phone number or email.
VeraCrypt
Encrypting your sensitive folders, hard drive or even the entire system, is also something that should be considered. In case your hardware is confiscated, while you may not care if someone would get access to your non-confidential files, you still might want to protect those files that are important to you.
VeraCrypt does exactly that, but can go even further. It supports hidden volume within regular VeraCrypt volume that can be unlocked only with a second password, so even if you’re coerced to unlock primary volume, hidden volume will stay secure.
Open source alternatives to the popular services and applications
Youtube web/mobile -> Invidious / Freetube / NewPipe (Android only)
Official Youtube clients, whether it’s web interface or a mobile application, are honeypots for collecting data about you. Besides, with age verification incoming and Youtube strengthening its rules, some content will be locked unless you provide any form of ID.
Invidious is an open-source front-end to Youtube that doesn’t require any verification even for 18+ videos, very minimalistic with UI, and without ads while supporting original features such as creating new playlists or importing/exporting subscriptions. FreeTube and NewPipe are the desktop and mobile clients respectively that provide a comfortable use of it.
Google/Apple Maps -> Organic Maps
I don’t feel the need to reiterate about how much information Google collects about us in anything we’re doing, and as much as it's simplistic and comfortable to use Google Maps, it always comes with a cost of privacy. Even if you don’t like it. Besides, to use Google Maps properly, you may require an internet connection.
Organic Maps is based on OpenStreetMaps which is open source and built by a community, and you can choose which regions you want to download and then use it to browse offline. It may fall behind Google Maps in some things (for example, not being able to check opening times of any business within an application, or lacking Browse Street View), but for daily use it is great.
Twitter -> Nitter
With Elon Musk's acquisition of Twitter, it has become imminent that, despite all his bravado about helping humanity, in fact it may become more unusable. However, I understand when people, while deciding to move out of Twitter, still want to follow content from some accounts.
Fortunately, there is a project called Nitter. Similar to Invidious, it is an open-source front-end for Twitter that bypasses age verification for viewing sensitive content that algorithm for some reason tags with (even though it isn't). And you don't need to sign up - you can freely see tweets and replies without.
I don't know what will happen to it after Musk's acquisition and will it follow the same path and Bibliogram - hopefully it won't - but Nitter is incredibly useful.
Other advices
Turn off any telemetry as much as you can
It is no secret that usage data collected from your OS, or an application, can be used to sell out to third parties, or the government itself. Roe vs Wade overrule, with following fears that period tracking apps might have to hand over their data to the authorities, only prove the danger it poses. Therefore, turn off any data collection and submission you can find, both in applications and OS. While some of it may not be opt-out, at least you’ll be able to minimise it.
Use two browsers at least on PC, each for specific purpose
While it may be comfortable to use one browser for everything, you may need to have a separate profile in order to keep such information isolated from your daily activities. For example, split your work activity from a regular one, or when searching for sensitive topics.
Buy, if you can afford, Google Pixel 6/6 Pro/7/7 Pro and install GrapheneOS
This is an ultimate suggestion for a smartphone with high privacy and security features which Edward Snowden recommends as well multiple times. To be specific, let me highlight just some of their improvements:
- Per connection MAC randomisation, enhancing stock Android’s per network randomised MAC. This is a big step to avoid having you device detected as the same one in free Wi-Fi spot;
- Turn off Wi-Fi and Bluetooth automatically if not connected to anything. Recent NY Times article about Chinese domestic surveillance illustrates how always-on Wi-Fi, when it’s not connected to any hotspot, can allow law enforcements to track down your movements. Same applies to Bluetooth;
- OS-specific web browser Vanadium with hardened WebView;
- Sandboxed Google Play which works like any other application. In stock Android, Google Play services have full privileged access to everything on your phone, and MicroG services also bypasses restrictions.
The possible downside is that contactless payments via Google Pay aren’t supported (reason is Google, as expected), and you may have to verify if your banking app works there. However, from my experience, UK banking apps work well on GrapheneOS.
Good news as well is that GrapheneOS developers are in talks with a certain hardware vendor who agrees to provide necessary security improvements, so in future you may not need to buy Google Pixel.
(Android only) Use F-Droid to download and install apps when possible
F-Droid is an alternative app store for Android with a clear policy to publish only open source applications and with full transparency on app permissions and non-free services. It isn’t dependant on Google.
Obviously, it won’t replace Google Play Store completely as it doesn’t have some applications (like Protonmail), but majority of those listed in this guide can be installed via F-Droid. I recommend to use Neo Client application for F-Droid as the official application isn’t getting much updates right now.
(Android only) Wherever possible, avoid apps with Google FCM services
Without going too technical (but if you do, here’s an excellent explanation), Google Firebase Cloud Messaging is a service that allows sending data from servers to the Android applications on Android devices. Simply, Google FCM or, in Apple’s case, Apple Push Notification aka APN, are the reason why push notifications in messenger apps work flawlessly - instead of your device connecting directly to the Signal’s servers, for example, it uses third party OS service and, logically, its servers.
But with such reliability comes privacy compromises: your device’s IP address and unique push notification token are exposed to Google and Apple servers. And since all this information on these servers is being logged, Google/Apple will have information on which applications you use, from which IP address it was sent, and which devices you used.
Fortunately, Android allows you to avoid using Google FCM in some cases. Let’s take Molly, for example - it has two app versions: with FCM support and without it (FOSS). If you install the Molly FOSS version and allow it to run with Unrestricted battery mode in your settings, the application will constantly be active to check for new messages. If you don’t, then it will check for new messages only when you launch the application.
Sorry to all Apple users, iOS doesn’t really provide a workaround because of the closed ecosystem.
(Android only) Install AirGuard
As some of you might know, AirTag gadgets made by Apple were released last year, but instead of being used as intended, many people.
While Apple has the detection mechanism built-in, Android does not. Instead of the official Apple’s Tracker Detect application, I’d suggest to use AirGuard – it is an open-source application made by group of researchers at Technical University of Darmstadt. I know personally one of its developers, and she’s very skilled, so consider this a personal vouch. Besides, they’re open and transparent about data collection, and support other tags besides AirTag.
And finally - be careful with sharing your personal data
We can use as many tools as we can in order to secure your privacy. However, in many cases, we reveal the information about ourselves - by sharing your selfies, or describing details of your lives in blogs etc. Today OSINT (Open Source Intelligence) is so advanced that even a harmless photo made on your smartphone and shared online can tell where and when were you at one point. Human factor is, probably, the biggest threat of your own privacy.
Conclusion
I don’t want to sound like I’m forcing you to completely reject using your mainstream services. I sometimes have to use Whatsapp or Gmail because of various reasons. For example, others just don’t want to use Signal and I couldn’t convince them to move there, or there are many things where I signed up using my Google email (although I started to move out of it).
However, what you can do is heavily reduce the usage of Big Tech services and keep them for non-sensitive purposes. All things considered, if the government is trying to invade our right to privacy, why should we give them a free pass?
If you wish to donate for my work: https://telegra.ph/Support-the-author-09-08 (disclaimer: accepting only cryptocurrency, preferably Bitcoin/Monero)