I’ll come back later in an other post as to why you need to protect your privacy and intimacy online. For now, I’ll just show you what I run on a daily basis to protect myself (to the best of my knowledge).

Threat model

You need to keep in mind that as of now, my threat model is rather minimal. I believe there is no reason as of now for a malicious actor to target me. I am protecting myself mainly from mass surveillance, although, I use some tools that could play an very important role to protect yourself from targeted attacks.

WIP

This post is a work in progress. I’ll gradually add elements in the future. Contribution is welcome (ping me by email, on matrix or start a dicussion on the fediverse)

The tools presented here gradually increase in terms of knowledge needed to operate them as well as the time it takes, or the unconvenience it brings.

But keep in mind, in today’s online world unprivacy is the default. Hence every step in making your online life more private will break things at some point.

Web browser & extensions

Since most of our time is spent on browsing the web, the surface of attack is quite big. Starting out with a privacy respecting browser and extensions is therefore key.

Firefox

It is a good starting point. With the default settings, it isn’t the best privacy browser out there, and even more so recently due to some shady moves by Mozilla. Nevertheless, it is what I use on daily basis, with custom browser privacy settings (that you can tweak by typing about:preferences#privacy in the adress bar). I mainly follow sebsauvage’s preferences.

It says that it will break some sites. It may, but it’s rare, and you can always disable it when needed.

Important: Using Firefox over any other chromium based browser (brave, chrome, edge, etc.) is a real choice. It prevents chromium (in the end Google) to have a monopoly on web technology. In addition, Chrome moved from Manifest V2 to Manifest V3 which blocks features used by the amazing uBlockOrigin extension, which is the second thing you need to use.

I also use Firefox on my mobile phone. I no longer use Firefox on mobile due to the ongoing Mozilla shitshow. I use IronFox, and will probably switch to either LibreWolf or Phoenix sometimes soon on my computer.

There are forks of Firefox which comes bundled with pretty good standards for privacy like LibreWolf, Mullvad Browser, or use the user.js configuration template from Arkenfox to start off with a good privacy focused user configuration which can then tweak to your liking. Also, there is the unrivalled Tor browser.

You can get more info and details on the privacyguides.org website

uBlockOrigin

Seriously, you can’t go on the web without uBlockOrigin! Just go and install it.

Read the wiki to get an idea of what it’s capable of.

I prohibit JavaScript by default on all sites. When a site that I know I can trust needs to run JS for proper functions that I need, I’ll add an exception (but most websites should work without JS anyways… that’s a normative statement, not a observation 🧐).

I also block third-party frames.

I use other litlle details here and there. With this configuration most sites break, meaning the visual appearance is weird due to no JavaScript, but usually the content is readable, and you can always toggle the reader view in Firefox, or enable javascript easily.

CanvasBlocker

This one prevents fingerprinting, which is a technique to uniquely identify you. See https://blog.lukaszolejnik.com/biggest-privacy-erosion-in-10-years-on-googles-policy-change-towards-fingerprinting/ for more details (and what’s going on with Google).

ClearURLs

As the README mentions:

This extension will automatically remove tracking elements from URLs to help protect your privacy when browsing through the internet. For this purpose, we use a large catalog of rules, which is actively maintained by us and the community.

Read more from the docs.

A great automation tool for all those cookie banners. It automatically fill them in for you in a split of a second, so you don’t have to bother clicking through the consent fields and so on.

I haven’t checked if it automatically selects to “refuse everything” or “disagree to all”, as those have different meaning. See this tread for more (in French).

Decentraleyes

As the site mentions:

Protects you against tracking through “free”, centralized, content delivery. It prevents a lot of requests from reaching networks like Google Hosted Libraries, and serves local files to keep sites from breaking. Complements regular content blockers.

Quite useful.

Privacy Badger

By the EFF:

Privacy Badger sends the Global Privacy Control signal to opt you out of data sharing and selling, and the Do Not Track signal to tell companies not to track you. If trackers ignore these signals, Privacy Badger will learn to block them.

Facebook Container

This is a great extension. It isolates all pages related to Meta in a single container. Anything in that container has no access to other elements in your web browser.

Firefox Multi-Account Containers

Combined with the previous one, this is a killer. It’s another extension by Mozilla that enables you to compartementalize your web experience.

I have compartments for public services, for social media, for banks, for study, etc. You can create as many as you want, and it also makes it easier to organize your tabs based on topics.

Internet & DNS

Without getting into complicated things, you should definetly set your DNS default server to something more privacy friendly like quad9.net or dns0.eu.

You can follow this guide to enable quad9 DNS servers on your mobile and laptop system-wide, or at least your internet browser.

If you want to go the extra mile, you should have your own local DNS server on a raspberryPi or something of that sort and install pi-hole. It will block ads and protect your entire home network based on filter lists that you can define.

AI and privacy

This is a growing concern.

Right now, this is what you should do on your phone at least (from @EnfysBook@kind.social):

If you use Signal, Discord, or any other messaging app and you DON’T want Google or Apple monitoring/reading/learning from your messages, follow these steps.

Android:

  1. Open Google app
  2. Tap your profile photo
  3. Settings
  4. Google Assistant
  5. “Your Apps”
  6. Choose the app (e.g., Signal)
  7. Toggle “Let your assistant learn from this app” off

iPhone:

  1. Settings
  2. Apps
  3. Choose the app (e.g., Signal)
  4. Toggle Apple intelligence or Siri settings to off (“learn from this app”)

Communications channels

Use Signal or any other fork that may be more secure and privacy oriented (i.e. no phone number registration, etc.).

Follow this guide to lockdown Signal: https://freedom.press/digisec/blog/locking-down-signal/

More resilient that Signal is any server using the Matrix protocol, as it is decentralized. Yes, Signal is centralized. You can find matrix hosters where you can create an account here: https://www.chatons.org/search/by-service?service_type_target_id=All&field_alternatives_aux_services_target_id=All&field_software_target_id=274&field_is_shared_value=All&title=

To be continued…