Where it started
I can still picture my young self enjoying funny videos from YouTube or browsing forums to get a cheat code that helps with a difficult gaming mission. The web at the time was difficult to navigate, but it was still a place where I could have fun (even with my 256 Megabit connection). The search results were a little sloppy at the time, but they did the job.
Today’s internet is after your data, money, time, and I’m not sure what else. It seems that we can no longer tell what is garbage and what is not. Without tools like an Ad blocker, all you see are sponsored search results, tailored ads, trackers, analytical tools, re-targeting mechanisms, dark patterns, and other BS.
In the early days, companies like Google and Facebook promised good technology, but as they grew into large data collection companies, they simply became gatekeepers and manipulators that we didn’t elect. As an individual, I am no different than you are. I was a power user of their services.
I have also observed that many other data collecting services are marketed with an emotional story. Sure, there is some utility but the overall experience of such products/services is BS, because the value of the utility and people that are supposed to deliver the utility value are earning profits from elsewhere, which can change anytime that they want.
One fine day, YouTube recommended me a video by The Hated One, and from there I got to know about websites like privacytools.io, which helped me realize a lot of things in a short amount of time. At first, I was stunned to hear totally opposite opinions in this space, and it was hard for me to believe them right away. Only after I started to tinker with software and hardware myself, I started to respect some opinions. I was also misguided many times along the way, but it appears that I am now confident enough to guide others. At least, I don’t recommend Qubes OS to everyone I meet :P
I wish I could cover all the details of my journey, but as I began writing, the details themselves turned out to be a 15-minute read. So, I’ll try to get straight to the point, and by the end you’ll understand how my approach and my setup is designed to fight adware, spyware, and other nonsense that they promote. If you have any questions or suggestions, feel free to contact me.
Overview of my digital space
Read my article on a simple and effective guide to online privacy for suggestions on devices, operating systems, apps, and more.
Eliminating points of trust
For me, eliminating (and sometimes replacing) points of trust from the products and services has proven to be the most effective tactic to get some degree of digital privacy, freedom, and data ownership.
I’ve never heard of “Points of Trust” in this context, but I’m sure I may not be the first to mention it.
Points of trust can be:
- Surrounding Devices
- Operating System
- Network Stack
- System Apps
- App Repositories
- App Dependencies
- Other Apps
Try to strike a balance between your trust in the hardware, software, services, how much you spend, how many devices you use, off-topic personal factors, and so on. You simply need to learn to identify points of trust and try to eliminate/replace points that you believe are SUS.
Choosing better points of trust
It is obvious that you can’t eliminate all points of trust, so when you replace one, you should do it carefully. Some points are easier to replace, like apps, and some are harder, like hardware.
A common recommendation that I’ve seen is that you need to spend some money to achieve good levels of privacy and freedom, but consider this: You are not paying for your privacy and freedom, but for the convenience and reliability. For example, you can pay for Google Photos or Ente or Stingle Photos, all of which are reliable, but Google does not come with the privacy features that others promise. Only If laws had been stricter or customers more aware, Google might have shipped their products with features that are better than the others.
Privacy and Freedom are fundamental, whereas convenience and reliability are essential. Fundamentals should have been the default. Unfortunately, that is not the case and most of us are paying for the fundamentals. Although, there are times when you need to sacrifice one for the other, but you should try to find a happy medium. Currently, we know how unbalanced everything is.
You can also go the self-hosted route and use one of your devices as a server, but to make it convenient and reliable, you may have to invest more time and money for things like offsite backups. There are some times when going with hosted solutions is advantageous. As an example, all the people that use the @anonaddy.me alias achieve better privacy compared to self-hosting it with a custom domain.
I would say self-host what you can, as apps that connect to the internet are often the most vulnerable points. Furthermore, I prefer Free (as in Freedom) Software because of its design philosophy that gives a user complete control over their hardware and software + Open source code. That combination is so good that I’ve abandoned nearly 5 self-hosted services that were simply not designed for networks, but instead work well as offline apps with frequent backups.
Distributing points of trust
Even the most promising points can fail to deliver on their promises if you do your research on the wrong corners of the web. Jurisdiction in which your services are hosted also play an important role. This is, unfortunately, a thing, so keep yourself informed about the jurisdiction in which the service operates and where your data is hosted. Everyone may not have the time, skills, or knowledge to conduct their own research, So that’s another obstacle you’ll have to overcome. Yes, you can pay someone for consultation, but it’s better to ask questions online first.
Not all products or services will remain unchanged throughout their journey. So it’s probably a good idea to stay up to date on product news and updates. See how DuckDuckGo Browser allows Microsoft trackers while blocking others? While DuckDuckGo as a search engine is not a complete failure, but it will make you feel uneasy.
In my case, I have split my points of trust between a VPN provider for traffic and a DNS resolver for DNS queries. I have a Raspberry Pi 4B for self-hosting apps like Pi-Hole, Home Assistant, and Node-Red. The Raspberry Pi also serves as a point of TLS termination for some services that are proxied using my VPS (like, Jitsi Meet). TLS certificates are handled by an ACME bot. All my devices only ever connect to the RaspAP hotspot, and most traffic is goes through a trusted VPN provider.
Before using a VPN, consider watching this video.
I made great effort to separate my traffic from my DNS queries. Most services are hosted on a few platforms and, separating my traffic from my DNS queries definitely helps.
Debian and Fedora are my primary operating systems, and I try to use apps that come with the OS rather than apps from third-party repositories. I also try building apps from source (such as Signal) and I’m currently looking for a self-hosted build service so that I can easily build more apps from source.
From simple Notepads and Markdown Editors (Apostrophe is a good one) to full suites like LibreOffice, freedom software lets me own my data and allows me to make my apps look and feel the way I want them to be. I regularly make backups of my data to a cloud service after encrypting it with Cryptomator. If you’re searching for an easy-to-use backup solution, take a look at Déjà Dup.
There is no point in using insecure hardware or software just for the sake of something. While nothing is completely secure, open source code, security audits, ability to build from source, and regular software updates play an important role to help secure your tech.
I prefer to work offline, so I miss out on real-time cross-device features that come with hosted services. As an example, I use KeePassXC, which comes with some sacrifices, but it helps me advance my OPSEC. Offline first also removes a large attack surface that is usually present in software just because
it connects to the internet. With offline apps, you can truly own and protect your data as if it were physical property. If you think an app is misbehaving, use a firewall.
I was previously bound to the few internet gatekeepers, and today I am on my way to self-host the Unbound DNS resolver. I have used unbound as a pun to describe how Unbound describes how I no longer care about the overloaded commercial interests of already rich people.
Freedom is fundamental, but it is declining in the digital space and the physical world. As access to information, jobs, identities, government services, benefits, and everything else goes online, it is crucial to take measures and guide others because soon enough your useless memes may determine what you are allowed to do in real life. Umm… it’s called social credit score in China, and it is, indeed, dystopian.