My Everyday Security and Privacy Toolkit

Here are some notes on technology I use to improve my daily security and privacy

Goals:

General technology used on multiple devices:

Wireguard VPN- I have this installed on a VPS server I rent. I am using Debian with up to date kernel which has Wireguard built in. I create a configuration for every device I own.

Bitwarden password manager (self hosted)- I use the docker image bitwardenrs/server to host my own Bitwarden instance on a VPS.

Criptext email- I have no choice but to use a Gmail based email service for courses at the university. I don't use any Google products, so what I do is have all emails forwarded to a criptext.com email address. Criptext is great because it only saves your email locally on your devices, it is not saved on a server. If I didn't already have an existing email setup that works securely I would seriously consider this for my primary email as well.

Vivaldi web browser- I like this browser for several reasons:

Tutanota email- Encrypted email service for a low price. I use this as a secondary email account. Also has custom domains, 2FA, email aliases, sending encrypted email to non-Tutanota users, full mailbox encryption.

Codeberg Git repositories- excellent free alternative to Github

PGP public key encryption- for email or other information to keep private

XMPP with OMEMO encryption over Tor- Secure decentralized messaging. I use Conversations on Android, BeagleIM on MacOS and Dino on Linux.

VPS with a running TOR relay- I use Tor Browser so I like to contribute back to the network I use. My Tor relay runs on a fast VPS provider and I allocate 30GB of daily data usage for others to use.

dnscrypt-proxy using these install instructions via brew on an old Mac. I make the DNS service available for my whole LAN.

AdGuard or Quad9 (IBM) backup normal DNS provides protection against malicious domains.

DuckDuckGo search engine

Authy 2FA- I know this may not be the best choice since it syncs from the cloud, but I need access to 2FA from multiple devices. All data is encrypted.

Pinboard bookmarks- If you remember del.icio.us, this is similar for saving any urls you want to reference later. With pinboard you can make them all private only for yourself.

Jmp.chat second phone number- This gives you a phone number based in North America and any text messages or voicemails to it are forwarded to your XMPP address. You can also use this for VOIP calls but I haven't done that yet. This is a great way to add 2FA to websites or signup for accounts that require a phone number but you don't want to give out your primary number.

Sync.com encrypted cloud storage- They have paid plans but I use the free tier and get 6GB of online storage. My primary use is to have the app on my phone which automatically uploads new photos into my encrypted cloud storage. I don't need to worry about losing photos if my phone becomes lost or broken. It also makes transferring of photos down to my computers easy.

LinuxServer.io FreshRSS docker image to manage all the RSS feeds I subscribe to.

Usually whatever built-in system-wide drive encryption is included natively is what I use. I also may use individual password protected virtual drives.

Android devices:

Phone ROM: e.foundation- I've been using this for the last 3 years on an LG Nexus 5X. Many Google parts of Android have been removed and this runs MicroG. Support for devices tends to last much longer with these ROMs than the (greatly appreciated) volunteers that maintain LineageOS.

Tablet: LineageOS- There is no /e/ ROM for my NVidia Shield tablet, so I am using the last version of LineageOS built for it.

FDroid- Open source apps that are mostly free from any tracking

EteSync- Encrypted storage for contacts, calendars and tasks that also provides a DAV endpoint for use with apps.

Threema encrypted messenger- Uses the open source and tested NaCl Box encryption model

Signal encrypted messenger- Only with people who I trust with my phone number though. Also the recent announcement about using Intel SGX enclave for saving contacts and settings on a server has me concerned.

Conversations XMPP messenger with OMEMO encryption

Tusky (Mastodon)- Federated social platform

AntennaPod- Podcasts

TorBrowser- Safe web browsing

Orbot- Allows other apps to use Tor

UntrackMe- Redirect links to Nitter or Invidious, unshorten URLs and remove UTM tracking codes

Exodus Privacy- Scan Android apps for trackers

OpenKeychain- PGP key management

Sophos Intercept X- A free anti-virus and security suite for mobile devices. Includes device security audit, password manager, TOTP Authenticator, QR code scanner, app permissions audit and app access protections.

Termux- A shell running familiar linux commands

No email on my phone! Data can't be leaked if it's not on my device in the first place. Also it saves my sanity.

Pinephone

Maybe my future phone? I am liking the Mobian and UBPorts Manjaro systems the best right now. UBPorts has a nice interface that works well for the phone format. However I dont really like that the filesystem is so locked down it is hard to tweak. Mobian is pretty much straight Debian so is very easy to tweak and install apps, and the Phosh interface is similar to Android. Manjaro is making great progress and recently added a Lomiri flavor which I really think is the best looking interface.

MacOS

I've been an Apple/Mac guy since the 80s. I also used BeOS in the late 90s and was very disappointed Apple didn't choose them for their next OS. But I do enjoy the unix based OSX that they did develop.

Trying out NextDNS for encrypted DoH

MacPass- For non website passwords

GPG Keychain

Time Machine backups on external drives

VLC- I avoid the Apple Music app

Linux

I have a recent Intel PC running Linux Mint which has been very solid OS

Several laptops of various ages which I usually run Manjaro KDE or Mate.

Financial

OK this may seem a little misplaced but I think this is an important category. Your finances are something that must be protected. I have the following systems in place to help with that.

References:

PrivacyTools.io- Excellent resource for the average person.

The New Oil- Step by step progression of how to improve your security and privacy.

How to Destroy Surveillance Capitalism by Cory Doctorow