Introduction

Privacy is one of those things that people pretend to care about until they open up google, youtube, facebook, or any other company that infringes on your rights. It is actually important, however, because it allows us to act independently of governing forces, and it empowers people to speak freely.

Privacy isn't just about making yourself completely unknown on the internet. It's about creating and separating different identities from each other. For instance, I have a website here which is associated with my name, but i have separate accounts for my social media which are under another alias.

Privacy also isn't security. Security can help you achieve privacy, and the two can overlap, but these two terms are different. For instance, Apple makes very secure products in that they are very hard to crack, but they are not private in the sense that they still collect information about you.

Below is an ever updating list of things that I would consider to be good for privacy. Obviously I'm pretty dumb so some things here may not be true according to people who actually do this for a living, however I am pretty confident in most of the things I have learned.

What can I do about my privacy?

This is a good question. In my opinion, the first thing that one should do to increase the amount of privacy in their lives is to switch search engines or web browsers to something other than google chrome or google search. There are many good replacements for these. The criteria by which I judge search engines are as follows:

Duckduckgo is a search engine that is more private than google, and the html version of this website, html.duckduckgo.com, does not require any javascript whatsoever. Duckduckgo is okay with tor connections, so one can browse very anonymously. However, it pulls many results from other search engines like Bing and Yandex. It meets two out of three requirements of my criteria.

searx is another search engine that I use. It meets my criteria for judging search engines, and the serverside is free software, which is an upside compared to duckduckgo. It is a meta search engine, which means that it only pulls from other search engines, which could be considered bad due to its reliance on privacy invasive search engines. Another downside is that sometimes search results don't fetch from the other search engines it is supposed to fetch from.

Brave's search engine, as of today, meets all three criteria (sometimes), but might change in the future due to its lack of a sustainable business model. Sometimes I have experienced it blocking tor, but most of the time it works. Also, it uses its own index completely, which is a good thing. If this search engine actually survives and stays like this, (and they fix the tor problem), it would meet all of my criteria.

Browsers

For the browser, I personally use a modified version of Mozilla Firefox named abrowser which is licensed under a more free as in freedom license. This browser is only in the repository on Trisquel GNU+Linux, but for other distros you can install librewolf. I block nonfree javascript with the librejs extension, for reasons outside of privacy. If you actually want to block javascript efficiently, ublock origin is good for this, or noscript. I personally have both installed because ublock acts like an ad blocker, and I have noscript installed to block the javascript.

The reason why I use a firefox based browser is mainly because of librejs. However, if you don't care about that and just want to be private, you can and should use a chromium based browser. There are three main chromium based browsers that privacy advocates use: ungoogled chromium, regular chromium, and brave. Brave is a good option if you don't want to mess with your browser and just want the default settings that will make you quite private. If you don't like the fact that they've had some problems in the past, or you don't like the brave branding and BAT, you can use ungoogled chromium, which is probably more private than brave. However, you might have to compile it yourself which can be a pain. Also, it is known to have some security problems, in that ungoogled chromium doesn't build with CFI by default. A person who is a duck who is much smarter than me made a blog about how you can use chromium and disable flags to make it almost as private as ungoogled chromium but much more secure.

Browser Fingerprinting

Note: tracking ip addresses and using cookies are very old school methods for collecting data nowadays. Many companies now employ the technique known as fingerprinting, which is a method by which they can look at the extensions you have installed on your browser, look at what browser you are using, the settings,and come up with a unique identifier based on those categories.

Messengers

GNU Jami

The next thing I'd consider to be the biggest privacy threat would be unencrypted communications. GNU Jami is a private peer to peer and end to end encrypted messenger. This means that in all practical only you and the person who receieves your message ever get ahold of the message (no server middleman), and should someone get ahold of your message it would be end to end encrypted with forward secrecy (even if they were to crack the encryption they would not be able to read all your messages). It being peer to peer means it is faster than many of its centralized counterparts (trust me, I've tried myself and it feels impossibly fast). The downsides: nobody uses it, and it's buggy as hell. If you have singular people you need to talk to that are willing to use it, or even if you have an organization and get to call the shots on what software you use for it, this might be a good option. Otherwise, no normie is ever going to ask for your jami. Also, keep in mind that it is buggy. Sometimes, messages don't send even though it's supposed to be fast.

Signal

For most people, Signal is one of the best encrypted messengers, and the one I use for personal communications. This is almost as fast as SMS, and it looks just as good. I do use XMPP, but that's a protocol that I might write a future article about. Also, signal is better for non-advanced users. All of the signal source code is published on github, including the server, and the frontend code. Note that in order to register you will need a phone number capable of recieving sms which is hard to obtain anonymously, and also almost every phone violates your freedoms in other ways (nonfree repositories, software, kernel, firmware). I do have a phone with nonfree firmware and nonfree kernel (grapheneOS), but I never take it outside and I use it for only signing up to services. See my phone privacy article for more details.

Element

This is yet another chatting application, but this one runs off of the Matrix protocol. While Signal uses a centralized model, and Jami uses a peer to peer decentralized model, Matrix is what's called federated. This means that anyone who runs a Matrix server can connect to all of the others. You have the choice of what server your account is registered on, including your own, because each server connects with all the others so that you can view the public content on each server. I use it to connect to public rooms. Note that public rooms are not end to end encrypted, and only DMs can be. Also note that the Matrix protocol leaks a lot of metadata and makes it easy to construct a social graph. I use it more as a social media platform, however, and I understand the risks, so I use it anyway. You can get the frontend for matrix that I use, element, here.

VPNs

VPNs are good for watching banned videos and torrenting things, but vpns do not contribute much to your privacy. Your VPN provider can still see as much as your ISP used to be able to, so if you don't trust your VPN provider, you're better off just saving those dollars and using them to do anything else. That being said, you can still be identified by your ip when you go online, so how do you prevent this?

Making your own VPN

Most people believe that this is a solution to this problem, but it is actually not. You will still be identified with the IP of your VPS whenever you search online. However, if you want to do this, the process of doing this is actually easier than it sounds. Wolfgang made a good video on this, so if you're interested in this, I suggest watching that video. Take note that even if you make your own vpn, your search habits can be tied to that ip address.

As per the vps service, njalla was the best one I could find. It also allows you to anonymously purchase domain names, which is huge because there are almost no ways to do that nowadays. While the javascript is nonfree, running the nonfree code only once and then being able to ssh into that machine is a good tradeoff especially because they allow payments in monero and because I don't know of any other ways to rent a server that are as private as this. Running a server is also not preferable to renting one because if it is not your vps provider who has control, it is your isp, and they tend to be much more authoritarian in this respect. Also, you would need to buy all the suplies which is very hard to do anonymously.

Note: I have never used njalla. I have no idea how their service is, I can only say that it allows anonymous registration and payment.

Using Tor

The tor protocol is a completely free as in freedom protocol that aims to anonymize your ip address. It does a pretty good job at this, because so far many intelligence agencies have had a hard time (arguably) deanonymizing traffic from it. You should only use it with the official tor browser, if you want maximum anonymity, due to fingerprinting issues related to using it on a non-official browser. Tor is basically the only way you can ever be anonymous online.

Consider free software?

The things in this section are significantly harder to do than the things I talked about in the last section. If you're not willing to do these things, then at least do the things outlined above.

Free software is more of a principle thing than a privacy one, but they are related. To read more, see my post on free software .

GNU+Linux and free software

The last thing I suggest doing is switching to free software whenever possible. This includes the operating system you use. This may be a big shift in your life, but I guarantee that it's worth it. Free as in freedom projects are often time multiple times better than nonfree projects you have to pay for. I guarantee that if you don't try out free software, you're missing out. Also, it might seem like on the surface that you might be wasting your time by "making your life harder" using GNU+Linux, but I assure you, it's very easy. The installation process is easier than windows, at least for manjaro, specifically manjaro xfce, the distribution of linux that I recommend for beginners. For those that don't know, GNU+Linux has many distributions, whichare all GNU+Linux but are all slightly different. They may come with different programs installed by default, use a modified version of the linux kernel, use a different init system, or even use a different libc.

Switching to free software is important because it is much less likely for a piece of software to abuse you when the maintainers know that their software can be forked (copied and modified) if they put abusive features in it. Additionally, it is much less likely for the maintainers of the software to put something abusive in the first place if they know many eyes are on their codebase. Also, software can be improved (bugs and security vulnerablilities) can be patched quicker if the code is completely libre.

Being Completely Free

Using Manjaro should only be a transition stage to using a completely libre computer. I personally run Trisquel GNU+Linux-libre, but any of the FSF approved distros should do the trick. The standard Linux kernel has proprietary firmware blobs in it which means it is compatable with proprietary wifi cards, to give an example. The Linux-libre kernel, which is what trisquel runs, however, is different in that it does not support proprietary firmware blobs. This means you will have to get an Atheros wifi card (free firmware) in order to connect to wifi, however many laptops on ebay or craigslist come with that and libreboot. Buying things online is often a privacy and freedom problem, but I believe it is one of the only ways to get your hands on a librebooted thinkpad. Libreboot is a freedom respecting BIOS replacement that does not have any of the nasty intel stuff like the intel ME. It is one of the only way to ensure that your BIOS is not pinging intel, and it is the only(?) completely free BIOS replacement. I personally run a librebooted thinkpad x200 with an atheros wifi card.

Conclusion

I recommend that every person who values democracy at least do some of the things mentioned in this article. Without privacy, journalists and targetted individuals cannot make our government or our corporate sector accountable. Additionally, the every day user is affected mentally by the knowledge that the things that we do every day are being collected and analyzed. In order to have a free society, we must have privacy.

The truth is, at some point, we either take action to prevent our own government and businesses from undermining our liberty, or they take it away from us and it becomes much harder to fight, and we live in a world governed by fear. Better sooner than later, in my opinion.