[evanrelf]

Off the top of my head:

- Change your DNS resolver to something you trust

- Use a paid VPN service (bonus points if it disables your internet when it's not connected to the VPN)

- Enable erasing data after several failed password attempts

- Disable notification previews on the lockscreen / when locked

- Disable Siri, control center, widgets, etc. on the lockscreen / when locked

- Disable Touch/Face ID when entering a risky location (airport, etc.)

- Disable location services, camera, microphone, etc. for every app you can

- Disable sending analytics to Apple and app developers

- Use a privacy conscious search engine (DuckDuckGo, StartPage)

- Install a good content blocker (1Blocker)

- Don't use apps like Facebook that violate your privacy

That's all I can think of for now.

[raverbashing]

VPNs are debatable. While it's true they're a better solution for open WiFi networks, remember you're simply changing who has access to your connection data

It's not so clear VPN providers, even paid ones have your best interests in mind

For higher levels of security, it would be better the VPN was controlled by yourself

[lkurusa]

I host my own VPN and it's great. Algo VPN [0] makes it dead simple, as well.

[0]: https://github.com/trailofbits/algo

[andrethegiant]

Any suggestions for hosting one on a raspberry pi?

[NickBusey]

https://gitlab.com/NickBusey/HomelabOS can do this easily. Here's a video tutorial for the pi specifically https://www.youtube.com/watch?v=Zy6Xfl5b5z4

[remarkEon]

Any recommendations for a VPN for mobile? Willing and able to set something up myself.

[sa1]

Disabling iMessage and JavaScript in Safari would also help, given the recent Project Zero exploits we’ve seen.

[Gaelan]

Disabling iMessage means texts go unencrypted. I'd say that for 99.9% of threat models, keeping it on is the right move.

[yoz-y]

> Disable sending analytics to Apple and app developers

While this makes obvious sense, iOS is pretty good and forcing logs to be anonymised. Also one can only log string literals so the developer can’t just leak sensitive data there.

This being said, I wonder if Apple can capture somebody making a function that would loop over some string and log it letter by letter.

[judge2020]

> (bonus points if it disables your internet when it's not connected to the VPN)

I believe that, unless the VPN specifically disables it, you can go to any VPN in settings-> VPN and enable "connect on demand" - the system will only send data if the VPN reports it's active. Apps can also request connect-on-demand themselves.

[godelmachine]

I tried using many content blockers (free ones) but not even a single one of them was able to prevent YouTube ads from playing.

Have you any suggestions here?

[SHAKEDECADE]

Use Adblock from futuremind. It cost less than a beer. It set’s up a local dns vpn so you can still use a VPN like nordvpn. You can then block any type IP or set up complex rules. I’ve been able to block youtube ads and all the other stuff on their page. I only see the video I go to. The only limiting thing is a 5000 url/ip limit and that I have to open up and restart the App once a day usually.

Also under experimental settings for safari, only enable

  disable web SQL

  block top level redirects from third party sites

and

  swap processes on cross site navigation

[godelmachine]

Thanks for sharing all the details.

Its quite cheap as compared to others, agreed, but I would like to still see if there are good free Adblockers.

[frio]

1Blocker X is brilliant. Use the YouTube website, not the app; content blocking only works inside Safari afaict (for instance, Firefox on iOS doesn't seem to benefit from the content blocker).

[godelmachine]

Thanks for this suggestion but I am looking for a free one :)

[frio]

So was I; in the end I had to cave as nothing was particularly good, sadly.

[dawnerd]

None of them are going to stop YouTube ads, that’s just not how the built in content blocker works. You might be able to with pinhole but setting that up on mobile is a world of fun...

[godelmachine]

May I ask whats meant by "pinhole" here?

Thanks

[jamesponddotco]

I am guessing he meant Pi-hole [1], a DNS blackhole for advertisement. You use it as your DNS server on iOS and it will block ads on any application.

There are also people running public instances around the web, like me [2], so you don’t have to install and manage your own.

You could also go with AdGuard DNS [3] or nextdns [4].

[1] https://pi-hole.net/

[2] E-mail me at root@jamespond.co for beta access

[3] https://adguard.com/en/adguard-dns/overview.html

[4] https://nextdns.io/

[Scarbutt]

- Change your DNS resolver to something you trust

Does that mean setting up your own DNS server that resolves directly to the root servers?

[mandeepj]

> - Disable Touch/Face ID when entering a risky location (airport, etc.)

Is it going to be a manual disable?

[geofft]

You can trigger Emergency SOS (aka "cop mode" - either to call them or to avoid them, tbh) by pressing the power button five times on iPhone 7 and below or holding side button + a volume button on iPhone 8 and up. Dismiss the prompt to call 911, and then your phone will be in a state where Touch ID / Face ID is disabled until you successfully use your passcode again.

It appears Wallet still works so you should still be able to get to boarding passes without unlocking the device.

[skinnymuch]

If you don’t use Safari will content blocker like your suggestion really matter?

[liquid9]

nailed it