[Jah6Aihe]

Here is what I do myself to avoid surveillance culture, in case anyone find it useful.

1. I always use local apps rather than webservices if possible. I use only free software, built from source, to be sure there's no tracker in it (I would love to find a way to whitelist which apps can access the network, but I haven't found a way for that yet). There's almost always a way to perform a task locally.

2. I have a copy of wikipedia, using kiwix (through kiwix-serve). My default search engine is my local wikipedia's one. It's insane the amount of answers you can get to common questions simply with a local copy of wikipedia

3. I always install documentation for the libraries I download. I have `go doc` running locally, always install ruby gems with ri and rdoc, set the gentoo's `doc` use flag to have C libraries documentation locally. Most of the time, there's just no need to go to the web for API documentation.

4. I made myself a rss client similar to rss2mail that will fetch rss feeds and mail items to me. When sending a mail, the rss client makes a http request to the full article url and add it to the mail as attachment. Then I read my content in mutt, having lynx dumping the html content as plain text (through `lynx -dump`). So I read all the content offline, and nobody can tell what I read. I have my own smtp server so that I disclose the least information possible.

5. when I have to use the web, this is first through a text browser through tor (I use a modified version of elinks, but I guess lynx would do just as well). This makes sure I only download the html page I want to look at, while running the least possible tracking stuff.

6. when it's not enough, I have a chromium build, in which I have disabled javascript and images by default. I use chromium rather than firefox because it allows me to load extensions from sources. I have such extensions to enable javascript and images if needed, but this is the ultimate recourse.

7. I use my own local dns resolver. I don't know why people don't do that more, it's actually really simple. bind9 resolver works out of the box, you just install bind9, change /etc/resolv.conf to point to 127.0.0.1, and that's it.

8. if I post online (like now), I make a different account every time I post, using always a different email address. This allows to prevent profiling from public posts.

9. and of course, I'm actively researching everything related to the p2p web, like dat, ssb and cabal.

So basically, I took the red pill.

[sparkie]

> 5. when I have to use the web, this is first through a text browser through tor (I use a modified version of elinks, but I guess lynx would do just as well). This makes sure I only download the html page I want to look at, while running the least possible tracking stuff.

> 6. when it's not enough, I have a chromium build, in which I have disabled javascript and images by default. I use chromium rather than firefox because it allows me to load extensions from sources. I have such extensions to enable javascript and images if needed, but this is the ultimate recourse.

Your browser fingerprints are probably so unique that you stick out like a sore thumb and data aggregated from exit nodes could probably be correlated to you. It might just be better to use the Tor Browser with NoScript enabled, where you at least look the same as every other user of it (assuming you don't customize the browser and leave the defaults).

> 8. if I post online (like now), I make a different account every time I post, using always a different email address.

This is a PITA, with many of the email providers now wanting your phone number or they ban the account.

[Ancalagon]

Props to you for being so privacy-minded. I'd like to have such foresight but these habits seem so time-consuming I think I'd rather just not use the web again.

[ta17711771]

They're not that time consuming.

Compare it to knitting. It might take a few days to get good, or a few weeks to get great at it.

But after that? It's second-nature.

[maerF0x0]

> I use only free software, built from source, to be sure there's no tracker in it

https://arxiv.org/abs/2005.09535

How do you plan to mitigate ^^ ?

[ancarda]

And this is why I gave up some time ago when it comes to privacy/security. It just became exhausting to keep up with all the vulnerabilities.

But of course, giving up isn't the solution. So now I am working on it again...

[ancarda]

>7. I use my own local dns resolver.

Does that provide a usable amount of privacy? It doesn't seem like it would given your local BIND instance would have to talk to DNS servers on the Internet -- over plaintext -- and so would reveal your lookups anyway. I never bothered with a local DNS stack because I felt it wasn't worth the effort. Can someone say if I've missed something?

Caching / performance seems like the only real benefit to me.

------------

EDIT: >4. I made myself a rss client similar to rss2mail

By the way, is this open source? I wonder if you could document some of your setup along with guides / links to software you use in case others are wanting to adopt some of your techniques?

I really am a bit impressed and would like to try some of these!

[parliament32]

The privacy benefit is there's no centralized logs. If you're using your ISP's / CF's / Google's resolvers[1], there's a single place the bad guys have to log to get all of your DNS requests. Locally, your resolver talks to each authoritative server in the chain independently.. to find out who you're talking to, it's not a matter of just requesting logs anymore, they'd have to actively tap your connection and sniff traffic on DNS ports.

[1]Someone will start shouting about how 8.8.8.8/1.1.1.1 doesn't store logs. Yes they do[2][3]. They store full logs for "24 to 48 hours", so the bad guys can happily request your DNS logs (without a warrant now), as long as they request them once a day for the previous day.

[2]https://developers.google.com/speed/public-dns/privacy

[3]https://www.cloudflare.com/learning/dns/what-is-1.1.1.1/

[goatinaboat]

I would love to find a way to whitelist which apps can access the network, but I haven't found a way for that yet

Ironically this is very easy on W10 and OSX. But you can do it on Linux with AppArmor.

[ancarda]

Wait how is this easy on macOS? Do you mean with Little Snitch? Or is there something built into the OS?

[0fcf8d3559a64c]

I don't suppose you have any pointers on how to make that a reality in Ubuntu/Debian? I too would be very interested in being able to configure whitelist only network connections.

[rmrfstar]

The linux desktop security model is severely broken [1]. Just use Qubes if you want to control access to resources without losing your mind.

[1] https://forums.whonix.org/t/fixing-the-desktop-linux-securit...

[goatinaboat]

The concept is called a full system policy https://gitlab.com/apparmor/apparmor/-/wikis/FullSystemPolic...

[Jkiamalwayshere]

I am really curious how did you setup your browser to have kiwix be your default search engine? I tried ages ago to setup wikipedia to be a proxy so that anytime I visit wikipedia it will redirect to kiwix running wikipedia on my localhost.

Is it possible to have kiwix be default search engine in firefox?

[LaurentMonin]

You can be identified by the wall-of-text you just wrote [you switched recently from arch to gentoo...]

[fsflover]

I wonder which OS you are using. I would definitely recommend Qubes OS from what you wrote.

[tsukurimashou]

He uses TempleOS of course

[zuppy]

Was that the guy that often posted crazy things around here? Haven't seen him for a while, I remember he was always shadow banned. Sad story, though, according to Wikipedia he died in august 2018. May he rest in peace.