I am trying to re-adjust how much effort I want to put into privacy concerns. Too much stuff I’m using isn’t working properly or using a lot of my mental resources that I need elsewhere.
For (a bad) example: I recently performed a half-switch from my self-hosted Nextcloud instance to ProtonDrive, in the hope that it would spare me the stress to maintain my private Nextcloud. Unfortunately, it doesn’t, as basic functionality like cross-device-sync is not possible (there isn’t even a client app for Linux, as of yet).
This brings me to the question: have you found any services/apps/stuff that significantly eases your life while still being privacy friendly? I know, this is a broad question, but I think this is for the best as this thread then maybe even has use for other users.
- uBlock Origin saves time and resources
- This is a classic one, but with Mullvad VPN I can pretend to be in any country. When combined with Tailscale, it becomes really OP. With Tailscale, I have a secure, flat network, which allows me to access all my devices from anywhere. Things like LocalSend, KDE connect or other apps that normally require all devices to be in a LAN also work over Tailscale.
- A DNS filter doesn’t just help with protecting your privacy, you can also use it to block/restrict distracting websites that you spend too much time on. NextDNS for example lets me restrict social media websites to only work on certain times of the day.
- Private frontends like Invidious and Piped for YouTube, Redlib for Reddit, SafeTwitch for Twitch (RIP Nitter, Libreddit and Teddit)
- LibRedirect automatically redirects sites like YouTube, Twitch, Reddit and many more to privacy frontends
- Alternative desktop/mobile clients for YouTube and Twitch. For YouTube, FreeTube on desktop, LibreTube/Tubular on Android, Yattee with this guide on iOS, Xtra for Twitch on Android. These all block ads or any other annoyances.
- GrapheneOS makes my life easier in many ways, but I specifically want to mention this one. Since GrapheneOS uses per-connection MAC address randomization by default, I can simply reconnect to a wifi network that wants to restrict my usage. This is so useful on trains/airplanes.
- UnifiedPush/ntfy allows me to send notifications from my server to my phone. For example it notifies me if one of my self-hosted services goes down (through Uptime Kuma), but I can also use this for Signal notifications through the Molly client for Signal (which also improves security and adds a few other cool things).
Ntfy - no more google reading notifications
Jellyfin - media served without questionable Plex account
Arch - on so many levels allows me a private computing experience
Posteo - simple but efficient email service
Resilio sync - cloudless syncingNTFY looks intriguing.
If I’m reading the description properly, it uses an HTTP server as the middleman for the notifications?
Pretty
neatnifty idea. (Yea, had to come back and edit because I missed a great opportunity).It’s based on unifiedpush standard https://unifiedpush.org/. So a central notification middleman like google firebase for all your apps (that support it). There’s messengers like mercurygram, fluffychat, Molly that support it and you can also send notifications yourself via a simple curl command.
Two I use a lot daily are KeePass 2 in various versions, computer as well as tablet. I used KeePass “original” 1 for years, but moved to 2/XC/DX. Occasionally also used for storing notes and not just passwords.
My notetaker, all hands down, though. Joplin, with encryption activated, the file stored for syncing on my privacy oriented community’s encrypted NextCloud. I am an avid notetaker, both digital and analogue, and Joplin really fits my needs.
OK, third, honourable mention: Veracrypt
I’ve found Syncthing a better way to handle file sync than NextCloud. Much more set and forget and not a single point of failure. It also syncs a notes directory in flat .md format, so anything can edit them, in a simple directory hierarchy.
SyncThing is great for encrypted, serverless, bidirectional sync, preferably with small folders… But unfortunately really eats up a lot of battery.
I’m still waiting for some company to figure out E2EE syncing with the quality of Google Drive (mobile and desktop integration built in). Proton is close, but they fumble reliable integration.
I’ve used it for years, across multiple devices, syncing 100gb. My average daily sync is probably 20gb.
It’s been surprisingly good on battery - currently using 0.9% average. It’s never been a significant battery hog for me.
I currently have 28 sync jobs (folders) on my phone, ranging from a few MB to 20gb, from a few files to 1200 files. Most only sync over wifi, but my DCIM folder (one of the larger ones) is over any connection.
Apps like Foldersync are much heavier on battery for me. Resilio is terrible for me (and it’s also a memory hog because I have some large folders).
Maybe you have a stuck file that’s causing it to hang. May be worth pausing all but one job, see if that affects battery. Then work though them.
Also, check out Syncthing-Fork, it has finer controls over individual sync jobs. For example, I let photos sync over any connection and on battery, but my media (music/video) only on wifi and while charging.
Between all these replies, I have to say I’m a little jealous. And I might have to look into making a SyncThing dedicated “server” on my home network using YunoHost, a thing that (IIRC) wouldn’t require exposing to the Internet because SyncThing will also happily run across volunteer-run relays.
By any chance, have you had any success with a unidirectional sync between your phone and your computer, where it’s possible to delete old photos on your phone to save space without worrying about them being deleted on the computer side? (This issue really only crops up for me when I’m already far away from a computer, BTW.)
By default, the built in Photos sync job works as you describe. It essentially just has the “Backup” flag set (send, ignore remote deletes set on both ends). Even manually configuring that (send/no delete) in a job works fine for me.
I don’t use that job because I like to use my computer to manage photos (all files really) on my phone. So I have numerous 2-way jobs, so I can move files around on my server, and those changes get reflected back to the phone. (There are a couple send-only jobs for other things).
My storage has a folder structure for users that reflects the folder structure on a phone:
Users/<UserName>/Phone
SD_Internal
SD_External
The sync jobs then keep those folders in sync in their respective phone structure. Makes it easier to manage a phone, especially when I switch phones, just export the config from the old phone, install ST, import the config, and my files all come back.
I also configure versioning on each folder based on what it does. Most folders have no versioning, important stuff gets a 30 day trash can (for example, on my “server”, for photos).
I currently run SyncTrayzor on a Windows desktop that’s always on, so any pics I take with my phone get synced nearly instantly. I’m currently moving ST to a Linux Container on a new Proxmox server. There’s a container available from Turnkey (think it’s turnkeylinux.org)
Bitwarden, Aegis (2FA app for Android), Syncthing are probably the most impactful
Bitwarden, PiHole, Proton Pass/VPN/Drive, BlueWallet to name a few
Mobile Fennec (or pick your poison for any Firefox fork) has made browsing overall much better. Between ad blocking, Enhanced Tracking Protection and a paywall-bypassing extension, browsing is overall less tedious than a comparable Chromelike.
Mobile Fennec (or pick your poison for any Firefox fork)…
I can’t get behind Android Firefox/Gecko-based due to their lack of security:
Avoid Gecko-based browsers like Firefox as they’re currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn’t have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox’s sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole. The sandbox has been gradually improving on the desktop but it isn’t happening for their Android browser yet.
I’ve used Firefox mobile for a while now and I’ve had zero issues. The attack surface may be “much more,” but that doesn’t mean that it’s completely open to hackers.
Plus let’s be real: Gecko-based browsers are, what, 1% of the browser market? Guess which browser is the most targeted by malicious actors? Not the one having 1% of the market, that’s for sure.
Gecko-based browsers are, what, 1% of the browser market?
Last I checked, Firefox was close to 3%, but you right, still not a large number.
Guess which browser is the most targeted by malicious actors? Not the one having 1% of the market, that’s for sure.
It doesn’t have to attract the most attackers, especially if it is notoriously weak. You shouldn’t choose software that is easier to exploit simply because it’s more obscure. Do you also choose weaker encryption algorithms because no one uses them? I sure hope not.
And your comment would probably ring a little more true, except we just had the xz debacle, and guess how much Linux has of a market share? Probably close to Firefox’s, both in the single digits.
No, I use Firefox because it’s an excellent browser. It doesn’t fit GrapheneOS’s security requirements, but then, I’m not too concerned, because it’s quite secure regardless. Even to the point in which it’s more annoying than Chrome for certain things (like HTST.) You’re trying to paint Firefox as “easy to exploit” when that’s not true. Easier doesn’t mean easy. The Kremlin might be easier to sneak into than the Pentagon. But that doesn’t mean it’s easy. Hell, Tor uses it to build its Tor browser. They could very well use Chromium for that.
guess how much Linux has of a market share?
You’re probably referring to desktop Linux. Linux is used in billions of devices all over the world, and it reigns in the server space. So, no. Not “in the single digits” usage.
NC isnt perfect imo but its like having an open source car or house. Its not emergency ready like no downtime, no bugs, no issues but it will do 95% uptime if configured correctly and its is insanely versatile. I cant imagine any other app being this versatile. You can check my setup if you want.
What’s NC? Got a link?
Edit: Ah, NextCloud, I’m assuming…
NewPipe is a killer app I would say, with nearly Youtube Red level functionality in something that’s free and OSS. A bit afield from privacy, but you do get to access youtube stuff without logging in.
From what I understand, NewPipe has been abandoned and someone else forked it to Tubular which includes SponsorBlock.
From what I understand, NewPipe has been abandoned…
That’s completely incorrect. From NewPipe’s Github:
We are planning to rewrite large chunks of the codebase, to bring about a new, modern and stable NewPipe. Please do not open pull requests for new features now, only bugfix PRs will be accepted.
…and someone else forked it to Tubular which includes SponsorBlock.
polymorphicshade “stopped” development on their fork of NewPipe, which included SponsorBlock (because NewPipe did not want to include it) and started working on their rewrite of their own fork and/or NewPipe, which is now Tubular.
Monero. No more fighting with banks locking me out of my accounts or blocking my transactions.
Monero ftw! Limitless Peace
Nextcloud all the way. I especially love the calendar, contacts and notes integrations besides the file sync, and it’s extensibility in general. Such a powerful tool.
I love my Nextcloud instance, too. Zero problems in the past 4 years. I don’t run many extensions on it, though. The mobile app works great as well.
Trillium plus its sync server in a VM is my goto for notes. Mobile isn’t a problem (I usually drops everything into my notes app, then expand on it when I’m in front of a full keyboard at home).
Not sure how I could get through my day without either of these two.
Apple
It seems to get derided a lot here, but none of your data is harvested and tied to you or sold. It’s aggregated and anonymised if it’s sent off device, and I stopped using Proton drive when you could finally encrypt iCloud storage. I even use their email as default now since it’s not reading my messages and selling my info like outlook started doing.
I was considering to switch to apple for this reason, but I’ve read that in terms of privacy, there’s no significant difference between a Pixel Android with Stock OS and an iPhone. This made me hesitant. I really just want things to go smooth and hasslefree without being spied on and coerced… Do you, by chance, have any reading material on the privacy of apple services I could read up on?
Apple really doesn’t advertise. The data never leaves apple. Everyone else sells your information.
“Apple… is the most privacy-conscious firm out there. Apple only stores the information that is necessary to maintain users’ accounts. This is because their website is not… reliant on advertising revenue. “
Source: https://9to5mac.com/2022/08/25/apple-collect-less-data-than-other-companies/
