1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
#+date: <2025-10-03 Fri 4:23:00>
#+title: My Privacy Toolkit
#+description: Learn about the tools I use to keep my life private and data secure.
#+slug: privacy-toolkit
* VPN
I use a few different VPNs for different purposes. For general use, I use
[[https://mullvad.net/en][Mullvad]] due to its private account creation process, support for private payment
options, and rock solid consistency. This is by far the most stable and
high-speed VPN I have used over the last ~10 years.
I also use [[https://njal.la/vpn/][Njalla]] whenever I need to use a service where Mullvad is blocked. I
have found that the Njalla IP I was provisioned is not blocked anywhere, so it's
useful for software that seemingly has blocked all major VPN providers. There is
no client, but they provide OpenVPN and Wireguard support.
Finally, I use [[https://airvpn.org/][AirVPN]] on my server's torrent service due to its support for port
forwarding. I don't use it for any other purpose, but it works great with
Transmission via Docker.
* DNS
Using a VPN on every single device is not possible. For all of the other items
on my network (IoT, Apple TVs, etc.), I enforce [[https://nextdns.io/][NextDNS]] via the [[https://github.com/nextdns/nextdns/wiki/UnifiOS][UnifiOS script]]
they provide. This lets me control the DNS on my network, avoid the ISP's
default DNS, and enforce blocklists at a LAN level for my home network.
* Data Removal
I use [[https://www.easyoptouts.com/][Easy Opt Outs]] due to its low price of $20 per year. There are other
options that promise more utility, but I find that this service is adequate.
Using this has dramatically reduced the spammy, "<person> info here" results on
web searches.
Regardless, it's a low price to pay to make sure public information is not used
against you and reduces the surface of information available via low-effort
searches.
* Passwords
I use [[https://bitwarden.com/][Bitwarden]] due to its use-friendly interface, which is important to the
people I share secrets with. Bitwarden allows for seamless username and password
generation, multi-device syncing via its own provided service, built-in password
strength and duplicate analysis, wide range of device support, and general UI
(after its recent UI refresh).
If I were only keeping passwords for myself and didn't need to support
non-technical users, I would strongly prefer [[https://keepassxc.org/][KeePassXC]]. This would allow me to
use Syncthing or another personal syncing solution that would avoid a
centralized server that controls my passwords and authentication to access the
passwords.
* MFA
I use iOS, which is limited in options for great MFA apps. If you use Android,
just use [[https://getaegis.app/][Aegis]].
For iOS, I currently use [[https://bitwarden.com/products/authenticator/][Bitwarden Authenticator]], which is a different app from
Bitwarden. You can use this /without/ linking it to a Bitwarden account and use it
as a standalone app, if you're not a fan of storing your passwords and MFA
methods in the same location. If you don't care, you can just use the MFA fields
within Bitwarden itself.
The other options on iOS really aren't worth discussing, so I'll leave it here.
* Communications
For private instant communications, I use [[https://signal.org/][Signal]]. This is currently the gold
standard for private direct messages. It is centralized, but it is very stable,
provides forward secrecy for messages, and has a proven track record of not
spilling data.
If we talk about other communication channels, I usually opt for emails
encrypted with [[https://gnupg.org/][GPG (PGP)]]. This isn't the best solution, but it does provide a
trustworthy encryption method if you need to use email.
I am not a fan of the current landscape of private messaging apps outside of
Signal (Matrix, Session, etc.), so I'll leave my thoughts here with Signal and
PGP.
Want real privacy? Talk to someone in person when possible.
* Browser Extensions
** Firefox (Desktop)
[[https://ublockorigin.com/][uBlock Origin]] is a no-brainer. This add-on provides domain-level blocking for
resources, allowing you to block or allow specific domains, scripts, styles, and
more with a click.
If you prefer to avoid mainstream websites and browse via alternative
front-ends, I suggest using [[https://libredirect.github.io/][LibRedirect]]. You can configure this add-on to
automatically redirect your requests to privacy-respecting alternatives.
** Safari (iOS)
Since uBlock Origin doesn't work on Safari, I opt for [[https://apps.apple.com/us/app/ublock-origin-lite/id6745342698?platform=iphone][uBlock Origin Lite]], which
is a decent alternative.
Similar to LibRedirect, I use [[https://apps.apple.com/us/app/privacy-redirect/id1578144015][Privacy Redirect]] on iOS to redirect websites to
private alternative front-ends.
* Payments
If you're just trying to avoid your bank collecting and using information about
your purchases, you can try something like [[https://www.privacy.com/][Privacy.com]], which lets you mask the
purchase information from your bank.
If you're paying in person, I vote for paying with cash. Withdraw a certain
amount per paycheck and use for all in-person payments, whenever possible.
|
