Basic privacy adjustments on laptop and phone for beginners

A list of apps and services

Note: Following content is nothing complicated. Apps and approach mentioned below is NOT an over-kill. It is kind of mixture to be able to keep productivity and gain some privacy. Some services below are enhancing your security too.

Important to differentiate between security and privacy. It is not the same. An example: Google might provide you with a good security when all steps are correctly applied however that does not implicate that you have a good privacy. You are the product in google services and your privacy is very low.

I want to focus on couple of steps and apps and you don’t need to be an expert.

It is important to mention that privacy is not black and white. As always it is a scale. More private and anonymous you are trying to be it becomes less user friendly and becomes pain in daily use. Plus you need to understand well what you are doing.

Following steps are for beginners. With these simple steps and apps you can get much better privacy and still your knowledge doesn’t need to be profound.

I might focus on some anonymity set-ups more in details in the future, but that is not the case for this article. You can read a great article on security scenarios from EFF.

Let’s dive in:

BASIC HOUSEKEEPING

1. Dump Google and such. I know, many of you will probably say that it is not possible. You should think this twice, but if you can’t dump google

   services then at least do these steps:

   1. Disable all tracking in google account (settings)

   2. Don’t install google drive on your computer - it has access to your file system. Note: Google drive is encrypted on the server only -> google has keys, can access your information → do not store sensitive data in google drive.

   3. Free commercial service means that you are the product
      Your data will not be private, you will be logged, metadata might be sold to third parties.

2. Securing access to services

   1. Unique password generated from password manager

   2. Strong Master password for key items (phone, laptop, password manager, encrypted files…). Don’t reuse Master passwords.

   3. Backup password manager in encrypted form in case you loose access. More on this in future articles.

   4. Use TOTP everywhere. Dump sms2FA when possible (sim card swap attack)

   5. Don’t save passwords in browsers

   6. Use HTTPS everywhere

   7. Use VPN everywhere. Access public wifi always with VPN or Tor

3. Social medias risks

   

   1. Google - Youtube and whole google environment is harvesting your data. Be aware of that.

   2. META - FB, Whatsapp, Messenger, IG . Harvesting your data. Data are not yours. WhatsApp is e2e encrypted but it is not open source. Rather switch to other services that are e2e encrypted and open-source.

   3. Dump TikTok - mass surveillence with high probability.

   4. Telegram - malware, not e2e encrypted.

4. What to do if you want to keep social media platforms?

   1. 2FA everywhere

   2. Take all shared content as public and that can be used against you. You will never manage to get rid of the content in the future with 100% success rate.

   3. Don’t give apps access to all photos, they can use it. Give only access to “selected photos” in settings.

5. Mobile privacy adjustments

   1. Notification preview on locked screen -> disable. Only when unlocked

   2. Disable Siri or similar “helpers” if possible - all data being sent to provider to process it

   3. Location - disable where possible (only while using app otherwise you are being tracked everywhere). If having new iphone with U1 chip, disable U1 chip in settings otherwise your location will be tracked.

   4. Backups icloud on iphone - turn on iCloud e2e encryption, but don’t backup sensitive data because it is not open-source. You cannot fully trust apple.

   5. Android - if you are running Android phone, switch to Google Pixel and install GrapheneOS - great privacy oriented OS, sandboxing every single app.

   6. Get rid of clutter

   7. Delete unnecessary apps

   8. Give only necessary permissions

   9. Compartmentalize - have dedicated devices to certain types of work and compartmentalize within devices too.

MUST HAVE APPS

1. Password managers:

   1. Bitwarden - Opensource, free

   2. KeePass - opensource, free

2. VPNs

   1. Mullvad - Opensource, Anonymous (payment with bitcoin, monero), no email needded, no logs

   2. Proton - Good choice as whole package with email, cloud, calendar, etc.., Many servers, no logs, possible pay in crypto, Email needed

   3. IVPN - no logs, opensource, no email, no data stored, pay in BTC, lightning, Monero

3. Anon networks

   1. Orbot - free proxy app, uses Tor to encrypt your Internet traffic

4. E-mail

   1. Protonmail - Secure, e2e encrypted for all proton mail emails, PGP signature for other emails, Non-pgp users can use passfrase, bitcoin payment possible, Easy switch from google - transfer inplemented
      Paid version - more space, simple login, Jurisdiction: Switzerland
      some contacts details are not e2e encrypted (as of now)
      

   2. Tutanota - Worse UX compared to protonmail, e2e encrypted, not using apple and google servers for notifications, not using PGP but own cryptography, can be paid in bitcoin, Jurisdiction: Germany

5. Messengers

   1. Signal - Network effect, E2e encrypted, no data collection except contact info - phone number (you can register to different anon. phone number), Open source, Forward secrecy, keys on the device, No logs, Self destructing messages
      

   2. Sessions - similar to Signal but less network effect compared to signal. No phone number, anonymous.

   3. SimpleX - decentralized, E2EE, incognito mode, no users ID. Overall fantastic messenger.

6. Two factor authenticators

   It is good to have second authenticator on another device. Don’t use TOTP within the password manager because the result is that you are eliminating that second step if your password manager becomes compromised. Have it separeted. And turn on TOTP (or other second step verification such as Yubikey) everywhere you can. I suggest to have encrypted backup from TOTP codes in case your 2FA device will be lost or stolen (more on this in future articles).

   1. iOS - OTP AUTH

   2. Android - AUTHY or FreeOTP

7. Browsers

   1. Hardened Firefox - More on this topic in separate article as this gets pretty complex.

      Basic rules: less extensions = more privacy. Many extensions are bad for privacy.

      Install these: HTTPS everywhere, Privacy Badger, Multi-accounts containers, Ublock origin

   2. Mullvad browser

   3. Tor browser

   4. Chromium

8. Cloud

   1. Proton Drive cloud - E2EE, don’t need to run own server on own hardware

   2. NextCloud - E2EE, open-source, private cloud, running on own hardware

9. Search Engines

   1. DuckDuckgo

   2. Startpage

   3. Mullvad Leta

10. Firewall

    1. Little Snitch - create own rules what can or cannot connect to internet. A must to have.

    2. NetGuard - version for Android

11. Notes

    1. StandardNotes - E2EE, open-source

12. Hide my email

    1. SimpleLogin - opensource

13. Privacy payment wallets

    1. Phoenix - bitcoin lightning wallet, open-source, non-custodial, cheap immediate payments, great UX

    2. Breez - bitcoin lightning wallet, open-source, non-custodial, cheap immediate payments, higher privacy due to constructing the payment route on the device.

    3. Trezor - onchain hardware wallet (many currencies, such as bitcoin, monero). Fully open-source, non-custodial. Great for bigger amounts

    4. Zeus - operate your own bitcoin node from your phone. Great and simple experience to access your node from mobile device.

    5. Incognito wallet - easy simple private swaps

GOOD TO HAVE APPS

1. Malware scan

   1. Malwarebytes

2. Bluetooth communication app

   1. Bridgefy - free messaging app that works without the Internet

3. Anonymous phone number service

   1. Hushed - there is a way to pay for the service in BTC. Great to purchase Life-time number.

4. Offline maps

   1. Maps.me - openstreetmaps, no tracking

5. Breach security scan

   1. Jumbo

6. PGP encryption in simple way

   1. PGPRO

7. Transcriptions for iOS

   1. Hello Transcribe - all done locally on device. Private, offline

WRAP

• Eliminate META, GOOGL, etc, harvesting your data - be aware that what you share even in private is not private

• Many extensions in browsers might be trackers or malware

• Have strong passwords and unique for each service

• Use password manager with strong master password

• Use 2FA TOTP or Yubikey - don’t forget to backup

• Don’t use excel sheets for anything important - no passwords, no private information. Instead use password manager and for notes use E2EE service such as Standard Notes.

• Email by design is not encrypted. Have that in mind. Options: You can use encrypted emails (PROTON to PROTON), you can use PGP and encrypt any email (a bit nerdy for beginners)

• Use secure communication platform such as signal, session

• Share files via end-to-end encrypted way (signal, session, standardnotes). You can even share files with yourself in this e2ee manner.

• Phone calls are not encrypted and are stored at mobile provider data centers, same for SMS. Minimize using them for anything private. Also have in mind that mobile provider is tracking you based on triangulation. More on this and how to mitigate this in future articles.

• Dictation (in some cases) is not private, using cloud computing GOOGL, APPLE to transcript voice into message —> they need to know what is being said.

• It is always tradeoff between productivity and privacy. Many apps help with productivity but totally expose your content. Depends on every person to think about threat model and what makes sense to apply and what is too much.

• All apps and approaches mentioned here are not decreasing productivity and everybody can apply them. Your privacy will move to the right on the privacy scale when applying them.

I will try to continue in this topic in other future articles with some tips on privacy, security, anonymity.

Let me know what you like, test it, let me know if you use something else and have experience with.

Jan

---

Did it help or do you like it? You can send some sats to stallion@walletofsatoshi.com or to bitcoin lightning LNURL: lnurl1dp68gurn8ghj7ampd3kx2ar0veekzar0wd5xjtnrdakj7tnhv4kxctttdehhwm30d3h82unvwqhhxarpd3kxjmmwavy8ja

---

you can scan the QR code with your wallet if you want to send me a tip

---