password, Dustin Fontaine

My Personal Privacy Framework

We live in a data-centric world, with constant services vying for our attention (or subscriptions). We know that data is being collected and given to various affiliates or government agencies, and it can be mind boggling to try to keep up with it all. Some people on the other hand, don’t care or are convinced they cannot do anything about it.

Now I’m not entirely naïve to think that you can be completely private without foregoing cell phones, TV, and everything else that modern civilization has to offer. You can however, take steps to control your data and more or less have a say on who sees what, if at all. This is a happy medium to me, and I’ve taken it upon myself to perform all the steps I outline in this post. You can take what you like or leave it be, whatever is good for you. I’m going to briefly mention each item and link so you may need to conduct your own research on these items to learn more about them.

Big Item: The Mobile Phone

If you have an Android or iPhone – which you likely do – you are already at significant risk. Google and Apple collect data about basically everything you do on your phone. You can however, obtain an Android phone without the Google services. This will require a lot of research beforehand and ultimately there are two wants: 1, a very active development community and 2, a vendor that actively maintains updates (which in turn, incentivizes the community).

Typically I like to go for OnePlus phones, but I usually buy them used from Swappa. You can do some reading on your desired devices over at XDA to get an idea of how active the development is. You’ll then either want to flash one of the many roms you find there, or LineageOS. You can also opt for a Google Pixel (NOT VERIZON VARIANT), and install GrapheneOS.

At this point you’ll want the F-Droid Android store primarily but if there are certain proprietary apps you need to use, you can use Aurora Store to replace the Google Play Store – and you’ll likely want to install microG, which is an emulation of Google services. (Best to use the Magisk route then install the apk’s.

Of course there is still a certain amount of tracking just because you have to connect to cell towers in order to receive service and are subject to your agreement with that provider, so be aware of that. Of course if your ROM randomizes your MAC address that is one more thing to note.

Big Item: Email

Most big free providers (Google, Microsoft, Yahoo, AOL) will not encrypt your data and will likely read your emails to offer you advertisements *Ahem, Google*, but there are a few freemium options such as Protonmail and Tutanota that are zero-knowledge and have small mailbox sizes for free accounts you can try out. You can also use your own domain if you have one with their premium accounts so that is pretty cool. You can also self-host your own mail server.

One thing to note, business and enterprise Microsoft 365 are encrypted both in transit and at rest using Bitlocker – which TrueCrypt was retired in favor of. The cheapest option being M365 Business Basic at $6/month. It’s not entirely zero-knowledge, but it’s a happy “good enough” solution if you don’t want to build it.

Big Item: Cloud Storage

If you use the same big free provider for cloud that you do email, you’re subject to the same pitfalls. You can either self-host with Nextcloud or sync with Syncthing – or you can use a zero knowledge provider such as Sync or pCloud.

One thing to note, same as above, Onedrive for Business is encrypted in transit and at rest. Onedrive is included with most M365 plans.

Big Item: Password Manager

I’ve covered this in the past, but really if you don’t have one, get one. Don’t forget about delimiters in your logins if the service supports it, and set up MFA.

Other Items

Notes

Nextcloud has its own Notes app for basic notes and categorization. Joplin is a sync-able application that uses Markdown and supports nested folder structures. OneNote also makes a good contender and if you’re using Onedrive for Business it will be encrypted.

Youtube

You can actually still use Youtube, just use a FOSS app like Newpipe or Skytube as your app of choice. Then on the PC, use container tabs or private browsing.

Web Browser and Internet

Firefox, this is without a doubt the best – you can install the Container Tabs addon, which allows you to create containers to isolate cookies that various sites like to use to spy on your other activities. There is even one dedicated to Facebook. You could start by just categorizing things, not get too specific with every single website – banking, shopping, email, school are all good places to start. There is also always the option of private browsing.

You might also consider a VPN, however there is much debate on what providers are actually trusted. Some educated recommendations would be Mullad, ProtonVPN, IVPN, and Private Internet Access.

Maps and Navigation

Okay you got me here. There are plenty of other navigation apps such as Magic Earth and OSMand. For actual navigation they do pretty well, but if you are looking for food in the area or any other random thing you’d typically use G Maps for – you’re best off opening a private window and just using that. Or you can temporarily install the Maps application if you really must. Using MicroG, navigation does work, just don’t ever update it or sign in, or save your home address, etc.

Chat and Social

Okay so, if you MUST use Facebook and other platforms, there are apps that limit how much data is being shared while still providing basic functionality in F-Droid. I myself use Frost, which does a good job of letting me do everything I need – though I don’t use the calls and video chat functions, and they don’t work on this app. There are other types of services as well such as Mastadon, but good luck getting everyone you know on it – and those you have yet to meet. You can also try getting people on Signal or Telegram.

Conclusion

So that for the most part is how I live my life. Feel free to ask me of any specifics that are not covered here or if you are considering a service in particular (I may or may not have referral links).

I’m also going to plug two more sites for further reading:

Privacy Tools website

Awesome Privacy List

You Need A Password Manager

You may have heard of these newfangled things called password managers. Yes the hype is real and you don’t have to put everything in a notebook, spreadsheet, or array of sticky notes – which may or may not be subject to a horrific death in the event of a natural catastrophe. There is also something to be said for using the same passwords over and over or using easy to break passwords with some variant. Is your password on this list?

But which one to choose? There are plenty out there but the two I’m going to discuss today are Bitwarden and 1Password – mostly due to the fact that they are built on open source and are zero-knowledge (the data is encrypted in transit so they can’t actually see your content). Bitwarden has a free tier versus 1Password which has a two-week trial. They are both going to have browser plugins, mobile apps and desktop applications to make filling in information super easy. If you use a spreadsheet currently, it will likely be super simple to re-format it a bit for import. Post-Its are going to take a bit more time.

You can use it on your own or upgrade to a family/team account. Bitwarden uses Collections, whereas 1Password uses Vaults. The two work pretty much the same way in that you create an object and grant certain members of the account permissions.

To break it down, here would be a good example of how a family account might be managed:

Personal Vault – This is independent to each user and only visible by them.
Shared Family Vault – This might have universally shared items such as wifi passwords, streaming accounts, etc.
Shared Parents Vault – This has items that should be shared with parents and not the kiddos, such as bank logins.
Work Vault – The various logins to your portals for work, nice and tidy and separated from your other content.

I personally like the way 1Password makes the vaults appear more independent from each other so that was the route I went and have been using it for several years at this point. Bitwarden’s collections fundamentally function the same way, they just appear as another root folder. You would delegate access using the same concepts as above.

Of course my goal here isn’t to sell you on a particular brand of password managers, what’s much more important is that you use one, period. The two I discuss are the ones that I have more experience with so I can elaborate on how they function more. Other popular password managers include: Dashlane, Lastpass, Roboform.

Words Of Wisdom

If your master password in the manager is easy to break into, you’ve not done really any good. Instead of using a password for your password manager’s master password, I recommend using a passphrase which, as you may have guessed, is a phrase rather than a word. This makes it exponentially harder to break into and will more likely be easier to remember. Hear me out – Instead of trying to remember 53!P@ssw0rd$@@ which is not very strong, try remembering Somebody once told me, the world is gonna roll me! I’m sure you heard that song in your head just now – and it’s WAY more secure and more fun to type! You can see how difficult your passwords are here, so go ahead test your current ultra-complex password against your favorite song verse or movie line.

Just remember it because zero-knowledge means they can’t get you back into your account! Be sure to write it or print it out and put it somewhere actually safe, like a safe. I know, writing passwords is a known bad idea but you should have this one accessible in case you do forget it, just be sure it is somewhere that is difficult or impossible to access by others. 1Password has a fancy Emergency Kit but simply writing it will do.

But regardless of which route you take, just take a route. In the words of Shia LaBeouf, DO IT!