My Process in privacy(open for suggestions)
7d 7h ago by lemmy.ml/u/Engine606 in privacy@lemmy.ml from lemmy.ml
Note: This setup is both for my android and pc Edit: For those recommending paid services and selfhosting, I don't have the money nor resources for either. Also it seams some people are confusing my android setup with my PC setup so I'll write it down. Android: Brave(movies) + Ironfox, Search: Brave + DDG, VPN: Proton ( not always on), GPay = Cash, Auth= Aegis Auth, Pass: KeepassDX, PC: Firefox= Librewolf, VPN = No VPN (VERY slow internet), Search: Searxng + DDG, Pass: KeepassXC,
Would switch Organic Maps to its fork CoMaps. (See: this open letter)
And I would never recommend Brave as the first choice; it's run by a shady corporation and reinforces Chromium's hegemony.
I think it'd also be reasonable to add ProtonMail to email and Mullvad to VPN since you can have multiple.
How about OsmAnd? Is that still a decent project without world domination plans? I actually have CoMaps as well, but have sort of stuck to using OsmAnd.
Yeah, OsmAnd is really good; it's what I use as my daily driver. CoMaps/Organic to me feel too limited, but some people may like that.
(I use Vespucci for editing on Android.)
Its installed in my android head unit in my car, and it just works, and there's a lot (and I mean a lot) of stuff it can do, so I really enjoy it as my daily driver (ha! Get it?) in my car.
Excellent. Ty for the open letter too. I hadn't gotten around to understanding why there was a fallout, but now I know.
Except OsmAnd hiding functionality behind a cloud with paywall.
Try the OsmAnd open-source version, which has all the OsmAnd+ features unlocked for free: https://f-droid.org/packages/net.osmand.plus/
So this version gets all the paid cloud features, too?
No, only the OsmAnd Start cloud features.
It syncs Favourites, Settings and OSM edits/notes
https://osmand.net/docs/user/personal/osmand-cloud/#osmand-start
I'm not sure if I know all of the paid cloud features in the current version (and I don't really want to download it). You can download unlimited maps, which made me switch back in the days.
No Android Auto support unfortunately
I think OsmAnd is great, but I personally prefer the cleaner feel of CoMaps. Just preference.
Something I'd suggest if OsmAnd feels too cluttered for you is to change the settings; OsmAnd lets you change a lot, but one of the ones I do is to change "Map Style" to Osm-Carto.
Carto, for context, is the vector map that you'd find by going to the OSM website. Much cleaner color scheme, imo.
My problem with OsmAnd is that it's so very slow. Like, you zoom in and it takes seconds to display the map.
"Takes seconds" seems like a strange experience. I remember OsmAnd years ago performed like that for me – clearly, painfully loading in the individual tiles. But nowdays, it smoothly transitions between LoD and has no problem smoothly scrubbing over e.g. a major city.
I'm using offline vector maps, for context.
Edit: Trying online tiles again, I'm assuming your problem can be resolved by switching to offline. You can have the offline data update automatically such that you don't have to worry about it. CoMaps and Organic only use offline maps, which is why they're similarly snappy to offline OsmAnd.
This is under Configure Map > Map Source, and you only need to download for the region (usually e.g. a province) that you're using.
Sadly that's not it, I was using offline maps.
I'm not entirely sure what's the exact issue, but it only really occurs when trying to change LoD quickly. E.g. clicking on an inter-city bus route and zooming out to see it in its entirety or zooming back in. From 10 km to 500 m can take 3-4 seconds which is enough to feel sluggish if you're doing it often.
Probably not the most popular use case but it can get frustrating after a while nonetheless
Not everyone uses a powerful smartphone.
«Works for me» is seldom a good advice. OsmAnd is perfect on my Google Pixel 4a (2020), but can't run decently on my father's Sony Xperia L3 (2019).
«Works for me» is seldom a good advice.
That wasn't the advice; the advice was "try offline tiles and see if that helps." In their case, it didn't, but it's just covering arguably the most likely potential cause. The fact it wasn't their problem doesn't mean it wasn't worth asking.
Tried it out, but since I was so used to the standard OsmAnd style it just felt wrong some way.
It really like how OsmAnd allows for so much customization e.g. in map styles
dont use brave
Thoughts on Vivaldi?
Still a proprietary black box you shouldn't trust and chromium based so you reinforce the chromium monopoly
Why is vivaldi helping a chromium monopoly?
I understand it is based on chrome tech, and I guess that means it can use chrome extensions maybe? But how does it help chrome if people use it?
It uses Google's browser engine base called Chromium, which Chrome is based on (the used engine is called "Blink"). A lot of websites are made to just function well on Chromium and maybe Safari
A lot of websites are made to just function well on Chromium and maybe Safari
Isn't that more on the site creators? I have a handful of sites and web apps I don't have a choice to simply avoid because of job-related requirements. I've tried a bunch of other approaches, but keeping a Chromium browser installed has, so far, been the least painful way to get through my normal work days.
That's on corporate sites just saving work or intentionally obstructing and restricting Firefox because Google basically a monopoly.
For me personally Firefox (and it's engine Gecko) work fine for 99% of websites I visit.
With the market share of Chrome and Chrome-derived browsers Google basically single-handedly decides how the web works. They decide to implement some functionality, everybody needs to do the same, every other browser "vendor" has to implement it as well now. The consortium deciding about it theoretically is a fig leaf at that point.
Agreed, but occasionally I have to use a site that doesn't work properly on Firefox-based browsers. I mostly use Cromite to deal with that, but want a backup in case Cromite dies like its predecessor Bromite did.
Firefox is my daily drive and I use Ungoogled Chromium for the rare times Firefox doesn't work
If Firefox doesn't work I just click away
Ty - I'll give UC a try.
I agree. Firefox is "almost everything" for me. The example that comes to mind for it not working is WebSerial. That's when the UC comes out. Also there was a brief period where the Papa John's website checkout didn't work in Firefox.
have you tried to fake user-agent with Firefox? Most shitty sites I encountered which pull that off just do it for no reason whatsoever. They work perfectly fine in Firefox disguised as Chrome.
Oh, yeah - forgot about that extension. Will have to try that next time - thx!
Just use Firefox with uBlock Origin and PrivacyBadger.
uBlock and Privacy Badger should not be used together.
Thank you stranger.
Firefox needs to add tab groups on mobile first
Can you tell me why? I found out ddg was just repackage bing results so I've been trying brave for now.
Here's a good summary of some of the shady practices that they've done by way of cannedtuna@lemmy.world. It's a summary of this article: https://thelibre.news/no-really-dont-use-brave/
-
- Brendan Eich donated to anti-LGBT political organizations, politicians, and initiatives such as CA Prop 8 which banned same-sex marriages.
-
- Brave promised to replace ads with privacy friendly ads that would actually pay publishers and even users with a volatile cryptocurrency while keeping a cut for themselves. This never actually came to life and was criticized as "blatantly illegal".
-
- Brave collected donations for popular content creators without actually involving or seeking consent from said creators. In short they accepted donations in crypto for creators, but would only pay out if it reached a minimum value of $100. When called out, Brave said refunds were impossible.
-
2020 — Brave injects referral links when visiting crypto wallets
-
- Brave injected their own referral links for services such as Binance without informing users or asking permission.
-
- Brave turned their home screen image rotator into a place to serve ads, many of which were suspicious or crypto related.
-
- Brave added a Tor feature which exposed users DNS requests
-
- Brave refuses to disclose their crawler bot to websites since many websites want to block Brave Search. Brave will only chose not to crawl a website if it also blocks Google's crawler.
-
2024 - So-called "privacy browser" deprecated advanced fingerprinting protection
-
- Brave removed a the Strict, Block Fingerprinting privacy feature from their browser.
-
- Brave paid for targeted ads for users searching for Firefox in the Play Store and ran a campaign to "Forget the Fox". When called out on this the VP publicly denied it and claimed it was photo-shopped.
-
- The VP of Brave, Luke Mulks, frequently posts about all things crypto, from NFTs to FTX, and uses AI-gen images to promote them. He also frequently re-tweets right-wing activists.
-
- Brendan Eich's feed also frequently contains right-wing content and Republican propaganda despite his claims to be "independent".
2026 - "pay $60 to REMOVE our bloat features"
Oh? I haven't used their browser since ~2018, good to know that I continue to have made the right decision. I now use librewolf on my desktop and IronFox on my phone
I jumped onboard in the beginning (2016?) when they would show you "tailored" ads in exchange for their crypto. I made about $30 or so before I got bored of the endless crypto scam ads, despite having that category disabled.
Then came the referral link scandal, and I went back to FF until I found Librewolf.
It includes a lot of crypto bullshit, and I believe the founder is a right wing weirdo, but don’t quote me on that.
To also point out the good stuff: their browser has some pretty good anti-fingerprinting and privacy measures build in.
Don’t use brave. Brave is a cult at this point.
I wish Nobara Linux would move off it. Every third or forth update, the Brave repo I disabled is re-enabled. Not a huge deal, but I'd rather see the Librewolf repo instead.
You can raise the issue to the developers but from what I see, they don’t have a public page for bug reporting so who knows how many issues actually exist within the distro.
Given that Nobara is just a fork of Fedora, and I assume you’ve gained a little CLi experience, why not just switch to Fedora?
I switched to Nobara last spring from MX Linux (Debian) when my brand new GPU needed brand new mesa driver, but MX said it was months away from being added to the stable channel. Nobara is (or was, Dev has slowed down) bleeding edge for most things. I no longer need that, but I like it okay, and my setup... Look, I'm just Lazy when it comes to setting up all my games and apps I have installed all over again...
Hage you tried MX's AHS ISO?
I was running AHS at the time. I asked in the support forum about my GPU and they warned me against forcibly upgrading Mesa. They told me it would be months before they got to the required version (25.3? 25.0.2), so I started distro shopping.
ETA: link to my post in MX support forum, fixed Mesa version
Did testing or deb-backports have a working version?
I think they mentioned that the (then) upcoming Trixie was running 25.0.1, but Phoronix listed the next version (25.0.2) as the first viable version. Either way, I figured if I was going to risk hosing my machine, I might as well just take a decent backup and try some of the distros I had been eyeballing.
Why not switch Linux distros then?
I bet one of the maintainers is a cult member (or is being paid to re add it) either way eww.
IIRC, the sole Nobara Linux maintainer is GloriousEggroll, AKA, the creator of GE-Proton that is the go-to for some windows-on-linux gamers.
I wonder why they are weirdly pushing Brave then huh.
I have an older comment regarding GE supporting AI use by Lutris dev & using AI for Nobara's wallpapers. I also felt like Nobara wasn't too stable. GE has done a lotta work for that hobby project, but I've switched to CachyOS since & it's been a much smoother experience.
Its been stable for me except for one update which broke basic privilege escalation prompts. I forget why as I struggle to sleep. I have been messing to try cachy next though
Get brave off that list.
Every time a "privacy" list shows brave, i instantly ignore the rest of it because i know they arent serious.
This, I cringe when Brave and privacy end up in the same sentence. They're shady af
Bro...
Adding to the list of people warning you away from Brave. It's a complete scam. Practically malware at this point.
Malware in what manner?
I don't know why you are getting downvoted for asking a question. I think if Brave is malware, it is important to bring awareness to what the actual problems are and talk about it. This is the right place. I'm not aware of anything that makes Brave malware, maybe besides the crypto stuff. But I'm not sure if that counts as malware, or if anything else is going on I'm not aware of.
every privacypack image has brave on it. is this some kind of rule?
Seriously. People need to stop suggesting Brave.
I lowkey think it’s viral marketing.
For real, any normal person would suggest Firefox and nothing else. People who have problems with Firefox are savvy enough to find the forks on their own.
No
Suggest adding keyboard to the chart. Replace google or other proprietary keyboard with fossify keyboard or heliboard. No keyboard should need or be granted internet permissions.
Already use heliboard
Florisboard also exists, which has more features than e.g. Fossify.
I use Unexpected Keyboard because it lets me write in many different languages with the same layout, and I don't have to go on an expedition to find a special glyph.
Good to have options. I prefer fossify keyboard mostly because it just does what it needs without 'added value' features.
Jumping on the bandwagon here.
I didn't know proton had contacts
Don't use proton. Ceo is maga, and they are funding french far right YouTubers.
Worse stuff like them shutting off their transparency should be more relevant than random US politics. The company isnt even murrikkkan
they wut
I don't care where the company is from. If they support fascism and oligarchies, and the far right, they shall not have my business.
Being in Europe is positive in that maga cant legislate them into obedience. But if they're willingly maga, then its irrelevant.
dude, the world isn't orbiting us fake left/right dichotomy lmao
Close to what I normally use. I prefer CoMaps instead of Organic, Mullvad VPN instead of Proton & Artix instead of Arch.
Why Artix instead of the real Arch btw?
Artix doesn't use systemd, iirc
Same, I just recently switched Artix OpenRC
A lot of programs and services I use are not present so I did not include those alternatives.
Of those I included, I use only a few, too. These are sane alternatives for the common user.
NewPipe? Change to PipePipe, which includes SponsorBlock!
I'm a big NewPipe fan, but took your suggestion to check out PipePipe. Looks good so far since it only needs 8 permissions but NewPipe needs 11. Installing now.
Edit: It even has two more default platforms to chose from. Yeah, this is cool! Thanks!
Superb. I didn't even think to compare the permissions, haha. Yeah, never have loyalty to anything; if something better somehow emerges than PipePipe, we shall instantly ditch it for the superior alternative, and so on.
I love NewPipe. It's cool to have all the video platforms in one place!
Arch BTW.... 😎
I have not once seen a picture like this, and "guide" ones, that doesn't have several glaring issues.
This one started really good, then brave pops up, then proton, then AI....
Why is it so fucking hard to look up the stuff you're using? How are you aware of several of these that are not well known yet somehow not aware of how bad brave is? It's just so weird every single time.
What's wrong with proton? I've heard it tries to misslead people indirectly into making them think proton is non for profit but I believe the services themselves are fine.
There's a whole section for controversies: https://en.wikipedia.org/wiki/Proton_Mail
I’m assuming it’s because of that one time the Proton CEO endorsed or appeared to endorse Trump. If it’s more than that I’m interested in the answer too.
oh-
Brave is fine.
For the record it’s not. It’s a chrome variant with a crypto bro ad company skin on top.
My recommendations:
Organic Maps -> CoMaps (they got forked because of some bad decisions.)
Brave -> Helium (has full uBlock Origin and Ungoogled Chromium patches, and no crypto bloat)
LibreTube -> PipePipe (has some nice features like live chat, and less buggy in my experience)
LibreOffice -> OnlyOffice (has better Microsoft Office compatibility, and easier to use in my experience)
Disable your third-party DNS, that only works to make you more identifiable as you're already using a VPN. You can also use Syncthing to sync your password vault etc. between your devices. I'd also recommend using Posteo instead of Tuta because it is cheaper and its privacy policy is kinda better.
Onlyoffice is a little bit shady tho, it might be worth considering staying with libreoffice. But the eu wanted to switch away from ms office and made their own fork of onlyoffice, because of said shadyness, so that might also be worth looking at.
Brave -> Helium (has full uBlock Origin and Ungoogled Chromium patches, and no crypto bloat)
Does it have a way to sync between devices? This is one of the things Brave does fairly well that the recommended alternatives tend to lack.
I use Librewolf on desktop and Ironfox on mobile, and they sync using the Mozilla encrypted sync service. I haven't heard of any shady business with their sync yet, and it works pretty well for me.
That said, I don't store passwords, addresses or payment methods in my browser, so YMMV.
Sadly not.
How would you compare rate Pipepipe to Newpipe?
NewPipe's extractor doesn't work properly right now, as you can only watch videos in 360p. That's the biggest upside of PipePipe but it also has some extra features like these:
Cool. I didn't even notice the 360p! Old eyes...
LibreTub
e
I don't see much love for Futo apps in here or Reddit (new here from Reddit). Why is that?
They are source available instead of FOSS which puts a bad taste in many of the FOSS advocates on here. I believe they also have backing from Curtis Yarvin. I hate that Grayjay is one of the only consistently working youtube front ends.
Here's what I read that laid out this issues.
https://drewdevault.com/2025/10/22/2025-10-22-Whats-up-with-FUTO.html
I've found NewPipe to be a good YT alternative for Grayjay.
Why would I trust a commercial venture
At least with hosting or VPN services there's the excuse of you have to pay for a finite resource that costs money.
Oh. I had no idea it was a commercial venture. I thought it was just another FOSS team. Just found the keyboard the other day and it's been far better than Fossify.
Try heliBoard, making sure to add swipe library. Futo for voice transcription doesn't have a match yet.
cause heliboard already does a great job. no need to reinvent the wheel.
I installed Heliboard last night and the autocorrect only works half the time with settings set to always on and force. Yeesh...
first thing to disable is autocorrect. let me type what i want. if i make a mistake ill correct.
Futa apps
You're right, "Futo" kind of sounds like that slur. What a good joke.
Ty, comedy is my passion.
Oh, that's so cool to hear, I love comedians. Tell me a similar joke about a dance-tracking app called "Jigger." I'm sure you'll come up with something that is funny and consistent with the joke above.
TIL a racial slur with over a hundred years of use to demean and insult billions of people is the same as the word used to describe big titty dragons having penetrative sex with automobiles.
Please post the updated slurs.txt so I can call you them.
Oh, so slurs aren't funny if you have empathy for the people whose suffering they reference? Interesting, I wonder what that says about your perception of trans women. I have a hard time believing you give a shit about African Americans or any African diaspora at all either, you just know that there'd be more consequences for making fun of that slur and its violent history.
Good joke, chud. Now go eat shit somewhere else.
Hey since you know a lot about this stuff, can you settle the balls/no balls debate?
📱➡️ 📴
Does Tuta sponsor one of these privacy roundups every month or something?
Tuta is the best option for encrypted email I've seen so far. I used to think proton mail was good, but the ceo supporters maga and they are funding french far right YouTubers. Their reddit subs are also actively trying to censor that fact.
the issue is the inability to use imap and smtp - i use mailbox.org instead
That's twisting the facts
How so?
The ceo made a pro maga tweet, and they are advertisers on a french far right YouTube channel.
What is twisted here?
Someone bad used an affiliate link, something anyone can do
Brave nor duck duck go can be trusted.
Brave has been known to inject their own referral links in people urls.
Duck duck go serves bing results and has to give Microsoft special acces to do so.
The actual alternatives are:
Firefox based browsers (waterfox, librefox)
Self hosted searxng for search-engine. This one will get results from all possible configurable engine and allow zero trackers.
Notable mention: self hosting isn’t for everyone, startpage.net is to google what ddg is to bing, but it hasn’t had any scandals proving that they give special acces to google yet. Still self hosting is not that hard with docker, i do recommend a local searxng.
Where did you learn about duck duck go just being bing results they pay for?
Now I little after this came out they do claim they removed them (odd how that suddenly changes after it was no longer secret)
But then much more recent as listed on wikipedia, verifying they still have some long term deals with microsoft in 2025… microsoft is not going to make a deal with a perceived competitor for nothing in return.
By August 2025, Bing planned to cut off access to its search APIs in a push to sell more AI-related APIs, though DuckDuckGo believed that larger companies like it with long-term deals would not be affected.[62] Bing had dramatically raised rates for its search API in 2022 after ChatGPT debuted.[62]
There is also more general proof that while duck may technically use other sources also. It really is mostly bing:
During a Bing API outage in 2024, DuckDuckGo stopped showing results, indicating that Bing provided a substantial portion of DuckDuckGo's results.[69][70]
I literally do not understand how they managed to take such foothold in real privacy communities. I used to love brave till the i was repeatedly pointed to the scandals that many people are aware of and informing others about… but considering ddg i rarely see anyone pointing this out. It actually smells like a huge successful marketing adventure to sell bing to privacy enthusiasts, but for that i obvio do not have proof.
I often imagine this meme with bing instead of google and a cute duck go as mr incognito
Duckdickgo and startpage just anonymize Bing/Google search results. They aren't trying to be their own things, and thats ok.
That would be ok if it wasn’t a lie.
Which for duck it definitely was for years, and considering they still have a long term deal with microsoft, still is.
I have another reply in this thread somewhere that lists my sources.
But here is another I hadn’t listed. (Source used by Wikipedia)
Just ask yourself, what does Microsoft get out of it? If for the first decade at least it contractually includes free passage from bing and linkedin trackers.
Try presearch.com - great search results, no tracking
Lol, it’s littered with predatory ads.
I appreciate the attempt but self hosting searxng is free, has no ads and
You can include presearch results as part of your searxng results, its already listed by default
Fair :) I'll take a look 👍
If you use a Chromium Browser there is Vivaldi, instead of GDrive, Filen is good, but kDrive or Murena fit it better (both including online Office and workspace, EU), for YT there is also Aluga, AI > Andisearch, Sketchapedia, WhatsApp > SecureBit Chat, Google Photos > vgy.me
Vivaldi has essentially no fingerprinting protection, and it also inserts affiliate links by default without your constent.
Yes and no, it use affiliate links and search engines (DDG, Startpage, Ecosia...) which pay some money if you use these, but you can delete these without problems if not. Vivaldi use this to create incommings, instead of selling user data and browser logs to third parties as other do. Fingerprints, well, it protects some fingerprints which are an privacy risk, but spoofing all can break some webs. Fingerprint protection is always an balance between what is necessary (eg. tecnical data to show correctly a page, eg your screen resolution) and what is not. Your Public IP is always shown in any browser, if you don't use an VPN (Proton VPN inbuild in Vivaldi) or Proxy, but the public IP only show the one of the server used by your ISP which can be hundreds of km from your real location, but it made that the page is shown in your lenguage (if it has this feature). If a website use Fingerprinting (not often), it use those from the whole device and OS, not only from the browser. Vivaldi never logs your activity or track you, never share your data with third parties, no third party sponsors in Vivaldi. Sync is encrypted end2end, no knowledge (if you loose your encryption password, you loose your sync data!!!). stored in own servers in Iceland (green energy). IMHO Vivaldi is pretty private.
https://vivaldi.com/blog/shared-networks-tracking-fingerprinting/
It uses "direct match" by default which inserts affiliate links when you type in a shopping site and press enter. It is opt-out, not opt-in.
You can also use fingerprint.com and CreepJS to see how much it is leaking.
I tried Kdrive but unfortunately its only for EU citizens.
Thats sad, sorry, but Filen probably will work, also Murena
I use LibreOffice BTW
It is getting to that point tbh. If you work with people who have to use office suites often, there is a growing presence of the LibreOffice guy.
I host nextcloud and Immich on an old laptop to replace google drive and photos respectively. Very nice, but nextcloud syncing with android is annoying. Looking for alternatives there. Self hosted is a requirement.
Hosting nextcloud also lets me sync my calendar and contacts completely on my own hardware too. I use davx5 to sync with the Fossify calendar app on my phone because I like it better than the nextcloud app.
Agreed, the syncing issue is what turned me off Nextcloud eventually. Now I have Proton Drive which also stalls and skips file synchronization. The only service that I feel did sync well (better than Google Drive) was MEGA which was super clean, but that was years ago so it might not be true anymore.
I'm currently trying out OpenCloud (I think a fork of OwnCloud, where Nextcloud was forked from). It's working fine on PC where I had syncing issues with Nexcloud as well. I also host a syncthing server for the few things I really want to have in sync for all my devices (mostly my Obsidian Vault). It's been really reliable, especially compared to other solutions I tried out
I didn't mention syncthing, but I also use it for my obsidian vault and other small files that I want backed up. I think my ebooks are on there too. But what I'm really using nextcloud for is to offload large files so that my phone storage doesn't fill up -- but keep my files where I can easily download them when i want. Primarily audio books.
Also, my audio book player is not great for finding files when there are many. (Smart Audio Player) so I can only keep a handful but can easily download anything I'm missing from local storage.
What is the issue with syncing with nextcloud? What kind of files?
Nextcloud hosts whatever kind of files. IRS like a Google Drive, One Drive, Box, etc. I use it primarily for my audio book collection so that it doesn't use up all of my phone space.
The issue is that nextcloud sometimes behaves in an unexpected way with file changes initiated on Android. Sometimes large files (like audio book files) placed into my phones local nextcloud folder don't automatically upload to the server. I have to do extra steps in the app. It seems to work as expected with small files. From what I understand/interpret the file access API is not a favorable design for supporting an external (non-google ) cloud service. OE Nextcloud just doesn't care about Android.
💳→💵
My first thought was "what app is that?"
I actually despise cash, but I might go back to it just for privacy.
open source software ≠ privacy
though it is preferable. 3rd party verification of closed source can be accepted in some cases.
Arch Linux -> Tailscale -> Jellyfin.
Brave 🤮
AlterSend, encrypted peer-to-peer file transfers between devices with no size limits, no cloud storage, and no servers involved, FOSS, no account, Mac, Windows, Linux, iOS, Android
If you are on Arch, then I recommend to self host SearxNG meta search engine. There is an AUR package that builds from source and makes it easy to install and update. So if you are on Archlinux and value privacy a lot, then there is no excuse to not use this: https://aur.archlinux.org/packages/searxng-gitand https://docs.searxng.org/
# Archlinux, AUR
# Build and install from source:
yay searxng-git
# Configure the search engine (shouldn't need to):
sudoedit /etc/searxng/settings.yml
# Start server when needed:
systemctl start searxng.service
# Or automatically start the server whenever you login:
systemctl enable searxng.service
Just noting you can have searxng on rhel and mint as well, I know those from experience.
Oh sure, I wasn't implying its Archlinux only or anything like that. There are plenty ways to install SearxNG on other distributions, including using Docker in example. I just found the installation and setup in Archlinux thanks to the AUR package extremely easy, as it is not very different from installing any other package.
and mint
Go on...
So do you just leave you computer on all the time or do you only self host when you turn it on for personal use.
At the moment it is just for my personal use on my own single computer. It is local only and I cannot access it from local network either.
My plan is to figure out how to set it up securely for access on other devices in the house. But for that I would need a dedicated little server computer that runs 24/7. Maybe an used laptop, maybe a Raspberry Pi, but right now I can't afford it. I have a VERY old laptop and old Raspberry Pi 3b. I'm not sure if they are capable enough for this task. I have no plans to do a host for the internet.
I'll just try what you're doing an see if it will work.
I'm gonna make my own payment company and just call it "cash"
Try Aves Library, from fdroid, it's really nice and has a metadata viewer built in
My one complaint with Aves is how mind-bogglingly terrible its library management is. It uses a blacklist approach with no whitelist (most other galleries use a whitelist with blacklists on top to narrow down where they search) so it scans your entire device by default, and unlike every other implementation I've ever seen, blacklisting a folder isn't recursive.
That means if you use a different app for video and want to exclude your Movies folder in Aves, you need to manually and individually add Movies as well as every single folder inside of it, plus their subfolders etc, to the list of hidden directories. It also means if you ever add or rename a folder anywhere on your device and it contains media files, it'll appear in Aves regardless of your previous settings.
And you can't pick exclusions to add to this blacklist using a file browser interface. No, that would be too easy. You need to go to the Aves tab that lists every single folder with media on your entire device (displayed/sorted by folder name without their path, naturally, so two folders in the same directory might be dozens of entries apart) and manually find all the folders you want to exclude. The blacklist is also displayed in settings showing only the folder names without the path, so good luck checking if that img folder in JoiPlay is blocked when there are twenty other identical entries labeled 'img'!
I know this sounds minor (and it is), but it's such a headache dealing with what should be a basic feature of any gallery app. Fossify Gallery may be slower at detecting new media, but at least using it on my gaming tablet doesn't make me homicidal.
Huh, I haven't had that issue. It excluded subfolders just fine for me. If you're on GrapheneOS, I think you could use storage scopes to serve as a whitelist.
I know that feel... I'm currently a widow too.
That last part isn't needed
😔 sorry
ReFra too, it's almost perfect.
Just to throw it out there self hosting docker containers you could use your local PC but I started out with 30 dollar 1 litre PCs. I had three 1 hosted my firewall and the other 2 dockers. I had most everything I could need.
Just curious for the firewall one, did it have two built in NICs or were you using a USB dongle? If two NICs, what model?
It had a wifibcars ibpulles and put Ina 2.5GB card in its place. I don't recall the model. Mini PCI maybe?
I meant the model of the mini PC, but that also helps. Thanks!
I’ve been using Vivaldi for browsing on desktop and mobile. Seems pretty nice. Any concerns people have with them as an app or org? I’m staying away from Brave, the consensus seems to lean toward bad acting org and bloated app.
Vivaldi sells your data.
Source? Their privacy policy seems to dispute this outright, as does their stated business model.
every privacypack image has brave on it. is this some kind of rule?
Their PR is fantastic
You are doing a good job here! I'll let others fight over your software choices, and just add some things that you might want to add:
Keyboard app (Android): I'm using Futo keyboard, but there are other options if FUTO isn't your cup of tea.
Translation app (Android): "Translator" on F-Droid is a feature rich, fully local.
These two can replace respective apps from Google that you like have installed by default.
Thanks, currently using Heliboard. Thx for the translation app, will try it.
Should you change your DNS if you have your VPN on?
yes and no, ideally vpn also handles DNS querries but sometimes with faulty implementations DNS can leak. mullvad has a test in their website but only works for mullvad vpn.
i was using this site for testing, does the job
Would a faulty implementation be only if you did it manually? In other words, if I just go through the motions of turning on the VPN, theoretically there should be no leak right?
i don't know exactly how it happens but somrtimes for example browser uses its own DNS and it leaks this way. mullvad adds a virtual network interface and forces all traffic through it and prevents leaks this way
Good to know, thanks.
Since I recently setup a yunohost server, I use Nextcloud instead of google Drive pr Filen, Vaultwarden/Bitwarden for passwords, and searxng as a search engine; all self-hosted. My internet service provider makes self-hosting for emails complicated, if not impossible, so for that I currently use Disroot (which offers other services as well btw, like git and xmpp, good to check out).
For youtube, on my phone it's mostly through Newpipe, but I also use peertube for the content that exists there. Otherwise, I just access youtubw through the web... Which leads me to browsers. I avoid chromium-based ones, but I also disapprove of Firefox's turn towards AI, so I use waterfox on desktop and fennec on mobile.
As for Arch Linux... I was with you a few days ago, but I just switched to Artix. I'm not a huge fan of Systemd, and Dinit makes it boot a bit faster.
I saw that many people disliked systemd but why is that?
I dislike the way it's becoming a dependency for many desktop environments and taking over many functions. Plus there's the fact that (https://itsfoss.com/news/systemd-age-verification/)[systemd is preparing to enable age verification], And also the fact that it breaks compatibility with other UNIX-like systems.
Damn even systemd will have age verification
This was fun:
I am still using Samsung's own gallery and contacts app, but their network connection and internal trackers are blocked and they don't show up on packet inspections.
Also, "Plex -> NewPipe" is not true. It's "YouTube/Bandcamp -> NewPipe" and "any streaming service -> torrenting + sshfs + mpv into the torrenting server" in my case.
If you press on them you could choose the service, for example instead of plex you could've chosen youtube, Netflix and others.
🍳on my face
For DNS I use Pi-hole with Unbound which is used to contact the DNS root servers directly and recursively find IP-addresses. The first lookup becomes a little bit slower than through say Google but the IP is then cached locally and then it actually becomes faster. This is also more private since it doesn't require a third-party DNS resolver.
Another good gmail alternative is kmail. Another good WhatsApp alternative is matrix. Change organic maps to comaps, it is fork of it but community focused. Another google photos alternative is aves, much better than fossify gallery. When using obtanium, you might want to install appverifier to check if app is legit. Another YouTube alternatives are peertube and odysee. Brave is bad, its CEO likes crypto and ai. Mullvad vpn is good vpn, you can also use tor. Instead of google wallet you can use curve wallet or upcoming Walt. Also, good alternative to google search is 4get
Fairmail
Fairmail is bad, Thunderbird is much better
If i wasn't invested in the proton infrastructure to keep my family away from Google and shot, the only change I would suggest is mullvad VPN instead of protonvpn. Other than that, it's a pretty sound setup you have there. Enjoy.
I don't trust any listical with brave browser in it claiming it's for privacy.
I would go with SimpleX instead of Signal since it is very secure and you can self-host the server. There are no user IDs. Here is the official website: https://simplex.chat/
For normal usage and actually using a messaging app for what it's intended (contacting people in your life), it's far too obscure and non-streamlined tbh. Signal is more than good enough for the thread model of chatting with friends and family, and ppl you got to know online
the onboarding for family & friends on simplex is too much - Ive had much better luck with deltachat
That is true. I have only managed to convince my wife to use it but I had to set it up for her. Now we can chat about what to eat for dinner securely though 😄
Harder to get people to switch the more obscure the app is. Other than that, I agree.
Self-hosting Immich as an alternative to Google Photos is amazing, I love it!
Good choices. Congrats
Pretty solid. Too solid in fact. How long ago did you start the process?
What alternative did you find for gmap?
2-3 months ago. Gmap has a lot of alternatives
What privacy concerns are there with using your ISP DNS? (honest question, not judging)
ISPs not only have a monopoly on connectivity and bandwidth prices - which they severely abuse by the way, considering the actual operational costs - but they also have everything to gain on analyzing your traffic, DNS queries being one of them. They already have a bunch of personally identifiable information (PII) on you (full name, date of birth, banking information and, in some countries, even social security number). Linking that PII to your DNS requests (read: what websites you visit) and selling that to data brokers is a pretty low effort sweet deal. Long are the days gone when ISPs only provided Internet service.
Texts on the topic:
- https://mullvad.net/en/help/all-about-dns-servers-and-privacy
- https://labs.ripe.net/author/babak_farrokhi/is-your-isp-hijacking-your-dns-traffic/
- https://www.howtogeek.com/why-dns-betrays-your-privacy-and-how-dnscrypt-stops-it/
Videos on the topic:
In my country they implemented national wide surveillance in the network infrastructure and they keep track of everything Edit: that's why internet is very slow
Well ain't that some shit 🙁
Depends where you are, and what laws your ISP is required to follow with regards to blocking/tracking. Personally I like Quad9.
Your ISP can see what websites you visit. But even if you change DNS server it can still see that if you don't use either a VPN or DoH/DoT.
So it's a good idea to use DoH or DoT. It's an improvement but it's far from perfect because the DNS server you'll pick will see what site you visit, you have to trust them. And your ISP still has other ways to see which site you visit.
They can still see what sites you visit even with Secure DNS though. That only blocks your ISP from seeing what domain names you're connecting to, but they can still see the IP addresses. It's useless, unless you're using a VPN in which case it is worse for your privacy as it makes you more identifiable than just using your VPN's DNS.
Yes, that's why I ended with:
And your ISP still has other ways to see which site you visit.
Even with secure DNS they can still see the domain name with the SNI, which is probably more reliable than an IP address. Last I checked very few websites used ECH. I would still argue that it's better to have encrypted DNS requests than non-encrypted ones.
Sorry, I must've skipped over that.
dns requests flowing through your ISP means they know where you (want to) go and 3rd parties can potentially determine identity based on certain aspects (date time of request, how many, etc) can matter to law enforcement, surveillance/state efforts, hackers and beyond) because ISP may not govern well or, hell, wven sell those requests or just 3rs party manages it without your knowledge etc )
it's better to have a known good dns provider that can offer a little trust but realistically nothing is 100%...
Very nice. Only complaint is this only existing as a jpeg rather than a vector svg.
What's the difference?
Vectors don't have pixels so infinite resolution. Although they don't work on real photos they work really well on logos.
Where Mapy.com? Totally goated maps.
Ahh, I see, they're not there.
What's up with Tutamail? I've been looking at switching my email over to something better, and I've been hearing Proton for a long time, but I don't know enough to sway one way or the other.
Also, how hard is it to self host email?
Haven't dived that deep yet, but who knows. Maybe I'll get there eventually. I've heard good things about this book: https://www.tiltedwindmillpress.com/product/ryoms/
You also don't need to do everything all at once. You can start by getting your own domain and configuring your mail service of choice to handle it. Then whenever you want to move to a different mail service or run your own, you maintain control over your addresses and just need to update your DNS.
Edit: Oh, completely forgot to talk about Proton/Tuta. I set up my stuff on Proton back in the day and recently set up Tuta for my partner. I might get around to swapping to Tuta for my stuff as well, I just haven't bothered to yet.
Self-hosting email sucks. Setting up an email server is the easy part, and you'd be able to receive email alright. Sending is a different can of worms and not a fun dinner. Because other email providers will not trust your server and tend to send your messages straight to spam.
I haven't used Tuta, but it looks alright. I've got Proton which works very well for email and VPN, but it is a bit expensive to be honest. But I like ending my address with pm.me
One user in the instance I use went on that journey, setting up FreeBSD for his own email. I think there's a very detailed comment from one of the big, weekly random threads in our instance, but I can't remember when that happened (also, it's in spanish, so you'd need to translate it if you manage to find it).
I have Tuta and like it. If you pay for basic, you get some storage and some aliases. Works for me.
I highly recommend NextDNS. You can also filter domaims with it. It even has lists so you don't have to filter every one. I use the "No Google" and "No Facebook" lists, along with several others.
I know the focus here is privacy, but how is Arch Linux compared to Bazzite or Cachy OS in terms of gaming?
CachyOS is Arch. It has some kernel optimizations for gaming, but other than that it's just prepackaged Arch
Don’t know about Bazzite but performance wise, there isn’t a huge difference between Arch and Cachy.
If I recall, CachyOS comes preconfigured with a few things, including Steam. Most of it is quite simple to setup on Arch. You can also use Cachy’s kernel in Arch to test for any performance gains if you want to.
I would say if you already have CachyOS installed, there’s no point replacing it with Arch. CachyOS is Arch underneath anyway.
Exactly
Any chance you found a way to encrypt local app caches?
Check out ente as an alternative to Google Photos. I've been using them since 2023 when Google announced they own your photos and they were going to be instead ingested into AI.
Edit: typo. Looks great BTW. Good progress.
I'm not using ente because they have a cloud storage, the only safe storage is the one you have
How about Immich then?
Fair! I could be held hostage in that way, but as a paying user, I (so far) trust them to use my subscription fees to pay for servers. I really like that all the ML processing happens locally, and they have no insight into any of my photos. I did look into Immich, but at the time, self-hosting was not an option as I was living in a developing country.
Edit: I was mostly looking at how a gallery app (which is also the one I use) isn't a replacement for gPhotos.
I just use the internet, bro. I don't need to use nothing fancy to use the internet. I don't even need a computer. I have a phone, and that's all I need.
Mistral AI for chatgpt replacement. And proton is run by a maga trump supporter who is funding french far right YouTubers. So, it is not a good option.
Didn’t they give the authorities access to a French activist’s account?
Reddit has willingly given up information on users before, yes. That is definitely one downside to the platform.
Don't agree with a lot of them. Like choosing Brave. Please do a critical search on it.
And the most private mail, is either a self host, or a mail hotel... And then something like Thunderbird. You can host your own calendar there too... Because Fossify Calendar don't host your calendars.
Don't use AI...
And Arch is certainly not for everyone. Mint, Fedora, Ubuntu and the likes are a lot better.
Firefox has a great Password manager, if you are one of the poor sods, who can't remember all your unique passwords. ;-)
Signal is Trump/fascism supporters... Shouldn't use that either...
Signal supports Trump? Source? I know the trump administration uses Signal, but that's like saying Air supports Trump because he also breathes air.
I've noticed that people who even look at anyone who is right-wing are accused of being pro-Trump on Lemmy. It's getting really dumb.
I've been using arch for a year now, but i think I will go with Debian soon.
I've been thinking of an alternative to signal but other than simplex I can't find any
Aegis is redundent since KeePassDX now has authentication built in.
If you want your passwords stored in a si for basket....
What is a "si for basket"? Is this shit not secure?
They meant "single basket". It's not a good idea to mix your password manager with your 2FA. It might only take 1 breach in 1 service for your accounts to be unlocked by malicious actors, instead of 2 breaches in 2 separate services.
That's a very valid point.
I store my database locally so I hadn't thought of that. Not saying local storage still can't be hacked of course.
I know but i could find how to make it work, you know how?
It's "TOPO" in Keepass. Edit Entry and paste the code the website gives you into there. Then just verify and you should be good.
Thx
this is not good. stuff like google calendar and photos are cloud service, a local app isn't a replacement and there's so many good ones. brave stuff just injects their affiliates and ads and has paid models, plus is led by someone with very questionable views. arch linux as windows replacement is objectively a bad choice as first linux distro. keepass is great but again offline.
yeah, if you want privacy, de-cloud. even google photos is private if you never connect to the internet. we should recommend less bad alternatives with comparable features, talk about compromises and use cases, and generally avoid making such eye catchy "privacy packs" which don't work for most and are honestly a circle jerk for who already solved their privacy needs
also there's no private AI. your local model is built on stolen data, so if you care about our privacy and not just your own stop using ai crap or kindly fuck off back to your favorite techbro
Who hurt you? I mean.. all of your points are totally valid, and you seem to have profound IT knowledge. Great! But OP just wants to have his built evaluated, probably bc he wants to further improve... and you're non-chalantly bombing him with strong words and more negativity than all of my toxic exes combined. Jeez xD
- If you object then recommend something or help.
- I only use Brave for movies because its faster and my internet is slow.
- Its not my first time using Linux, I've tried Ubuntu, CachyOS, and Arch and with them KDE, Hyprland, Gnome and many others.
- That's what I'm trying to do, reduce cloud storage usage.
- I used this "eye catchy privacy packs" because its easy to make. (And its powered by ente)
- I know there is no private AI, I don't use them often but i try and use ones with good privacy policy and I don't have money to buy a powerful PC, hell even my phone is stronger
- Lastly If your this angry go and take a walk instead of crashing out at people and wasting their time. Edit: typo
i think my point kind of missed: i dont have specific recommendations unless an use case or a set of requirements is provided. most services from big providers are "catch all" because of budget and desire to capture market, privacy alternatives aren't
i also misunderstood this as a recommendation for others rather than sharing own's choices, so I'm sorry if I was annoyed for what I felt to be poor choices (and i feel these are for generic users trying to get free from big providers)
but really, drop brave
Davx + etar
"Here are the 20 apps and services I use to avoid using one large service because I believe 20 companies are easier to work with than one I dont like."
Cool. Im sure you've beaten the system.
You probably one of those that watch youtube on the default feed. Wonder how did you even ended up here. Instead of just staying at FB, since even Reddit is too daring for you lol
noone said the system has been beaten. as we always say, privacy is a journey. decentralising datafarming does make google's job worse, and this is something better already.
op also stated, that selfhosting is not an option, so its kinda hard to go full rogue and disconnect from the system.