Privacy

36475 readers

241 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

What is your privacy and security setup? How lengthy will you go to protect your privacy and security? Share your setup. (programming.dev)

submitted 5 days ago by Timely_Jellyfish_2077@programming.dev to c/privacy@lemmy.ml

26 comments fedilink hide all child comments

Just wanted to share my setup and see if anyone has suggestions or feedback. Also share yours.

Phone : GrapheneOS(pixel 7a)

No google play service on my main profile. Rethink DNS (NextDNS DoH) blocks ads, trackers, and all Google & Facebook DNS (except WhatsApp).
Some FOSS apps like Aurora Store & NewPipe need Google servers, so I have excluded them in rethink dns.
Work Profile (with Island) with GrapheneOS’ sandboxed Play Services, but I use it maybe once or twice a month only for apps that absolutely need it. It stays turned off most of the time. If an app works on main profile without any issues, will use it. If not, will try to use it in firefox (as lack of play services doesn't matter). If only app is available (and not web version) and it doesn't work on main profile, will use it in work profile.
Hardened Firefox fork(Ironfox) for private browsing. Main Firefox for a few services where I have to stay logged in and don't have apps or want to use their apps.
Network & Sensor Restrictions: If an app works offline, I block its internet access. Also, disabled sensors for apps that don’t need them.
Mostly use foss apps from f-droid(droidify).
Email: moved from gmail to protonmail

PC/laptop: Arch linux kde on pc and fedora kde on laptop.

Not much to say. Most used apps are firefox and Zed. I allow data collection on kde as I want them to improve it.

Home Server: Raspberry Pi 4B

SSH hardening: Non standard ssh port(yes, I opened the port externally because I depend on my home server and need to access it remotely). SSH keys or password+totp, Fail2Ban, ufw.
Services running: Arr setup(jellyfin, prowlarr, radarr,sonarr, qbittorrent), pihole, Immich, Authelia(for now). All data sensitive services behind authelia with totp.
Nginx Geo-blocking: Only allows access from my country IPs
Weekly backups because data loss sucks.

Network & Router: OpenWRT (TP-Link)

Not much to say: Running default firewall rules with network-wide ad/tracker blocking via pihole and some ports opened.

you are viewing a single comment's thread
view the rest of the comments

[–] N0x0n@lemmy.ml 2 points 5 days ago* (last edited 5 days ago) (1 children)

Same thought here ! Wireguard being based on private/public key, even if the port is open every request that doesn't have a valid private/public key gets dropped !

From a bot's perspective this means the port is closed !

I'm not an export in the field but there's also a way to only use key-based connection with SSH, but I'm not sure how good/secure it is compared to wireguard.

As you said, I'm also too scared to let a open SSH server running on my small home lab 😅 !

[–] JustAnotherKay@lemmy.world 2 points 5 days ago

Key-based connection with SSH

I'm not certain on how secure this is, but what you're referring to is usually called "Passwordless SSH"