Ha!! You’ve triggered my trap card. Now, I turn Special Interest face up and it uses its ability Info Dump.
Bad jokes aside, I’ve done a good bit of research and fiddling in my own time to try and put together a more digestible guide to some privacy and infosec basics. I’ve got somewhat of a background in tech/computers, but I’m coming to the issue as more of a layperson than a lot of the talking heads are. My express goal has been to demystify digital security in order to make those tools more accessible, particularly to overly surveilled minorities. I’m going to shamelessly plug my own website with my writings on the topic, but I’ll also give a condensed version here.
Basically I went through each service I used that was any of the following:
- a paid service
- a “free” service requiring an account to use it
- a service owned by any of the large tech corps
And then researched how to replace them with privacy respecting alternatives. Here’s what I’m using to replace the core functionality you’d expect from, say, the google suite. Gmail, drive, passwords, ect.
Let’s start with email as it needs a little discussion with it. First and foremost, if a service is “free”, you are the product. Just having you signed up for Gmail is making google enough money to offer you the service for free. Between scanning emails to train AI and selling your personal info to advertisers, google is making all of the profit it needs to operate Gmail “for free”. With this in mind I strongly, strongly, encourage you to PAY FOR EMAIL. Hell, just in general try to form a new found appreciation for well made, paid software. I realize not everyone is in a position to pay monthly for something like email, but this way I know the company is making all they money they need to from actual paying customers.
I personally use Fastmail, but Proton also has a pretty good reputation and offers some other products with it.
“Cloud storage” also needs a bit of a breakdown. In my opinion there is no such thing as a “private cloud” that isn’t entirely self hosted. If a company is offering you a “private cloud storage” option, free or otherwise, you have to remember that you are putting your data on their computer. That data is theirs now. There’s a hard drive somewhere in a data center with your data on it a government agent could go take. Or the company itself is just doing whatever they want with your files. That is not private, at least not relative to you. I suppose it’s probably private between you and the company, but who is to say where bits and pieces of your data are being sold.
My solution isn’t really a cloud in the usual sense. I use Syncthing, which just keeps files in sync across devices, it does not provide a lump storage solution to offload data from your devices. All files are present and take up space on each device they are synced between. I personally prefer this, but I realize the functionality is different. If you really need to free up space on say a phone, you can set up things like one way sync, but I would look into NextCloud if you have a computer you can set up as a small home server.
Everything else I can kind of zoom through.
For passwords I suggest KeePassXC with the password database shared across devices with Syncthing. I personally use a command line based tool called UNIX Pass, but I’m not sure I’d suggest it to everyone.
Messaging is in a bit of an odd place right now, and basically if you seriously need secure messaging assume any “app” or even remotely mainstream messaging platform is insecure compared to the truly best options, but adoption is a big issue here. You could pick the best, most secure messenger, but that’s not helpful when none of your contacts use that service. Signal, Telegram, Matrix ect. are all pretty decent and have different perks, but if you’re seriously concerned you should be looking into different tools and protocols entirely.
Finally, get a VPN. This is another example where you should expect to pay a few dollars a month for this, else you’re probably just feeding data to a honeypot. Mullvad is basically the standard at the moment, but I also keep a Proton VPN account active as I’ve found the speeds to be much better for gaming and such. I’ve got a Mullvad account I keep handy for special occasions. Much beyond that and Tor becomes necessary.
Even just a good ad blocker, Ublock Origin, can go a long way.
I think those are some of my go to starting points, I go into much more depth on a lot of this and more in the link below.