Ostrich McAwesome on Nostr: Happy to give some choice privacy advice to someone who clearly understands what I'm ...
Happy to give some choice privacy advice to someone who clearly understands what I'm doing.
1) Get an anonymous Internet connection (if you can). In the US you can get an unlimited, unthrottled 5G hotspot for $500/year from The Calyx Institute, which is both a good deal and helps support digital freedom. You can register anonymously, pay with Bitcoin, and have the hotspot shipped to a FedEx pickup point so you don't have to give up your address. It will still reveal your rough geographic location by IP, but nobody is socially engineering your name from the carrier. Outside of the US you can often buy data SIMs with cash, which have similar advantages. The upper-tier 5G hotspot from Calyx has an Ethernet port and built-in OpenVPN capabilities, so you have some serious options with the right equipment.
2) Use a VPN whenever you can. Not just an app on your device, consider getting a router that supports VPN client mode (or just install OpenWRT), and use a VPN like Mullvad to route your whole home network through a tunnel. Stop using Google and Apple VPNs, who do you think you're protecting yourself from! Use different VPNs/Exits for different purposes.
2a) Stack privacy. You can route a VPN over a VPN. You can connect to Tor over that too. Performance takes a hit, but that's a small cost for multi-tiered anonymity.
3) Separate sensitive tasks between your devices. Some things in life are more private than others, so make sure you know what to trust. Your Facebook app shouldn't be on the same device as a Bitcoin wallet, or at least not on the same user profile. Keep multiple phone and PC logins for different purposes. Keep multiple networks for your devices, and route them through different VPNs. Have a laptop just for Bitcoin. Have a laptop just for porn. Laptops and android devices are cheap, compartmentalize your digital life for privacy and safety.
4) Avoid corporations wherever you can. Use ProtonMail instead of Gmail. Use Linux instead of Windows or Mac. De-Google your phone with LineageOS or CalyxOS, and start taking app hygiene seriously. Use FOSS alternatives whenever you can, even if you like the proprietary version better.
5) Never self-host at home unless you have a dedicated ISP and network for it. It's a ton of fun as a hobbyist, but it's not good for privacy. Never let your home become an attack surface. Find a smaller cloud provider that accepts Bitcoin and rent resources pseudonymously where you need them, or go hardcore and host your own ASN out of a small rack somewhere.
5a) Furthermore, know your rights when registering domains. For example, you may feel patriotic buying a .US domain, but it is trivial to retrieve your full whois contact info from .US domains, and they will more aggressively enforce a real address requirement.
6) Never trust bleeding-edge tech. New technology is exciting, but it's full of bugs and mistakes. The newest version of something is often the worst version of it. When the web3 hype machine tells you that Nostr is the future of private social media, don't take their word for it, look for the evidence. If there isn't any, proceed with caution.
7) Embrace a zero-trust philosophy. Every actor is a potential bad actor, so build a moat. Don't get mad if you get pwn'd, black hats and gray hats (howdy) will target you, so be prepared for it, and learn everything you can from your mistakes and the mistakes of others.
1) Get an anonymous Internet connection (if you can). In the US you can get an unlimited, unthrottled 5G hotspot for $500/year from The Calyx Institute, which is both a good deal and helps support digital freedom. You can register anonymously, pay with Bitcoin, and have the hotspot shipped to a FedEx pickup point so you don't have to give up your address. It will still reveal your rough geographic location by IP, but nobody is socially engineering your name from the carrier. Outside of the US you can often buy data SIMs with cash, which have similar advantages. The upper-tier 5G hotspot from Calyx has an Ethernet port and built-in OpenVPN capabilities, so you have some serious options with the right equipment.
2) Use a VPN whenever you can. Not just an app on your device, consider getting a router that supports VPN client mode (or just install OpenWRT), and use a VPN like Mullvad to route your whole home network through a tunnel. Stop using Google and Apple VPNs, who do you think you're protecting yourself from! Use different VPNs/Exits for different purposes.
2a) Stack privacy. You can route a VPN over a VPN. You can connect to Tor over that too. Performance takes a hit, but that's a small cost for multi-tiered anonymity.
3) Separate sensitive tasks between your devices. Some things in life are more private than others, so make sure you know what to trust. Your Facebook app shouldn't be on the same device as a Bitcoin wallet, or at least not on the same user profile. Keep multiple phone and PC logins for different purposes. Keep multiple networks for your devices, and route them through different VPNs. Have a laptop just for Bitcoin. Have a laptop just for porn. Laptops and android devices are cheap, compartmentalize your digital life for privacy and safety.
4) Avoid corporations wherever you can. Use ProtonMail instead of Gmail. Use Linux instead of Windows or Mac. De-Google your phone with LineageOS or CalyxOS, and start taking app hygiene seriously. Use FOSS alternatives whenever you can, even if you like the proprietary version better.
5) Never self-host at home unless you have a dedicated ISP and network for it. It's a ton of fun as a hobbyist, but it's not good for privacy. Never let your home become an attack surface. Find a smaller cloud provider that accepts Bitcoin and rent resources pseudonymously where you need them, or go hardcore and host your own ASN out of a small rack somewhere.
5a) Furthermore, know your rights when registering domains. For example, you may feel patriotic buying a .US domain, but it is trivial to retrieve your full whois contact info from .US domains, and they will more aggressively enforce a real address requirement.
6) Never trust bleeding-edge tech. New technology is exciting, but it's full of bugs and mistakes. The newest version of something is often the worst version of it. When the web3 hype machine tells you that Nostr is the future of private social media, don't take their word for it, look for the evidence. If there isn't any, proceed with caution.
7) Embrace a zero-trust philosophy. Every actor is a potential bad actor, so build a moat. Don't get mad if you get pwn'd, black hats and gray hats (howdy) will target you, so be prepared for it, and learn everything you can from your mistakes and the mistakes of others.