Privacy And Security Advice

Posted 29/11/21


I started caring about privacy and security a year ago, in fact my anniversary for Privacy and Security is coming up, I decided to give some advice on how to get started and different kinds of software you can use to maintain your digital privacy and security. I consider it giving back to the community in a way. I present this without a threat model in mind it is up to you to figure that out for yourself.

Operating system

This is simple, avoid Windows, use MacOS if you have to, but try to use Linux.


Google, Microsoft and Yahoo (do people use Yahoo?) scan your emails and that isn't cool, so you need to use privacy respecting email providers. Here's a few good ones.

  • Protonmail, This has a bit of controversies like IP logging, storing keys server side and questions about the company itself but these are usually blown out of proportion. Personally I think it is a valid option but shouldn't be your only provider.
  • Tutanota, Tutanota is way better than Protonmail. Due to not using PGP it encrypts more than Protonmail does, Tutanota encrypts subjects and recipients which is neglected in PGP but Tutanota is a bit of a walled garden and prevents you from sharing you keys independently from the service.
  • Disroot, Disroot allows you to use email clients like thunderbird and Disroot uses SSL and TLS to try and put your postcard emails into an envelope. Disroot does not claim to have Zero Access Encryption like Tutanota and Protonmail and outlines in the policy that they have the technical ability to read your emails if they are not encrypted with PGP although they claim they do not read your emails. Remember ProtonMail or Tutanota could theoretically store the unencrypted email they recieved before encrypting it which just makes PGP encryption more crucial.
  • Riseup Riseup is really good. No IP addresses are retained, user agents and stuff like that isn't retained and sender and reciept metadata is stored for 24 hours. The problem with RiseUp is mainly how rare it is, the only way to get a RiseUp account is to get invited by another user which are hard to come by and most (including myself) would refuse to give you one since in the RiseUp TOS you agree not to sell invites or give them to people you don't know. If you can use RiseUp, use it.
  • is really just a worse RiseUp. logs IP addresses, when you connect, if the login was successful the who and from metadata and your user agent for 48-72 hours before it is erased.German authorities seized one of the hard drives hosting the service seized not the greatest event for an email service.
  • For an extremely detailed articles about email providers give this a read

    Instant Messenging

    Signal is the best encrypted messenger you can get your hands on, great metadata protection, wonderful track record and easy for your normie friends to use. It does require a phone number which I don't think is too bad because I'm not a person of interest and doubt I'll be targeted but for some threat models makes Signal completely unusable. I will present a few other apps but remember they all suck compared to signal. Matrix is a federated system that can be completely anonymous when using a homeserver that doesn't require any information to sign up and Tor friendly. Matrix has a lot of metadata problems but if you host your own server and everyone you communicate with uses that server matrix is a great option for messaging. Briar is an app that is designed for people who need the utmost privacy and security like whistleblowers, activists and political refugees for anyone reading this is probably overkill. Use Signal bro.


    I use Brave. Yeah, I know. I think it's really good if you disable the cryptocurrency garbage, maybe I'll make a post debunking the main arguments against Brave. I use Brave because of Chromium's security which I consider to be necessary. I recommend Brave to most if not all people but I will give you a few more options. Ungoogled Chromium is also really good for Privacy but disables CFI and doesn't have auto-updates which is a security downgrade from Brave. Firefox is terrible for security but is a choice for privacy there are many guides on how to configue Firefox for privacy. In my opinion Brave is the move but to each their own. On Android use Bromite and on iOS use Brave I guess.

    Frontends for Reddit, YouTube, Instagram and Twitter

    Use Libreddit for Reddit. Piped for Youtube Bibliogram for Instagram and Nitter for Twitter.

    Mobile OS

    By far the best option is Grapheneos, it is highly private and with new sandboxed google play services has great app support. Calyxosis another option that annoys be since it is far less secure and uses MicroG. It's really just a worse Grapheneoos. Lineageos is very insecure but will increase privacy compared to stock, personally I'd recommend just biting the bullet and getting a pixel. Stock Android vs an iPhone, the two trade blows, Android has the greater open source support thanks to F-Droid but iPhones phone home less and have a greater ability to prevent apps to spy on you. I'd err on the side of Stock Android but the choice is up to you.

    Password Management/2FA

    Bitwarden is the best cloud based password manager, but due to it being cloud based it has a severe security vulnerability because your passwords are being stored on someone else's computer. KeepassXC is an offline option which is far less convinient but way more secure since your passwords are stored on your computer so for a breach to happen you'd need to be targeted specifically. Use 2FA for all of your accounts try to avoid SMS based versions and use Aegis on android or Tofu on iOS or for maximum security use a hardware based key like Yubikey or Nitrokey.


    VPNs are very cringe and aren't that useful. They offer no security advantage and a minor privacy improvement by hiding your IP even though Tor is a far better option. It is my opinion that you do not need a VPN and shouldn't bother with one. If you really want one I've heard good things about MullVad and IVPN.

    Bonus Pieces of advice

  • Think before you post
  • Use Full Disk Encryption, if on Windows use Veracrypt
  • Keep your software updated
  • Use HTTPS with no exceptionos
  • Install Ublock Origin and block Javascript, here is a guide on how to use it
  • Revoke app's permissions