An absolute beginner's cyberspace privacy guide for rising fascism

In this case, the answer is simple: local, state, and fedral governments, police, and intelligence agencies. The government has now become our enemy, at the very least for the next four years.

Other threat model actors might be: abusive partners, controlling parents, etc. Those are out of scope for this page.

There are two kinds of attacks that a large entity like a state or federal government might use against us:

Directed surveillance

This include anything from parking a van outside your house to watch you and your local internet traffic, to tapping your phone line, or compromising and bugging your phone. They might also include the police trying to crack your phone to get incriminating data if you were part of a protest, riot, or other illegal or semi-legal action they want to punish you for. These are typically very difficult to defend yourself against, and also deeply unlikely unless you're getting really into some serious shit, so trying to defend all aspects of your life from the possibility of directed attacks is usually ill-advised. Instead, pick one or two things to defend from directed attacks in the case you're arrested, and leave it at that.

Diffuse surveillance

This is a more typical type of surveillance, where state actors just passively collect internet history, credit card history, metadata, and unencrypted communications from everyone they can, and have automated systems sifting through them for certain patterns or keyphrases. They might also monitor the traffic to or from certain known websites, or on certain forums, if they're looking for something specific. This type of surveillance is usually extremely effective at pulling out what they want when they need it if you're part of the data set, so this is usually all they do – they're usually reluctant to go further. But this kind of surveillance is also very easy to evade completely if you know what you're doing.

Generally, you want to harden absolutely as much of your life as you can from diffuse attacks, because it's both low-hanging fruit, very effective, and generally has other positive knock-on effects, like escaping from attention economy algorithms, surveillance capitalism, and dark patterns, and using software you truly own and which obeys you.

What you'll generally want to do your best to protect against directed attacks is:

• at least one route of communication, preferably whatever route of communication you regularly use to communicate with those who are most important to you, so that your general personal communications, which will probably contain sensative and incriminating information
• your phone, because it's a bundle of sensors (including ones for tracking your location) that's on you at all times, and also because it probably contains a ton of video and photographic evidence and sensitive communication.

⚠ Don't have a special "secure" system (including OS, hardware, route of communication, method of browsing, etc) that you have to switch to, and a separate regular system. ⚠

This approach might seem smart at first – it saves you from having to make compromises, after all, right? You can have a system that's as convenient and insecure and unprivate as you want, and then a separate system that's as insanely secure as you can figure out how to make it, convenience be damned, that you can switch to when needed. It's the best of both worlds!

There are many problems with this approach:

1. Now you have to constantly think about what's sensitive enough to be done using the secure system, and what's okay to use the unsecured system for. This is never clear, and adds significant decision fatigue overhead.
2. It means that instead of finding the most secure system you actually consider convenient enough to use, you're going to try to create the perfect secure system, and as a consequence it will likely be very inconvenient to use. This means you're not going to want to use it. Over time, you'll just conveniently forget to use it more and more, because it's just too much of a pain in the ass to use, and it's not clear cut what you need to use it for anyway.
3. There are also inherent costs to having to switch to a separate system – whether it's just a different app, or a whole different OS or computer – to be secure. This will motivate you to bend the rules and do sensitive things over the less secure but more convenient line whenever possible.
4. Additionally, the secure option is likely to have a different interface from the convenient everyday option. If you don't use the secure option every day, then you're likely to forget how to use it, further motivating you to never actually end up using it.
5. Finally, and most important of all, everyday activities and conversations can be much more sensitive than you think. It's better to secure them all by default.

In light of these points, I ask you: what's better, a compromise system that's as secure as you can make it while being usable every day, or a perfectly secure system that you never use?

Thus I say push extremely hard, even if it requires sacrifices in functionality, or badgering your family to move chat apps, to get a system that's secure and private that you can use every day.

The first thing you want to do is find a web browser that's resilient to surveillance. This means finding a browser that:

• Doesn't have a lot of telemetry (spyware) that reports your activities
• Gives you access to strong privacy tools like uBlock Origin
• Allows you to resist fingerprinting without too many fancy fingerprinting techniques (which themselves can be used to identify you).

To find out more about what criteria to look for in a browser, look here.

If you want to see how various browsers fare compared to each other on telemetry at least, look here.

My two recommendations for everyday browsing (so, against diffuse surveillance only) are:

Mullvad Browser

This is an easy to use browser based on Firefox that provides absolutely best-practice privacy and security, through the use not only of fingerprint-resistance techniques, but also a system that ensures that every Mullvad Browser has the exact same residual fingerprint, meaning that you can hide in the crowd. It's funded by Mullvad, a company with an extremely strong commitment to privacy, not just in words, but in actions, since they've been totally unable to provide data to the Swedish or German governments when requested, in line with their security model, and the Tor Project, an even more trusted and well known privacy non profit. It even comes with integration for the Mullvad VPN that allows you to route only traffic from that browser through the VPN, which is otherwise a very difficult feature to set up, and is potentially very useful.

LibreWolf

This is another browser based on Firefox. It's privacy guarantees are slightly less strong than Mullvad Browser, since there's no "hide in the crowd" strategy applied, but its fingerprint resistence techniques are still very strong, and it is a better compromise for everyday usage because you can still re-enable things like Firefox Sync, and browsing history and cookies are still on by default. This is the browser I use every day.

Both of these are downstream patches of Mozilla Firefox, because Mozilla Firefox provides a far better platform for a privacy-focused browser than Chromium, since with Chromium you need to use a lot more patches to rip out even more telemetry and Google services on top of that, and even then you'll run into the lack of a fingerprint resistence feature built in (unlike Firefox) and introduces Google's Manifest V3 browser extension API over the previous Manifest V2, which severely hamstrings adblockers (as would be expected from a browser predominantly developed by an adtech company).

Some secondary browsers that are recommended to have around include:

Tor Browser

This is the gold standard for evading both direct and diffuse surveillance on the internet. It isn't just a secure browser, perhaps with a VPN. It's also an entire network designed to make your activities nearly impossible to trace back to you. This network both allows you to access the regular world wide web with impunity (as long as you don't enter personal information into anything and blow your cover!!!!), and also allows you to access the dark web, which will never exit the Tor network and thus not only not be traceable, but never trigger surveillance systems in the first place. Tor Browser is used by journalists, whistleblowers, and dissidents around the world.

However, the Tor network is very slow compared to a regular network, so it's generally only good for doing things like browsing text pages, downloading small files, etc. So you won't want to use it for everyday browsing. This is the one case where I'm going to break the security rule of thumb, however, and say that keeping a secondary, more secure system around will be helpful. Install Tor Browser alongside whatever browser you pick from the above and use it for your most sensitive activities!

Ungoogled Chromium

A simple patch of upstream Chromium (the open source browser, mostly developed by Google, upon which Google Chrome is based) that removes all Google services and telemetry, but doesn't mess with the privacy settings by default. This could be useful for any websites that are broken by LibreWolf or Mullvad, such as Google Hangouts and such.

Whatever you do, don't use Brave! While it is privacy focused, it has a lot of other issues. (1, 2, 3, 4, 5, 6)

So far, all the suggestions above will help with diffuse surveillance.

Most VPNs (like SurfShark, NordVPN, etc) are not a good privacy solution. Although they hide your internet traffic from your Internet Service Provider, and your IP address from the website you're visiting, which means your internet traffic is private from those specific actors, the VPN provider themselves can still see your IP address and which websites you're visiting, since they're the one that has to route your traffic, and they're not doing anything fancy like Tor network. This is a problem because most VPNs don't actually provide any guarantees they won't look at your browsing history themselves, sell it to third party advertisement agencies, or hand it over to the police!

Moreover, while VPNs hide which places you're visiting from an ISP, the actual content of your communications with the places you're visiting (such as the data you enter into forms) is already end to end encrypted via TLS, so you don't need VPNs for that.

However, there are some VPNs that have better privacy guarantees, namely Proton VPN and Mullvad VPN. I don't really recommend using these for anything really privacy-crucial though, only things where you want a basic level of anonymity, but still need high internet speeds, like pirating. If you want real privacy, just use Tor.

Another piece of low-hanging fruit to make you harder to diffusely surveil is your email provider.

If you use GMail you should definitely switch to my recommendations below, because otherwise Google is storing your emails in plain text (unless you purchase special tiers of GMail and manually turn on encryption at rest), analysing them for their own AI and statistics, sharing them with third parties for ad revenue, and will turn them over to the government. Moreover, its entire business model is surveillance capitalism and advertisement based on user data, so you can expect them to use whatever dark patterns, gotchas, and workarounds they can to get your data.

If you're using iCloud, your emails are at least encrypted at rest, so Apple has a lot less access to them. However, Apple's privacy policy allows them to share whatever data they do have on you far and wide (basically, with anyone who isn't a competitor) while still considering it "private," and they do collect an absolutely insane amount of data about you. They also started selling advertisements in 2022, and their main claim to privacy with that model is mostly just that they do all the tracking and targetting, instead of handing it over to third parties. They've also collected privacy-invasive analytics in iOS even after users tried to opt out. There's also a class action lawsuit against Apple from 2022 for them violating their privacy claims when collecting iOS usage data. Even their much-vaunted clever scheme to have their cake and eat it too, "differential privacy," has been undercut by their greed for data. Apple has also been going back and forth on a system for scanning your local images for CSAM material, which they tout as privacy-friendly because the scanning is only done on your device, in a local vault. However, that's no guarantee of actual privacy, since the algorithm that does that has the power to exfiltrate your data if it decides it constitutes CSAM, and the algorithm is completely closed source and could be updated to look for and report other things by Apple anytime without your knowledge, the algorithm is anything but privacy respecting. In general, in fact, Apple takes a "we know best" approach to privacy – instead of respecting user consent and expectations, they just do whatever the hell they want, as long as they feel like they have a technological excuse that makes it "totally okay."

What email providers should you use instead? I only have one recommendation:

Proton Mail

Proton Mail comes with a whole integrated suite of services to replace Google, including Mail, Calendar, Drive, a VPN, Pass (a password manager), Docs, and Wallet (a cryptocurrency wallet). All of these have a free tier, and then you can pay to $11/mo to get a much expanded version of all these features as a bundle. Proton excellent security. Some core features are:

1. Full end-to-end encryption for mail when communicating with other people who have a Proton Mail account, as well as if you set up PGP communication with people using other email services or set up password protected emails. All of their other services, since they don't have to deal with the fundamentally plain text protocol for email, are end to end encrypted by default.
2. Zero-access encryption that ensures that all your data is encrypted at rest in such a way that Proton, or any hackers or state agencies, cannot possibly look at it once it's on their servers, even if it wasn't end to end encrypted when it entered. This means that even if the Swiss government gets a warrant and forces Proton to give up data (at which point they'll have to comply) they won't really have any data to give.
3. Located in Switzerland. Switzerland is a politically neutral country (not part of Five Eyes or anything) and has very strong privacy laws, meaning that although Proton will have to comply if the state does ask them to divulge something, that will be rare and unlikely, and cannot be initiated by the US, only Switzerland.
4. Custom domains: a custom email domain lets you detach your email address from any specific service, meaning that you can switch without losing everything.
5. Email aliasing: this lets you create randomly generated new email addresses that redirect to your real address to enter into spammy websites, helping you hide your identity and making it easier to banish spam from one website or another all at one go.

Although Proton the company is for-profit, it is owned by a Swiss non-profit foundation, with strong gaurantees that this non-profit will be able to keep it on track. I recommend reading their post about it if you're curious.

Proton will protect you from both diffuse and directed surveillance, except in the case of Proton Mail, which will only work against directed surveillance if you ensure all emails are end to end encrypted, which is a bit of a hassle.

A phone-based GPS knows your every destination, and tracks your every move. Having one that respects your privacy is very important for both diffuse and directed surveillance mitigations. I recommend:

Organic Maps

This is an excellent maps app. It supports all of the features you'd expect from a maps app, it's cross platform, and it has a nice user interface. What more could you want? It uses Open Street Maps under the hood, which are crowd sourced maps created by locals to whatever area the map is for. These maps can sometimes be incomplete or innacurate in rural areas and such, so you may sometimes have to fall back on Google Maps, but in general they're great, more than good enough for everyday operation. Organic Maps also operates completely offline: you download the maps you need once, and then you can literally put your phone in airplane mode and use it without a care in the world. It can even operate with GPS turned off if you're really paranoid, using inertia, although that comes at a large accuracy cost.

There are two services you'll want to use to watch things like YouTube videos:

Invidious

Invidious is a front end to Google that doesn't track you, doesn't have advertisements, and doesn't have an algorithm designed to suck you in and waste your time. It's also open source, and there are a lot of instances all over the world, which means that no one group has control over it, and you can use whichever instance is closest to you for performance. It can be unreliable sometimes, as it's fighting a constant battle against YouTube trying to shut it out, but I think it's worth it for escaping that damn fucking algorithm.

NewPipe

NewPipe is essentially an even more streamlined and featureful app version of Invidious. Being directly contrary to Google's interests, it is banned from Google Play (and Apple's App Store), so on Android you have to side-load it, and on iOS, you're shit out of luck.

This is mostly just a diffuse surveillance mitigation.

Do not use Discord. They state up-front in their privacy policy that they store, in a plain and unencrypted manner that they can access at any time, anything and everything you upload to the platform – all your messages, uploaded images, and so on, and they leave the door open to start recording voice and video calls – and will use them to advertise products to you, share them in "aggregated form" with third parties, and give them to law enforcement upon request.

Do not use Telegram. It is a hotbed for toxic, illegal, and abusive content, fascists and far right trolls. It is also notorious for having shitty cryptography and not turning on end to end encryption by default while telling people about it as if they had. Its founder, Pavel Durov, recently caved and decided the app would provide user data to the authorities recently.

Also, do not rely on SMS, or iMessage. SMS is massively insecure because it was never intended to be secure – it predates such concerns. iMessage, although end to end encrypted technically, cannot be trusted for the reasons not to trust Apple I already listed, but especially can't be trusted if you use iCloud Backup, which will effectively ruin end-to-end encryption of your messages.

Instead, consider:

Signal

Signal is the gold standard for both diffuse and directed surveillance mitigation. Use it as your main one-to-one and small-group communication platform. Try to get all your family onto it if you can, and push as hard as you can to get your friends onto it. Yes, you need a phone number to sign up, but you can hide that. There are also ways to get a burner phone number to use for signing up, which gets around any possible chance of it identifying you.

Matrix

Matrix is an open source, privacy-respecting (in that it does store your messages and leak metadata, but at least it doesn't go to a corporation with an explicit incentive and history of using it, but instead a random hodgepodge of people who likely don't cate), decentralized and federated alternative to things like Discord. It also offers optional end-to-end encryption that can be Use Matrix for larger group chats and the things you'd use Discord servers for. The only Matrix client worth using is Cinny, since it offers a Discord-like interface, support for spaces (like Discord servers), and custom emoji and stickers like Discord, and it's also way faster than the other easy to use GUI options.

If you want to use Matrix for sensitive things, you want to open your own room (channel) and only invite people who are on Matrix instances you know actually have a good privacy policy and are friendly, or use a room with end to end encryption turned on. It will not be as secure as Signal, there's a lot of leaking of metadata and possible accidental plain text messaging that can happen, but Matrix is the best Discord-like platform we've got.

Here is a list of Matrix instances.

Microsoft Windows is horrible for privacy. If at all possible, I recommend switching to Linux. Recommended Linux distributions:

Bazzite

Comes with absolutely everything you'd ever need for Linux gaming set up for you already, so that you don't need to go through any hassle. Designed using much more advanced technology than most Linux distributions – using the same tech as macOS, iOS, and Chrome OS – so that the OS is much more difficult to break, and updates can't break it at all, and can be done reliably. Incredibly well put together, well thought through, well designed. Full of great details and convenience features. Extremely reliable.

Bluefin

Like Bazzite, but for general users instead of gamers. Also has Bazzite-DX for programmers. (I use a version of this essentially.)

Pop OS

Very well put together and reliable for a traditional Linux distro (so, not using the same advanced tech as Bazzite and Bluefin). Somewhat out of date in terms of what programs you can get, but generally good enough. Somewhat gaming, or at least GPU focused. Has a separate version that comes with GPU drivers so you don't have to set that up. Backed by a company that makes their money selling right to repair Linux hardware (partially manufactured in the US) so it gets good consistent maintenence.

Fedora Atomic

If you want the same powerful underlying reliablility tech as Bazzite and Bluefin, but are a more advanced user and want something simpler you can build up yourself.

Fedora Workstation

If you want a more traditional Linux distribution that's more up to date than Pop OS, but much more polished, well put together, reliable, and much more secure by default than something like Arch Linux, go with Fedora Workstation. Requires some somewhat annoying config if you have an NVIDIA card though.

No matter what Linux distribution you choose, make sure you're using GNOME or KDE under Wayland, and Flatpaks (with Flatseal to manage permissions) to get your applications, so that you get proper security and application sandboxing!

This is probably the most important part, because your mobile phone has all of your communication on it, and also has a GPS sensor, a microphone, and a camera, and is with you at all times.

Don't use an iPhone. With iPhones, your data is secure… between you, Apple, and the government. That's not good enough for our threat model. Moreover, you can't side-load applications reliable on iPhones, and the freedom to side-load applications is important when using stuff off the Big Tech beaten path. If you're stuck with an iPhone, then that can't be helped, but look to switch as soon as you can.

Instead:

Pixel

If there is any way in hell that you can get a reasonably recent Google Pixel, do so immediately. It is the only phone on the market that allows you to install your own operating system on it and then re-lock the bootloader afterward so other people can't come in after and install a different operating system without wiping your files and thus read all your data. They're also priced extremely well for what you get, and reasonably good quality. If you can get your hands on a Pixel, then you get to use GrapheneOS, which is the gold standard for security and privacy (such that it can stand up to directed as well as diffuse surveillance) while also being the gold standard for regular Android app compatibility. Using it feels just like using a slightly stripped down version of vanilla Android!

Other Android Phone

If you already have another Android phone, or can't get your hands on a Pixel, then use Calyx OS. App compatibility will be slightly worse, and more importantly it will only protect you from diffuse surveillance, but it's better than nothing.

A lot of people are under the impression that Bitcoin is a private method of paying for things that the state can't monitor, because they confused the distributed and trustless-consensus model for a private one.

This is unfortunately completely false. Bitcoin is not private.

All entry points that are accessible in the united states to buy Bitcoin (such as PayPal or Coinbase) follow Know Your Client laws that require them to collect personally identifying information about you.

Furthermore, Bitcoin itself keeps a publicly available and readable distributed (so, copied across thousands of individuals' computers) ledger that keeps track of all transactions, where each transaction attached to a consistent unique identifier meaning that even absent KYC you could probably be fingerprinted just from your transaction history, and in combination with KYC all of your transactions with Bitcoin are very easy to trace back to you. Even worse, Bitcoin money is non-fungible: each coin can be uniquely identified and traced back through history. This means that it's very easy to spot a coin being used by a seller of illegal substances or whatever, then trace it back to the person who gave that coin to them in return for illegal substances, and then identify that person.

Insead of Bitcoin, here's what you should use:

Cash

If you're doing a physical transaction, use cash. Period.

Prepaid Debit Cards

If you buy a prepaid debit card in person, you're not required to associate literally any personal information with it when you initially load it with money. This means that any purchases made with the initial money put on a prepaid debit card will be completely anonymous. You can also reload the card without needing to provide any personal information if you refill it in person, although this will build a transaction history with that card which may eventually become problematic, so I recommend buying a new prepaid debit card for each transaction. However, don't refill it or check its balance online! That requires creating an account and associating your actual debit or credit card with it, which will de-anonymize it.

Monero

Monero is actually private, unlike Bitcoin. However, it is illegal for most cryptocurrency sellers like Coinbase and PayPal to directly sell it to you, because it's impossible to use KYC with it to "detect terrorism and fraud." As such, you need to buy another cryptocurrency from them like Bitcoin or Litecoin, and then use Unstoppable Swap to convert it to Monero. This will be expensive and fiddly to set up, but it's the only actually private option if for some reason you can't use a prepaid debit card (like, for instance, if you want to make international purchases and get around things like tariffs and all that legal shit.)

Obviously don't use Google or Bing for search. Instead, use one of these:

DuckDuckGo

Gives excellent search results – at this point, way better results than Google in my opinion, given how enshittified Google has become – and respects your privacy. This should be your default choice.

Startpage

This is a front-end to Google Search that anonymizes you. Use this if you really need Google search results for some specific reason.