I used to post a lot more about privacy and security, but it tends to attract a lot of paranoid people—many of which probably have mental issues, and probably shouldn't be on the internet if they actually have the threat model they think they have. Many of which seem to have a penchant for attacking other privacy tech and users of that tech for not being completely anonymous.
I still post about it, just not as much as I used to because I want to keep things in their proper perspective, and the scene can be quite toxic to interact with on the regular—especially on platforms and protocols one doesn't have the ability to moderate.
For example: Just mentioning that you use GrapheneOS (because they use Pixels) or Proton and not Mulvad, etc. is enough to get you called a spook or worse in some circles. I once got harassed daily for promoting GrapheneOS by some anon who thought everyone should use LineageOS. This went on for months.
I used GrapheneOS for years, now I am back on Google OS for Android as my daily driver. I know my threat model and I practice privacy and security through isolation and compartmentalization, but this alone has been enough for people to throw ad hominem attacks my way.
Know your threat model in the various areas of your life—both online and off, and act accordingly. Don't let perfect be the enemy of good. Don't let paranoid nyms online deter you from practicing threat model appropriate OPSEC for YOUR unique situation.
Not everyone needs to act like Edward Snowden when he was on the lam with gov secrets. Even he says he's not as hardcore as he used to be because he's in a different place in his life. Lots of privacy advocates will try to tell you that you have one threat model MOST EXTREME. That is not the correct approach, and as I said in the post, you will burn out.
A trusted no logs VPN is great for privacy (Proton/Mullvad) is great for privacy, but it will not keep you anonymous, Tor is better for anonymity. Both will be a pain with financial services. I used to keep my VPN on ALWAYS, and it was more of a pain than it was worth trying to do legitimate business online.
I mean, even some private torrent sites disallow VPN use, so they can keep users from abusing their services.
One very valid usecase for a VPN is that clearnet Nostr relays have access to your IP address, and some of them are maliciously scraping user data. If you use a VPN or something like Orbot/Tor on mobile that comes with Amethyst, then relays will not have access to your IP.
Another is that if you are using Chrome, then all of your Internet searches are tracked by Google. If you use a VPN, but you are logged into Gmail, a VPN will be of little use. If you use a VPN and are not logged in, then your activity will be more private when it comes to Google.
Just know that the VPN you use will have access to your IP and must comply with local gov law. They will hand over any data they have if the gov demands they do so. They will not risk going to jail over a $5 a month service. This is why using a no-logs VPN is so important—but you have to trust that they are actually not logging.
A quality VPN is one that reduces the amount of data they have access to, so if the powers that be force them to hand it over, they have nothing to hand over. Proton has handed over user data in the past, but that is because the user added a "backup email" to their user account. This information IS visible to Proton (so they can help restore compromised access to accounts) and therefore they will have to hand it over in the event of a gov subpoena.
The user did not follow proper OPSEC and did not follow Proton's explicit warnings about adding a backup email.
No privacy tool or service can prevent users from shooting themselves in the foot with bad OPSEC.
Definitely check out the Techlore video and the other links I posted. Bazzell's books and training are technical in nature and will give you step-by-step instructions to get things set up. Check them out when you are ready.
I recommend using a browser like LibreWolf or Brave that is not Google. They both have protections against browser fingerprinting (look this up), and Brave has a built-in site tracker blocker.
Use Tor browser where you need/want more anonymity. Use offline conversations wherever possible for the most sensitive conversations.
Bitcoin is not private, lightning is better, but it can also be traced. Monero is more anonymous.
Use a quality VPN like Proton or Mullvad when you don't want sites or relays to have access to your IP or browsing habits.
Host your own cloud to store your photos and data—a Synology NAS is a good starting point (Synology is not open source, but they are good for beginners) or use Proton Drive since it has E2EE.
Use a password manager. A cloud-based service like Proton Pass or Bitwarden is great for most people—much safer than reusing memorable passwords. For usecases where cloud-based is not trusted, use KeePass (preferably on an air-gapped device or VM).
Use a private messenger for sensitive conversations like Signal or SimpleX.
Go for services that use E2EE wherever possible (just note that all encryption is not created equal).
Be mindful of the websites you visit.
Be mindful of the mobile keyboards you use—some of them "phone home." Turning off G-Board access to the Internet is a good practice to keep it from phoning home, but it will limit functionality. You make the call based on your threat model.
Windows and Mac collect a lot of user data, look into Linux, just know that Linux is not as secure out of the box—but you can harden it. QubesOS is way more private and secure, but it is not as user-friendly. Use Tails on a USB when you need an OS that you can plug in and burn—maybe with a hidden volume to hide things with plausible deniability etc. (it's not meant for daily driving).
Look into a hardware firewall for your home network like a Protectli, both Bazzell and Brockwell (below) have guides on setting it up.
Use a private DNS service like OpenDNS or Control D, don't trust Google DNS.
Study social engineering, etc...
Again, I could go on, but I don't want to overwhelm you. Once you get the concept of OPSEC down, you will be able to make these judgement calls for yourself and your situation based on your threat model.
Another good channel for the basics is:
https://m.youtube.com/@NaomiBrockwellTV
Best wishes to you on your journey.
Ava ॐ
npub1f6…azcka
2025-03-23 21:42:09
in reply to nevent1q…lny5
Author Public Key
npub1f6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4kslazckaPublished at
2025-03-23 21:42:09Event JSON
{
"id": "f1941cdb87c4961033c7f5b9b6e53ee5d667cbf5066e6c35a917a2310dcf6321",
"pubkey": "4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d",
"created_at": 1742766129,
"kind": 1,
"tags": [
[
"e",
"b9f47fbf7b3c68aa63c0507b330a4ce10dcad29cc20e8e48e90132c2094ab276",
"",
"root"
],
[
"e",
"f547c04ce901a2f459d84a12399152de5271477466c8cfaf5f9669e92e61d04f"
],
[
"e",
"2d0dc4613e5cb33febc9eea41f851dc3f6aa1d0785a8553215a85c9873388d4d",
"",
"reply"
],
[
"p",
"4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d"
],
[
"p",
"85fd21bee9e2c53819cd176e268dd003063b2a25c8135d3d91c99a8de0e82634"
],
[
"r",
"https://m.youtube.com/@NaomiBrockwellTV"
]
],
"content": "I used to post a lot more about privacy and security, but it tends to attract a lot of paranoid people—many of which probably have mental issues, and probably shouldn't be on the internet if they actually have the threat model they think they have. Many of which seem to have a penchant for attacking other privacy tech and users of that tech for not being completely anonymous.\n\nI still post about it, just not as much as I used to because I want to keep things in their proper perspective, and the scene can be quite toxic to interact with on the regular—especially on platforms and protocols one doesn't have the ability to moderate.\n\nFor example: Just mentioning that you use GrapheneOS (because they use Pixels) or Proton and not Mulvad, etc. is enough to get you called a spook or worse in some circles. I once got harassed daily for promoting GrapheneOS by some anon who thought everyone should use LineageOS. This went on for months.\n\nI used GrapheneOS for years, now I am back on Google OS for Android as my daily driver. I know my threat model and I practice privacy and security through isolation and compartmentalization, but this alone has been enough for people to throw ad hominem attacks my way.\n\nKnow your threat model in the various areas of your life—both online and off, and act accordingly. Don't let perfect be the enemy of good. Don't let paranoid nyms online deter you from practicing threat model appropriate OPSEC for YOUR unique situation.\n\nNot everyone needs to act like Edward Snowden when he was on the lam with gov secrets. Even he says he's not as hardcore as he used to be because he's in a different place in his life. Lots of privacy advocates will try to tell you that you have one threat model MOST EXTREME. That is not the correct approach, and as I said in the post, you will burn out.\n\nA trusted no logs VPN is great for privacy (Proton/Mullvad) is great for privacy, but it will not keep you anonymous, Tor is better for anonymity. Both will be a pain with financial services. I used to keep my VPN on ALWAYS, and it was more of a pain than it was worth trying to do legitimate business online.\n\nI mean, even some private torrent sites disallow VPN use, so they can keep users from abusing their services.\n\nOne very valid usecase for a VPN is that clearnet Nostr relays have access to your IP address, and some of them are maliciously scraping user data. If you use a VPN or something like Orbot/Tor on mobile that comes with Amethyst, then relays will not have access to your IP.\n\nAnother is that if you are using Chrome, then all of your Internet searches are tracked by Google. If you use a VPN, but you are logged into Gmail, a VPN will be of little use. If you use a VPN and are not logged in, then your activity will be more private when it comes to Google.\n\nJust know that the VPN you use will have access to your IP and must comply with local gov law. They will hand over any data they have if the gov demands they do so. They will not risk going to jail over a $5 a month service. This is why using a no-logs VPN is so important—but you have to trust that they are actually not logging.\n\nA quality VPN is one that reduces the amount of data they have access to, so if the powers that be force them to hand it over, they have nothing to hand over. Proton has handed over user data in the past, but that is because the user added a \"backup email\" to their user account. This information IS visible to Proton (so they can help restore compromised access to accounts) and therefore they will have to hand it over in the event of a gov subpoena.\n\nThe user did not follow proper OPSEC and did not follow Proton's explicit warnings about adding a backup email.\n\nNo privacy tool or service can prevent users from shooting themselves in the foot with bad OPSEC.\n\nDefinitely check out the Techlore video and the other links I posted. Bazzell's books and training are technical in nature and will give you step-by-step instructions to get things set up. Check them out when you are ready.\n\nI recommend using a browser like LibreWolf or Brave that is not Google. They both have protections against browser fingerprinting (look this up), and Brave has a built-in site tracker blocker.\n\nUse Tor browser where you need/want more anonymity. Use offline conversations wherever possible for the most sensitive conversations.\n\nBitcoin is not private, lightning is better, but it can also be traced. Monero is more anonymous.\n\nUse a quality VPN like Proton or Mullvad when you don't want sites or relays to have access to your IP or browsing habits.\n\nHost your own cloud to store your photos and data—a Synology NAS is a good starting point (Synology is not open source, but they are good for beginners) or use Proton Drive since it has E2EE.\n\nUse a password manager. A cloud-based service like Proton Pass or Bitwarden is great for most people—much safer than reusing memorable passwords. For usecases where cloud-based is not trusted, use KeePass (preferably on an air-gapped device or VM).\n\nUse a private messenger for sensitive conversations like Signal or SimpleX.\n\nGo for services that use E2EE wherever possible (just note that all encryption is not created equal).\n\nBe mindful of the websites you visit.\n\nBe mindful of the mobile keyboards you use—some of them \"phone home.\" Turning off G-Board access to the Internet is a good practice to keep it from phoning home, but it will limit functionality. You make the call based on your threat model.\n\nWindows and Mac collect a lot of user data, look into Linux, just know that Linux is not as secure out of the box—but you can harden it. QubesOS is way more private and secure, but it is not as user-friendly. Use Tails on a USB when you need an OS that you can plug in and burn—maybe with a hidden volume to hide things with plausible deniability etc. (it's not meant for daily driving).\n\nLook into a hardware firewall for your home network like a Protectli, both Bazzell and Brockwell (below) have guides on setting it up.\n\nUse a private DNS service like OpenDNS or Control D, don't trust Google DNS.\n\nStudy social engineering, etc...\n\nAgain, I could go on, but I don't want to overwhelm you. Once you get the concept of OPSEC down, you will be able to make these judgement calls for yourself and your situation based on your threat model.\n\nAnother good channel for the basics is:\nhttps://m.youtube.com/@NaomiBrockwellTV\n\nBest wishes to you on your journey.",
"sig": "bd53ab0d4f444727b9dd05a57851cc510e32f77fe10a4313e00305e770437b31ff0ef84096a26d5e759921651c5a6f15562324a44501b27c0402e20798d9090b"
}