Considering the current intrusive cyber climate, what are the best ways to preserve privacy?
For example, I have been exclusively using a VPN connection network-wide at home setup on OpenWrt, which in turn has a PiHole as its DNS, with the PiHole using Unbound and NextDNS (redundant I know, but I use it to encrypt my requests more than anything else).
I also have Wireguard setup so I can VPN all my devices to my network while I am on the road (also have a NextDNS profile installed. Yes I know, it’s redundant).
I also basically have all my “smart” devices (TV, lightbulbs, air purifier, etc…) at home cutoff from the internet using OpenWrt’s firewall to prevent them from calling home.
I rotate web browsers frequently to try and attempt avoiding getting fingerprinted, not sure how useful that is.
I switched email providers to mailbox.org because f*** Google and Microsoft.
I also am hosting my own cloud drive on Nextcloud to avoid using services like GDrive, OneDrive, Dropbox, etc…
I own Apple devices which aren’t the best for privacy but migrating from a whole ecosystem that I have been embedded in for MANY years is easier said than done. Hopefully in the future that’s my next move.
I feel like there is a lot more I can do but I am not sure what else. I would appreciate any and all suggestions ya’ll might have.
EDIT: I’m not being too extreme with my caution as some comments are making it sound to be. I am a very average person who is privacy conscious yet realize being cut off from the internet and society is not realistic. I guess my threat model is your basic “day-to-day it’s non of your business who am I online or what I do, please don’t profile/fingerprint me, I am just a passerby” kinda threat model.
The measures you’ve taken are more than enough for your threat model. I think it now depends on your data hygiene. Weakest link kinda thing, where it doesn’t matter if your home network is locked down and you use privacy friendly services if you’re careless with your data anyway; which I assume you aren’t.
Thank you.
To your point, one example that comes to mind is that I have read many people complaining about cloudflare, saying it’s “evil” and over extending. While I agree on the aspect of Cloudflare being sort of a monopoly, I am not sure what else to use to route some of my traffic to my services running at home without explicitly opening up ports to the internet by using a reverse proxy for example.
In that regard, Cloudflare has access to my traffic and data could theoretically leak that way, but I am not sure what is a safer and better alternative to it.
Tailscale (https://tailscale.com/) works great for remote access to your private services. Once the wireguard tunnel is established, then the traffic is peer-to-peer (assuming it’s configured correctly) and not through their centralized servers. Even from a mobile device.
Check out Pangolin with a cheap Racknerd VPS. More info over in c/selfhosted@lemmy.world
https://lemmy.sdf.org/post/35616968
All data is routed through somewhere you don’t have control over at some point. If everything is encrypted then you are fine. You could setup a vps and proxy through that instead of Cloudflare, but you are just relying on the vps provider to protect any data/not snoop then rather than Cloudflare.
The only real way to be completely private is to just avoid connecting to the internet at all, but that’s not really feasible. Just get to a point where you are comfortable, you’ve already done more than most to protect yourself (as much as you can without it getting silly anyway). Good job!