In the span of few months, Conservative government have announced several bills that pose a huge threat to our digital rights and privacy. Unfortunately, it doesn’t face any meaningful opposition from any mainstream political parties, which is sad for me as a former member of the Labour party who I think could’ve done more in that regard.
But the UK is just a part of this trend. The European Union and the United States don't fall behind with the attacks on our digital privacy with things such as messengers’ interoperability (on which Alec Muffett wrote why it’s damaging) and such measures are moving us towards something we used to see in totalitarian countries like Russia or China. Hence, it is important to take the matter in our hands and make sure our data is protected as much as possible.
That’s what I’m intended to do with this guide. But before that, let’s clarify threat model.
Threat model
To explain: threat model is a process of identifying the potential attacks vectors, threat actors and countermeasures against that.
This threat model contains 3 questions and answers.
1. What do I want to protect?
Private correspondence with my family, friends, relatives;
Access to the social media accounts;
My location and whereabouts;
My files, e.g photos, videos, documents;
2. Who do I want to protect it from?
External/foreign attackers known for breaking into the databases of companies;
Big tech known for collecting enormous amount of data;
Government (but not secret services as this is totally different threat model!)
3. How likely is it that I need to protect it?
Very likely, as the amount of data being leaked or companies hacked are increasing every day.
All things considered, this threat model is designed for those who’re worried about the increased data collection by the companies and those worried about government’s goals.
Why is this important?
There are two reasons to be worried and take necessary measures to increase your level of privacy.
Today, EU and UK politicians have decided to regulate how internet must work, and some of those bills (like Online Safety Bill, Data Protection bill or Digital Markets) will hurt the basics of user’s privacy.
To give you specifics: both EU and UK propose to make CSAM (Child Sexual Abuse Material) scans. I will omit the hypocrisy about the fact that any attempts to limit privacy are explained by “protecting children”, because what’s important is that your devices will be scanned 24/7. And if you think you’re safe – well, Apple’s CSAM algorithm was proven to be tricked, and NYT broke a story about a man who made a photo of his son’s penis because it was swollen, and sent it to the doctor. It helped to get the diagnosis correctly and only later to be locked out of all his Google accounts https://www.nytimes.com/2022/08/21/technology/google-surveillance-toddler-photo.html
There is another threat: big tech companies and those who collect your data unknowingly to you, all with your own consent. For example, recent Fog Reveal scandal unveiled the scale of how much data is collected and, even if it's not much, it can still be used to track your smartphone and, therefore, your movements.
All guidance provided in this guide will help you to increase your level of privacy without sacrificing much of usability. There is an axiom on digital privacy: the more secure you get, the less usable it becomes. It is a balance that’s hard to find, and obviously each person has its own usability requirements.
Messengers
End-to-end encryption by default has become a basic requirement for today’s messengers, however one thing that is usually missed is metadata that every message contains. It includes the contact details (e.g phone number) of sender and recipient, IP address, and sometimes metadata would be enough to reveal whom you’re talking with, when, and where. Imagine an envelope with a letter inside it - while your message is like a letter sealed in the envelope, the sender and receiver’s contact details, as well as size of envelope, is the metadata.
Here is an example. Consider the situation in USA with Roe vs Wade reversal and how it will affect women who want to do abortions. A woman calls a gynecologist, speaks with him/her for some time – let’s say, one hour – and consults about an abortion, or asks about the procedure. After the advice from gynecologist, this woman calls the abortion clinic. And the government may not know the content of talks, but considering that metadata is unencrypted and they have access to it, they can draw a conclusion a woman wants to do an abortion.
Last year, an FBI document was leaked, in which you can see what metadata each of today’s mainstream messengers contain - moreover, unlike access to the account, police won’t need subpoenas to request it. Therefore, I’ll list the messengers with the least amount of metadata.
Signal
The most famous privacy oriented messenger as of today, Signal has been enormously improved and polished as a user-friendly messenger that can be used daily. It supports self-destructing messages, voice and video calls, and the encryption algorithm has been considered as a gold standard that even WhatsApp implemented it. Also, it is cross-platform so you can install it on your desktop as well. Recently they’ve added an option to “seal” metadata, to make sure it won’t be exposed to others.
In addition, it’d be useful to harden Signal for good measure. I suggest four things to do:
1. Setup PIN code, so that if you change a device, you will have additional layer of authentication and prevent any external actors to access your account by cloning your SIM card. It was actually illustrated when Twilio got hacked, and thousand of phone numbers were phished because they didn’t have PIN enabled. In order to do that, you need to go to Settings → Account → Signal PIN → Create new PIN, then enable Registration Lock. But don’t forget to store your PIN, because if you forget it, your Signal account will be locked!
2. You can enable Screen Lock so that if someone gets a hold on your device when it’s unlocked, he will have to provide additional authentication, be it fingerprinting of passcode. Settings → Privacy → Screen Lock
3. Make your notifications private. When new message arrives, you usually can see in it who sent it and what is the message. Signal allows it to mask completely – both sender and the message, so that you have to enter the account and see the author and message itself. Settings → Notifications → Show
4. Enable screen security so that no one would be able to screenshot your screen and somehow get a hold on your messages. Settings → Privacy → Screen Security
Here’s a small caveat for Android users though: instead of its official app, I would suggest using a “hardened” Signal fork…
Molly (Android only)
Besides standard Signal functionality, it adds few more useful features, such as:
lockdown the app automatically when you are gone for a set period of time;
voice and video calls via Tor or proxy;
application password to encrypt all your local data;
FOSS version which full removes any Google proprietary software, including push notifications via Google servers
I’d suggest enabling both options they provide, e.g lockdown the application authomatically, and application password.
Matrix
This isn’t exactly a messenger, but an open-source protocol released in 2014 that offers a decentralised federated end-to-end encryption solution without requirement to tie to a specific mobile/desktop application and fairly simple API. They position themselves as an “email” of private messaging. By making the group private, you can ensure that all messages inside are E2EE.
While their recent lobbying to make messaging interoperability mandatory in EU is questionable, the technology itself is good to use, especially for group end-to-end encryption chats. They have several clients for as much platforms as possible, so choose whichever you’d like – my preference is Element for desktop versions, and SchildiChat (fork of Element) for mobile version.
Briar (Windows, Linux and Android only)
This fully anonymous messenger works via Tor when it’s using internet communication; however, unlike traditional messengers, Briar allows users to communicate securely via Bluetooth, creating a “mesh network” independent of the cellular carriers or Internet service providers.
It has proven its effectiveness for Hong Kong protesters in 2019, and was also recommended during Belarus protests in 2020 when the internet was shut down. However, Briar is best to use for Android as the anonymous way to communicate, because its desktop version is still work in progress.
SimpleX Chat (Android, iOS)
Relatively new player on the field, SimpleX Chat proposes a new solution to the anonymous communications even without any IDs by utilising . Their architecture is also somewhat curious: communication process between 2 people is going through 2 servers, in which messages are going in unidirectional way.
While I personally prefer Briar over SimpleX as I’m still wary of its reputation (TrailOfBits audit though helps), it’s a great Briar-like experience for iOS users as there is no Briar for iPhone.
OnionShare (PC only)
This is more of a multitool, but incredibly powerful. It allows you to setup an onion web server both for sending/receiving files and anonymous chat (which you have to access via desktop Tor browser), and communicate privately.
Session (PC, Android, iOS)
My first revision of this article included Session messenger, then I removed it because I felt it has no advantages over other mobile messengers, and was based unnecessarily on blockchain. I still stand by that, but later I realised Session has pretty much no alternatives for secure communication (apart from OnionShare which is heavy and more tech-savvy) for PC and smartphones in terms of a cross-platform support.
Briar desktop version, unfortunately, lacks several critically important features even in comparison with its own mobile version, SimpleX has no desktop version yet, Matrix is more suitable for group chats rather than personal — besides, their federated E2E encryption is good but not ideal. In that regard, Session with its metadata resistance, E2E encryption and onion routing is a suitable beginner-friendly alternative for private communications over PC. And it was audited.
Browsers
This section will cover both desktop and mobile versions, and what extensions could be used to raise your privacy. For iOS users: you’re fine to use Safari, because other browsers in App Store are basically a replications of it, and you won’t achieve anything by installing other browser.
Desktop browsers
There is a stereotype that Firefox browsers and, consequently, its forks are better at privacy and security than Chromium-based browsers. While in some aspects it is true (for example, unlike Chromium browsers, Firefox is more flexible with settings and configurations), in terms of security Firefox is much worse. Particularly when it comes to sandboxing and different exploit mitigations, as it has been explored by many security experts. Therefore, the overall suggestion is to look at Chromium-based browsers first because they have the best security practices.
Obviously, that doesn’t mean we all should use Google Chrome, as it contains many trackers of your activity. Fortunately, there are some options which allow to keep Chromium experience.
Brave (PC, Mobile)
Despite its cotroversies (which are related to the company rather than browser itself), right now Brave is the bets out-of-box solution. Unlike Chrome, it doesn’t require to use your Google account or, in fact, any account - instead, it uses Sync Chain to keep browsing history, bookmarks, passwords etc. on all of your devices. Its mobile version is one of the best in Android and a solid alternative to Safari in iOS.
What is the small cost of your privacy? To start with, Brave is known for its pretty aggressive cryptocurrency advertisements (albeit it can be completely disabled, which actually is a must-do!). Also, it has some built-in telemetry, which can also be disabled.
Hardening guide (I used Hitchhiker template and modified it a bit)
Go into Settings > Appearances (
brave://settings/appearance
)Under "Show autocompete suggestions”:
Disable “Show Top Sites”
Disable “Show Browsing History”
Disable “Show suggested sites”
Enable “Always show full URLs”
Disable “Show Brave news button in address bar”
Go into Settings > Shields (
brave://settings/shields
)Set “Trackers and Ads blocking” to Aggressive
Set Cookie blocking to Only cross-site
Set Fingerprinting blocking to Standard or Strict (preferably Strict)
Go into Settings > Social media blocking (
brave://settings/socialBlocking
)Uncheck everything unless needed
Go into Settings > Extensions (
brave://settings/extensions
)Disable everything except “Private Window with Tor”
Set both Resolve methods to “Ask”
Go into Settings > Wallet (
brave://settings/wallet
)Disable “Show Brave Wallet icon on toolbar”
Set Default Ethereum wallet to “None”
Set Default Solana wallet to “None”
Go into Settings > Privacy and Security (
brave://settings/privacy
)Leave WebRTC to “Default”
Disable “Allow privacy-preserving product analytics (P3A)”
Disable “Automatically send daily usage ping to Brave”
Under “Security”, set “Always use Secure connections” to Enabled
Go into Settings > Shields > Content filters (
brave://settings/shields/filters
)Select any additional adblocking filter you want
Recommended: CJX’s Annoyance List, Easylist-Cookie List, Fanboy Annoyances List, Fanboy Social List, Fanboy’s Mobile Notifications List, and uBlock Annoyances List
Add custom filter lists
Add the Actually Legitimate URL Shortener Tool which uses the rules found in ClearURLs below
Add the AdGuard URL Tracking Protection which enables generic
$removeparam
rules
To keep all applied filters, click “Save”
Bromite (Android only)
A Chromium fork with focus on digital fingerprinting resistance, Bromite is a solid Android-only alternative for daily browsing while preserving Chromium experience and keeping away from Google Play store. It is easy to install (download .apk file and launch it), and the updates are coming directly.
LibreWolf
For those who still want to keep using Firefox browser, then at least I would recommend using its fork that disables as much telemetry as possible by default and includes uBlock Origin extension out of the box. It also removes the majority of Firefox services, such as browser synchronisation using Firefox account, and is completely open-source. As a Firefox-style out of the box browser, you won’t miss your regular Mozilla experience with this.
Why not use regular Firefox even in terms of a privacy angle? One, they have a lot of telemetry; two, recently they began including the unique token in installer files; three, during the first launch after installation they make dozens on telemetry requests; four, it’s easy to use out of the box unlike Arkenfox (but I recommend to use Arkenfox if you’re confident!).
Useful extensions
uMatrix / uBlock Origin
Both these extensions allow to control the content filtering and block social media trackers. The difference is uMatrix is a bit more advanced than uBlock Origin and provides an option to allow/deny even specific elements of a domain, while uBlock Origin is more focused on domain name filtering in general. For example:
Any one of those extensions are must have for daily web browsing.
Decentraleyes
These days, many websites force you to load files through third party services, or Content Delivery Networks (aka CDNs) from Google. There is also a danger of CDNs tracking you web activity or at least contributing the collected information about you, especially from public ones.
Decentraleyes allows to bypass this step by packing most famous libraries so that website would load faster and not make your browser send a request.
ClearURLs
Have you ever noticed or get irritated by long URLs in address bar? Thing is, they’re also tracking elements that also mark your online activity: for example, when you browse your Twitter feed and click on any external link, it contains a tracker that identifies you found out about it from Twitter.
ClearURLs, as the title says, removes such trackers and many others.
Sponsorblock for Youtube
If you’re extremely tired of sponsorship parts in the YouTube videos, this extension will allow you to skip them over. However, it goes beyond just sponsorship parts: you can also skips intro and outer parts of the videos, unpaid sponsorships and other unnecessary parts of the video.
Email provider
Proton Mail
Best known email provider with the focus on better privacy and security. While it still has some issues such as unencrypted email subjects, Proton is still one of the best out of the box email providers today. All email messages sent between Proton users are end-to-end encrypted, and if you’re sending an email to a non-Proton user, it can be protected by either PGP encryption or a password. You can also “mask” your real email with an alias thanks to SimpleLogin, which was bought by Proton this year.
Protonmail is also under Swiss jurisdiction.
Disroot
This one is less known for a wide audience and is, in fact, more than an email provider. It is a platform of various online services (cloud storage via Nextcloud, XMPP server, upload service etc.) that takes a strong stance against advertising or trackers and attempts to create a system where data-mining is not a thing. It doesn’t store IP addresses persistently, any logs of recent activity are destroyed in 24 hours, putting it in advantage over Protonmail, and it supports PGP encryption which can be configured easily. Also, unlike Tutanota, VPN usage is allowed.
Cloud storage
By using cloud storage, you should understand that the service provider ultimately has every right to
Cryptee
Fairly new product on the market, Cryptee is probably the best option for secure and encrypted storage of your personal files (unless, obviously, you’re not going to whistleblow anything!). They’re the only (to my knowledge) cloud storage provider that do not ask for any details such as email or phone number, and support incredibly useful features such as “ghost” folders; it means that it will be hidden unless you type in its name again.
While the free account allows to store only 100 Mb of data, it is my primary recommendation for daily usage.
Nextcloud
It can be described as the Mastodon of cloud service. Basically, it is an open source software that can be used to self-host your own cloud storage on any server, or sign up with any available provider. Also, its flexibility with configurations allows you to customise it as much as you would like.
There are some downsides though:
in order to raise your own cloud storage, you may require some IT knowledge (but as I stated, you can sign up with any other provider, some of them allow to do it for free with limit of 2-5 Gb storage);
end-to-end encryption is still in experimental stage
If you’re going to register your email in Disroot, automatically you’re entitled to use a Nextcloud storage as well, that has 2 Gb of data for free.
Proton Drive
Recently, the creators of Proton Mail decided to step on the Big Tech area and turn their Proton Mail service into the box of several services under one name “Proton”, which includes also calendar and VPN service. If you intend to use Proton Mail paid subscription, this should be a go for you.
VPN
Perhaps this is one of the hardest topics to analyse.
Many commercial VPN providers are being marketed as privacy protecting tools. And, well, who could blame them? They are able to hide your real IP address from the websites you browse, or Internet Service Providers. Some of them even claim about no logging policy or that they’re anonymous. However, many of such providers, including most famous ones, write in their privacy policy completely opposite things. To make things worse, few of them even use advertising trackers, including third party ones, and sometimes Google Analytics.
Mullvad and IVPN are one of very few transparent VPN providers which keeps as less information as possible. In fact, it doesn’t require any contact details to create a VPN account - instead it generates a 16-digit number that can be used to log in and manage. Moreover, they even accept payment in cash by mail and in several currencies. Even if you pay with debit card, they delete the records in 40 days.
Search engine
DuckDuckGo
The most famous mainstream privacy preserving search engine, DuckDuckGo has grown up in recent years enormously, providing a successful alternative to Google’s search engine. However, even though they have their own search index (i.e web crawler), DDG also uses others’ search indexes. They still collect some information from the search history though, it’s much less than Google. However, they were working with Russian big tech company Yandex (which, btw, was doing Russian authorities’s bidding on Ukraine war), and signed an agreement with Microsoft to allow some tracking of search requests.
Mojeek
If it wasn’t for its search results (which are still behind DuckDuckGo or Brave), I’d have used Mojeek as my primary search engine. They explicitly state about its unbiased search results, do not store IP addresses and do not give access to any stored data for any third parties. In time, when its search index gets better, I think this can be a search engine to use every day.
SearX instances
Mastodon of search engines, SearX is a collection of public instances with many different search engines that behave like a proxy. It takes a search query, asks search engines you choose to use, and then returns a collection of results from those engines. While the UI may be too simplistic and not particularly user friendly, this is probably the best alternative to DuckDuckGo as of today.
Securing your credentials and sensitive data
Password manager: KeePassXC (PC) / KeePassDX (Android) / Strongbox (iOS/macOS)
Today, password managers are a must-have tool for using online services in order to avoid any duplication of your passwords, which is a big privacy risk. You can remember just one password - to your password database - and then copy-paste password for each service to log in. The best option is to keep it locally and to use an open source solution, and that’s where KeePassXC comes in.
All passwords are stored offline, removing the possibility of your passwords leaked when using online services such as LastPass. Also, Keepass data is encrypted using secure algorithms such as AES-256 or ChaCha20.
Aegis / Tofu (Android/iOS)
Another must-do privacy rule today is to enable 2-Factor Authentication for your accounts, and not via SMS as it has poor security and it has been proven multiple times that it can be bypassed with different methods: SIM swapping, capturing unencrypted network traffic etc. Even Microsoft at one point completely disabled 2FA via SMS codes.
Currently there are two options: using specific applications that generate time-limited one-time codes, and hardware keys such as Yubikeys. While hardware keys are the best solution, not so many services support them just yet - therefore, mobile applications are the main option which works with all of them. andOTP and Tofu are designed specifically for Android and iOS operating systems respectively, both of them are open source, and unlike Google Authenticator or Authy, don’t require any information such as phone number or email.
VeraCrypt
Encrypting your sensitive folders, hard drive or even the entire system, is also something that should be considered. In case your hardware is confiscated, while you may not care if someone would get access to your non-confidential files, you still might want to protect those files that are important to you.
VeraCrypt does exactly that, but can go even further. It supports hidden volume within regular VeraCrypt volume that can be unlocked only with a second password, so even if you’re coerced to unlock primary volume, hidden volume will stay secure.
Open source alternatives to the popular services and applications
Youtube web/mobile -> Invidious / Freetube / LibreTube (Android) / Yattee (iOS)
Official Youtube clients, whether it’s web interface or a mobile application, are honeypots for collecting data about you. Besides, with age verification incoming and Youtube strengthening its rules, some content will be locked unless you provide any form of ID.
Invidious and Piped are open-source front-ends to Youtube that doesn’t require any verification even for 18+ videos, very minimalistic with UI, and without ads while supporting original features such as creating new playlists or importing/exporting subscriptions. FreeTube, LibreTube and Yattee are the desktop and mobile clients respectively that provide a comfortable use of it.
Google/Apple Maps -> Organic Maps
I don’t feel the need to reiterate about how much information Google collects about us in anything we’re doing, and as much as it's simplistic and comfortable to use Google Maps, it always comes with a cost of privacy. Even if you don’t like it. Besides, to use Google Maps properly, you may require an internet connection.
Organic Maps is based on OpenStreetMaps which is open source and built by a community, and you can choose which regions you want to download and then use it to browse offline. It may fall behind Google Maps in some things (for example, not being able to check opening times of any business within an application, or lacking Browse Street View), but for daily use it is great.
Twitter -> Nitter
With Elon Musk's acquisition of Twitter, it has become imminent that, despite all his bravado about helping humanity, in fact it may become more unusable. However, I understand when people, while deciding to move out of Twitter, still want to follow content from some accounts.
Fortunately, there is a project called Nitter. Similar to Invidious, it is an open-source front-end for Twitter that bypasses age verification for viewing sensitive content that algorithm for some reason tags with (even though it isn't). And you don't need to sign up - you can freely see tweets and replies without.
I don't know what will happen to it after Musk's acquisition and will it follow the same path and Bibliogram - hopefully it won't - but Nitter is incredibly useful.
In fact, you can install LibRedirect extension on your PC and it will do the work for you.
Other advices
Turn off any telemetry as much as you can
It is no secret that usage data collected from your OS, or an application, can be used to sell out to third parties, or the government itself. Roe vs Wade overrule, with following fears that period tracking apps might have to hand over their data to the authorities, only prove the danger it poses. Therefore, turn off any data collection and submission you can find, both in applications and OS. While some of it may not be opt-out, at least you’ll be able to minimise it.
Use two browsers at least on PC, each for specific purpose
While it may be comfortable to use one browser for everything, you may need to have a separate profile in order to keep such information isolated from your daily activities. For example, split your work activity from a regular one, or when searching for sensitive topics.
Install O&O ShutUp10++ for Windows PC
Windows is well-known for its strong privacy invasive features, and it can be struggling to find every single one and disable it. Fortunately, O&O ShutUp10++ is for the rescue here. It has every possible detail on Windows data collection and allows you to toggle them.
Buy, if you can afford, Google Pixel 6/6 Pro/7/7 Pro and install GrapheneOS
This is an ultimate suggestion for a smartphone with high privacy and security features which Edward Snowden recommends as well multiple times. To be specific, let me highlight just some of their improvements:
Per connection MAC randomisation, enhancing stock Android’s per network randomised MAC. This is a big step to avoid having you device detected as the same one in free Wi-Fi spot;
Turn off Wi-Fi and Bluetooth automatically if not connected to anything. Recent NY Times article about Chinese domestic surveillance illustrates how always-on Wi-Fi, when it’s not connected to any hotspot, can allow law enforcements to track down your movements. Same applies to Bluetooth;
OS-specific web browser Vanadium with hardened WebView;
Sandboxed Google Play which works like any other application. In stock Android, Google Play services have full privileged access to everything on your phone, and MicroG services also bypasses restrictions.
The possible downside is that contactless payments via Google Pay aren’t supported (reason is Google, as expected), and you may have to verify if your banking app works there. However, from my experience, UK banking apps work well on GrapheneOS.
(Android only) Use F-Droid to download and install apps when possible
F-Droid is an alternative app store for Android with a clear policy to publish only open source applications and with full transparency on app permissions and non-free services. It isn’t dependant on Google.
Obviously, it won’t replace Google Play Store completely as it doesn’t have some applications (like Protonmail), but majority of those listed in this guide can be installed via F-Droid. I recommend to use Neo Client application for F-Droid as the official application isn’t getting much updates right now.
(Android only) Wherever possible, avoid apps with Google FCM services
Without going too technical (but if you do, here’s an excellent explanation), Google Firebase Cloud Messaging is a service that allows sending data from servers to the Android applications on Android devices. Simply, Google FCM or, in Apple’s case, Apple Push Notification aka APN, are the reason why push notifications in messenger apps work flawlessly - instead of your device connecting directly to the Signal’s servers, for example, it uses third party OS service and, logically, its servers.
But with such reliability comes privacy compromises: your device’s IP address and unique push notification token are exposed to Google and Apple servers. And since all this information on these servers is being logged, Google/Apple will have information on which applications you use, from which IP address it was sent, and which devices you used.
Fortunately, Android allows you to avoid using Google FCM in some cases. Let’s take Molly, for example - it has two app versions: with FCM support and without it (FOSS). If you install the Molly FOSS version and allow it to run with Unrestricted battery mode in your settings, the application will constantly be active to check for new messages. If you don’t, then it will check for new messages only when you launch the application.
Sorry to all Apple users, iOS doesn’t really provide a workaround because of the closed ecosystem.
(Android only) Install AirGuard
As some of you might know, AirTag gadgets made by Apple were released last year, but instead of being used as intended, many people.
While Apple has the detection mechanism built-in, Android does not. Instead of the official Apple’s Tracker Detect application, I’d suggest to use AirGuard – it is an open-source application made by group of researchers at Technical University of Darmstadt. I know personally one of its developers, and she’s very skilled, so consider this a personal vouch. Besides, they’re open and transparent about data collection, and support other tags besides AirTag.
And finally - be careful with sharing your personal data
We can use as many tools as we can in order to secure your privacy. However, in many cases, we reveal the information about ourselves - by sharing your selfies, or describing details of your lives in blogs etc. Today OSINT (Open Source Intelligence) is so advanced that even a harmless photo made on your smartphone and shared online can tell where and when were you at one point. Human factor is, probably, the biggest threat of your own privacy.
Conclusion
I don’t want to sound like I’m forcing you to completely reject using your mainstream services. I sometimes have to use Whatsapp or Gmail because of various reasons. For example, others just don’t want to use Signal and I couldn’t convince them to move there, or there are many things where I signed up using my Google email (although I started to move out of it).
However, what you can do is heavily reduce the usage of Big Tech services and keep them for non-sensitive purposes. All things considered, if the government is trying to invade our right to privacy, why should we give them a free pass?
Also, if you’d like to support the blog with donations or contact me, follow the link below: