Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
If you're already moving to Graphene, just use Vanadium as your browser. It ships with GOS and is an excellent privacy choice.
Also, proton mail kinda sucks. I used it for a while but switched to fastmail because an email account with zero interoperability is kinda a lousy used experience.
Edit: same with proton calendar. I like the concept but in practice having a locked away calendar isn't a great feel.
Didn't see anyone else say this: DDG is certainly a great choice for search engine, though I'd recommend brave search:
Due to several of the companies issues (and it being chromium) I don't recommend the browser but I do really like the search engine.
Why not Startpage?
I would recommend changing everything Proton with Infomaniak's KSuite: https://www.infomaniak.com/en/ksuite/myksuite
+1 for leaving Proton. Bad company, the CEO is a Trump bootlicker
Keep away from Infomaniak!! Had a problem with my keyboard and miss the password 3 times and get account locked. OK, no stress let's do a revovery with the alternate email. I received the email to change the password, follow the link and choose a new password. Error, account is locked! OK, let's do a recovery using phone number. Receive SMS and same thing as the email!! WTF?! So, I have to contact Infomaniak and guess what? In order to protect my account I have to send them my government issued id!! WHAT?? How can that thing protect me? This is blackmail. They have my data and want exchange it for my ID. Why they have email and phone recovery if I cannot successfuly use them? If an hacker has my alternate email and my phone, he probably also has my ID, right? How I solved it? Well, send them a fake ID and guess watch? Five minutes later a have access to my account! They don't have the means to validate it, was what I though. So, I get all my data back and never look back. What a disappointment, I have moved because it was cheap and I even told all my family and friends. Have to took a step back and leave them because that is all wrong.
Maps is the hardest thing to replace. I like comaps but it's hard to find any businesses on it. They should probably start scrapping google maps because there no way to get ahead at this point.
I use Mapy (EU)
Murena Workspace and kDrive instead of Gmail/Gdrive
AlterSend (P2P) instead of DropBox
vgy.me (UK) instead of Google Photos
Search - Mojeek, Startpage, MetaGer
AI - Andisearch
Vivaldi Browser, it's Calendar, Mail and Mail Client, Feed, Notes
Zen Browser
Mandatory Portmaster on Desktop (Windows/Linux) and InViziblePro (Mobile)
Have you tried Magic Earth Navigation. I tend to switch between Magic Earth and CoMaps but tend to use MAgic Earth more
Its not on fdroid?
It's unfortunately not truly FOSS, it's still closed source. But literally every map app with traffic data is so, I just use it to avoid Google... Use Aurora store to get it.
Arent you using too much proton
Ecosystems which are easy to use are great for users and the reason why Google has a monopoly. If proton is a decent privacy centered alternative then more power to them.
Obsidian is closed source or not fully open source iirc. Try Notesnook if you need sync.
Logseq is a good alternative to Obsidian
Apparently Emacs is on F-Droid so you could use org-mode as well, although IDK how well it works
Depends on how much privacy you need and how much tinkering to get things to work that you're willing to put up with.
In general, using a variety of services will be more private than going with a single entity like Proton.
Bitwarden is self-hostable, which makes it potentially more private than Protonpass... assuming you actually set up the self-hosting.
Signal isn't a good long-term plan, as it's entirely hosted in the US. I don't think there are currently any known compromises to the encryption model, but iirc the company can see all your communications metadata (which means the government could potentially as well). I don't mind it for talking with friends, but I would recommend against it for extreme privacy needs (e.g. the government starts getting overzealous with who it counts as enemies of the state, and you or your friends become targets).
Some of these require self-hosting, so you might need Headscale or WireGuard to connect to them
Browser based wallet? Good god, no thx
Netbird is also good for connecting to them
I prefer Comaps over OSMand.
OSMAnd has a lot more features that I personally use
I don't trust proton.
Get a 5$/ month Nextcloud instance on Hertzner or selfhost it. You'll get 1 tb drive, calendar, notes, office suite, sync with phone, and much much more.
Or Tutamail
Anyone have thoughts on mailbox.org? I have been thinking of switching. Anyone with experience with the service?
I use it. Nothing but positive experiences so far.
Switched a few months ago from Gmail. Own domain. Works great so far. A bit of setup required ofc. Thunderbird on phone & just the standard calendar app because the apps I tried I didn't like. Calander & Contact sync through DAVx⁵, costs a few bucks, but it works just fine.
As others have said, remove all proton stuff that you can. You are just replacing one centralized service with another. Google started out good too and look where we are now. Never put too many eggs in one basket.
My answer to this is to use a custom domain with an email aliasing service.
I've gone through about half of the 400 accounts in my password manager and moved them over. I'll migrate the rest over the next week or so.
So, I'm switching from Gmail to Proton for now, but if Proton starts to get worse or Tuta catches up on functionality or there's a better provider that emerges or I decide to try to self-host, it's one easy change at the alias provider to redirect all of my mail to a new email provider.
You should try migadu. Thats the most no-bs provider with custom Domains I could find
First off: you've come a long way. Great setup, keep it up!
As others have said, I'd reduce your reliance on Proton. I'd particularly ditch their password manager in favour of something like KeepassXC and combine it with Syncthing (which you're already using) in order to keep your passwords out of the cloud, but synced between your devices. Always think in terms of blast radius: if an attacker gets access to your Proton account (either because you fuck up or they do), they will have access to anything that's in there. Having your e-mail + pw manager there increases blast radius dramatically and allows not only for access to, but full takeover of your accounts in case of a breach.
As others have pointed out, having so many Proton might be an issue. However, that line of thought only works if you’re really concerned about having a single point of failure. Most people value convenience much more than that.
The way I see it, this setup is somewhat noob-friendly, but relying heavily on Proton makes it a lot more convenient for many people. Using a greater variety of providers would make sense, but you can’t expect everyone to be ready for a hassle like that. People seem to expect you to be a hard-core privacy warrior who is willing to make significant sacrifices for philosophical reasons.
Most people aren’t like that. Just switching to DDG is hard enough for them, but at least it’s a step in the right direction.
If you take only 1/10th of this diagram, you get the simplified newbie version. Take all of it, and it’s for a person who is clearly interested in security and privacy. Modify a few things here and there, and you get a version for a serious security enthusiast. Different versions for different audiences.
Using Proton Mail, Calendar and Docs is a lot, lot better than using the Google suite. We shouldnt put people off changing, as you said the convenience is important and often forgotton as the major reason people stick with Google.
In my honest opinion? Nothing. There is nothing worth changing here, all the other advice is just different kinds of extreme.
based on your selection and the fact that you asked this question is good a indicator that any other alternative people would suggest won't do you that much benefit while carrying a much higher chance of being highly inconvenient.
Incoming Proton hate. This place has taken to that campaign exceptionally well.
I prefer Comaps over OsmAnd, it's just much simpler
This is really great, especially as a jumping off point. You might consider a ranked approach, like good, better, best. Most marginally privacy conscious services are going to be better than their Google analog, but some are better.
You got great choices, actually. I'd only recommend to be as little dependent on multiple fronts on one company. So I'd change a few of Proton to something else. As long as Proton doesn't replace their CEO with an explicitly antifascist one, I don't know if they re a good spot.
Depending on how private communications must be, Threema might be better than Signal.
If you don't need to synchronise with others and your threat model is not physical attacks/theft, then agendas can be just on paper. Same for the calendar.
As for distro...
Mint is great (and honestly what I'd rec for people brand new to Linux). If you want to harden privacy/security more though, the following Linux distros might be better:
I assume you want to use your distro as daily driver, and that your threat model isn't too severe. So the above ones should suffice.
If the threat model calls for it, or you're willing to sacrifice some usability for slightly more security, you could try QubesOS (arguably one of the most secure distros since it sandboxes everything as if they were a separate computer). Tails is another alternative, that's on a USB and forgets itself after usage.
For search engines...
... go for Qwant (French) or Ecosia (German). Both are European-owned and are busy constructing their own indexes (currently they still use Bing and Google). There's Mojeek (UK-based) which is independent.
I don't know how to block specific sites from popping up on them though, since I notice a certain trillionnaire's personal ""wiki"" pops up a LOT. Probably he's cheating and search bumping to spread his desinformation. It should be blocked.
Presearch also exists, which is decentralised and uses its own indexes. If you want OSS, there's SearXNG and YaCy which have metasearch options. Be careful in which instance you pick, though.
SecureBlue also looks decent and brings some of the security hardening used in GrapheneOS
For passwords, you can use the same KeepassXC database on multiple devices. It's encrypted, and you can have the passphrase file locally on multiple devices, and the cloud provider cannot access it even by brute forcing. The database itself would not be reliant on the cloud service, you can easily switch between any provider (I currently use dropbox)
