Hey all, I’m in the process of trying to better protect my privacy. I plan on ditching Windows at my home office and transitioning to Linux Mint. Additionally, I plan on using a VEE PEE IN to always conceal my network traffic from my ISP and other snooping actors.
My threat level is very minimal, but I’m just fed up with companies harvesting my data and intruding on my private life.
My question is, how do you guys sign into Banks, Investment Sites, College, Credit Cards, Social Sites (I still use FB messenger for keeping in contact with friends/family), and other websites that personally identify you? Do you guys keep your VEE PEE IN on? Should I have a dedicated VM or Tiny Workstation that I VNC or RDP into strictly for websites that personally identify me? Turn off my VEE PEE IN?
Sorry If I seem a little uneducated, I’m still in the process of doing some research on this topic and just curious WHAT exactly other people can scrape from your devices… i.e. can I be identified by my MAC address? Cookies? Thanks guys.
So this depends how much effort you want to spend doing this, but you’re on the right track in compartmentalizing different things. At the end of the day, what are the things you’re protecting from and what is the risk gained using said protection. Then you can plan your privacy strategy accordingly.
It makes sense to isolate personally identifiable traffic into your already identified connection, but then, your already identified connection will potentially have data on which services you use and how frequently you access their sites. That said, moving this traffic your VPN means that your VPN and their network providers potentially have access to collecting the same data.
Thus, you really need to weigh things out. Unfortunately, you can’t really trust anyone so max isolation strategies are the best but will bring about more difficulties in operation.
Connect to the internet via someone else’s router (a cafe or another home for example). The worst-case scenario, if they trace your IP, is they will only know “it was someone connecting from this cafe or home”.
You can connect via TOR. This is not a guarantee that you will stay anonymous though, because if the bridge relay and exit relay or god forbid all three relays are owned by the same person, they can trace the traffic back to your IP. I don’t think it’s likely that all three relays will be owned by one person, but it could technically happen.
Connect via a VPN. This is still risky though. Because you must be sure that the VPN service does not log traffic. The problem is, you can’t. How do we know that VPN service X are not logging our traffic just because they claim so?
Connect via a proxy server (or even better via several chained proxy servers) so it appears that you are sending the traffic from their IPs. However, this is only useful if you are sure those servers are not logging your traffic.
Use Linux. Because you have 100% control over what is logged or not. Who knows exactly what Windows or MacOS would log that you aren’t aware of or don’t have control over?
Never use any information that can be traced back to you. That includes your credit cards, name, phone, your regular emails or address and so forth.
Don’t use Google Chrome, Edge, Safari or any other browser owned by some big corporation. They might log stuff that you aren’t aware of and don’t have control over.
Use anonymous email services. Don’t use Gmail or Outlook for example or any email service that requires you to enter any personal information or owned by some big corporation.
If you are going to buy something online, use crypto currencies. Buy the crypto coins through a service where you can remain anonymous, of course and not forced to enter personal information. You could send money the old school way and just send money in cash in a letter. This is probably the safest way. Don’t think they could trace that. How would they?
Always make sure you are using encrypted protocols like HTTPS (not HTTP) etc. .
What I’d truly like to do is completely isolate my easily identifiable online identity from some web browsing habits that I have. For example, I frequent some boards on 4Chan, Browse X, and periodically scroll some political Reddit boards. It would be nice if I could be completely anonymous while doing this. I was thinking running a Linux Distro + Always on VPN.
I’m also a full-time online college student and maintain a Social media presence to network with friends and colleagues. I’d like to be able to perform these online activities separate from my previous mentioned activities. Maybe another Linux Distro that I TightVNC or RDP into? Don’t worry about a VPN while I’m doing these things?
Also, if I access… let’s say, a banking site and punch my personal info in while connected to a VPN, and then access Reddit, would it be easy for my VPN provider, or whoever, to tie these two identifies together? Thanks for the advice.
It really all depends on your threat and surface area risk level tolerance.
I would definitely use a VPN on those sites especially 4chan since they decrypt with CloudFlare.
If you feel certain things are okay for your ISP to know you visited and the thing to know your home IP then this is your choice (I opt for trust nobody).
In terms of the last question it depends on your VPN but all of them can connect it together if they want to. It comes down to trust (but for max safety trust nobody).
VM isolation is definitely strong. Just don’t get lazy or mess up which would defeat all the efforts
This is some good advice. I can tell you know your stuff. I’m a Sysadmin at a small company but really specialize in Disaster Recovery, 365 Administration, etc… etc… So I’m trying to brush up on privacy best practices on my spare time.
I’m with you on the trust nobody philosophy. What really lit a fire under my arse for purifying my browsing habits is the recent Windows Recall feature. Even though I’ve always been aware Microsoft has been invasive in terms of privacy, this was the final nail in the coffin.
I’ve been a Windows user since XP but finally fired up a Linux Mint distro in Virtual Box last week and I’m finally going to make the transition.
I have one of THESE in my home office that I use for my “private” browsing but I haven’t been real diligent about always keeping my VPN on… And I still have Windows 10 on it… so yeah.
I think what I’d like to do is ultimately have a Linux Distro that I only use for ~clean~ browsing stuff, like LinkedIn, Banking apps, etc…
And then maybe Tight VNC into my Tiny Lenovo that always runs VPN + privacy browsers, etc…
My threat level isn’t like, “whistle blower” level but I could potentially see some of the content that I’ve browsed coming back and biting me in the ass.