The Privacy Diet

Introduction

If you're living in the same world as me you've probably found this guide because something feels off, and has done for years now.

We've all had that moment when you mentioned a product in conversation — out loud, to a friend — and then saw an ad for it twenty minutes later. Or you've Googled something medical and wondered, uncomfortably, who else was watching. Maybe you just have a creeping sense that the internet, which used to feel like freedom, now feels more like a shopping mall with one-way mirrors.

You're not paranoid. You're paying attention.

The Deal You Never Agreed To

Here's what we all know about how the modern internet works: the services we're using every day — search, email, maps, social media — are not free. We're paying for them with something more valuable than money. We pay with our behaviour, our location, our relationships, our opinions, our fears, and our desires. Every search query, every app opened, every route navigated is a data point. Individually, each one is harmless. Collectively, they build a digital portrait of us.

This information is stored and collected by companies, the data brokers, who sell it to the highest bidder. So these data brokers are designed to turn human attention and behaviour into revenue and we're decades into this debacle bu now. But the fact that it's systematic doesn't mean you have to accept it. You have more control than you think — and exercising that control is exactly what this guide is about.

"The Net's interactivity gives us powerful new tools for finding information, expressing ourselves, and conversing with others. It also turns us into lab rats constantly pressing levers to get tiny pellets of social or intellectual nourishment."

— Nicholas G. Carr, The Shallows: What the Internet is Doing to Our Brains

Who I Am, and Why I Wrote This

I'm an IT professional. I started in data administration, climbed the ladder through level 1 to advanced support. I've spent years managing IT infrastructure, and watching how data moves — both in the systems I've built and in the ones I've audited.

I once had a friend tell me that working for a schoolboard was the reason he homeschools his children. My reasoning is very similar - I've seen how it works inside and out and that was before the rise of gb speeds, 6g, AI to name a few. Which is why I run my own servers. I manage my own DNS. I know what a VPN actually does and doesn't do. I've been through the process of de-Googling my own life, piece by piece, and I know exactly how tedious and how rewarding it can be.

There's a lot of privacy content on the internet. Most of it falls into one of two traps: either it's so shallow it's useless ("just use a VPN!"), or it's so paranoid and technical that normal people bounce off it in five minutes. I want this guide to sit between these extremes — practical, honest, technically grounded, and written for human beings who have lives to live and don't want to become full-time sysadmins just to check their email privately.

The Privacy Diet

I want to introduce a concept that will frame everything else in this guide: the privacy diet.

The goal of this guide is not to make you invisible. That ship has largely sailed for most of us, and the pursuit of total anonymity is its own kind of trap — It's exhausting and if you start with that as the goal it's very likely you;ll be nihilistic about the possibilities in no time. The goal I want to put forth is something more achievable and more sustainable: a gradual, deliberate reduction of your exposure, built through habit rather than heroics.

Think about how long-term weight loss actually works. It doesn't work through fad diets or white-knuckle willpower. It works through small, consistent changes — swapping one habit for a slightly better one, building momentum over time, and not beating yourself up when you slip. Your online privacy works exactly the same way.

Replace Google Search with a private alternative. Switch your messaging app. Change one setting on your router. Each of these changes is minor. But over six months, they compound. The algorithm that knows you today will know you less well next year. Your data will be in fewer hands. Your attack surface — the amount of you that is exposed to the world — will have quietly, permanently shrunk.

"The goal isn't perfection. The goal is better than yesterday."

What This Guide Covers

This guide is structured in three sections, each building on the last:

1. Your Phone — where most of your data leaks happen, and the most impactful place to start
2. Your Internet Use — browsers, search engines, email, messaging, VPNs, and the habits that shape your digital footprint
3. Your Home Network — router security, DNS privacy, network segmentation, and building a home that doesn't spy on you

Within each section, you'll find content for two audiences. If you're new to this and just want practical steps you can take this week, the beginner content is for you — no technical knowledge required. If you're more comfortable under the hood and want to go deeper (custom ROMs, self-hosted services, DNS-over-HTTPS), the advanced sections have you covered.

You don't need to read this cover to cover. Use it as a reference. Start where it hurts most, pick off the quick wins, and come back when you're ready for the next layer.

A Note on Threat Modelling

Before we dive in, I want to introduce one concept that will make every recommendation in this guide make more sense: threat modelling.

Threat Modelling simply means asking: who am I protecting myself from, and what am I protecting? The answer shapes everything. Protecting yourself from data brokers selling your information to advertisers requires a different approach than protecting yourself from a stalker, which is different again from protecting yourself from state-level surveillance. Most of us are dealing with the first problem, some are dealing with the second, and very few need to worry about the third.

Throughout this guide, I'll flag recommendations by threat level so you can calibrate. Not every tool is necessary for every person. The goal is always the right level of protection for your actual situation. Although I'm not against the idea of everybody using the maximum level of paranoia when it comes to their data.

Let's get started.

Part 1 → Find Out Where You Are

Before You Start — Quick Wins: Do These This Weekend

Before we jump into the deep end here — phones, network setup, custom ROMs — I want to give you super quick changes to make ASAP. The following five changes take between fifteen minutes and an hour each, require no technical knowledge, and will meaningfully reduce your data exposure the second you implement them.

This is your first step. Pick one. Do it. The momentum matters more than the order.

Your Weekend Checklist

Here's the full list at a glance. Tick them off as you go:

Total time: Under two hours. These five changes alone put you ahead of the vast majority of internet users. Everything in the rest of this guide builds from here.

"That which has been done well has been done quickly enough." — Augustus

Part 1 → Your Phone

Chapter 1 — Understanding Your Smartphone

✓ Beginner Friendly

Let's start with your phone, because that's where most of your data leaks happen, and it's the device that's with you every hour of every day (unfortunately).

The choices are iPhone or Android. That's really it when we're talking about a smartphone. And the instinct most people have is: Android equals Google, iPhone equals Apple. That's roughly right — but the story is more interesting than that, and the difference matters enormously when it comes to your privacy.

Apple's Walled Garden

Let's deal with Apple first. The term you'll hear constantly in any discussion about the iPhone ecosystem is the 'walled garden' — and it's worth understanding exactly what that means, because it cuts both ways.

Apple's walled garden is the controlled ecosystem Apple has built around its hardware, software, and services. Every app on your iPhone was reviewed and approved by Apple. Every software update came from Apple. The App Store is the only legitimate way to install software. The processor, the operating system, the default apps, the cloud service — Apple designed and controls all of it. Nothing gets in or out without Apple's say-so.

From a security standpoint, this has real advantages. Apple's tight control over the hardware-software stack means they can catch and close vulnerabilities faster than a fragmented ecosystem can. Malware that plagues open platforms rarely makes it onto iPhones. Your data, while it exists within Apple's systems, is at least contained within one known entity with a strong public commitment to privacy.

"Apple keeps things to themselves, and they keep them secure. But you have very little control over your data — just assurances about the lengths they go to in order to protect it."

And here is the problem. Apple's privacy story is built on trust. You are trusting that a company with a market capitalisation in the trillions of dollars is genuinely doing what it says it's doing with your data — because you have no way to verify it. You cannot inspect the operating system. You cannot modify it. You cannot route around in the parts you don't like. You are inside their walls, and Apple decides what those walls permit.

That doesn't work for me. And honestly, it shouldn't work for you either — not if you take this stuff seriously.

There is an economy of data that is worth hundreds of billions of dollars annually. That makes it very valuable for big tech to have you as a captive user with access to all of your information. The now long-stale adage — 'you are the product if the product is free' — is simply true. Apple's product isn't free, of course. But the principle extends: even paying customers generate data, and data has value. The question is always who controls it and what they can do with it.

Android: Open Source and the Custom ROM Advantage

Android is a different story entirely. Where Apple controls everything end-to-end, Android is built on an open-source foundation called AOSP — the Android Open Source Project. Anyone can take AOSP, build on it, modify it, strip parts out, or add new ones. Google does exactly this: they take AOSP, layer their own services on top — the Play Store, Gmail, Maps, Chrome, Play Services — and ship it as the Android you find on most phones.

Here is the crucial distinction that most people miss: those Google services are not Android. They are Google's addition to Android. The operating system underneath and the surveillance layer on top are separate things. Which means the surveillance layer can, in principle, be removed.

What is a Custom ROM?

A ROM — Read-Only Memory — is the term used for a phone's operating system image. A custom ROM is a modified version of Android built by an independent team, using AOSP as its base, with the Google layer stripped out and replaced with privacy-focused alternatives.

What has happened over the past decade is remarkable: a community of open-source developers, motivated entirely by a belief that people should own their own devices, has produced Android distributions that are more private, often more secure, and in some cases more up-to-date than the manufacturer's original software. These aren't hacks or experiments. Some of them are among the most rigorously audited software stacks available to consumers.

We'll get into the detail of flashing a custom ROM in Chapter 3 — the advanced section. But it's worth naming the leading options now so you know what you're working towards:

My personal recommendation, if you have a Google Pixel device or are willing to buy one: GrapheneOS. It is the most security-hardened Android distribution available, it is actively maintained by a serious team, and it runs almost everything you need without Google. I'll walk through installation in full in the advanced section.

The Honest Comparison: What Should You Actually Use?

Here is the straightforward answer, broken down by who you are:

Security and Privacy: Two Sides of the Same Coin

This toolkit is about privacy, but you'll notice I keep mentioning security alongside it. That's deliberate. The two are not the same thing, but they are deeply dependent on each other — and ignoring one will always undermine the other.

Security is about keeping bad actors out of your device and your data. Privacy is about controlling what legitimate parties can see and do with it. A phone that is perfectly private but trivially hackable isn't actually private — once someone is in, all your careful configuration is irrelevant. A phone that is locked down against external attack but runs Google Play Services 24/7 isn't secure in the way that actually matters to most people.

The practices in this guide serve both goals simultaneously. When we harden your settings, we improve both. When we remove Google Play Services, we reduce both the commercial surveillance surface and the attack surface. When we talk about keeping your OS updated, that's security and privacy in the same breath. Think of them as the same discipline, approached from different angles.

"If you are clever about security, you will have better data hygiene in terms of privacy. The two go hand in hand — or at least, they should."

Next → Chapter 2: Privacy Settings You Should Change Today

Chapter 2 — Privacy Settings You Should Change Today

✓ Beginner Friendly

You don't need a new phone. You don't need to flash a ROM or understand how packet routing works. The phone you have right now, whether it's an iPhone or an Android, has privacy settings baked into it that most people never touch — because the defaults are set in favour of the manufacturer and their data partners, not you.

This chapter walks through those settings systematically. It's organised so you can sit down with your phone and work through it in one session. Allow yourself about thirty minutes. When you're done, your current device will be meaningfully more private than it was when you started.

Find your platform below and work through it section by section. If you have both devices, do both.

iPhone: The Full Settings Audit

Apple's privacy controls are actually quite good — the problem is they're scattered across a dozen different menus rather than grouped in one place. What follows is a consolidated walkthrough so you don't have to go hunting.

1. Location Services

Location data is among the most sensitive data your phone generates. It doesn't just tell companies where you are right now — aggregated over time, it reveals where you live, where you work, which medical facilities you visit, which places of worship you attend, and who you spend time with. Many apps request it not because they need it to function, but because it is enormously valuable.

Settings → Privacy & Security → Location Services

Now scroll to the very bottom of Location Services:

Settings → Privacy & Security → Location Services → System Services

2. App Tracking and Advertising

iOS 14.5 introduced App Tracking Transparency — Apple's requirement that apps ask permission before tracking you across other apps and websites. This was a significant privacy win, but the setting still needs to be checked.

Settings → Privacy & Security → Tracking

Settings → Privacy & Security → Apple Advertising

3. Microphone, Camera, and Contacts

Work through each of these categories the same way you did location: ask whether each app has a legitimate reason for the access it's been granted.

Settings → Privacy & Security → Microphone

Revoke microphone access for any app that has no obvious reason to record audio. Social media apps are frequent offenders here.

Settings → Privacy & Security → Camera

Same logic. A ride-sharing app does not need your camera. A QR scanner does. Be deliberate.

Settings → Privacy & Security → Contacts

Your contacts list is your entire social graph — every person you know, with their phone numbers and email addresses. Apps that get access to this are getting access to data about people who never consented. Restrict this aggressively.

4. Siri, Analytics, and Apple Intelligence

Settings → Privacy & Security → Analytics & Improvements

Settings → Siri & Search

Scroll through your app list. For each app, consider whether you want Siri to have awareness of your activity in that app. Disable for anything sensitive — banking, health, messaging.

5. iCloud: Know What You're Syncing

iCloud is the biggest privacy blind spot for most iPhone users. By default, Apple holds the encryption keys to the majority of your iCloud data — meaning Apple can access it, and law enforcement can request it. This is not a hypothetical: Apple receives tens of thousands of law enforcement requests annually and complies with a significant percentage of them.

You have two options, and they are not mutually exclusive:

1. Reduce what you sync to iCloud.
   Go through Settings → [Your Name] → iCloud and turn off sync for anything sensitive that doesn't need to live in Apple's cloud.
2. Enable Advanced Data Protection.
   Introduced in iOS 16.2, Advanced Data Protection extends end-to-end encryption to most iCloud categories — including iCloud Backup, iCloud Drive, Photos, Notes, Reminders, and Safari. With ADP on, Apple cannot access this data even with a legal request, because they no longer hold the keys. You do.

Settings → [Your Name] → iCloud → Advanced Data Protection

6. Two More Quick Wins

Turn off Personalised Recommendations in the App Store

Settings → [Your Name] → Media & Purchases → View Account → Personalised Recommendations → OFF

Review Face ID / Touch ID and Passcode

Settings → Face ID & Passcode

Use a 6-digit PIN minimum, or alphanumeric passcode for stronger protection. Under 'Allow Access When Locked', disable anything you don't actively need — Notification Centre, Control Centre, and Today View can all expose information on a locked screen.

Android: The Full Settings Audit

Android's settings vary more across manufacturers than iOS — Samsung, OnePlus, and stock Pixel Android all organise things slightly differently. I'll give you the standard paths, which work on Pixel and most near-stock Android. If your menus look different, the setting names are consistent even if the paths vary slightly.

The bigger task on Android is dealing with Google itself. Your Google Account — not just your phone's settings — is a significant control surface, and we'll cover that first.

1. Your Google Account: The Control Panel

Much of what Google collects about you is tied to your Google Account, not your device. This is important: even if you harden your phone settings perfectly, your Google Account may still be collecting data through your search history, maps usage, YouTube, and more. Address the account first.

Settings → Google → Manage your Google Account → Data & Privacy

History Settings — disable all of these:

After disabling, also delete your existing history. On the same page, scroll to 'My Activity' and delete activity for all time across all categories. This removes the existing profile, not just pausing new collection.

Ad Settings:

Settings → Google → Manage your Google Account → Data & Privacy → Ad Settings

2. Location

Settings → Location → App permissions

Same logic as iPhone: go through every app. Anything that doesn't have a clear functional need for your location gets set to 'Deny' or 'Only while using the app'. Never grant 'Allow all the time' unless you have a specific reason.

Settings → Location → Location services

3. Permission Manager

Android's Permission Manager gives you a bird's-eye view of every app and what it can access. This is one of the most powerful tools available to you.

Settings → Privacy → Permission Manager

Work through each category:

4. Delete Your Advertising ID

Every Android device has an Advertising ID — a persistent identifier that ties your behaviour across apps together into a unified profile. Third-party apps use this to track you across the entire ad ecosystem. The single most effective thing you can do in one tap:

Settings → Privacy → Ads → Delete advertising ID

5. Notifications on the Lock Screen

Lock screen notifications expose your messages, emails, and app activity to anyone who glances at your phone. By default, content is often shown in full.

Settings → Notifications → Lock screen notifications

6. Samsung-Specific: Extra Steps if You're on a Galaxy

Samsung devices add a layer of their own data collection on top of Google's. If you're on a Samsung phone, work through these additional settings:

Settings → Privacy → Samsung Privacy

Settings → General Management → Samsung account → Personal information → Marketing information

Samsung's Bixby assistant also collects usage data. If you don't use Bixby, disable it entirely — Settings → Advanced Features → Bixby Routines → disable, and Settings → Apps → Bixby → Disable.

7. Google Play Store Settings

Play Store → Profile icon → Settings → General → Account and device preferences

Play Store → Profile icon → Settings → About → Play Protect certification

Ensure Play Protect is active. It scans installed apps for malware — a legitimate security service worth keeping on.

Both Platforms: The App Cull

There's one more task that applies regardless of which phone you have, and it's the one most people skip because it feels tedious: deleting apps you don't use.

Every installed app with permissions is a potential data pipe, running quietly in the background. An app you haven't opened in four months is still — in many cases — periodically checking your location, phoning home with device identifiers, and contributing to your advertising profile. The only way to stop this completely is to uninstall it.

"The best privacy tool for an app you don't use is the delete button."

Go through your app drawer. For every app, ask:

1. Have I opened this in the last 90 days? No → delete.
2. Do I actually need this as an app, or could I use the website instead? Many apps exist purely to get persistent access to your device — the web versions/ web apps accessed through the browser are a much better alternative.
3. Is there a more privacy-respecting alternative I'd actually use? We cover the main substitutions in Chapter 3.

Pay particular attention to:

1. Social media apps — Facebook, Instagram, TikTok, Snapchat. These are among the most aggressive data collectors on any platform. Use their mobile websites or web apps instead if you can't delete them entirely.
2. Retail and loyalty apps — each one is a dedicated tracking tool dressed as a discount card.
3. Free games — the free games market is largely funded by aggressive data harvesting. Delete what you don't actively play.
4. Manufacturer and carrier bloatware — pre-installed apps you never asked for. Disable or uninstall where possible.

Next → Chapter 3: Advanced Android — Custom ROMs and De-Googling

Chapter 3 — Advanced Android: Custom ROMs and De-Googling

⚙ Advanced

This chapter is where things get serious. If Chapter 2 was about adjusting the settings on a house you're renting, this chapter is about buying the house outright, renovating it from the studs, and installing your own locks.

Flashing a custom ROM removes the Google layer from your Android device entirely. What remains is a clean, hardened operating system that you control — with no Google Play Services phoning home, no advertising identifiers, no manufacturer telemetry, and no pre-installed bloatware apps you never asked for. It is the most complete form of smartphone privacy available to a consumer device.

This chapter is written for people who are comfortable following technical instructions carefully. You do not need to be a developer. You do need to be patient, methodical, and willing to read things twice before acting. If that's you, read on.

Why GrapheneOS

GrapheneOS is my recommendation for the privacy-focused Android user, and it's worth explaining why before we get into the installation process.

GrapheneOS started as a security hardening project — its roots are in making Android as resistant as possible to exploitation, not just removing Google services. That security-first approach gives it properties that other privacy ROMs don't have: memory-safe allocations, hardened kernels, randomised memory layouts, exploit mitigations that go significantly beyond what AOSP provides. It is, by most serious security researchers' assessment, the most secure consumer Android available.

The privacy benefits follow naturally from the security architecture. GrapheneOS ships with no Google apps, no Google Play Services, and no telemetry. It receives security updates faster than most manufacturer Android distributions. It has an active, rigorous development team with a serious security track record.

What You Need Before You Start

Gather the following before beginning:

The Installation Process: Step by Step

GrapheneOS provides an excellent web-based installer that handles most of the complexity. I'll walk through the full process here so you know what each step is doing, not just how to click through it.

Phase 1: Prepare Your Device

Phase 2: Unlock the Bootloader

The bootloader is the first software that runs when your phone powers on. It verifies that the operating system hasn't been tampered with before loading it. To install a custom OS, we need to unlock it — which disables this verification temporarily so we can replace what it's verifying.

Phase 3: Flash GrapheneOS

With the bootloader unlocked, the installer will download and flash the GrapheneOS image directly to your device. This is the part that takes the most time — the download is several hundred megabytes.

Post-Installation: Setting Up GrapheneOS

A fresh GrapheneOS install is clean but bare. Here's how to get it to a comfortable daily-use state without reintroducing the surveillance layer you just removed.

App Installation: F-Droid and Accrescent

The Google Play Store is not installed on GrapheneOS. In its place, you have two excellent alternatives:

1. F-Droid — the gold standard open-source app repository. Every app in F-Droid is free, open source, and audited. This is your primary source for privacy-respecting apps.
2. Accrescent — a newer, security-focused app store with strong cryptographic verification. Complements F-Droid well.

Install F-Droid by downloading the APK from f-droid.org in the Vanadium browser (GrapheneOS's hardened Chromium). Enable 'Install unknown apps' for the browser in Settings → Apps → Vanadium → Install unknown apps.

Essential Apps to Install First

The Sandboxed Google Play Option

GrapheneOS offers something unique that other privacy ROMs don't: the ability to install Google Play Services in a sandboxed container, isolated from the rest of the OS with no special system privileges.

This matters because some apps — banking apps, certain work tools, some navigation software — depend on Google Play Services to function. On most de-Googled ROMs, these apps simply don't work. On GrapheneOS, you can install them in the sandbox, use them when needed, and they cannot access the rest of your system.

The sandboxed Play option is strictly optional. Many GrapheneOS users never install it. But knowing it exists means the choice between privacy and app compatibility is not as binary as it is on other ROMs.

To install sandboxed Google Play:

• Open the GrapheneOS App Store (pre-installed)
• Search for 'Google Play services', 'Google Play Store', and 'Google Services Framework'
• Install all three — they will be installed in an isolated user profile
• Open the sandboxed Play Store and sign in (this Google account sees only sandboxed app activity, not your main device)

Alternative Route: microG and CalyxOS

GrapheneOS is the right answer for a Pixel device. If you have a different Android device, or if you want a slightly more hands-off experience, CalyxOS with microG is worth knowing about.

What is microG?

microG is an open-source reimplementation of Google Play Services. It provides the hooks that apps expect from Play Services — push notifications, location APIs, account management — without the actual Google code or the telemetry.

The practical effect: most apps that require Play Services work normally on microG, including many that fail on a fully de-Googled system. You get significantly better app compatibility than a bare AOSP install, at the cost of a slightly larger trust surface than a fully Google-free system.

microG does not require a Google account to function. It can run entirely without one, which is the recommended configuration.

CalyxOS vs GrapheneOS

Life Without Google: Practical Adjustments

The hardest part of de-Googling your phone isn't the installation — it's adjusting to a different ecosystem. Here are the most common friction points and how to handle them.

Push Notifications

Google Play Services acts as a centralised push notification broker for most Android apps. Without it, apps that use Firebase Cloud Messaging won't receive push notifications in the background.

GrapheneOS's solution: apps can use UnifiedPush, an open standard for push notifications that doesn't route through Google. Apps that support it (including Tusky, Element, and others) work seamlessly. Apps that don't support it can still check for notifications when you open them — it's a different pattern, not a broken one.

The sandboxed Play option restores full push notification support for any app if you need it.

Banking Apps

Banking apps are the most common concern. Many use Google's Play Integrity API to verify they're running on an 'unmodified' device — and a custom ROM can trigger these checks.

In practice, GrapheneOS passes these checks more reliably than any other custom ROM, because of its hardware-level attestation support. Most banking apps work on GrapheneOS. For the ones that don't, the sandboxed Play profile is the solution — install the banking app there, where it sees a standard Play-certified environment.

Google Pay and Contactless Payments

Google Pay does not work on GrapheneOS without sandboxed Play Services, and even then it may have limitations depending on your bank. This is a genuine trade-off: contactless payments via Google Pay require a trust relationship with Google's payment infrastructure that is incompatible with a de-Googled device.

The practical alternatives: use a physical card for contactless payments, or investigate whether your bank has its own contactless payment app that works independently of Google Pay.

App Updates

Without the Play Store, app updates happen through whichever store you installed them from. F-Droid checks for updates automatically and notifies you — the process is nearly identical to Play Store updates, just slightly slower as F-Droid builds its own verified releases.

Ongoing Maintenance: Keeping GrapheneOS Secure

A custom ROM is only as secure as its updates. GrapheneOS makes this easy — updates arrive automatically and are applied in the background, with a reboot required to complete installation.

Update Settings

• Settings → System → System Update → ensure automatic updates are enabled
• GrapheneOS releases updates within hours to days of Android security bulletins — typically faster than any manufacturer
• The update process uses an A/B partition scheme — updates install in the background and the old version remains available until you confirm the new one boots successfully

Security Practices to Maintain

1. Use a strong alphanumeric PIN or passphrase — not a pattern, not a 4-digit PIN
2. Enable auto-reboot: Settings → Security → Auto Reboot → set to 8 or 24 hours. GrapheneOS encrypts data when locked; regular reboots ensure the encryption key is cleared from memory
3. Review app permissions regularly — new apps and updates can request new permissions
4. Use the Duress PIN feature (Settings → Security → Duress Password) if your threat model includes coerced device access — entering this PIN wipes the device
5. Keep the network firewall active: GrapheneOS includes per-app network controls. Restrict apps from accessing the network when they don't need it

Next → Part 2: Internet Use

Chapter 4 — Browsing Safely: Browsers, Search, and Fingerprinting

✓ Beginner Friendly

Your browser is the lens through which you experience almost everything online. It is also, by default, one of the most aggressive data collection tools on your device — not because browsers are malicious, but because the web was built on an advertising business model and browsers evolved to serve that model.

Understanding what your browser reveals, and how to limit it, is foundational to everything else in this section.

What Your Browser Gives Away

Most people understand that websites can see their IP address. Fewer realise how much more is visible. Every time you visit a website, your browser transmits — voluntarily, as part of normal operation — a remarkably detailed fingerprint:

1. Your User Agent string: browser type, version, and operating system
2. Screen resolution and colour depth
3. Installed fonts — a surprisingly unique identifier
4. Browser plugins and extensions
5. Timezone and language settings
6. Hardware specifics: GPU renderer, CPU core count, memory range
7. Canvas and WebGL fingerprints: unique identifiers generated by how your hardware renders graphics
8. Battery level (where permitted by browser APIs)

The combination of these data points creates what's known as a browser fingerprint — often unique enough to identify you across websites, even without cookies, even in private browsing mode, even with a VPN. Advertisers and trackers use fingerprinting precisely because it works when cookies are blocked.

"Private browsing mode doesn't hide you from websites — it just doesn't save your history locally. Your fingerprint travels with you regardless."

Choosing Your Browser

Not all privacy-focused browsers are equal, and the right choice depends on what you're optimising for. Here is my honest assessment of the main options:

My Recommendation

For most people: Brave as your primary browser, Firefox as a secondary for sites that behave oddly in Brave. Install uBlock Origin in Firefox — it is the single most impactful privacy extension available, and it works best in Firefox where it has access to the full WebExtensions API.

For maximum fingerprint resistance: Mullvad Browser for sensitive browsing, Brave for daily use. The trade-off with Mullvad is that its anti-fingerprinting approach can break some websites — it's a specialist tool, not a daily driver.

Firefox Hardening: The Essential Configuration

⚙ Advanced

Firefox's default configuration is a reasonable privacy compromise for a mainstream browser. With a small amount of hardening, it becomes one of the most private browsers available. Here is the configuration I apply to every Firefox installation.

about:config Tweaks

Type about:config in the Firefox address bar, accept the warning, and make the following changes. Search for each preference name in the search bar:

Essential Extensions

Install these in order of priority:

Search Engines: Breaking the Google Habit

✓ Beginner Friendly

Google Search is not neutral. Your search history is one of the most intimate records of your inner life — what you're worried about, what you're curious about, what you're planning. Google retains this indefinitely, ties it to your identity, and uses it to build an advertising profile so detailed it often predicts your behaviour before you act on it.

The replacement is simpler than people expect. Private search engines are not meaningfully worse than Google for most everyday queries. The adjustment period is measured in days, not weeks.

The !bang Shortcut System (DuckDuckGo)

One of DuckDuckGo's most useful features is its !bang system — shortcuts that redirect your search to another site. Type your query and append a bang to search directly on that site without Google's involvement:

1. !a — Amazon
2. !w — Wikipedia
3. !gh — GitHub
4. !yt — YouTube
5. !maps — OpenStreetMap
6. !g — Google Search (for when you specifically need Google results without a logged-in profile)

The !bang system removes the main practical objection to leaving Google — 'but sometimes Google has better results for X.' Fine: use !g for those cases, without being logged in and without your search being tied to your identity.

Browser Fingerprinting: Going Deeper

⚙ Advanced

You can test your current fingerprint uniqueness at coveryourtracks.eff.org (run by the Electronic Frontier Foundation). The results may be sobering — most standard browser configurations are unique enough to identify you across the web.

There are two main strategies for addressing fingerprinting:

1. Randomisation: Brave's approach — randomise the fingerprint values on each session so trackers can't build a persistent profile. Your fingerprint changes, so any one measurement is useless for long-term tracking.
2. Uniformity: Mullvad Browser and Tor Browser's approach — make your browser look identical to every other Mullvad/Tor user, so you blend into a crowd. You're not hiding your fingerprint; you're making it indistinguishable from thousands of others.

Both approaches work. Randomisation is more practical for daily use. Uniformity provides stronger protection but breaks more sites. For most people, enabling privacy.resistFingerprinting in Firefox or using Brave's default fingerprint randomisation is sufficient.

Next → Chapter 5: Secure Communication — Email, Messaging, and Metadata

Chapter 5 — Secure Communication: Email, Messaging, and Metadata

✓ Beginner Friendly

Communication privacy is where the stakes get personal. Your messages, your email, your calls — these carry the most sensitive content in your digital life. They also carry something most people overlook: metadata. Understanding the difference between content and metadata is essential to understanding why 'but it's encrypted' is not always the full story.

Content vs. Metadata: The Distinction That Matters

Imagine your phone as a letter you're sending through the post. End-to-end encryption protects the content of the letter — it seals the envelope so that only the recipient can read what's inside. What encryption does not protect is the outside of the envelope: the sender's address, the recipient's address, the postmark, the weight, the timestamp.

That envelope information is metadata. In the digital context, metadata includes: who you communicate with, how often, at what times, for how long, and from what location. This information is often more revealing than the content itself.

"We kill people based on metadata." — Michael Hayden, former NSA and CIA Director, 2014.

This is not an abstract concern. Intelligence agencies have repeatedly stated that metadata — not content — is their primary analytical tool. Data brokers build profiles from it. Insurance companies have used it. Divorce lawyers have subpoenaed it. The person reading your encrypted message knows nothing. The company routing your encrypted message knows everything except the words.

Messaging: Why Signal

Signal is the correct answer for private messaging. Not 'a good answer' — the correct one, by the consensus of security researchers, cryptographers, and privacy advocates across the political spectrum. Here's why:

Telegram: A Necessary Clarification

Telegram is frequently recommended in privacy circles, which surprises security professionals. The default Telegram experience is not end-to-end encrypted — messages are stored on Telegram's servers in a form Telegram can read. End-to-end encryption is only available in 'Secret Chats', which are one-to-one and not the default mode. Group chats are never end-to-end encrypted.

Telegram is a reasonable choice for public channels and communities where privacy is not the goal. It is not a good choice for private communication that you genuinely need to be private. Use Signal for that.

Signal: Practical Setup and Features Most People Miss

Signal does more than most users realise. After installing, take five minutes to configure these:

• Settings → Privacy → enable Screen Lock and Screen Security
• Settings → Privacy → Advanced → enable 'Always relay calls' — this prevents your IP address from being exposed in direct calls
• Settings → Notifications → set to 'No name or message' — prevents message previews on lock screen
• Settings → Chats → enable 'Generate link previews' off — stops Signal fetching metadata from URLs you share
• Per-conversation: set a disappearing message timer for sensitive conversations — 1 week is a reasonable default
• Settings → Privacy → enable Note to Self for secure personal notes that sync across your Signal devices

Email: The Hardest Problem in Personal Privacy

Email is the most difficult communication channel to make private, for a structural reason: it is a federated protocol designed in an era when security wasn't a design requirement. Email was never built to be private. Every hop an email takes between servers can, in principle, be read by the operators of those servers.

End-to-end encrypted email exists — PGP has been around since 1991 — but adoption remains low enough that it's only practical if both parties use it. For most people, the realistic goal is: choose an email provider that isn't actively harvesting your email content for advertising, that stores your mail with strong encryption, and that has a credible privacy track record.

Encrypted Email Providers

Migrating Away from Gmail

The biggest practical barrier to switching email providers is that your Gmail address is attached to years of accounts, subscriptions, and contacts. Migration doesn't have to be instant — here's a staged approach:

• Create your new Proton or Tuta account and get familiar with it
• Start using the new address for all new signups immediately
• Over the following weeks, update your most important accounts: banking, work, government services, key personal contacts
• Set up a forwarding rule from Gmail to your new address so you don't miss anything during the transition
• Audit your Gmail account using a service like Google Takeout to understand what's there
• After 3–6 months, most traffic should be hitting your new address. At that point, evaluate whether you still need Gmail at all

PGP Encryption: For the Advanced User

⚙ Advanced

PGP (Pretty Good Privacy) is the standard for end-to-end encrypted email between any two providers. If both parties have PGP keys and know how to use them, your email is encrypted in a way that even your email provider cannot read.

The practical reality: PGP has a high usability barrier. Key management is complex, key discovery is not standardised, and one party forgetting to encrypt renders the whole system pointless. For most personal use, Proton Mail's built-in encryption between Proton users is a better solution.

Where PGP remains relevant: business communication with partners who already use it, open-source project coordination, and high-sensitivity scenarios where both parties are technically capable. Proton Mail handles PGP natively — if you create a Proton account, you automatically have a PGP keypair and any email to another Proton user is automatically end-to-end encrypted without any action on your part.

Next → Chapter 6: VPNs — What They Do, What They Don't, and How to Choose

Chapter 6 — VPNs: What They Do, What They Don't, and How to Choose

✓ Beginner Friendly

No privacy tool is more aggressively marketed or more widely misunderstood than the VPN. The VPN industry spends hundreds of millions of dollars annually on sponsorships and advertising, which means privacy-adjacent media is saturated with VPN promotion. Most of it is misleading.

This chapter tells you what a VPN actually does — technically, precisely — and what it doesn't do, so you can make an informed decision about whether you need one, and if so, which one to trust with your traffic.

What a VPN Actually Does

A VPN — Virtual Private Network — creates an encrypted tunnel between your device and a server operated by the VPN provider. All of your internet traffic is routed through that tunnel, which has two effects:

1. Your ISP (internet service provider) can see that you're connected to a VPN server, but not what websites you're visiting or what data you're sending. Without a VPN, your ISP can see all of your traffic.
2. Websites you visit see the VPN server's IP address, not your real IP address. This gives you a degree of location and identity obfuscation.

That's it. That's the full scope of what a VPN does. Everything beyond those two effects is either incidental or marketing.

"A VPN doesn't make you anonymous. It moves the trust from your ISP to your VPN provider. Choose accordingly."

What a VPN Does Not Do

The VPN marketing industry is built on implying — rarely stating outright, for legal reasons — things that are not true. Let's be direct:

When a VPN Is Genuinely Useful

Despite the above, VPNs have real, legitimate use cases. Here are the situations where using one is genuinely valuable:

1. Public Wi-Fi: Coffee shops, airports, hotels. Network operators and adjacent users on the same network can potentially observe unencrypted traffic. A VPN eliminates this risk.
2. ISP surveillance reduction: In jurisdictions where ISPs are permitted to sell browsing data (the US removed ISP privacy protections in 2017), a VPN prevents your ISP from building a browsing profile on you.
3. Geographic access: Accessing content that is geographically restricted. Not strictly a privacy use case, but a legitimate one.
4. Hiding activity from a local network: If you're on a corporate, school, or family network and don't want the network administrator to see your traffic.
5. Journalist and activist use cases: Combined with Tor, a VPN can add a layer against network-level surveillance. This is a specific, advanced threat model.

Choosing a VPN: What Actually Matters

Given that a VPN moves your trust to the VPN provider, the provider's trustworthiness is the entire question. Here is what to evaluate:

Recommended Providers

Advanced: Tor — When a VPN Isn't Enough

⚙ Advanced

Tor (The Onion Router) provides a fundamentally different level of anonymity than a VPN. Where a VPN replaces your ISP with a single trusted provider, Tor routes your traffic through three independent relays — none of which can see both who you are and what you're accessing.

The first relay (entry node) knows your IP address but not your destination. The last relay (exit node) knows your destination but not your IP address. The middle relay knows neither. This architecture means no single party can compromise your anonymity — an adversary would need to control both the entry and exit nodes simultaneously to correlate traffic, which is extremely difficult.

1. Use case: Journalists, whistleblowers, activists, and anyone whose threat model includes state-level surveillance.
2. Trade-off: Tor is significantly slower than a VPN. Many websites block Tor exit nodes. It is not a daily-driver solution for most people.
3. How to use: Download the Tor Browser from torproject.org. On mobile, use Orbot (traffic routing for all apps) and the Tor Browser for Android.

Next → Part 3: Your Home Network

Chapter 7 — Securing Your Home Network

✓ Beginner Friendly

Most home routers leave the factory in a state that would make a network engineer wince. Default admin passwords that haven't changed in a decade. Firmware that hasn't been updated since installation. Remote management enabled by default. UPnP running uncontrolled. DNS queries routing through your ISP unencrypted.

The good news: fixing this takes about an hour, requires no special tools, and the gains are substantial. Your router is the gateway to everything on your network — hardening it is one of the highest-leverage privacy and security actions available to you.

Getting Into Your Router

Most routers are accessed via a web interface at 192.168.1.1 or 192.168.0.1 — type either into a browser on a device connected to your home network. If neither works, check the label on the bottom of your router for the default gateway address.

Log in with your admin credentials. If you've never changed them, they're likely printed on the router label or documented in the router's manual. Common defaults include admin/admin, admin/password, or the ISP's default credentials.

The Essential Router Hardening Checklist

Network Segmentation

Network segmentation is the practice of dividing your home network into separate, isolated zones. It's one of the most underused home networking techniques, and one of the most valuable — particularly if you have IoT devices.

Why Segmentation Matters

Consider what's connected to your home network: your laptop and phone (which hold sensitive data and have full network access), and possibly a collection of smart TVs, thermostats, doorbell cameras, smart speakers, and kitchen appliances. IoT devices are notoriously poorly secured — many run outdated embedded Linux, receive no security updates, and phone home to servers in jurisdictions with minimal privacy protection.

If your smart TV is on the same network as your laptop and gets compromised — which is not hypothetical, it happens — the attacker has a foothold into your sensitive devices. Network segmentation prevents this.

Three-Zone Network Architecture

The architecture I run at home, which I recommend as a starting point:

Setting Up Network Segments

Most modern routers support a guest network out of the box — this is your IoT zone. Enable it, give it a separate password, and connect all your smart home devices to it rather than your main network.

For more granular control, routers running OpenWrt or pfSense/OPNsense support proper VLAN configuration. This allows you to define precise firewall rules between zones — for example, allowing your main network to initiate connections to IoT devices (to control them) but preventing IoT devices from initiating connections to the main network.

Router Hardware Recommendations

⚙ Advanced

If you're ready to replace your ISP-provided router, here are the options worth considering. The criteria: actively maintained firmware, strong security track record, and support for the features this chapter describes.

Next → Chapter 8: DNS Privacy — The Most Overlooked Layer

Chapter 8 — DNS Privacy: The Most Overlooked Layer

✓ Beginner Friendly

DNS — the Domain Name System — is the phone book of the internet. When you type google.com into a browser, DNS translates that into an IP address your device can connect to. Every domain you visit, every app that makes a network request, every service your phone checks in with — all of it generates a DNS query.

By default, those queries go to your ISP's DNS resolver, unencrypted, in plain text. Your ISP can see every domain you visit — not the content of your traffic, but the list of every server you communicate with. It's like not being able to read your letters, but knowing every address you've written to. And DNS data is routinely retained, sold, and subpoenaed.

"DNS is the metadata layer of the internet. It tells the story of your online life without reading a single message."

Understanding the DNS Chain

A DNS query travels through several hands before you get an answer:

1. Your device asks your router's DNS resolver for the IP address of a domain
2. Your router forwards the query to your ISP's DNS resolver (by default)
3. If the ISP doesn't have it cached, it queries the authoritative DNS servers for that domain
4. The answer travels back through the same chain

Every step in this chain is an opportunity for observation. Encrypting DNS — which is what this chapter covers — protects the query as it travels to the resolver, eliminating your ISP's visibility into your DNS traffic.

Encrypted DNS: Your Options

Choosing a DNS Resolver

Encrypting your DNS queries only helps if the resolver you're sending them to is trustworthy. Switching from your ISP's DNS to Google's 8.8.8.8 is barely an improvement — you've moved surveillance from your ISP to Google.

These are the resolvers I recommend:

Setting Up Encrypted DNS

On Your Router (Recommended — Covers All Devices)

Configuring encrypted DNS at the router level means every device on your network benefits automatically — phones, laptops, smart TVs, everything.

The exact process depends on your router firmware. For OpenWrt:

On Individual Devices (Without Router Changes)

If you can't or don't want to change your router, you can configure encrypted DNS per-device:

• Firefox: Settings → Privacy & Security → DNS over HTTPS → choose a provider or enter custom. Firefox handles this independently of your OS DNS settings.
• Windows 11: Settings → Network & Internet → WiFi → [your network] → DNS server assignment → Manual → enter resolver address → enable DNS over HTTPS.
• macOS Ventura+: Native DoH/DoT support via configuration profiles. Easiest path: use the Mullvad app or create a custom configuration profile with your resolver settings.
• iOS / Android: Settings → WiFi → [your network] → Configure DNS → Manual. Or use the Mullvad app, which configures system-wide encrypted DNS. On Android, Settings → Network → Private DNS → enter your resolver's hostname (e.g. dns.mullvad.net).

Pi-hole: Network-Wide Ad and Tracker Blocking

⚙ Advanced

Pi-hole is a DNS sinkhole — a piece of software that acts as your network's DNS resolver and blocks requests to known ad and tracking domains before they ever leave your network. Every device on your network gets ad blocking and tracker blocking automatically, with no browser extension required. Smart TVs, games consoles, phones, laptops — all covered.

It runs on a Raspberry Pi (hence the name) or any Linux machine, including a low-power mini PC or a virtual machine in your homelab.

Installing Pi-hole

The official installer is a single command run on a Linux machine:

curl -sSL https://install.pi-hole.net | bash

# Follow the interactive installer.

# When prompted for upstream DNS, choose your encrypted resolver of choice.

# Note the admin panel URL and password at the end of installation.

After installation, point your router's DNS to the Pi-hole's IP address (set it as the DNS server in your router's DHCP settings). Every DNS query from every device on your network will now pass through Pi-hole.

Essential Pi-hole Configuration

1. Add blocklists: The default blocklist is a good start. Add more via Settings → Blocklists. Recommended additions: Steven Black's hosts file (github.com/StevenBlack/hosts), OISD blocklist (oisd.nl), and the HaGeZi blocklists for more aggressive blocking.
2. Enable DNSSEC: Settings → DNS → enable DNSSEC. This validates that DNS responses haven't been tampered with in transit.
3. Set upstream DNS to an encrypted resolver: Settings → DNS → custom upstream DNS → enter your Mullvad or Quad9 resolver. This ensures Pi-hole's own queries are encrypted.
4. Configure your router to use Pi-hole: In your router DHCP settings, set the DNS server to Pi-hole's local IP address (e.g. 192.168.1.100). All devices will now use Pi-hole automatically.
5. Enable query logging with privacy: Settings → Privacy → Anonymous mode if you want to see blocking statistics without per-device query logs. Or full logging if you want visibility into what each device is requesting.

Pi-hole Maintenance

• Update blocklists weekly: Tools → Update Gravity
• Keep Pi-hole updated: pihole -up from the command line
• Review the query log periodically — it's illuminating how often 'quiet' devices are phoning home
• Whitelist legitimate domains that get caught in blocklists: Tools → Whitelist

Next → Chapter 9: Self-Hosting — Owning Your Stack

Chapter 9 — Self-Hosting: Owning Your Stack

⚙ Advanced

Every cloud service you use is someone else's computer. Google Drive is Google's computer. Dropbox is Dropbox's computer. iCloud is Apple's computer. When you store a file in the cloud, you are not storing it remotely — you are giving it to a corporation and trusting them to hold it on your behalf, under their terms, subject to their jurisdiction, for as long as they remain in business and choose to honour their commitments.

Self-hosting is the practice of running services on hardware you own, in a location you control. Your files live on your server. Your password manager syncs through your server. Your photos are backed up to your server. No third party holds your data, no subscription can be revoked, no service can be acquired by a company whose terms you wouldn't have agreed to.

This chapter is the distillation of years of running my own infrastructure. I'll tell you what's worth self-hosting, what hardware to start with, and how to get the most common services running. This is not an exhaustive tutorial — it's a map and a starting point.

"The cloud is just someone else's computer. Self-hosting is the practice of making it yours again."

Is Self-Hosting Right for You?

Self-hosting has real trade-offs. Let's be honest about them before you invest time and money:

My view: for anyone with a technical background, the trade-offs are clearly worth it. The maintenance overhead for a well-configured homelab is a few hours a month. The privacy and control gains are permanent. The skills you build are transferable.

For less technical readers: start small. A Raspberry Pi running Pi-hole and Nextcloud is an achievable weekend project. You don't need a full homelab to benefit from self-hosting.

Hardware: What You Need to Get Started

Services Worth Self-Hosting

These are the services I run, in order of impact per hour of setup time. I've rated difficulty honestly — 'Easy' means achievable in an hour following documentation, 'Medium' means a focused afternoon, 'Hard' means expect a weekend and some troubleshooting.

Getting Services Running: The Docker Approach

The practical standard for deploying self-hosted services is Docker — a containerisation platform that packages each service with its dependencies in an isolated environment. You don't need to manage conflicting library versions or complex system configurations. Each service is a container; you start it, stop it, update it, and delete it independently.

If you're new to Docker, the learning curve is a single afternoon. The payoff is that deploying any new service becomes a matter of minutes rather than hours.

Installing Docker

# On Debian/Ubuntu (recommended base OS for a homelab server):

curl -fsSL https://get.docker.com | sh

# Add your user to the docker group (so you don't need sudo):

sudo usermod -aG docker $USER

# Verify installation:

docker run hello-world

Deploying Vaultwarden (Example)

Here's a complete Docker Compose configuration for Vaultwarden — this is representative of how most self-hosted services are deployed:

# docker-compose.yml

version: '3'

services:

  vaultwarden:

    image: vaultwarden/server:latest

    container_name: vaultwarden

    restart: unless-stopped

    volumes:

      - ./vw-data:/data

    environment:

      - WEBSOCKET_ENABLED=true

      - SIGNUPS_ALLOWED=false   # disable after creating your account

    ports:

      - 8080:80

      - 3012:3012

# Start the service:

docker compose up -d

# View logs:

docker compose logs -f

# Update to latest version:

docker compose pull && docker compose up -d

Navigate to http://[your-server-ip]:8080 to access the Vaultwarden web vault. Create your account, then set SIGNUPS_ALLOWED=false to prevent others from creating accounts on your instance. Configure your Bitwarden clients to point to your server URL instead of the default Bitwarden.com.

Reverse Proxy: Accessing Your Services Securely

⚙ Advanced

A reverse proxy sits in front of your self-hosted services and handles HTTPS termination — meaning you get proper TLS certificates and secure connections without configuring each service individually. It also means you can access your services via a clean URL (nextcloud.yourdomain.com) rather than IP addresses and port numbers.

Two options dominate the self-hosting community:

• Nginx Proxy Manager: Web interface for Nginx with built-in Let's Encrypt certificate management. Accessible to beginners, handles most use cases. Recommended starting point.
• Caddy: Automatically handles HTTPS certificate provisioning. Configured via a simple Caddyfile. Excellent for those comfortable with text configuration.
• Traefik: Integrates natively with Docker — it auto-discovers containers and routes to them. More complex to configure but powerful for large homelabs.

Backups: The Part Everyone Skips

Self-hosting gives you control of your data. Backups ensure you don't lose it. A self-hosted service with no backup strategy is not more resilient than a cloud service — it's less resilient, because you don't have a team of engineers maintaining redundant infrastructure.

The 3-2-1 backup rule: three copies of your data, on two different media types, with one copy offsite. For a homelab:

• Copy 1: The live data on your server
• Copy 2: A local backup drive attached to the server (automated with rsync or Duplicati)
• Copy 3: An encrypted offsite backup — a Backblaze B2 bucket, a second location, or a drive at a trusted person's home

For encrypted cloud backups, Restic is the tool I use and recommend:

# Install restic:

sudo apt install restic

# Initialise a backup repository (example: Backblaze B2):

restic -r b2:your-bucket-name init

# Run a backup:

restic -r b2:your-bucket-name backup /path/to/your/data

# Schedule with cron (daily at 2am):

0 2 * * * restic -r b2:your-bucket-name backup /path/to/data >> /var/log/restic.log 2>&1

Restic encrypts all backups client-side before they leave your network. Backblaze B2 sees only encrypted blobs — not your data. Pricing is minimal: around £0.006 per GB per month.

Next → Conclusion: The Privacy Diet in Practice

Conclusion — Making Haste Slowly

You made it.

If you've worked through this guide — even the parts that felt slow or technical or tedious — you have done something that the majority of people who care about privacy never quite manage: you've moved from intention to action. That distance, between knowing something matters and actually doing something about it, is where most privacy resolutions die. You crossed it.

Let's take a moment to look at how far that actually is.

That list represents a meaningful shift in your relationship with your own data. Not perfection — privacy is never a destination, always a direction — but a genuine, durable reduction in your exposure to commercial surveillance, data brokers, and the infrastructure that profits from your attention and behaviour.

The Diet, Revisited

In the introduction, I suggested that the right model for privacy is a diet — not a crash diet, not an extreme regime that requires constant vigilance, but a gradual shift in habits that compounds over time.

You've just completed the equivalent of the first few months. You've changed the fundamentals. Your browsing habits are different. Your phone is different. Your network is different. The data you're generating is different in kind and in volume from what you were generating before.

What happens now is the same thing that happens with a sustainable diet: it becomes the baseline. You stop thinking about it as a project and start thinking about it as just how you do things. The replacement services — Signal instead of WhatsApp, Proton instead of Gmail, Organic Maps instead of Google Maps — stop feeling like sacrifices and start feeling normal. Because they are normal. They're just the privacy-respecting version of normal.

"The goal was never to live in a bunker. It was to stop living in a surveillance apparatus you didn't sign up for."

The algorithm that knew you last year will know you less well this year. It will know you less well still the year after. Your data will be in fewer hands. Your attack surface will have permanently, quietly shrunk.

That is the privacy diet working exactly as intended.

What You've Changed — and What You Haven't

It's worth being clear-eyed about what this guide does and doesn't do, because honest expectations are part of what makes a privacy practice sustainable.

What you have meaningfully reduced

1. Commercial surveillance by ad networks, data brokers, and big tech platforms
2. Your ISP's visibility into your browsing habits and DNS queries
3. The value of your browsing profile to advertisers
4. Your exposure in the event of a data breach at a third-party service
5. The number of entities who hold copies of your sensitive data
6. Your dependence on services that can change their terms, be acquired, or be discontinued

What you have not solved

1. Nation-state surveillance — if a government with significant resources specifically targets you, these measures reduce but do not eliminate exposure. That is a different threat model requiring different tools.
2. The data already collected — years of Google search history, Facebook profile data, and data broker dossiers still exist. They will decay over time and through data deletion requests, but they don't disappear overnight.
3. Other people's privacy habits — your Signal messages are private, but the metadata of who you communicate with is partly in other people's hands. You can't control what others do with their own devices.
4. Perfect operational security — this guide is about tools and configuration, not the discipline of using them consistently. Tools only protect you when you use them.

None of that is a reason for discouragement. It's a reason for calibration. The goal was never perfect anonymity — the goal was to stop being the lowest-hanging fruit in the orchard. That goal is achieved.

Staying Current: The Privacy Landscape Moves

Privacy tools evolve. Laws change. Companies get acquired. Recommended services sometimes change their policies, their ownership, or their security posture. Part of maintaining a privacy practice is staying sufficiently informed to notice when something you rely on has changed.

You don't need to read every security blog daily. A light touch of ongoing attention is sufficient. Here are the sources I actually use:

Where to Go from Here

This guide covers a lot of ground, but it isn't the ceiling. For those who want to continue — and there is always more to learn — here are the directions worth exploring next:

1. Threat modelling in depth: The EFF's Surveillance Self-Defense guide (ssd.eff.org) covers threat modelling in far more detail than this guide does. If your situation involves a specific adversary — an abusive relationship, investigative journalism, activist work — start there.
2. Networking: If Chapter 7 and 8 sparked interest in networking, consider learning the foundations. Professor Messer's CompTIA Network+ materials are free and excellent. Understanding how networks actually work at a packet level makes everything else in this guide make more sense.
3. WireGuard and Tailscale: Self-hosted VPN that lets you securely access your home network from anywhere. WireGuard is the protocol; Tailscale is a mesh VPN layer built on WireGuard that makes multi-device setup trivial. The logical next step after Part 3.
4. Qubes OS: For those who want maximum security on a desktop or laptop, Qubes OS runs each application in an isolated virtual machine. Extreme, but used by serious security practitioners. Not for everyone, but worth knowing it exists.
5. Open source hardware: The Framework laptop and the Librem series from Purism are hardware options built with privacy and repairability in mind. For those who want to take hardware provenance as seriously as software.

A Final Word

Privacy is not paranoia. It is not something that only criminals and dissidents need. It is a fundamental property of a life lived with dignity — the ability to think, communicate, and move through the world without those activities being permanently recorded, analysed, and monetised by entities whose interests are not yours.

The tools in this guide exist because people built them. Developers who believed that the defaults were wrong. Engineers who thought that ordinary people deserved better than the bargain the surveillance economy offered. Researchers who audited code and found vulnerabilities. Communities that maintained documentation and answered questions from strangers on the internet.

Using these tools is, in a small way, participating in that project. Every person who switches to Signal makes Signal's network more valuable. Every person who self-hosts removes a data point from a commercial profile. Every person who hardens their router is one fewer easy target on the network.

None of us can opt out of the data economy entirely. But we can make it work harder for less. We can make the default answer to 'what does this person do online?' something approaching 'we don't know.' We can make our data less valuable, less accessible, and less useful to the entities that want to profit from it.

"Festina lente. Make haste slowly. One change at a time, in the right direction, is how this works."

Thank you for reading. I hope it was worth your time.

Appendix: The Complete Privacy Checklist

A single-page reference of every actionable step in this guide. Tick them off as you go.

Quick Wins (all audiences)

• Switch to Firefox or Brave + install uBlock Origin
• Set DuckDuckGo, Startpage, or Brave Search as default search engine
• Audit and tighten app permissions on your phone
• Install Bitwarden or KeePassXC + enable 2FA on email and key accounts
• Install Signal, invite your key contacts, configure disappearing messages

Your Phone — Beginner

• Complete the full iPhone or Android settings audit (location, permissions, analytics)
• Enable Advanced Data Protection on iPhone (iCloud E2E encryption)
• Delete your Advertising ID on Android
• Delete unused apps; move social media apps to browser use
• Disable Samsung-specific data collection if applicable

Your Phone — Advanced

• Buy a Google Pixel device (6 or later, 8a or 9 recommended)
• Flash GrapheneOS via the web installer at grapheneos.org
• Re-lock bootloader after installation
• Install F-Droid and Accrescent as app stores
• Configure Signal, Aegis, ProtonMail, Organic Maps, NewPipe
• Optionally: install sandboxed Google Play for banking/compatibility apps

Internet Use — Beginner

• Harden Firefox with about:config tweaks and essential extensions
• Install Firefox Multi-Account Containers to isolate sites
• Switch to Proton Mail or Tuta for email
• Begin Gmail migration — new signups go to new address immediately
• Set up SimpleLogin or AnonAddy for email aliases
• Use Signal for all sensitive messaging
• Configure Signal: relay calls, disappearing messages, lock screen notifications off

Internet Use — Advanced

• Choose and subscribe to a trustworthy VPN: Mullvad or ProtonVPN
• Install and configure Mullvad Browser for sensitive sessions
• Test your browser fingerprint at coveryourtracks.eff.org
• Set up Tor Browser for high-sensitivity browsing
• Enable PGP in Proton Mail for external encrypted correspondence

Home Network — Beginner

• Change router admin password and username
• Update router firmware; enable auto-updates
• Enable WPA3; disable WPS and UPnP
• Set a strong, unique WiFi password
• Disable remote management
• Move all IoT devices to the guest network
• Configure encrypted DNS (DoH/DoT) on router or per device

Home Network — Advanced

• Install Pi-hole on a Raspberry Pi or mini PC
• Add curated blocklists; enable DNSSEC
• Install Unbound for fully local DNS resolution
• Consider replacing ISP router with OpenWrt or OPNsense hardware
• Configure proper VLANs for network segmentation if hardware supports it

Self-Hosting

• Set up a home server: Raspberry Pi 5 or used mini PC
• Install Docker and Docker Compose
• Deploy Vaultwarden; configure Bitwarden clients to use your instance
• Deploy Nextcloud AIO for file and calendar sync
• Deploy Immich for photo and video backup
• Deploy SearXNG for private self-hosted search
• Set up a reverse proxy (Nginx Proxy Manager or Caddy)
• Configure WireGuard or Tailscale for secure remote access
• Implement 3-2-1 backup strategy with Restic + Backblaze B2

Festina Lente  ·  Make Haste Slowly