Federation Free software Privacy

Keeping your privacy online is hard work.

You may find yourself happy online when you see the “we value your privacy” nearby to a link to the privacy statement of the webpage you are visiting or the app you just installed on your Android smartphone, but when you really read those privacy policies you will probably see they are very permissive about the information they are allowed to collect about you.

In order to achieve real privacy online you must study a lot and be very disciplinated.

For example Google Chrome is the most used web browser today it integrates tightly with Google services, company which has really bad reputation for collecting massive amounts of information about their users, you will probably need to choose other browser like Mozilla Firefox who cares more about your privacy.

Microsoft Windows also collects tons of data about their user base and encourages you a lot to get a Microsoft account, but what makes worse that operative system to your privacy is that it does not provide free as in freedom software repositories integrated with a free software package manager, encouraging you to download the programs you need from untrusted sites. This united to their choice to hide the extensions of downloaded files by default is a open door to malware and software which is not respectful with your privacy.

But it can get harder, if you do not understand how a webpage works you may miss concepts like cookies or the referrer header which some companies like Google and CDNs may use to know in what webpage have you been to show you advertising in the future or whatever they want.

Google is pretty permisive about the data an Android application may collect, for example many of them store the list of applications you have installed, as an alternative to Play Store I suggest the F-droid repository which only have free as in freedom Android Applications.

Gmail reads your mail to trace where you buy and send you personalized advertising so Tutanota or Posteo are better alternatives, although in my opinion is time for email based in SMTP and IMAP to pass away, since their federated nature have been destroyed by monopoly, antispam rules which disallow little actors to effectively setup a reputable instance since you are almost spam by default and the failure to provide widespread standard end to end encryption.

Many webpages encouraging (Sometimes by the force in order to use the webpage.) you to disable your adblocker are also getting benefits from the massive data mining because those ads are personalized to you, do not fell in the trick and search for an alternative webpage.

There are many things you can start doing today to improve your online privacy but long term solutions which can use everybody pass by free as in freedom software being the most used option by everybody, not only programmers, sysadmins and other tech guys and federated services which implement E2E encryption getting popular in the general public I recommend the usage of Matrix, XMPP or Briar as messaging apps and Mastodon, Pleroma and Peertube as federated social network which are also based on free software.

Firefox Privacy

Firefox privacy settings.

  • Disable DRM.
  • Choose “strict” on Browser Privacy. (If it is a good rule in Perl and JS must be good on Firefox also.)
  • Tick on “Do not track”.
  • Tick on “Delete cookies and site data when Firefox is closed” and press ctrl + alt + supr and delete cookies any time you log or visit any Google, Amazon, Facebook, Apple or Microsoft service when you finish doing whatever you needed of that service or use Multi-Account containers to encapsulate those connections, closing the browser is also an option.
  • Install Privacy Badge, NoScript, UBlock and Multi-account containers addons. (You will need to learn to use those.)
  • Opt-out:
    • Allow Firefox to send technical and interaction data to Mozilla
    • Allow Firefox to make personalized extension recommendations
    • Allow Firefox to install and run studies
  • Use a dns server which provides encryption and do not store logs.

This should do something to protect your privacy, but it is not a absolute receipt if you really want to protect your privacy must also use your own services or the ones of someone you trust.

If you are not logging anywhere Tor Browser or VPNs may be useful since services can still track you by your IP, but it does not work on all situations, for example if some web only provides a http:// version it can make more dangerous to visit them.

Since you are going probably to end executing untrusted JS sometimes in order to make some webs to work using a properly configured docker container or VM may be useful to avoid a potential Zero Day can break into your computer so easily.

You should also know Firefox provides a profile feature to be able to use different profiles for the different things you do with it.