Hello,
I would like to share my privacy setup and how I use my Slimbook. For starters I love the computer, the design is flawless, I love how the back of my Slimbook Creative also have a few ports. I also really like that the charging cable sits in the back which makes it less cluttery on the sides.
Privacy is a big part of who I am and I would like to help other people to understand privacy and understand where to start. DISCLAIMER: you do not have to do all the things mentioned here as I am trying to keep myself to the extreme but there are a lot of things you can do without being extreme. Let's begin.
COMMUNICATION
Privacy is about connections and communcation a lot of the time. We need to make sure that we communicate safely. Here are some alternatives to mainstream product
MESSENGER
Signal Private Messenger
Signal is an encrypted messenger app. It is the most popular privacy messenger app and it is very secure. Signal is open-source and even if it does require a phone number, you can turn it off completely as you communicate.
Click the photo at the upper left corner.
Click on "Privacy".
Click on "Phone Number".
Set both options to "Nobody".
You should also set a disappearing messages timer by default in case someone gain physical access to your phone.
Again under the "Privacy" category, click on "Default timer for new chats" and set the prefered timer.
I personally use a a custom time of 2 hours. but you can use even how ever long you want. The lower the safer but there has to be a balance.
Back in the "Privacy" tab I highly recommend you to put a Screen lock and incognito keyboard.
Set the "Screen lock" timer to your your prefered amount. (I have 1 minute)
Enable the "Screen security" option to block accidental screenshots of chats.
Enable the "Incognito keyboard" option.
If you go back to the first page of settings and click on your picture, you can enable a username, this will be a huge privacy improvement. (Mine is enabled but there should be an @ sign somewhere)
There is a dispute in the privacy community between using Tutamail or Proton. I personally prefer Tutamail since there has been too many incidents for my taste with Proton. One story I've read was that someone used Proton for everything from ProtonPass for passwords to Proton Authenticator for 2 factor authentication (explained later) and ProtonMail for email... You get the picture, he used all Proton products and he got falsely banned and lost his entire online identity in one swift action. Now his account was reinstated later so lucky for him. But this is exactly why I prefer Tutamail.
Tutamail
Not only do I trust Tutamail more than Proton, I also found that there are many perks compared to Proton.
Tutamail don't count custom addresses towards your 30 addresses of a Legend plan. Proton does count custom addresses towards your address count. This means if I wanted a separate address for everything... Which spoiler alert I do, then I have to have under 100 accounts on the plan I had back then. This as a single user is not hard but when I added 3 family members accounts to my plan, now I had to stay under 25. So it quickly becomes a hassel to manage.
Tutamail is much cheaper than Proton.
Support is also much better on Tuta in my personal experience.
CUSTOM DOMAINS
I have an account with 1984.hosting, they are based in Iceland and are known to be pretty good with privacy. Now if you want to one up me with the domains, Njalla is actually more private but it does require you to use crypto and I didn't have such good experiences with the service. So I ended up finding a different one.
One of the reasons to get a custom domain from a practical perspective is that you can always just set it up at a new email service provider... So if you got banned in Proton, you just redirect the domains to Tuta. Now you don't need to worry about changing all your accounts emails as they have just been redirected to your new inbox.
I use 4 domains for 4 different purposes.
Number 1 domain strictly for personal
Number 2 domain strictly for "network infrastructure". So that would be my DNS account and my VPN provider. (We will get to this later)
Number 3 domain strictly for government things
Number 4 domain strictly for work
If you live in 1 country and work in another, consider keeping a domain for each country so that you don't give different governments the same address.
One thing to note when you buy a new domain with 1984 is that you should always add "Domain Privacy". This is such that your name will not be handed out to domain whois lookups.
NETWORKING
My ISP router is in bridge mode. (The ISP router is the router that your internet service provider has given you)
From my bridged ISP router I have a Protectli firewall set up with pfSense, ProtonVPN and NextDNS, I have absolutely no connections on the firewall only LAN. On NextDNS I have an account to control the flow of data even more but that is optional.
From the firewall I have a Slate 7 (GL-BE3600) Dual-band Wi-Fi 7 Travel Router connected again by LAN. The reason for the travel router is that it has a weak signal. What this means is that it works fantastic within my walls but outside my home it isn't even visible. This provides great protection from neighbours.
Overall this setup makes a pretty protected home network, it isn't required but it is very much an improvement. ISP routers per usual do all functions of a router and they always seem to do them poorly.
VPN
A VPN is a virtual private network and it is mainly used to ensure your IP stays hidden. This is a common myth that you put a VPN and suddenly you are invisible. iVPN and Mullvad VPN has no sign up and relies on a generated ID which you save and use instead. This means in fact that you will give them absolutely nothing and you can pay with crypto on both.
iVPN for Phones
Mullvad VPN for Computers
ProtonVPN for my Firewall
Now I don't claim you actually need 3 services but I love the separation of these 3 services as it is such a critical piece in hiding my real IP
BROWSERS
I recommend multiple browsers, but the most common browser I have run into within Linux is Firefox and Firefox-ESR. The two versions are essentially the same, so far as I know ESR is extended support and the other one is regular support.
My browser recommendations are the following:
Firefox-ESR (With uBlock Origin)
Firefox (With uBlock Origin)
Brave
uBlock Origin is in my opinion the only addon you should ever have and it is free so there is really no logical reason not to get it. It blocks ads, trackers and other things that nobody wants.
SECURITY
Local should be default when it comes to how you handle it. That is exactly why we want local password managers and two factor authenticators. Syncing is very smart because you don't need to do anything. Just open it on another device and it is there. But I don't trust sync because it has to move from one place to the other somehow... And who knows a data breach or a leak may leak your passwords from a cloud based password manager.
Here is a list of what I prefer to use:
KeePassDX (Mobile - Password Manager)
KeePassXC (Computers - Password Manager)
Secrets (TailsOS - Password Manager)
Aegis (2 Factor Authenticator)
OPERATING SYSTEMS:
I run a lot of Live versions of operating systems but I have had my fair share of trying different systems. That is the beauty of Linux. If someone were to tell me they don't like Linux then, I would claim they don't like computers. So you like Windows? Go ZorinOS, its a graphical copy. If you like MacOS well a lot of systems are actually styled that way. But the most beautiful part of the linux user interface (UI) is that you can create a UI that works for you.
When I bought my Slimbook, I started out on SlimbookOS which came installed, it is based on Ubuntu. I enjoyed it for a bit but I wanted something. So after a months time, I installed ParrotOS alongside SlimbookOS (I got 2x1 Terrabyte SSDs in my computer). Now I was mainly using ParrotOS but I also did other stuff within SlimbookOS. Now a day I don't have any system on my SSDs and I use only live boot. I will tell you how that works in a moment.
On top of the installed operating systems, I did also and still to this day, use a bigger group of live systems. Live systems are systems that runs from a USB or SD card. These are systems without permanance. Of course some has persistance but I never liked to use persistance and what persistance mean is if it will save your configuration and files or not. And so why would I use operating systems that aren't permanent?
To confuse the enemy is why. Separating your activity is a huge deal in privacy so you can imagine doing an OS level separation is a very big improvement over just using one system. Now this is in the extreme end and I will now present you with operating systems that I recommend you install and use on your Slimbook. Obviously just pick one.
SlimbookOS (Ubuntu based)
Ubuntu (Debian Based)
Fedora (Red Hat based)
Mint (Debian Based - Will need Slimbook Drivers)
Zorin (Ubuntu Based)
Pop!_OS (Ubuntu Based - Might have bugs - Will need Slimbook Drivers)
ParrotOS (Security and Privacy Penetration Testing OS based on Debian)
TailsOS (LiveOS based on Debian - This system forgets you the moment you pull out the USB)
There are many more that I could recommend but it also depends what you want, I think these are solid choices, even if I did find that you may need to install Slimbook drivers in some for them to work.
Anyways Thanks for reading my extensive list of things I have done. I hope this can help you and I hope you learned something new.