Privacy Simplified

Security is the Basis of Privacy

According to wikipedia:

“Security is freedom from, or resilience against, potential harm (or other unwanted coercive change) caused by others.”
and
“Privacy is the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively.”

So what are the differences? Which is more important? And why how are they related?

Well a high security mansion with the latest systems would be very secure, but it would not be very private, while a shack in the woods in the middle of no-where may not be very secure, it is very private.

Bracack Obama once said “You can't have 100% privacy and 100% security at the same time.”. Now while I'd love to disagree this is probably quite accurate. You are (on the whole) more secure as a group of people than on your own, and by being with other people you are less private than you are on own.

Finding the gap between privacy and security can be hard, and so I am going to try to make it a bit easier.

Encrypt everything. Never visit a page that is unencrypted (i.e. does not have https), it would be a good idea to install HTTPS Everywhere. Make sure all you files are encrypted using a reliable encryption software. Make sure all communications are end to end encrypted by using an reliable encrypted messenger. Not only is encryption good practice for privacy it is also good for security.

Make a conscious effort to replace your everyday online services with open source alternatives. However just because something is open source this does not always mean it is more secure. Rather it means you are (probably) relying on other people (this could be literally anyone) to have checked the code. This may sound bad but its better than relying on a few developers from a huge company not known for privacy. If you are struggling to find alternatives use one of these tools.

It is also important when choosing hardware to look at the security chips etc... The Google Pixel 3a has the Titan M security chip, and if you installed GrapheneOS then it would also become very privacy respecting.

At the end of the day, privacy and security are equally important as they pretty much go hand in hand. However the challenge is to find the right balance.

Privacy by Compartmentalisation

According to wikipedia:

“Compartmentalisation is the limiting of access to information to persons or other entities on a need-to-know basis to perform certain tasks.”

It was originally used by the Greeks to keep the secret of Greek fire, but now it is used by people all around the world for lots of different reasons.

I like to think of it as a floor of a house. You have different rooms for different purposes, and you don't mix things up. For example, you wouldn't sleep in the kitchen, nor would you cook in the bedroom. This is a good attitude to have when it comes to privacy.

The simplest way to do compartmentalisation is by having 3 parts:

  1. Professional
  2. Personal
  3. Other

Let's start with professional. This should contain your work email, all of your files/documents (preferably on Libre Office), potentially your LinkedIn etc...

The best browser for all your needs will probably be FireFox with these add-ons:


Be careful when adding extra add-ons. Always make sure its open source and that it actually respects your privacy.
This is a collection of privacy-related about:config tweaks that will enhance the privacy of your Firefox browser. Enter “about:config” in the FireFox address bar and press enter. Press the button “I'll be careful, I promise!” Then follow the instructions and hey presto! The last thing you need to do is choose a search engine, I'd recommend SearX.

Next we are going to want a browser for personal stuff, like emailing friends and family or watching YouTube. For this we are going to use Brave . While it is based on Chromium, it has built in “shields” which are a combination of “Ad Control', “Cookie Control”, “Fingerprinting protection”, HTTPS Everywhere and Script blocking. I would advise setting your default browser to startpage.

Brave requires very little set up, however if you want some extra privacy there is a tutorial on it here (it starts at around 1:34) There is also a list of all the config tweaks you can make here in the Brave section. This is pretty much it for your personal section.

Brave also has an interesting ad feature which allows you to earn BAT. If you are interested in this then there are ways that you can earn BAT just by downloading the browser.

Finally we have other. This is for anything else that doesn't fit into one of the other categories. The best browser for this is Tor. Before installing Tor their are a few things you need to know. Never log in to anything on Tor. I'd watch this video. For search engine I'd use DuckDuckGo. If you want more info on Tor then this article will help!

But what Operating System should I use?

You should use Qubes. Its endorsed by Ed Snowden the NSA whistleblower and is focused on compartmentalisation. They even have a sub-reddit devoted to helping you set it up! And if you are wondering what operating systems to run in your Qubes I'd use debian for your professional and personal and have tails or whonix for other.

You may be thinking that this all sounds rather complicated, but after a while, like everything, it gets easier. If you are stuck there are lots of great tutorials and sub-reddits on the matter, so don't feel you have to suffer in silence.

Should you use a VPN?

A common thing that people say is that a VPN is enough for privacy. I could download a free one from my app store and I’m as good as gone, right?

This isn’t the case.

To be private online isn’t that easy, it requires a lot of thought and time. For instance, to be private online you should not be running Windows or MacOS rather a version of GNU/Linux. And thats just your operating system, to be private online you need to switch browser, search engine, email, your habits — the list goes on and on. Using a VPN on its own doesn’t make you private.

What it actually does is direct all your internet traffic through a virtual private network, rather than your Internet Service Provider (ISP). You are doing this with an app, which owns multiple servers around the world, through which you connect to avoid restrictions where you live.

What you are also doing is placing trust in that VPN provider to not keep logs, to not sell your data and so on. You may ask why a VPN provider would do such a thing, and the answer is money. VPN servers cost lots of money to maintain. How else do you think they provide a “free” service. After all: “If the product is free, you are the product!”. You may say: “I pay for my VPN so they would never do this!”, well unless they are listed on privacytools.io they probably are.

The VPN industry is not a nice place. Companies use cut-throat tactics to get ahead of the competition, with you, the customer, being directly affected.

Is there an alternative?

Yes. It's called Tor. Instead of routing all of your traffic through a VPN, you are routing it all through a series of nodes (or servers). From that explanation it seems similar, but it's not.

The deep-web contains billions of webpages that you can’t access via clearnet. Tor also provides the only form of anonymity online. By routing all your internet traffic through servers that online know where they are going, but not where they came from, you are making yourself anonymous online. And the best part is it's all free.

Isn’t Tor the dark web?

No. Thats a common misconception. Tor is simply a gateway to the deep-web, which in itself is not a bad thing. However it can be used to get to the dark-web.

Tor was actually set up so whistle-blowers or people with content restrictions could access a non censored internet. However now Tor is used by a much larger variety of people.

If you want more info on Tor then this article will help!

Which is better?

This all depends on your threat model and also what you want. For privacy Tor is better, but I wouldn’t use any form of social media on Tor like how I would on a VPN. They both have advantages and disadvantages.

Can I use both?

I wouldn’t, unless you have complete trust in your VPN provider.

At the end of the day everyone is different. For an average user a VPN on the list bellow will bypass restrictions perfectly well. IF, however you really care about your privacy, and are prepared to change some habits, Tor is the best way to go.

Sources and acknowledgements:

Inspiration — https://matt.traudt.xyz/posts/vpn-tor-not-mRikAa4h.html

Great privacy website — https://www.privacytools.io/

VPN Comparison chart — https://thatoneprivacysite.net/#detailed-vpn-comparison

The Darkest Side of VPN's

Over the past week there has been a lot of stuff going on in the VPN world. It started off with The Hated One (THO) getting called out by another YouTuber called Tom Spark. In Tom's video he called out THO for being “another NordVPN shill”. This video was then posted on THO's sub-reddit, where Tom was quick to reply to all the comments this post was getting.

To give some Context, Tom Spark is a small YouTuber who reviews VPN's, amongst other things, and has 5k subscribers. He owns multiple VPN review website including best10VPN.com and vpntierlist.com . This is not the first time Tom has called THO out, as he made a video on him titled “Does The Hated One Know Anything about VPNs?”.

The Hated One is a rather bigger YouTuber with 90K subscribers, who makes videos and tutorials on the topics of privacy and anonymity. He is affiliated with NordVPN.

The premise of the Tom's video was that THO was saying don't use a VPN, and then having an affiliate code in his description. The claim he made was that “The Hated One is just a cheap Nord VPN sell-out” For the record Tom too has affiliate links in his description.

The argument was taken to reddit, where Tom argued that THO had no right to have affiliates. When questioned why he used affiliates he said he had “the right to” because he was a VPN reviewer. Sadly I can't link these quotes as his reddit account has had most of its posts deleted.

Either way I and a fellow redditor argued about this subject for a good hour, going back and forth over and over again. We were getting nowhere. So I looked into his websites and was surprised to find TorGaurdVPN at the top of all his lists. Seemed rather odd.

For a while the reddit thread was silent, until THO made his official statement on the matter on his account.

If you follow the links through the article you can see the “Tom Spark” also goes by the name of Kevin Vadala, who also just so happens to work for TorGaurd (which is not disclosed on any of his sites or YouTube reviews). He also appears to have links with Windscribe (although this source can't be verifiable).

All in all, this entire calling out is just a massive attack on THO for publicity. Wether you can still trust THO is up to you, but “Tom” certainly can't be.