It matters to me that my digital data (PII or not) is not tracked aimlessly and sold to 3rd parties without my consent. So,
I use a VPN because I don't trust my ISP.
I use LineageOS with microG because I don't trust the phone manufacturer and Google to not track me.
I use Linux coz fuck Windows. Hardened with secureboot and FDE with TPM.
I use ungoogled chromium with uBlock and NoScript.
I also selfhost most of the services that I can replace with FOSS alternatives. Can be a PITA maintaining them at times but I sleep happy at night knowing my data is not on some Google(-like) farm. E.g For Youtube I do make use of public invidious instances etc.
Any app (on phone and PC) that doesn't need internet permissions (or any other unnecessary permissions) has them toggled off. Flatpaks and flatseal makes this so easy on Linux.
Any social media app that works well as a PWA is not installed. And if needed on my phone, it's installed into the secondary work profile where it can't read my files/contacts/etc.
All data I consider private is encrypted at-rest. Same is routinely backed up to different cloud storage providers.
Any account that I consider important has 2FA behind it. Most accounts I just use disposable emails to register.
Ads are all effectively blocked on the devices I use courtesy of dns filtering.
I'm gonna pick out one thing I'm always really curious about; what makes you trust a VPN provider more than an ISP? I've never quite understood this especially with how iffy and downright wrong VPN marketing (e.g. ad-reads on YT) can be.
- Why trust a VPN company more than your ISP? To me it seems like a commercial VPN could have equal or more incentive to do questionable things with your info.
- Is it somehow easier for an ISP to track my activity vs. a single VPN company whose servers I'd tunnel all my traffic through?
Sure, the ISP knows where I live and all that but it seems like a VPN could easily identify/know me to the same degree.
( - or is it like a self-hosted VPN sitting in the cloud, and would such a thing be practical/effective at all)
Obviously people have different reasons for using VPNs. But how I see it, between the ISP and a commercial VPN, which provider would you trust more with your internet activity?
The one with more PII data on you or the one with less? Noting that some VPNs even allow you to pay with Bitcoin.
My ISP knows where I live right to my doorstep. A VPN only knows roughly from which city I'm accessing the service from. And for mobile data, it is worse since the carrier I use has a copy of my govt issue ID (as mandated by law).
Between the two, do you trust the one whose core business is competitively providing privacy products? or .... the local private entity (some operating as a market monopoly) susceptible to government interference & anti-privacy laws .... and who basically answers to no one with regard to customer data/privacy?
Am sure all this PII data could be made to be used against you on a worst-case scenario basis but still...
I do have a self-hosted VPN tunnel that I use occasionally, but it's not as effective for privacy as a commercial VPN is if we put all device fingerprinting aside. And besides, the cloud provider still has my credit card so this route doesn't provide any greater privacy benefits than a VPN does.
I use a VPN because I don't trust my ISP.
I use LineageOS with microG because I don't trust the phone manufacturer and Google to not track me.
I use Linux coz fuck Windows. Hardened with secureboot and FDE with TPM.
I use ungoogled chromium with uBlock and NoScript.
I also selfhost most of the services that I can replace with FOSS alternatives. Can be a PITA maintaining them at times but I sleep happy at night knowing my data is not on some Google(-like) farm. E.g For Youtube I do make use of public invidious instances etc.
Any app (on phone and PC) that doesn't need internet permissions (or any other unnecessary permissions) has them toggled off. Flatpaks and flatseal makes this so easy on Linux.
Any social media app that works well as a PWA is not installed. And if needed on my phone, it's installed into the secondary work profile where it can't read my files/contacts/etc.
All data I consider private is encrypted at-rest. Same is routinely backed up to different cloud storage providers.
Any account that I consider important has 2FA behind it. Most accounts I just use disposable emails to register.
Ads are all effectively blocked on the devices I use courtesy of dns filtering.