Daily tips to gain more privacy from Murena team

The purpose of the Data Privacy Day is to raise awareness about privacy and data protection. On this occasion, our team got together to share with you their tips to improve your privacy in your everyday life.

It is now well known that each action on the internet leaves its trace: our data is collected, sold for commercial and promotional purposes. One might think that there is no escape from it. Evidently, this situation violates our fundamental rights, especially our privacy and it must stop.

Thankfully, there are many ways to improve your internet and smartphone usage in regards to privacy and sustainability! Yes, your data consumption and daily use has a huge impact and creates tons of CO2 emissions.

If we look back at this data collection research led by Professor Schmidt, Professor of Computer Science at Vanderbilt University, your smartphone (Android, iPhone…) sends to Google from 6 to 12 MB of profiling information per day. Imagine how much information this represents for 4 billion smartphones used daily across the globe, and how much electricity is needed to collect this information, transmit it over wifi and broadband to huge data centers all over the world.

In a few years, Internet traffic has boomed to require 10% of the world’s electricity and accounts for nearly 4% of the planet’s CO2 emissions. Briefly speaking, by limiting our internet traffic, by protecting our data, we consume less energy and thus we reduce drastically our CO2 emissions.

Without any further ado, we would like to share with you simple habits and tips to improve your privacy. Let’s discover what our team members use on their daily basis!

Meet in this conversation:

Alexandre and Vincent, our /e/ dev team members

Jonathan, Android Tech lead

Shenol, customer support specialist

Mahbub, design team member

Aude, product owner

Romain, OS engineering manager

Akhill, infrastructure team engineer

Camille, customer support specialist

Prajwal, webmaster

Jo, a contributor

Aayush, software engineer

Alexis, Chief Operating Officer

and Gaël Duval, /e/ Founder and project leader

Daily habits

We would like first of all to share with you some good habits that will allow you to use the internet with more safety. “Compartmentalize your life”, - says Camille. “Have multiple email address or phone number in order to separate your activities”. Romain and Mahbub also prefer not to use the same app, service or company for everything.

Another tip, which might already be well-known is to use a VPN on every device in order to hide which website your are visited to your ISP (it can actually increase the speed if the ISP slows down on purpose the speed of some specific activities like streaming). Make sure you choose a VPN service that doesn’t capture user logs. There are many VPN services out there, and the ones making the most amount of noise aren’t always the most mindful with your privacy.

It should become your reflex to deny cookies that are not indicated as essential on websites or use the button Deny all if available, adds Aude.

Moreover, Aayush recommends to disable advertisement personalization whenever possible.

Use different container for shopping online”, Mahbub tells us, and read privacy policy, terms and condition for the sites, apps or services you are about to sign up for.

Google-related behavior

To use Google or not to use Google? That is the question.

Obviously, our recommendation would be no. But if you still need it for some reason, remember Jonathan’s tip while using Google to disable Google Assistant as well as other Google features regarding marketing, history, YouTube history. Whereas, Shenol prefers not to use Google account at all. Alexander uses Qwant maps instead of Google Maps on web browser.

Akhill underlines that if moving from Google, make sure you delete your account or log out from all apps. Otherwise, you might still be logged in on some service you use with your Google account.

Mahbub uses /e/OS devices and services “to stay safe from Google data logging tactics”.

How do you protect your smartphone?

All our team uses a privacy focused operating system on their phone, such as /e/OS, in order to prevent Google and the manufacturer of the phone to collect a lot of information about you.

Camille also advises you to put your SIM card on a spare phone and turn it on only when you need to use the SIM card, or if it’s not possible at least be in airplane mode and disable it only when you need your SIM card. (The ISP knows your location as long as your are connected to the network). Furthermore, being in airplane mode and using Wi-Fi instead of 4G/5G will increase your battery life a lot.

How do you protect your computer?

First and foremost, Gaël Duval finds it essential “to encrypt your hard drive on your PC, as well as encrypt your smartphone for storage”.

Camille uses Linux on computer (Ubuntu or Zorin OS for starters). It can be installed alongside Windows, in order to prevent Microsoft from collecting data and use an open-source operating system.

Always search for an open-source or at least privacy friendly alternative. There are more alternatives than you think (https://alternativeto.net/ can help).

What about the apps ?

To begin, almost all our team members advise you to use open source apps as much as you can or privacy friendly apps on your phone or your computer, and never give useless permissions. When possible, don’t give your phone number to an app neither your phone contacts access. Romain also advises you to check regularly apps installed on your phone, and uninstall the one you are not using.

For messaging Jonathan and Camille choose Signal, Telegram and DeltaChat instead of WhatsApp or traditional phone call and SMS, in order to hide who you are talking to and what you say. Their habits are also shared by Gaël, who is, on the other hand, wondering whether the NSA would possibly be able to break Signal’s and possibly other’s instant messaging encryption algorithms.

“Use an app like Shelter to isolate some apps you know are “bad”. Of course, if you put a lot of apps or even all your apps there it looses its interest”, - Aude says.

Speaking of Facebook, that uses a large amount of your personal data for commercial purposes, Alexandre uses Facebook container on Firefox. Furthermore, Mahbub uses the web version of Facebook instead of the app if needed.

And last but not least, check the number of trackers built-in your apps (with a service like Exodus Privacy). Don’t forget that /e/OS reveals to its users the number of trackers present in the apps.

What about YouTube?

Romain uses NewPipe application to watch YouTube video in order to avoid to be tracked by their algorithm, and invited to watch another video. Alexandre underlines invidious that can be used instead of YouTube.

Which browser do you use?

Camille, Prajwal, Vincent, Alexandre and Jonathan prefer using a privacy focused web browser (such as Duckduckgo, Firefox or Brave) and advise you to increase the default level of protection to skip trackers. Romain also reminds us to use add blocker on your browser. For example, Alexandre uses TrackerControl.

Did you know that /e/OS is not only very protective of privacy, but it also comes with a mobile browser including an ad-blocker by default, so it is highly recommended!

What about the emails?

Use a privacy focused email provider such as ProtonMail or Tutanota, which can’t read your emails and offer anti-tracker protection. Gmail, Yahoo Mail or Hotmail are thus not recommended because your contents are read and analyzed systematically by those providers.

But remember that when you email a friend or relative using Gmail or Yahoo from a privacy focused email provider, your email has to be sent unencrypted in order for your friends or relatives to be able to read it.

You can go one step beyond encrypting your emails using a PGP key. PGP stands for Pretty Good Privacy and has became one of the best options out there for email and messaging encryption. By using a combination of a public key and a private key to encrypt and share your messages, only you and the recipients can read and access the content of the email or the message.

In /e/OS and our default Mail app, we feature OpenKeychain so you can manage your PGP key and PGP keys from your friends and relatives and send and receive encrypted emails right from your phone.

Finally and in contrast, our ecloud also offers a fully integrated ecosystem with your individual mail account, your agenda, calendar, cloud storage for your files and backup and an online office suite respecting your data privacy.

Use disposable email address. “If you need to enter your email address somewhere just to have access to something but you know you won’t use the service later, use services that create a temporary email address (you can easily find a lot of them). This way you don’t have to share your real email address”, Camille claims.

Other tips?

“Check if one of your account has been compromised: https://monitor.firefox.com/ It’s more about security but it’s still important.” Camille

“Don’t deal with the net giants. Delete your big techs accounts, don’t install their apps and don’t use their services as much as possible.” Camille

Jo, one of our contributors, is mastering the full safety! His approach is as follows:

“Remove your laptop’s wifi/bluetooth chip. Remove the camera. Hide your phone’s camera. On the Xiaomi mi a1, you can pull the screen off a little bit because the paste is badly designed and put a sticker for the front camera and nobody will notice it. I also made an oval-shaped piece of paper that I can put on the back-camera”.

+ Bonus for the advanced users

Use artix to say “bye SystemD” and the smallest window manager ever: dwm.

Also, use vim for coding, not jetbrains’s IDEs that now ask for credentials.

Mahbub shares: “Use an app like Insular to create separate profiles for shopping, if you use Ecommerce apps, and do not use anything else in that container”.

To conclude,

Our /e/ team is working hard to bring to your phone privacy by design operation system in order to protect your data and the environment. To conclude, our best privacy tip will be as follows: use /e/OS on your smartphone or get the Murena phone on our shop with preinstalled /e/OS, create your e.email and use ecloud that allows you to self-host your data and avoid trackers. Because your data is YOUR data!

We hope that some of our tips were useful and surprising for you at some point. Please, share with us your own tips in the comments and let’s discuss the ones shared above! Which ones do you already use and which ones you have discovered?

Additional references :

Regain your privacy! Adopt /e/ the unGoogled mobile OS and online servicesphone

22 Likes

We would love to hear suggestions and tips from the users on this subject, The idea is to facilitate an exchange of information that is usefull for all.

5 Likes

Don’t forget the IoT and streaming devices connected to your home network, that have no browsers or available tracker-blockers:

Security devices, Roku, (too-)smart TV, climate control, etc.

They sit there on your network quietly collecting and transmitting tons of data about you and your environment, and they do it 24/7.

Set up a Pi-hole application on a Raspberry Pi (relatively easy!) or another computer that’s on all the time (but the Pi uses way less energy). Add a couple of specific public blocklists to automatically capture any trackers or ad connections.

Or if your router has the capability, you can accomplish something similar by adding URLs or keywords to be blocked on your network. (Your computing devices’ VPN will bypass that, as well as the Pi-hole, unless you do a bit of additional configuring, but the IoT/streaming devices will be captured, since they’re not passing through a VPN. Unless you have a VPN installed on your router itself, that is.)

3 Likes

A lot of useful hints to check out, thanks a lot! Obviously there are several issues of concern.

One thing is to protect oneself against criminal attacs, like hijacked sessions and accounts, stolen credit card credentials, viruses, encryption troians, or spying “apps” like Pegasus. I would like to learn more about that (preferrably information tailored for non-technicians).

The other thing is the permanently ongoing violation of privacy by all the data grabbing companies, which is more or less legal in most places. There is obviously a lot a curious and confident user can achieve against it (without beeing a hardcore hacker himself).

But either way, I think the legal standards really have to be improved (and inforced) too. Privacy protection should not depend on the level of technical expertise of the user. This would mean to regard the internet as the modern version of the “wild west” , where only “the strong will survive”… But the internet is a basic ressource of modern life, like streets and other infrastructure. Spying out people in the street is prohibited (mostly), anyway stalking is… and if you are stalked, you could call the police. So it should be on the Internet.

2 Likes

Or, let’s say, you go to a shop in a foreign town: You buy a blue jeans and pay cash. What personal data on you will remain? None. Or only such as you willingly chose to share with the shop keeper. And if he would afterwards sit down to create a file on one middle aged, bald man interested in low priced strech jeans, we would regard it as a little weird, and quite useless.
This kind of anonymous shopping should be possible on the Internet too. That I would call fair…

This makes it impossible for you to receive phone calls and sms messages. Rather defeats the object of having a phone at all doesn’t it? You may as well just use a computer.

6 Likes

If you are using an additional router to the modem/router your provider sold/lent to you, setup OpenWrt on it. Vendor support after a relatively short time is bad to none existent so you increase security (if done correctly ;- ) and can setup additional services like e.g. Adblock to provide malware/spam/advertisement/parentel control/you name it blocking (DNS based), VPN, DNS over HTTPS (DoH), DNS over TLS (DoT), DNSCrypt etc. to all devices connected.

Sadly this approach is difficult for “normal” users and demands knowledge, time and effort as like most of the tips mentioned above.

2 Likes

There’s an ISP in the states called Althea.net, and they have some new business model inw which the users federate a network? I’m unsure how it works, but it claims together rid of the ISP spy problem, e.g. KeyLTE (their slogan there: “Your data is yours and yours alone”, although i haven’t fact-checked that…) Problem is how local they are because they’re still so small and the business model is proving difficult to expand using anyone but those already in business.

Another thing i use is pairvpn between my dialy phone (pairvpn server) and an old phone (with client pairvpn and then pdanet) to set up hotspot for other devices

This kind of suggestion is intriguing, but a lot of people are scared to try this themselves for fear of the many days it might take them to figure out… (E.g. took me a month on and off to upgrade my phone to unofficial /e/ the first time I took the plunge.)

Has anyone here considered classes or trainings (I guess something like infosec?) for those like us in how to set up that kind of system/network/device rig?

I’d be willing to learn then teach others locally if such a thing were available… (Hopefully it would cover a minimum data chain, but maybe not every last option for each device/app/etc…)

If you want to get Google’s search results but stay more private, consider using some instance of Whoogle. Here are some:

https://whooglesearch.net/
https://whoogle.sdf.org/
https://search.albony.xyz/

On desktop Firefox, look into using a privacy enhancing user.js like arkenfox. Please note that it might be quite “restrictive” and some sites might not work properly. Therefore it is a good idea to create a test profile and try it out there. Also uBlock Origin and NoScript are given on all instances of my Firefox.

1 Like

May we have some more information on Use different container for shopping online ”. What is a ‘container’ ?

2 Likes

@nottolino Give a glance here : firefox multi account container addon

There are some other container addon for firefox ,(facebook container for instance).

3 Likes

This is true. It all depends on how badly one wants it, and whether one will be motivated to seek out a tutorial online. :slight_smile:

I recommend https://github.com/m66b/XPrivacyLua :+1:

3 Likes

@taurus That’s a lot of friction for a lot of people, I imagine (waste of man-power/man-hours); we don’t have to let them stay weak if a motivated crew can be gathered to inspire then empower them, lower the barriers to entry. I’m throwing my hat in the ring as one willing to spread the word, but I expect the word to be dumbed down, which is not my area of expertise… Maybe someone else can help there?

As am example, this morning I thought I had updated my Motorola to /e/-19 just fine, then a few (thankfully) hours later I’m having to start all over.
This is just from my not having a great grasp of android and windows file systems/ architectures/ other? Let alone how they should interact (and this has been something I’ve done a s a light hobby for many years now.

Nice lead @vance! Looking into it once my phone calms down

1 Like

Some reading to make you want it even more:

1 Like

Thanks for that, didn’t knew! Good way to start with if you “have” to use Whatsapp and solve problems that may arise.

Use the shelter version from F-Droid if you need the File Shuttle feature. Play Store/Aurora version is missing that feature!

1 Like

I can highly recommend Posteo, a german E-Mail provider:

One mayor advantage for me is the (optionally) complete encryption of address book and calendar. Both I have synchronised with my Thunderbird and K9-Mail flawlessly via webDAV. The monthly charge of 1€ is not much regarding the supply.

What might also be worth a look is mail.de:
mail.de - Security, Reliability, Comfort

Another good Alternative to Signal is the Swiss messenger Threema: Threema - Secure and Private Messenger

Last, but not least I’d like to recommend Joplin, a powerful notes application with markdown Syntax and even a desktop client (Electron based). Joplin has the advantage of delivering the opportunity to end to end encrypt the whole notebook even on cloud platforms, that you don’t own and synchronize it via webDAV between several devices.

Take a look here: https://joplinapp.org/

7 Likes

Hi :blush: those tips are really nice :smiley: However what is good to do, when my phone is not on the supported list yet? Do you think that never login in on it to big tech like Google or Facebook is enough to protect my data? I have also turned off most of the Googly stuff on my Android (everything I could).

I would recommend The Complete Android Privacy & Security Guide: Your Best Protection! - YouTube

If you’re new to android privacy it’s a pretty good starting point and it’s easy to understand.

4 Likes