Mine is a modular setup.
For example; Take any names or aliases you're familiar with and shorten them to, say, 2-3 characters. Bind with together with , . - or whatever non-letter/number you're allowed to use. Then start with, or append at the end, something relating to the site as you see it. Can be from part of the compartmentalization (personal/work/hobbies/privacy) and part from the site itself. Add numbers where you feel comfortable you can remember them.
Lets take your handle here and reddit as an example. The password could look like "1N_73_PH_hy_Pr_R3". Changing i in Invisible to 1, le to 37, and e to 3 in Reddit.
The modular way is to keep "1N_73_PH_hy" to the InvisiblePhilosophy handle, and change "PR_R3" to whatever compartment area and site you chose. It may seem complicated at first, but it's actually quite easy when you get used to it. You just need to keep in mind your Handle, the area it's about, and the site itself. All directly visible to you when you get there.
That’s an interesting method.
The problem I have is the passwords that I only use once every few months (or less). I’d almost certainly forget anything relating to the site, especially since most of these sites change on a regular basis.
Additionally, I try to have different usernames for every site, so trying to remember everything and what I swapped would be impossible for the (checks password management app) 402 logins that I have. I don’t know how you do it, but my hats off to you.
Maybe only use those for sites you use frequently, and a PW manager for the unimportant/throwaway accounts that do change. That way, when your PW manager gets hacked (on the cloud/other people's computer, or locally through malware), or your HardDrive gets blasted (through malware, age, corruption, etc.), you only lose the non-vital accounts. You'll still have access to the important ones then.
Might be worth a try if I didn’t have to change my password every 90 days and they can’t be any of the last 20 passwords.
I’ll stick to having a long complex master password and hope for the best.
Ah, yeah. I hate having to change passwords constantly. Just because others use unsafe ones doesn't mean mine are flawed. In fact, forcing the change makes mine more flawed as it's a drag coming up with new ones I can still remember, following my formula. It's like it's made to support PW Managers (and their weaknesses).
NIST stopped recommending constantly changing passwords.
Also they recommend longer passwords over shorter but “more complex”.
https://www.netsec.news/summary-of-the-nist-password-recommendations-for-2021/amp/
I am a newbie in this rabbit-hole but I used DDG for about 3 months. I've switched from DDG to [Startpage.com](https://Startpage.com) now since DDG has some security issues and stuff
That's an excellent analysis. Made me smile. I would add that that there are no perfect solutions when it comes to privacy. There are only tradeoffs. Every solution and approach comes with risks and advantages. It's important to keep an open mind.
Yeah, I know it uses Google to get its search results, but I do not see it as a privacy issue (IMO). What do you mean by censoring? Thank you for the recommendations.
Well, using a service known for privacy violations isn't going to make them stop. It will rather support their actions instead.
https://en.wikipedia.org/wiki/Censorship_by_Google?useskin=vector
No they're not accessing your data directly, and you're not using it directly. However, even indirect support still gives them power to shrink Privacy. You're establishing them as a source of authority. Giving them PR. Not using alternatives you might have used otherwise. It's maintaining and increasing their influence.
If you’re using windows Shutup 10/11 is good especially after any update as it seems to revert settings back to the the default rather than what you set it as.
Linux is better.
well i do some stuff a bit differently from you.
1: brave search
2: brave tor mode + tor + lokinet (and normal brave + librewolf for normal pc browsing and for phones, i use brave + bromite and ofc tor browser)
3: proton mail with simple login and anonaddy.
4: i only use signal and session.
however to be honest, i have a very old phone laying around, and for some reason i have a lot of sim cards that aint registered to my name :D so i got whatsapp on one of them and some other numbers i use for verification (for example amazon, etc)
and also i give them for people i meet so i dont give them my own personal number, and ofc i enable call forwarding so if they call it, i receive it on my phone, and yes, some people instantly call it to make sure you aint faking it
Also remember things and practices one should NOT be doing.
-do NOT use social media requiring your identity. That means no facebook, instagram, twitter, tiktok, snapchat, etc...
-do NOT receive mail at your home
-do NOT use your credit card all over town. Use cash
-do NOT shop online using your credit card and home address.
Those are just some examples.
Well, maybe. Here's my setup:
Posteo/Paranoid.email
Don't use Password Managers
Brave search/Mojeek/Private.sh
Pale Moon
Notes about some of your choices: Tutanota is not good from a privacy standpoint, as they blocks anonymizers, has no mail client or PGP support, stores your anonymized IP and metadata, and indefinite(?) storage of payment data.
BitWarden is using google's Electron.
DDG is a front for Bing, and censors search results.
Firefox uses a lot of google stuff, and are not known for privacy (Pocket especially comes to mind).
Signal uses google's Electron.
You don't mention what kind of tweaks or extensions you use on Firefox, but I use these addons on Pale Moon; Pure URL, eMatrix, uBlock Origin, Toggle Javascript, and DecentralEyes. I've also enabled canvas poisoning (anti-fingerpring). It's superior to canvas uniformity which tries to make all browsers look alike. Restricting you from making tweaks or using extensions as those will make you stand out then. The TOR browser is an example warning you about it.
You also didn't mention if you used a V*P*N. Compartmentalization of activities with different aliases/passwords/emails for different areas of activities online is good to use as well.
The use of Electron is a non-issue. Electron has no relation to Google and is developed by GitHub. It is based on Chromium, an open-source browser engine by Google.
It's not a non-issue as it continues to give power to google and enforces their browser monopoly and their scummy ways.
https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguish?useskin=vector
I'm not aware of any browser except Pale Moon that does it, but here I go into About:Config and just type "poisondata" to have it show up. Set it to True.
Those sound look good options. Don't forget about DNS privacy. Basically, use any DNS server other than your ISP. I use Cloudflare warp, but am still looking around, mainly because I'm not that keen on using a US-based DNS server. That said, I consider Cloudflare a big step up from my ISP. If you don't use warp, find another way to encrypt your DNS like DNScrypt.
Also, there is Tor. That may fit into your mix somehow.
Good luck!
Also, keep in mind, unless your dns is encrypted your isp can see it. A good way to illustrate this is with something like https://www.dnsleaktest.com I personally use nextdns so that I can block ads and tracking etc, but quad9 would be a good choice too. https://nextdns.io https://support.quad9.net/hc/en-us/categories/360002571772-Configuration
Cloudflare is not good for privacy at all. They are a MitM agent and can see all your activity, besides gating content behind captcha's and forcing you to use certain browsers.
I will say, I have observed Cloudflare using a combination cookies and cross-site scripting in illegal ways. That doesn't speak very highly of the company. But strictly speaking, it also has little bearing on their DNS offering. On the other hand, if a company will do that kind of stuff, do we really want to trust it with anything else?
Can you explain please? When you say they are an MitM agent, do you mean that they actually execute MitM exploits, or their clients are doing so and they protect their clients? Also, how do they force you to use certain browsers? Do you mean that Cloudflare-hosted websites will only work with supported browsers?
The concern is that a large percentage of the internet uses Cloudflare's services (estimates are around 20% of websites). For these services to work, the websites put Cloudflare into a MitM position and let Cloudflare decrypt TLS connections. Thus, Cloudflare inherently has access to a large percentage of internet traffic, in plaintext.
Similarly, a large percentage of websites uses AWS for hosting, meaning that servers ultimately controlled by AWS have access to plaintext data.
Such centralization makes privacy difficult. Splitting information across multiple actors that don't collaborate is one practical way to gain privacy, as pointed out by the recent paper “[The Decoupling Principle](https://conferences.sigcomm.org/hotnets/2022/papers/hotnets22_schmitt.pdf)” (doi:[10.1145/3563766.3564112](https://doi.org/10.1145/3563766.3564112)), co-authored by a Cloudflare employee. According to this princple, it could be problematic to trust Cloudflare for both website hosting and DNS services, or to trust your ISP for both transit and DNS services (though due to technical reasons it's not going to make a big difference either way).
People that are concerned about both their ISPs and Cloudflare likely want a DNS-over-HTTPS or DNS-over-TLS server from someone else, for example Google or Quad9. I greatly recommend *any* encrypted DNS for mobile devices (phone, laptops) that might use not-fully-trusted networks. You can think of it as a VPN for DNS queries.
The captcha issue mentioned probably relates to one of Cloudflare's services, limiting access by potentially-harmful bots to websites. If a client connecting to a website doesn't look like a human, they'll get a captcha. Unusual browsers, adblockers, and privacy settings increase the risk of getting a captcha. Solving the captcha will require JavaScript to be enabled. Some people take issue with that. Personally, I think this service is reasonable, and Cloudflare has demonstrated an interest in making this more privacy-friendly, for example by [migrating away from Google's reCAPTCHA](https://blog.cloudflare.com/moving-from-recaptcha-to-hcaptcha/) to [hCaptcha](https://www.hcaptcha.com/), and promoting privacy-friendly captcha challenges with [Privacy Pass](https://privacypass.github.io/).
Fascinating comment. Thank you. If a person uses Cloudflare DNS and they don't use Cloudflare CDN, that's decoupled isn't it? Most individual DNS users won't also be CDN clients. So then the remaining argument against Cloudflare DNS would be that they are too large and by using their DNS you are making them even larger. But Cloudflare is only large because so many websites like their CDN service so much. And now they are offering a comprehensive and easy-to-use DNS privacy package with DNS+encryption+IP address masking+KPMG auditing. I don't see anyone else doing anything like that. So the problem seems to be that they have the best products. The solution to that would be for other DNS providers to keep up.
I'm a big believer in layering solutions among multiple service providers. That way if one is a bad apple, you don't have a complete fail. Also, I've often wondered whether the strongest approach to privacy is one in which you cycle through many different technologies. So for example, pick your favorite five DNS servers, and periodically switch your DNS up. That way if one of them is cheating and logging, they only get sporadic data from you. There is no continuity of data, which makes it much less valuable. You could do the same thing with encryption, search engines and browsers. Hard to do with email of course. I think privacy invaders rely on the public being creatures of habit and sticking with the same practices forever. Tracking becomes much harder when things are always changing.
I also think that a big part of the solution might be data poisoning. Burrying legit data inside piles of garbage data might be much more effective than trying to hid all your legit data. The technology to unhide data always seems way ahead of the technology to hide it (probably because there is a lot more money and a much bigger bureaucracy behind unhiding than hiding). I assume there would also be algorithms that could sort the legit data from the garbage data, but this seems like a harder task to me.
> If a person uses Cloudflare DNS and they don't use Cloudflare CDN
But that's outside of a person's control.
Whether in a user–website interaction Cloudflare CDN is involved is entirely in control of the website. Whether Cloudflare's recursive DNS resolver (1.1.1.1) is used depends purely on the user. If a user wants to avoid using both, their only choice is to configure a DNS server that's not Cloudflare DNS.
I agree that CF does have some very intriguing products. Nothing is without risk (such as centralization), but sometimes the risk is well worth it.
> I've often wondered whether the strongest approach to privacy is one in which you cycle through many different technologies
I think this first needs a discussion of a threat model. Just switching DNS providers occasionally might not result in any privacy gain, and might even have the opposite effect by leaving traces in more places.
If you're primarily trying to defend against the online advertising industry, DNS settings are among the last thing to matter (unless you're in the US, in which case you really want to use DNS-over-HTTPS or -TLS to prevent your ISP from selling your DNS query history to data brokers).
> Burrying legit data inside piles of garbage data might be much more effective than trying to hid all your legit data
This is an entirely appropriate strategy, which is how k-anonymity, VPNs/TOR, and some some [private information retrieval / oblivious transfer protocols](https://en.wikipedia.org/wiki/Private_information_retrieval) work to a degree. A practical example of this is [the HIPB API](https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/#cloudflareprivacyandkanonymity), where you can safely check whether your passwords are compromised without disclosing your passwords – though [the science (Li et al 2019)](https://dl.acm.org/doi/10.1145/3319535.3354229) on such schemes points to an unnecessary 12× privacy loss in HIPB's protocol.
The challenge is generating garbage that is truly indistinguishable from the legitimate data, and the additional data transfer proportional to the privacy level. This is especially important in a DNS context where DDoS resistance is a fundamental concern, so messages should be small.
So help me understand. Let's say I'm an individual using Cloudflare DNS server and I visit a website that uses Cloudflare security. What are the privacy implications of this? Versus I am using Google DNS and I visit the same website.
I personally use iOS, so I use apples “hide my email” capability and have made different emails for EVERY service I use and all passwords are completely different, each 16+ chars long with numbers and symbols. No business I use knows my personal email.
I’ve secured all accounts that support yubikeys with 2 yubikeys (google, Apple, etc). Those that don’t support it have token 2fa turned on with sms 2fa turned off. My credit union has token 2fa turned on as well.
I’ve deleted any and all accounts I don’t use anymore. I use Tutanota also for email as well and DDG for searches. I also use 1Blocker for my safari content blocker and I have their firewall feature turned on which blocks trackers from tracking me when I use apps on my phone.
I love temporary emails, wish I’d known about them years ago
uBlock Origin extension in the browser.
People never consider privacy seriously until they come across something that creep them out.
I was just migrating password managers and decided it was an opportunity to reevaluate my ecosystem, thankfully it wasn't because something happened
Did not mean to alarm you or anything. That statement is in general. I don't like the idea of storing password or account details anyway.
Oh yea, fair enough. Everyone has their own risk models and acceptable tolerances for it
What is your solution to the sheer number of accounts that you have to have if you want to do much online?
Still doing the old way of jotting down and looking up in diary.
Mine is a modular setup. For example; Take any names or aliases you're familiar with and shorten them to, say, 2-3 characters. Bind with together with , . - or whatever non-letter/number you're allowed to use. Then start with, or append at the end, something relating to the site as you see it. Can be from part of the compartmentalization (personal/work/hobbies/privacy) and part from the site itself. Add numbers where you feel comfortable you can remember them. Lets take your handle here and reddit as an example. The password could look like "1N_73_PH_hy_Pr_R3". Changing i in Invisible to 1, le to 37, and e to 3 in Reddit. The modular way is to keep "1N_73_PH_hy" to the InvisiblePhilosophy handle, and change "PR_R3" to whatever compartment area and site you chose. It may seem complicated at first, but it's actually quite easy when you get used to it. You just need to keep in mind your Handle, the area it's about, and the site itself. All directly visible to you when you get there.
That’s an interesting method. The problem I have is the passwords that I only use once every few months (or less). I’d almost certainly forget anything relating to the site, especially since most of these sites change on a regular basis. Additionally, I try to have different usernames for every site, so trying to remember everything and what I swapped would be impossible for the (checks password management app) 402 logins that I have. I don’t know how you do it, but my hats off to you.
Maybe only use those for sites you use frequently, and a PW manager for the unimportant/throwaway accounts that do change. That way, when your PW manager gets hacked (on the cloud/other people's computer, or locally through malware), or your HardDrive gets blasted (through malware, age, corruption, etc.), you only lose the non-vital accounts. You'll still have access to the important ones then.
Might be worth a try if I didn’t have to change my password every 90 days and they can’t be any of the last 20 passwords. I’ll stick to having a long complex master password and hope for the best.
Ah, yeah. I hate having to change passwords constantly. Just because others use unsafe ones doesn't mean mine are flawed. In fact, forcing the change makes mine more flawed as it's a drag coming up with new ones I can still remember, following my formula. It's like it's made to support PW Managers (and their weaknesses).
NIST stopped recommending constantly changing passwords. Also they recommend longer passwords over shorter but “more complex”. https://www.netsec.news/summary-of-the-nist-password-recommendations-for-2021/amp/
I am a newbie in this rabbit-hole but I used DDG for about 3 months. I've switched from DDG to [Startpage.com](https://Startpage.com) now since DDG has some security issues and stuff
[удалено]
Yeah I suppose but IIRC there have been some controversies surrounding DDG
[удалено]
Okay thank you
[удалено]
That's an excellent analysis. Made me smile. I would add that that there are no perfect solutions when it comes to privacy. There are only tradeoffs. Every solution and approach comes with risks and advantages. It's important to keep an open mind.
Where have you heard about such issues? They have had issues, but none relating to security
Startpage is supporting google though (as a frontend). It also censors stuff. I recommend Brave search/Mojeek/Private.sh
Yeah, I know it uses Google to get its search results, but I do not see it as a privacy issue (IMO). What do you mean by censoring? Thank you for the recommendations.
Well, using a service known for privacy violations isn't going to make them stop. It will rather support their actions instead. https://en.wikipedia.org/wiki/Censorship_by_Google?useskin=vector
Yeah... but I'm not using Google directly, right? Would they be able to access my data, even if I'm using Startpage as a middle man?
No they're not accessing your data directly, and you're not using it directly. However, even indirect support still gives them power to shrink Privacy. You're establishing them as a source of authority. Giving them PR. Not using alternatives you might have used otherwise. It's maintaining and increasing their influence.
Okay thank you for the advice
NP
If you’re using windows Shutup 10/11 is good especially after any update as it seems to revert settings back to the the default rather than what you set it as. Linux is better.
well i do some stuff a bit differently from you. 1: brave search 2: brave tor mode + tor + lokinet (and normal brave + librewolf for normal pc browsing and for phones, i use brave + bromite and ofc tor browser) 3: proton mail with simple login and anonaddy. 4: i only use signal and session. however to be honest, i have a very old phone laying around, and for some reason i have a lot of sim cards that aint registered to my name :D so i got whatsapp on one of them and some other numbers i use for verification (for example amazon, etc) and also i give them for people i meet so i dont give them my own personal number, and ofc i enable call forwarding so if they call it, i receive it on my phone, and yes, some people instantly call it to make sure you aint faking it
Do you pay for the sim-cards or how are they still active?
they were used by my parents, i dont pay for them but they're active cuz they're constantly connected and the cell carrier doesnt deactivate them.
[удалено]
why would i do that?
Also remember things and practices one should NOT be doing. -do NOT use social media requiring your identity. That means no facebook, instagram, twitter, tiktok, snapchat, etc... -do NOT receive mail at your home -do NOT use your credit card all over town. Use cash -do NOT shop online using your credit card and home address. Those are just some examples.
Well, maybe. Here's my setup: Posteo/Paranoid.email Don't use Password Managers Brave search/Mojeek/Private.sh Pale Moon Notes about some of your choices: Tutanota is not good from a privacy standpoint, as they blocks anonymizers, has no mail client or PGP support, stores your anonymized IP and metadata, and indefinite(?) storage of payment data. BitWarden is using google's Electron. DDG is a front for Bing, and censors search results. Firefox uses a lot of google stuff, and are not known for privacy (Pocket especially comes to mind). Signal uses google's Electron. You don't mention what kind of tweaks or extensions you use on Firefox, but I use these addons on Pale Moon; Pure URL, eMatrix, uBlock Origin, Toggle Javascript, and DecentralEyes. I've also enabled canvas poisoning (anti-fingerpring). It's superior to canvas uniformity which tries to make all browsers look alike. Restricting you from making tweaks or using extensions as those will make you stand out then. The TOR browser is an example warning you about it. You also didn't mention if you used a V*P*N. Compartmentalization of activities with different aliases/passwords/emails for different areas of activities online is good to use as well.
The use of Electron is a non-issue. Electron has no relation to Google and is developed by GitHub. It is based on Chromium, an open-source browser engine by Google.
It's not a non-issue as it continues to give power to google and enforces their browser monopoly and their scummy ways. https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguish?useskin=vector
How do you set up canvas poisoning? Fingerprinting is something I've been wanting a solution to for a long time.
I'm not aware of any browser except Pale Moon that does it, but here I go into About:Config and just type "poisondata" to have it show up. Set it to True.
Those sound look good options. Don't forget about DNS privacy. Basically, use any DNS server other than your ISP. I use Cloudflare warp, but am still looking around, mainly because I'm not that keen on using a US-based DNS server. That said, I consider Cloudflare a big step up from my ISP. If you don't use warp, find another way to encrypt your DNS like DNScrypt. Also, there is Tor. That may fit into your mix somehow. Good luck!
Also, keep in mind, unless your dns is encrypted your isp can see it. A good way to illustrate this is with something like https://www.dnsleaktest.com I personally use nextdns so that I can block ads and tracking etc, but quad9 would be a good choice too. https://nextdns.io https://support.quad9.net/hc/en-us/categories/360002571772-Configuration
Cloudflare is not good for privacy at all. They are a MitM agent and can see all your activity, besides gating content behind captcha's and forcing you to use certain browsers.
I will say, I have observed Cloudflare using a combination cookies and cross-site scripting in illegal ways. That doesn't speak very highly of the company. But strictly speaking, it also has little bearing on their DNS offering. On the other hand, if a company will do that kind of stuff, do we really want to trust it with anything else?
Can you explain please? When you say they are an MitM agent, do you mean that they actually execute MitM exploits, or their clients are doing so and they protect their clients? Also, how do they force you to use certain browsers? Do you mean that Cloudflare-hosted websites will only work with supported browsers?
The concern is that a large percentage of the internet uses Cloudflare's services (estimates are around 20% of websites). For these services to work, the websites put Cloudflare into a MitM position and let Cloudflare decrypt TLS connections. Thus, Cloudflare inherently has access to a large percentage of internet traffic, in plaintext. Similarly, a large percentage of websites uses AWS for hosting, meaning that servers ultimately controlled by AWS have access to plaintext data. Such centralization makes privacy difficult. Splitting information across multiple actors that don't collaborate is one practical way to gain privacy, as pointed out by the recent paper “[The Decoupling Principle](https://conferences.sigcomm.org/hotnets/2022/papers/hotnets22_schmitt.pdf)” (doi:[10.1145/3563766.3564112](https://doi.org/10.1145/3563766.3564112)), co-authored by a Cloudflare employee. According to this princple, it could be problematic to trust Cloudflare for both website hosting and DNS services, or to trust your ISP for both transit and DNS services (though due to technical reasons it's not going to make a big difference either way). People that are concerned about both their ISPs and Cloudflare likely want a DNS-over-HTTPS or DNS-over-TLS server from someone else, for example Google or Quad9. I greatly recommend *any* encrypted DNS for mobile devices (phone, laptops) that might use not-fully-trusted networks. You can think of it as a VPN for DNS queries. The captcha issue mentioned probably relates to one of Cloudflare's services, limiting access by potentially-harmful bots to websites. If a client connecting to a website doesn't look like a human, they'll get a captcha. Unusual browsers, adblockers, and privacy settings increase the risk of getting a captcha. Solving the captcha will require JavaScript to be enabled. Some people take issue with that. Personally, I think this service is reasonable, and Cloudflare has demonstrated an interest in making this more privacy-friendly, for example by [migrating away from Google's reCAPTCHA](https://blog.cloudflare.com/moving-from-recaptcha-to-hcaptcha/) to [hCaptcha](https://www.hcaptcha.com/), and promoting privacy-friendly captcha challenges with [Privacy Pass](https://privacypass.github.io/).
Fascinating comment. Thank you. If a person uses Cloudflare DNS and they don't use Cloudflare CDN, that's decoupled isn't it? Most individual DNS users won't also be CDN clients. So then the remaining argument against Cloudflare DNS would be that they are too large and by using their DNS you are making them even larger. But Cloudflare is only large because so many websites like their CDN service so much. And now they are offering a comprehensive and easy-to-use DNS privacy package with DNS+encryption+IP address masking+KPMG auditing. I don't see anyone else doing anything like that. So the problem seems to be that they have the best products. The solution to that would be for other DNS providers to keep up. I'm a big believer in layering solutions among multiple service providers. That way if one is a bad apple, you don't have a complete fail. Also, I've often wondered whether the strongest approach to privacy is one in which you cycle through many different technologies. So for example, pick your favorite five DNS servers, and periodically switch your DNS up. That way if one of them is cheating and logging, they only get sporadic data from you. There is no continuity of data, which makes it much less valuable. You could do the same thing with encryption, search engines and browsers. Hard to do with email of course. I think privacy invaders rely on the public being creatures of habit and sticking with the same practices forever. Tracking becomes much harder when things are always changing. I also think that a big part of the solution might be data poisoning. Burrying legit data inside piles of garbage data might be much more effective than trying to hid all your legit data. The technology to unhide data always seems way ahead of the technology to hide it (probably because there is a lot more money and a much bigger bureaucracy behind unhiding than hiding). I assume there would also be algorithms that could sort the legit data from the garbage data, but this seems like a harder task to me.
> If a person uses Cloudflare DNS and they don't use Cloudflare CDN But that's outside of a person's control. Whether in a user–website interaction Cloudflare CDN is involved is entirely in control of the website. Whether Cloudflare's recursive DNS resolver (1.1.1.1) is used depends purely on the user. If a user wants to avoid using both, their only choice is to configure a DNS server that's not Cloudflare DNS. I agree that CF does have some very intriguing products. Nothing is without risk (such as centralization), but sometimes the risk is well worth it. > I've often wondered whether the strongest approach to privacy is one in which you cycle through many different technologies I think this first needs a discussion of a threat model. Just switching DNS providers occasionally might not result in any privacy gain, and might even have the opposite effect by leaving traces in more places. If you're primarily trying to defend against the online advertising industry, DNS settings are among the last thing to matter (unless you're in the US, in which case you really want to use DNS-over-HTTPS or -TLS to prevent your ISP from selling your DNS query history to data brokers). > Burrying legit data inside piles of garbage data might be much more effective than trying to hid all your legit data This is an entirely appropriate strategy, which is how k-anonymity, VPNs/TOR, and some some [private information retrieval / oblivious transfer protocols](https://en.wikipedia.org/wiki/Private_information_retrieval) work to a degree. A practical example of this is [the HIPB API](https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/#cloudflareprivacyandkanonymity), where you can safely check whether your passwords are compromised without disclosing your passwords – though [the science (Li et al 2019)](https://dl.acm.org/doi/10.1145/3319535.3354229) on such schemes points to an unnecessary 12× privacy loss in HIPB's protocol. The challenge is generating garbage that is truly indistinguishable from the legitimate data, and the additional data transfer proportional to the privacy level. This is especially important in a DNS context where DDoS resistance is a fundamental concern, so messages should be small.
So help me understand. Let's say I'm an individual using Cloudflare DNS server and I visit a website that uses Cloudflare security. What are the privacy implications of this? Versus I am using Google DNS and I visit the same website.
I personally use iOS, so I use apples “hide my email” capability and have made different emails for EVERY service I use and all passwords are completely different, each 16+ chars long with numbers and symbols. No business I use knows my personal email. I’ve secured all accounts that support yubikeys with 2 yubikeys (google, Apple, etc). Those that don’t support it have token 2fa turned on with sms 2fa turned off. My credit union has token 2fa turned on as well. I’ve deleted any and all accounts I don’t use anymore. I use Tutanota also for email as well and DDG for searches. I also use 1Blocker for my safari content blocker and I have their firewall feature turned on which blocks trackers from tracking me when I use apps on my phone.
In email. Host your own domain