Remote self-destructible VM for browsing with Firefox in incognito mode (only sites you NEED to, that REQUIRE JS), through multiple VPNs over multiple proxies.
Everything else is command line HTML parsers (also on different, remote VMs), or API endpoints (HN API as an example?).
Need email service? Self-hosted, tiny email-server somewhere in eastern Europe. DDNS etc.
Local machine is always clean. Imagine you had to have iPad as your primary work machine? Very similar spiel.
Good thing is that most of it can get into a habit very quickly and most tedious parts can be automated :)
Keeping it up offline? Cash-only, prepaid phones (these give you internet access as well, 80$ no contracts, activate, use 20GiB until the end of the month, discard the phone, destroy and repeat), prepaid debit for "card required" purchases.
Easy-peasy! no idea what people are complaining about....
The sarcasm is spot on. These things are so easy to a tiny subset of experts who seem incapable of stepping into the shoes of normal people. It's always frustrating when I want to improve privacy or security and it's just an "easy" but not actually, mess.
Let's Encrypt is probably the great example of actually getting it right. But normal people won't really ever need it.
> Everything else is command line HTML parsers (also on different, remote VMs), or API endpoints (HN API as an example?).
This is somewhat how Richard Stallman uses the internet:
> I am careful in how I use the Internet.
> I generally do not connect to web sites from my own machine, aside from a few sites I have some special relationship with. I usually fetch web pages from other sites by sending mail to a program (see https://git.savannah.gnu.org/git/womb/hacks.git) that fetches them, much like wget, and then mails them back to me. Then I look at them using a web browser, unless it is easy to see the text in the HTML page directly. I usually try lynx first, then a graphical browser if the page needs it (using konqueror, which won't fetch from other sites in such a situation).
> I occasionally also browse unrelated sites using IceCat via Tor. Except for rare cases, I do not identify myself to them. I think that is enough to prevent my browsing from being connected with me. IceCat blocks tracking tags and most fingerprinting methods.
> I never pay for anything on the Web. Anything on the net that requires payment, I don't do. (I made an exception for the fees for the stallman.org domain, since that is connected with me anyway.) I also avoid paying with credit cards. For freedom's sake, insist on paying cash. When a business pressures you to pay in an identified way, that means your help as a citizen is needed: say, "If you won't take my cash, no sale!"
> Remote self-destructible VM for browsing with Firefox in incognito mode (only sites you NEED to, that REQUIRE JS), through multiple VPNs over multiple proxies.
I hope you're just joking since layering up multiple VPNs doesn't provide any privacy by design. The best way is to use disposable Whonix VMs in Qubes OS.
1. This is orthogonal to the topic at hand. If you only trust a project with Joanna Rutkowska at the helm, neither Qubes nor any "desktop" system out there offers what you want.
2. The Qubes team has been doing a great job so far, and Joanna has not been directly involved for about a year now. Marek and Andrew Wong are the ones I notice the most on the mailing list and on github, but there is a big team[1] that has gotten Qubes to where it is today.
I wonder these days how much of an illusion this was.
A free-to-use global computer network borne of a military projects programme with all communications in the clear by default, centralised in a country with a highly active global foreign policy. Hmmm. Looking at it like that it seems Google and Facebook are just picking up where the other guys left off.
This doesn't prevent hotels you've stayed at, car dealers, utility companies, banks, ISPs and others from selling your data.
Also, in Russia (and many other countries as well) you cannot legally buy a SIM card without an ID. And Digital Ocean doesn't accept some virtual debit cards and suggests that I use a real credit card (so that they can charge me even if I don't have money).
So, don't use Digital Ocean? They are far from the only fish in the sea[1]. Vultr stands out, they offer Bitcoin and WeChat Pay as alternative payment options to the usual Paypal and credit card methods, and they have an awesome ISO library that includes OpenBSD. They aren't the only provider with those options but they are my go-to.
I use local self-hosted email service. I do think public API endpoints would be good thing to have, and/or other protocols, that you will have command line programs to use. (That is one reason I invented remote virtual table protocol, although other existing protocols can also be used for many purposes; in some cases, HTTP is best anyways, too. And some protocols are too complicated! That is why to have a simpler one, such as httpdirlist instead of WebDAV.)
What are you using? Do you have any advice for setting this up?
I've been using Protonmail for a couple of years, and while I'm generally fairly happy with it, I'd really like to self-host my email in my home. Aside from the technical experience, my understanding is that the US court system sees data stored on your own hardware in your own home very differently than data that you've entrusted to the care of a third party outside your home - the former is protected by the Fourth Amendment while the latter is not.
I use Exim and Heirloom-mailx (although you can use a different user program, since the server is only Exim).
On the Debian setup menu, I selected smarthost, to use the ISP's server for sending (required because of the way the internet service works; your own service is still used for receiving). And then, in order to reduce spam, modified the configuration so that only aliases can be used and not real usernames, and set up several aliases in the /etc/aliases file, so that a different one can be used for each service or correspondent. I then set up the router to allow incoming SMTP connections.
(If necessary, you may need to disable NAT with your internet service provider. If they won't let you to do this, or won't allow arbitrary port numbers, then it isn't a real internet service.)
Both the government and the police oversee themselves, the secret service has access to whatever they want and the tax office is even allowed by the courts to demand whatever they want. It’s for security and if that doesn’t work it’s for the children.
Remote self-destructible VM for browsing with Firefox in incognito mode (only sites you NEED to, that REQUIRE JS), through multiple VPNs over multiple proxies.
Everything else is command line HTML parsers (also on different, remote VMs), or API endpoints (HN API as an example?).
Need email service? Self-hosted, tiny email-server somewhere in eastern Europe. DDNS etc.
Local machine is always clean. Imagine you had to have iPad as your primary work machine? Very similar spiel.
Good thing is that most of it can get into a habit very quickly and most tedious parts can be automated :)
Keeping it up offline? Cash-only, prepaid phones (these give you internet access as well, 80$ no contracts, activate, use 20GiB until the end of the month, discard the phone, destroy and repeat), prepaid debit for "card required" purchases.
Easy-peasy! no idea what people are complaining about....