Kristófer Reykjalín

How I protect my privacy online

Published on April 20, 2020.
Last updated February 29, 2024.

This post is in no way meant to be a guide or tutorial on how to protect your privacy on the internet, and neither is it a guide to staying completely anonymous online. However, this could be a good starting point for others interested in online privacy, so I wanted to share my general approach to online privacy.

I don’t have a strict need to hide what I’m doing online, but generally I want companies to know as little about me as possible. It’s not the end of the world if they do have some information about me, so long as they can’t predict my wants and needs before I even realize they’re something I want or need.

This means that—as much as possible—I don’t want to be served ads, and I don’t want companies to track what I’m doing online. Google and Facebook run some of the biggest ad networks on the internet, and have a horrible history of literally selling your data to anyone that’s willing to pay for it. As a result they are the top 2 companies I want to avoid.

No more Google

I try my best to not use any of Google’s services. This means no Google search, no GMail, no Google Drive, no Google Docs, etc. There are plenty of alternatives out there, and I’d like to highlight a few here.

So how do I find stuff online?

I’ve been using DuckDuckGo for a while now with great success. There are still some cases where Google’s results are miles ahead of DDG, but I can use DDG for the vast majority of my online search needs.

February 2024 update

I'm currently using Kagi and really like it, but DDG is a much stronger general recommendation.

But what about e-mail?

GMail serves you ads directly to your inbox in their mobile app. That’s such a huge violation of what an e-mail provider should do that I have no words to express my disgust. It’s abhorrent.

I’ve stopped using my GMail account in favor of a more private e-mail provider: I then use aerc to read my e-mails on my computer, and the Apple Mail client on my phone.

What has over many other e-mail providers is that they support encryption out of the box in their web UI, and that’s why I initially chose them as my provider.

I’ve since realized encryption in the web UI isn’t something I really need. This setup is good for day to day use, but I find the web UI to be very frustrating to use when I occasionally need to use it. As a result I’ve been looking for a simpler setup. Currently I’m eyeing both Fastmail and Migadu, both of which seem to have this figured out.

I also have a ProtonMail account that I don’t really use, but I’ve considered using them as well. Their service is solid but what’s holding me back is how difficult it is to not use their web UI. Due to how they encrypt their e-mails you need to run a software bridge on your computer so your e-mail client can talk to ProtonMail.

February 2024 update

I eventually decided to use Migadu for myself and Fastmail for my wife. I can wholeheartedly recommend both, although Fastmail is expensive and Migadu is aimed at a more technical customer than the general public. A better general recommendation might be something like Zoho, which I've heard decent things about, or Purelymail, which I've only heard good things about.

If I were setting up an email account for myself today I'd probably use Purelymail, but currently I like the control Migadu offers over how addresses on my domain work. I don't know if Purelymail offers similar levels of control and simply don't have a reason to check.

I don't think I've ever used my ProtonMail account since writing this post, but maintain it anyway as an additional email account in case I need it, e.g. for recovery purposes.

And how do you even access the internet?

Google Chrome is an amazing web browser and especially so in terms of its developer tooling. However, the tracking it forces on you ruins all of that. It constantly rings up Google’s servers, automatically logs you into your Google account, and tracks your browsing history. Google will then use that data to serve you targeted ads everywhere they can. As much as Chrome impresses me on the technical side, the tracking inherent in the browser ruins it completely.

Mozilla Firefox has been my browser of choice for ages—even before I started thinking more about online privacy. It’s the browser I recommend to most people, and I don’t think that will change anytime soon. However, recently I’ve come to realize that Chrome works far better for my browsing experience, especially while working.

As a result I’ve been using the Brave browser. It comes with really good privacy settings out of the box, and is based on Chromium. That’s the same browser Google Chrome is based on, so they work mostly the same. Brave comes with integrated ad-blocking and has HTTPS Everywhere enabled by default, so there’s no need to install extensions to get that functionality.

On top of using browser features to reduce tracking, I also use AdGuard as my DNS provider. AdGuard’s DNS blocks ads before they ever get to my browser, so my browser can focus on cleaning up what slips past AdGuard.

I also highly recommend Ungoogled Chromium. It’s a custom built Chromium that blocks the tracking introduced by Google in both Chromium and Google Chrome.

When I use Firefox and Ungoogled Chromium I use several extensions to block trackers: uBlock Origin, Decentraleyes, and HTTPS Everywhere.

February 2024 update

I think I will forever be jumping between browsers. I currently use Arc for the user experience it offers. I have a general preference for browsers that don't use Chromium because we desperately need more browser engine diversity on the Internet, but unfortunately I haven't found a browser that works as well as Arc for my purposes.

I did briefly use Orion, which is based on WebKit (the engine Safari uses), and it's the browser that has come closest to Arc for me, but unfortunately just didn't work as well as Arc does. The UX of Arc is just that good.

Firefox is still the best general recommendation for a "classic" web browsing experience.

No more Facebook

This one has been one of the hardest things to move away from, not because I use Facebook a lot, but because where I’m from the community runs on Facebook. If you’re not on Facebook you don’t get invites to events, and people have a hard time reaching you (maybe they’ve never heard about mobile phones?). As a result you generally just miss out on what’s happening around you.

As much as that frustrates me, I don’t really mind missing out on most things in my community; I hear about events through my friends and family anyway. What does frustrate me however, is that I can’t get away from Facebook Messenger. If I where to delete my Facebook account, most of my family and friends wouldn’t be able to reach me.

I don’t live in my home country anymore, and haven’t for the past 3+ years at the time of writing. That means family and friends can’t call or text me by phone, leaving online communication as the only viable option. Since everyone is already on Facebook everyone uses Facebook Messenger to communicate. I really don’t want to force people to install an app just to talk to me, although I made an exception to that rule for my parents and close friends 🙂.

The vast majority of online conversations I have are with my girlfriend, parents, and a couple of close friends. Thankfully they’ve all been willing to switch to either Telegram or Signal. While I’d love to use Signal for all my communications, Telegram’s user experience is far better in every way. Telegram’s default encryption model is good enough for me for most communications; if I need proper end to end encryption I can use secret chats or Signal.

No more social media

Well, almost.

I’ve removed Facebook, Instagram, and Twitter from my phone, and rarely visit any of them. I might check each service once or twice every 2 months. Instead I’ve made a Mastodon account on the Fosstodon instance, and I can honestly say it’s been great! Most of the discussions happening there are relevant to my interests, and if I want to follow specific people from other instances that’s super easy to do.

I do miss following some personalities on Twitter, but not so much that I go back to check on their updates. Honestly, I think I’m much more productive since I’m not looking at those updates 😅.

No more Dropbox

While Dropbox‘s policies aren’t exactly bad, they’re not that great either. My biggest issue is that data is not encrypted before it’s sent to Dropbox. That means that even though Dropbox encrypts the data on their side they still have the potential to read and process all of it.

I’ve already talked about why I don’t like Google products so I don’t think I need to reiterate why I don’t want to use Google Drive.

As a result I’ve been using Tresorit for a while with great success, although their mobile app experience is lacking. Right now I’m looking at buying a subscription to or paying for a VPS with a good amount of storage and self-hosting Nextcloud instead.

February 2024 update

I currently use iCloud. I find that I trust Apple enough to hold my data for me. I'm also deeply embedded in Apple's ecosystem where my computer of choice is a Mac and my phone of choice is an iPhone. iCloud simply works best for those devices and the integration is seamless.

For a general recommendation today I'd probably just recommend buying access to a Nextcloud instance or hosting one yourself.

In conclusion

My general approach here is to try to use services that encrypt my communication with them, and ideally store my data in such a way that they can’t access it, e.g. services like Tresorit and Signal. I also try to limit my exposure to services that are known bad actors when it comes to tracking and advertising.

I could take this idea much further; block scripts from executing in my web browser, exclusively browse the web through the Tor browser, never sign up to services that require any sort of personal information, and so on and so forth, but to that’s too extreme for me. If I did, there would be multiple services I simply wouldn’t be able to use.

That said I don’t think it’s unreasonable for services to ask for some identifiable information to prevent spam, although it’s certainly not the best solution. So long as the service provider doesn’t gather too much information—and so long as they don’t abuse that information—I don’t mind giving up some information about me in exchange for their services.