Table of Contents
Over the last year, I have semi-regularly explored the world of Internet Privacy. I spend a decent amount of time researching the best ways to be private and anonymous online, and how to circumvent big tech from getting all my information.
However, recently, I came to a realization.
Privacy is important, but I don’t need to stress myself out about it.
Designing My Threat Model
If you have also fallen down the rabbit hole of Internet Privacy, then you may know that one of the most important things you should do is figure out your threat model.
I, for one, failed to do this.
If you haven’t known from reading my blog, I am one that usually switches between multiple operating systems on a regular basis. This comes from my own indecisions of wanting high convenience without the troubleshooting involved in using Linux, and thus, I end up switching back to Windows when I am unable to get something working on Linux.
However, since my last switch back to Fedora Linux, I have stuck it out. I was able to get one of the games that caused me issues running, and I have tried to avoid scenerio’s where I may need to use software that only runs on Windows.
Better yet, Microsoft has begun doing even more shady things with telemetry, and forcing Microsoft Edge down your throat. This has pretty much sealed the deal with not wanting to use Windows as my operating system anymore, and if worse comes to worse, I’ll just install a Virtual Machine and install Windows if needed.
Though, switching and staying on Linux has opened up another avenue of obsessions. That is, Internet Privacy.
Swinging Too Far One Way
When I used Windows, I would just throw privacy out the Window. Since I knew Microsoft was pretty much watching my every move, I didn’t necessarily care about which apps I use to access what on my computer. Of course, I wouldn’t just download random programs off just any website, but I wouldn’t care if I ended up using the Spotify App, Discord, Microsoft Edge, etc.
They all take your data, and it’s hard to avoid it if you use their services.
But, when I switch to Linux, I start to swing to the other side of the spectrum. I use Firefox and the Mullvad Browser. I try to self-host everything. I use a VPN more often then not. I avoid using Big Tech services, and I even started looking into ways to “go dark on the internet.”
But, that has only proven to be exceptionally difficult. The more I look into being “private” and “anonymous,” the more fear tactics I find online, and the more difficult it becomes to use the Internet if you want “extreme privacy.”
The Internet has been designed over time to be something that tracks your every move. That is how websites make money with ads, and how Big Tech, such as Microsoft and Google, makes money. They sell your data to advertisers, data companies, and more.
Since the Internet has gone down this path, to enter the world of “Extreme Internet Privacy,” it may be best that you just get rid of your computer, and cancel your Internet and Phone subscriptions.
There is just way too much to worry about, and you will spend more time worrying about something that may not even affect you.
Though… this thought is within reason. And this is where I needed to think of and design my own threat model.
Coming Up With My Threat Model
To help circumvent my issue with jumping to one end of the privacy spectrum, to the other, I decided to finally sit down and come up with a threat model.
This threat model is based on the fact that I live in the United States, and at this time, the Internet isn’t heavily regulated like it is in more limiting countries like China or Russia.
With that being said, I’m going to use the five questions from PrivacyGuides.org to show my threat model.
What do I want to protect?
My goal is to protect my Internet Privacy by limiting the amount of data that Big Tech companies can get a hold of. With that being said, that would mean protecting my:
- Instant/Private Messages
- Search History (within reason)
What do I want to protect it from?
As I currently do not believe that I have any enemies out there, there is not anyone in specific that I would want to protect the above listed things from. But, as general protection, I would like to protect it from everyone that does not have my explicit permission to view said information.
This could be, at any point, my significant other, my friends, my employer, my ISP, my government, Big Tech, hackers, and more. I am not limiting what I want to protect from, because I am unsure who it should be protected from. But, I believe that since it is my information, it should be solely mine, and not someone else can willy nilly look at without my permission.
How likely is it that I will need to protect it?
Honestly, the threat that my E-Mail’s, Private Messages, and Files will be accessed are probably low. In fact, extremely low. However, knowing how companies batch up and sell Internet usage data, needing to protect my Search History, or I guess it would better to consider it Internet Browsing Habits, is probably a bit higher.
But, there are also a handful of “Act’s” that are sitting in congress that, if passed, would probably increase my threat for all things listed above.
How bad are the consequences if I fail?
If I fail in protecting my data, the worse that could happen, at this time, would be that my data is sold off to the highest bidder. Although I wouldn’t be in any major risks if anyone were to see my Internet Browsing Habits, my e-mails, my messages, and more, I still do not want people to be able to access them without my permission.
How much trouble am I willing to go through to prevent potential consequences?
I am willing to switch to services that pride themselves on being more private, and avoiding the free, telemetry and data driven services from Big Tech. I am also not unwilling to pay a premium price for these services or self-hosting the services on my own hardware/network. Within reason, of course.
I am also willing to give up some Internet browsing conveniences, such as avoiding sites that force you to disable ad blockers, avoiding Big Tech sites (like YouTube, Reddit, Microsoft, Google, etc.), and instead using services that circumvent having to directly access them to view their content (using frontends like Nitter, libreddit, FreeTube, and more).
Putting My Threat Model Into Action
Since I already swung to the “Extreme Privacy” mindset before sitting down and coming up with my above threat model, I already have started using many of the things that I mentioned in the last question.
I switched to ProtonMail many years ago, and although some may call it a honeypot, I still trust their encryption more than that of using “free” email from Google/Microsoft. Plus, e-mail is an unsecure protocol, and I am aware of that. Thus, I know not to do anything sensitive over e-mail, as it could easily be intercepted by man-in-the-middle attacks.
I have stopped using Big Tech search engines, and refuse to use anything that relies on an advertisement model. That includes DuckDuckGo, and Brave Search. With that being said, I have been using Kagi for nearly a year now, and knowing that my search results are not tied to my account is definitely something that eases the burden on the mind of what of yours is being tracked out there. Not to mention, Kagi is just a better search engine and provides better, more customizable, results.
I try to avoid using unsecure messaging protocol’s when possible. I use Signal for most communications, but sadly, I have Facebook Messenger and Discord still installed, as my friends refuse to switch to something else, and I can’t blame them as their threat models are a lot more lenient then mine is.
I self-host my own NAS, and I avoid using cloud storage providers whenever possible. If I do, I always encrypt my data using something like rclone before I upload. I also have started looking into and self-hosting other services, such as to-do lists, Nextcloud, DNS, and more.
Cutting Out Changes That Are Not Part Of My Threat Model
With that being said, I have stopped using the Mullvad Browser as my main browser. Instead, I now use it alongside Firefox. If I need to access something that I would like to keep open in a tab when I close out my browser? I’ll open it up in Firefox. This can be something like a game guide or maybe a web portal for one of my many self-hosted tools. But, if I need to just quickly search something up, I will open up Mullvad Browser and use that.
I have since stopped using a VPN all the time. Although the VPN I use is amazing, I do not currently see the need of masking my IP from others. If that threat model changes in the future, or if my ISP starts to limit what I am able to access online, then you bet I will start using a VPN again. Luckily, it is something that will stay in my arsenal at all times, and I will use it when on Public Wifi’s or mobile networks. But, I just won’t be using it at home at all times.
Of course there are a few other habits that I need to adjust, but other than that, I think I have a decent outlook on my threat model, and how I need to best access the Internet in a way that won’t severely limit my convenience, while also not fully giving up my privacy.
Yes, I will miss out on using services that seem to offer decent benefits, at the cost of privacy. But, humanity has survived many years without these tools. I think I could survive my life without them as well!
My Thoughts on Privacy vs. Convenience
Ultimately, I think it comes down to your threat model. I currently live in a country that, although may be on the “Big Brother” side of things when it comes to surveillance and watching things, they haven’t yet started to block or limit what people are able to see. With that being said, I am able to utilize some of the conveniences available to me on the Internet, without having to worry about major consequences.
However, if this were to ever change, I would gladly give up those conveniences to keep my privacy.
With that being said, my thoughts on Privacy vs. Convenience are thus.
Think of your threat model, and adjust accordingly. You don’t need to go down the deep end of the Internet Privacy rabbit hole if you haven’t thought of your threat model. If your threat model doesn’t require you to be private, then by all means, use all the conveniences you want. But, if you are conscious about who can see what of yours, then you will need to balance that fine line of what you are willing to give up to become private, before it becomes too much of an inconvenience for you.
My threat model allows me to still utilize conveniences. Although I refuse to use all of them, they are an option.
However, if my threat model changes for whatever reason, then I will gladly give up some of my conveniences to focus on my privacy. But that is me. Not everyone is like me, and not everyone will be willing to give up conveniences.
Feel free to also think about your threat model, and come up with a plan of action for how you change your Internet usage. But, be warned, Internet Privacy is definitely a rabbit hole, and diving into it could lead to some unforeseen consequences!