Another great resource for privacy is https://privacyguides.org. I assume most of the recommendations there are approximately the same, but they may list additional private alternatives for some software.
I used to be pretty active in the online privacy community (PrivacyGuides, GrapheneOS, etc.) and I’ve seen a LOT of absolutely terrible misinformed privacy advice. Your guide doesn’t seem to parrot any of that, which is really refreshing to see.
From a quick glance, there are only two (pretty minor) issues I can find in your guides:
Your VPN section explains how VPNs hide your activity from the ISP, but it doesn’t seem to mention the fact that they just shift the trust from your ISP to the VPN provider. Yes, Proton is definitely more trustworthy than ISPs in authoritarian countries, but I think it should still be mentioned that VPNs don’t make you anonymous and you still need to trust a third-party with your traffic.
You recommend F-Droid for app downloads, which is fine, but it has some fundamental security issues and it’s considered better nowadays to use things like Obtainium. See here and here for more information.
Furthermore, Proton claims to keep no logs of your activity and has its no-logs implementation independently audited.
Yeah, of course, all trustworthy VPNs will do that, and I do generally believe that Proton actually doesn’t keep your traffic logs. It’s just that a lot of other VPN companies, like Nord or ExpressVPN, have very aggressive online marketing campaigns where they push false claims, like the claim that using a VPN can make you completely anonymous or even somehow protect you from getting hacked. This leads to most people’s understanding of VPNs being “it’s an app that changes my Netflix country and protects me from all evil”.
So I think it’s good to clarify that there is still trust involved in using a VPN, even if that trust is unlikely to be broken.
Another great resource for privacy is https://privacyguides.org. I assume most of the recommendations there are approximately the same, but they may list additional private alternatives for some software.
I used to be pretty active in the online privacy community (PrivacyGuides, GrapheneOS, etc.) and I’ve seen a LOT of absolutely terrible misinformed privacy advice. Your guide doesn’t seem to parrot any of that, which is really refreshing to see.
From a quick glance, there are only two (pretty minor) issues I can find in your guides:
Your VPN section explains how VPNs hide your activity from the ISP, but it doesn’t seem to mention the fact that they just shift the trust from your ISP to the VPN provider. Yes, Proton is definitely more trustworthy than ISPs in authoritarian countries, but I think it should still be mentioned that VPNs don’t make you anonymous and you still need to trust a third-party with your traffic.
You recommend F-Droid for app downloads, which is fine, but it has some fundamental security issues and it’s considered better nowadays to use things like Obtainium. See here and here for more information.
Thanks so much. I’ll update the guides on both counts. I’ll also add in a section on Tor.
Furthermore, Proton claims to keep no logs of your activity and has its no-logs implementation independently audited.
Yeah, of course, all trustworthy VPNs will do that, and I do generally believe that Proton actually doesn’t keep your traffic logs. It’s just that a lot of other VPN companies, like Nord or ExpressVPN, have very aggressive online marketing campaigns where they push false claims, like the claim that using a VPN can make you completely anonymous or even somehow protect you from getting hacked. This leads to most people’s understanding of VPNs being “it’s an app that changes my Netflix country and protects me from all evil”.
So I think it’s good to clarify that there is still trust involved in using a VPN, even if that trust is unlikely to be broken.