This is original content. AI was not used anywhere except for the bottom right image, simply because I could not find one similar enough to what I needed. This took around 6 hours to make.

Transcription (for the visually impaired)

(I tried my best)

The background is an iceberg with 6 levels, denoting 6 different levels of privacy.

The tip of the iceberg is titled "The Brainwashed" with a quote beside it that says "I have nothing to hide". The logos depicted in this section are:

• Instagram
• Apple
• TikTok
• PayPal
• Google Chrome
• CashApp
• WhatsApp
• Samsung
• Steam
• Microsoft Windows
• Ring (Security Camera)
• YouTube
• Amazon
• Discord
• Gmail
• ChatGPT

The surface section of the iceberg is titled "As seen on TV" with a quote beside it that says "This video is sponsored by...". The logos depicted in this section are:

• NordVPN
• Bitdefender
• Incogni
• Malwarebytes
• Opera GX
• ExpressVPN

An underwater section of the iceberg is titled "The Beginner" with a quote beside it that says "I don't like hackers and spying". The logos depicted in this section are:

• Telegram
• Authy
• Brave Browser
• Privacy.com (Virtual Cards)
• DuckDuckGo
• iMessage
• Proton Mail
• AdBlock (Browser Extension)

A lower section of the iceberg is titled "The Privacy Enthusiast" with a quote beside it that says "I have nothing I want to show". The logos depicted in this section are:

• Signal (Messenger)
• Tuta
• addy.io
• Linux
• Bitwarden
• uBlock Origin
• Tor and Tor Browser
• ProtonVPN

An even lower section of the iceberg is titled "The Privacy Activist" with a quote beside it that says "Privacy is a human right". The logos depicted in this section are:

• Monero
• GrapheneOS
• Vanadium (Web Browser)
• KeePassDX
• SimpleX Chat
• Accrescent
• SearXNG
• Aegis Authenticator
• OpenWrt
• Mullvad VPN
• An illustration of physical cash

The lowest portion of the iceberg is titled "The Ghost". There is a quote beside it that has been intentionally redacted. The images depicted in this section are:

• A cancel sign over a mobile phone, symbolizing "no electronics"
• An illustration of a log cabin, symbolizing "living in a log cabin in the woods"
• A picture of gold bars, symbolizing "paying only in gold"
• A picture of a death certificate, symbolizing "faking your own death"
• An AI generated picture of a person wearing a black hoodie, a baseball cap, a face mask, and reflective sunglasses, symbolizing "hiding ones identity in public"

End of transcription.

Important

As with all of my long-form, well organized, (mostly) grammatically correct posts that I have been writing for over a year, no AI was used in the making of this post. Every word I write on my own, and I spend hours writing and editing these posts. One of my posts was removed for being "AI slop", which hurt, because it was one I was most proud of writing. From that incident, I considered no longer posting on Lemmy, but I still felt my work is needed, so here I am again.

It's very obvious that there are human mistakes and human additions to my posts that cannot be replicated by AI. It was not the first time one of my posts has been accused of being written AI, but I want it to be the last. There are people who enjoy writing and will put in the work to actually write a piece, such as me. I will prove that I am human by any means necessary.

The content I write is not designed to be short, nor is it designed to be summarized in a short manner. If you are not someone who enjoys reading long text, or prefers reading text with a more condensed meaning, this is not for you. I am also trying out increasing the number of references I use during the post, which is different from my usual style of only referencing more uncommon topics.

Thank you for your understanding.

Introduction

For the sake of people with whom I still keep in touch, I will avoid referencing too many anecdotes while writing this. These individuals have taken great strides in both privacy and security, even if they have a long way to go. It is not my place to publicly degrade these individuals and their experiences, especially knowing that they are reading this. It was wrong of me to have done this in the past, especially without permission.

The topic of this post will, however, cover some common experiences I have observed between numerous individuals, rather than singling out the stories of singular individuals. These stories will be used scarcely and only to help clarify the points I am making through examples.

Threat Model & Privacy Journey

My privacy journey officially started around 6 years ago as of writing this. It was when I was first introduced to the privacy risks of Google, as well as the privacy benefits of Firefox and Tor Browser. In the 6 years that I have spent learning about privacy, my preferences have changed between different extremes.

I used to be a die-hard user of Firefox-based browsers such as Mullvad Browser, and wouldn't dare use a Chromium-based browser. I became obsessed with browser fingerprinting, and Firefox-based browsers seemed to be the only way to mitigate it.

Slowly, though, my views shifted. I became more security-oriented, and became concerned with the security of Firefox. (That topic is a whole can of worms that I have covered in the past. Please don't fight about this in the comments.)

Eventually, I switched to Chromium-based browsers such as Vanadium and Trivalent. Even though I used to be polarized, I eventually switched sides as my threat model changed.

That's where this discussion begins. I have never, in the 6 years I have researched privacy, made a proper threat model. This should not immediately discredit me. I have come to learn that a threat model is a good idea in most cases for most people, and if you haven't made a threat model already, you should.

I have tried many times before to define a concrete threat model, without success. The reason I have not been able to is because of how my privacy journey went about. When I began my privacy journey, I had a goal in mind: "Make myself as private as I reasonably can first, and then work backwards to see what I am actually fine with doing." It's not a bad goal, just an incredibly tedious and difficult one. You first become very experienced in privacy by learning hands-on, and then you are able to make rational decisions after gaining experience and knowledge.

Of course, I never reached the point where I was fully private. Such a thing is not possible. Instead, I accidentally "ignored" some areas of privacy, or didn't push further in areas that became too inconvenient. I essentially did a depth-first search to determine my threat model.

Once I was reasonably satisfied with my state of privacy, I worked backwards to restructure my digital life in a more convenient way with my newfound experience and knowledge. The way I discovered my threat model is extremely difficult and will bring you to extremely low points past privacy fatigue. I would never recommend anyone go through what I went through, which is the main reason I have devoted my time to ease the privacy journeys of others.

One thing I made sure to prevent while learning about privacy is forgetting where I came from and how I got where I am today. This comic illustrates why:

I want to remember all the pitfalls and mistakes I went through, that way I can present easy solutions and workarounds for those just starting their privacy journeys. Even still, I occasionally have to remind myself that not everybody knows what 2FA is, even though I have gotten so used to using it as a part of day to day life. As my threat model has changed, so too has the advice I have given.

Convenience vs. Everything

Convenience makes a lot of rich people a lot of money. If you can make something as convenient and addictive as possible, you gain the undivided attention of someone, and can dictate a lot about that person's life.

Privacy, security, autonomy, and a few other categories are all subcultures of the same concept: freedom, especially digitally. The subcultures often overlap because they are all sides of the same coin.

Digital freedom is a broad topic, but being free digitally means breaking the chains of digital addiction and taking control over where you place your attention. For that reason, digital freedom will inherently feel less convenient. Giving yourself control over your digital life means that, in some cases, you will end up doing more work to manage it properly, but it means that you dictate how it functions, rather than being handheld by questionable entities.

In other ways, however, digital freedom is far more convenient. Take a password manager, as an example. Many people are prone to reusing the same, weak, memorized password for a multiple accounts. That means if an unsavory party gains access to one account (which is more common the more accounts you have), all of your accounts are compromised. Furthermore, remembering and typing passwords is cumbersome and prone to error.

A password manager is incredibly convenient because it fixes those problems. It generates strong passwords for you, changes passwords for every account, stores them all securely so you don't need to remember them, and even types the passwords for you. This is one area where digital freedom is more convenient.

It's often thought that convenience and digital freedom are at whits with each other, but it simply isn't true. You trade convenience in some areas to gain convenience in others. Privacy activists can function the same as those who don't care about privacy, the difference is how they go about it.

The Privacy Hump

"The first step is always the hardest" is a phrase used to encourage taking the first step towards a goal, because it gets easier after the first step. For privacy, this phrase is complicated.

Some steps towards privacy, such as switching your web browser, are very easy, can be done in under a minute, and have a large benefit in privacy. These steps can be first steps, and are not hard at all.

Other steps, such as fully switching to a password manager, are tedious and can get very messy very quickly. I had the displeasure of working for a company that stored all passwords in plaintext on a shared document. I immediately got to work transitioning these passwords to a proper password manager with proper access control, but it was an unpleasant and tedious task. Many of the passwords were incorrect, had multiple entries, or had unclear login pages. One login page was described only by the location of the browser bookmark on the computer of the secretary.

Even if a password manager is a tedious task at first, once your accounts are transitioned to a password manager it becomes infinitely easier to manage and use. These first steps can be the hardest, but provide even greater privacy and security benefits.

With that, I've found that privacy has a "hump". The first steps are easy and can hook you on privacy, and once you are in a comfortable place with privacy the steps become equally as easy, but in between those points in a privacy journey are the hardest.

Conclusion

If privacy were more widespread (and it is becoming increasingly more common), there would be no need for a "privacy journey", because privacy would be the default. Unfortunately, that utopian society currently resides only in the daydreaming minds of authors and privacy activists.

I could add more to this post, but I don't want it to become unbearably long. If you want key takeaways while missing plenty of the interesting portions of this post, I will not deny you the satisfaction:

• I don't write using AI, even if my writing style is similar
• Privacy journeys are long and difficult at times
• Privacy is convenient in some ways, but not in others
• The hardest part of privacy comes towards the middle of the journey

If you decided to read this post in its entirety, then thank you. As always, I had plenty of fun writing this. I hope it helps at least one person.

Cheers!

Google is somehow the only company that is able to completely ruin a calculator app. Even before installing, Google outs themselves with how much data they collect:

• App info and performance: Crash logs and Diagnostics
• Personal info: Email address
• Device or other IDs
• App activity: App interactions

And of course the encouraging message:

Data can’t be deleted

The developer doesn’t provide a way for you to request that your data be deleted

As soon as you try to install it, the app requests network access. I'm glad to be using GrapheneOS where this can be restricted.

The app doesn't crash on launch, which is a new concept for Google, since most of their apps won't even start without Google Play Services installed. Maybe that means the calculator app can calculate 1+1 without requiring installing the most invasive software known to man, right?

Of course it can't. It crashes the moment you press the plus sign. Thank you, Google, for requiring Google Play Services for your calculator app to do basic addition. You know what calculator doesn't require Google Play services to do math?

In all seriousness, OpenCalc is a near 1:1 match to Google Calculator, so I suggest anyone use that instead.

The cherry on top is Google's calculator app is bundled with a privacy policy, which on its own is a treat to read through: https://policies.google.com/privacy

Congratulations, Google, you can spy on math now.

I am going to show what it would look like if a society had no privacy whatsoever, and then compare it to a society where privacy is a top priority. I am going to show that what little privacy we have in countries such as the United States is the thread holding those countries together, and without it society crumbles. I am going to show that privacy is essential for a free society to function properly, and also help you appreciate the privacy you may not know you have. Let's begin.

A Privacyless Society

"Our" Personal Life

Privacy, by definition, is the ability to control your data. That means controlling what data is shared, who it is shared with, how long it is shared for, when it is shared, and by what medium it is shared.

If you have no privacy, that means you lose the ability to obscure any of your data. All of your data is shared with everyone

Personal information: full name, birthday, address, occupation, social security number, etc.

Documents: birth certificate, driver's license, passport, ID, etc.

Biometrics: Facial scans, fingerprints, handprints, retinal scans, DNA, etc.

Digital information: The content of all emails, every post made online, bank account balance, spending habits, social graphs, all pictures, all ~~private~~ instant messages, every show you watch, etc.

Other information: health and workout data, past relationships, every word you say, every thought you think, likes and dislikes, every place you visit, every waking second of your life, etc.

All of that data becomes available for anyone to use. As you can imagine, this data would quickly be used for mass government control. Anyone who thinks out of line would be punished.

Without privacy, you would also no longer be allowed to obscure personal belongings. All carrying devices such as backpacks and bags would need to be transparent. Since clothing counts as a carrying device, it would need to be transparent or nonexistent.

Yes, you heard me right, everyone would be mandated to be completely nude. The French TV series Nu carries this idea, where a society has been "frog boiled" into giving up all privacy, and all clothes. One man has slipped into a coma during this transitionary period, and is disillusioned with the society.

Access Control

With all data becoming public, you may wonder "Why even have passwords anymore?" To put it simply, even if all your data is public, you still wouldn't want someone impersonating you or posting on your social media. It's the same as how you wouldn't want anyone accessing your bank account, even if transactions are public.

This falls under the topic of security. Without privacy, security would become a citizen's most valuable tool. This begins to show you a hierarchy in personal freedom. Security is the foundation, privacy is layered on top of that, and only then should convenience be added. Unfortunately, in today's world, convenience comes first.

Breaches would become much less common as security is prioritized. The use of password managers, multi-factor authentication, time-based one-time passwords, passkeys, and hardware security keys would become common. However, because all biometric data is public, the "rule of three" for multi-factor authentication can't be completely satisfied.

Documents such as your birth certificate or passport can still be used to verify your identity, as long as the physical composition can't be counterfeit. The information itself becomes useless, and so all identification using the documents must be done in person.

Autonomy

This society has no privacy for individuals, but even if you tried to enforce transparency in higher powers, those powers literally have all the power. Governments and companies would hide behind closed doors, and cover up any misconduct. These powers would use the trivially available data collection to control every member of the public, and manipulate their decisions. Good news: Elections will take place almost instantly because all individual preferences are made public. Bad news: The election is rigged so it doesn't matter who you voted for.

The control over the public would stop at nothing, until we all are turned into mindless work drones. If you control every aspect of the population, then many pieces of a society are removed entirely. The public never makes any money, so there's no reason for taxes or rent to exist. The only transactions taking place would be between different companies and the government. Homelessness is solved by cramming everybody into government issued bunkers for maximum efficiency. Soylent becomes the largest company in the world, providing the only food for every citizen. The only people with any real autonomy would be refugees that are somehow evading the global satellite surveillance cameras, high ranking government officials, and CEOs drifting on their mega yachts.

Death and birth rates would hit an all time high as humans become a disposable asset. The most common cause of death becomes black lung disease from the increase of workers mining coal. Trees may or may not be planted depending on how near-sighted the powers are. As society shifts, some terms take on new meanings, such as "self-driving cars" adapting to the meaning of "cars you drive yourself".

The powers would eventually find neurotechnology to be the most efficient means of control. Installation would become mandated for the public, and manipulation tactics such as peer pressure would force everyone into submission. The device would kill a person at the first sign of corruption. People would be selectively bred and genetically modified to minimize the risk of defiance.

The point is, your data is valuable as a means of manipulating you. The more data you give, the more effective the manipulation is. Major influential powers use manipulation to gain more power, and all of society crumbles into an authoritarian regime. One day, though, throwing disposable humans at a problem will fail, and it will lead to the extinction of our planet(s).

A day in the life

I want to end this section by outlining a day in the life of a privacyless society. This is meant to be somewhat lighthearted and humorous.

Choose your character:

• Disposaperson
• CEO
• Government official

If you chose Disposaperson:

You are Disposaperson #42069. You wake up at 7:00 AM in bunker #42, shared by you and your ordinally closest friends. You got a restful 6 hours of sleep. It's election day, so you were treated to 2 extra hours of sleep than normal. You should be in peak mental condition when making big decisions, after all. Speaking of which, you take your mandated 30 minute brain activity period, to make sure you are still able to function mentally. You scroll through Dreamscape, a new app that lets you watch the nightly dreams of each Disposaperson.

As you are scrolling, you land on a deleted video. 'This dream has been removed under suspicion of defying government powers.' Thats good. you think to yourself. Our government is protecting us from misinformation. "I agree," your bunkmate says, while listening in on your thoughts. You scroll past the occasional ad reminding you to work hard and follow the rules.

Once your mandated 30 minute brain activity period is up, your bunker marches in an organized fashion to the cafeteria. The Disposaperson in front of you accidentally stumbles, and is immediately killed. You step over the corpse, just as you have been trained how to do since childhood.

Once in the cafeteria, you take your seat and suck government issued Soylent out of tubes. You feel happy that food is free and doesn't make a mess. You feel euphoric, even, and not just because of the serotonin injected into the food. You're definitely going to cast your vote to the leader promising to increase the frequency of this Soylent flavor by 5%. Listening to everyone else's thoughts, you can tell everyone is in unanimous agreement. I'm so glad everyone can agree on everything. World peace has been achieved.

After your daily meal, you have been assigned to work in sector 12. It's nice to finally be mining coal instead of planting trees. Doesn't everybody know planting trees is bad for the environment? Where else would the government put bunker 9736?

Once in the mines, you take a nice breath of the black air. You're encouraged to breathe as much as possible during the beginning as an adjustment period. You love mining coal because it benefits everybody. You're so fortunate to be living on a planet with so many natural resources to use up. Your first planet, Earth, didn't have this much coal. You're so glad the government blew that planet up to reduce the number of depleted planets floating through space.

You check the mine's digital leaderboard. You are in the top 1% of coal miners today. You are happy at your work. After all, any lower on the leaderboard and you would be killed off to purify the gene pool. Only the best of the best should be working.

Once mining is complete, it's time for the election to be polled. It only takes a few nanoseconds. Oh good! you think. 5% more Roast Beef Soylent! I wonder what "Beef" is anyways... After that last thought, you feel yourself slowly drifting to sleep. The only words in your head: 'Defiance detected.'

If you chose CEO:

Your name is... what was your name your birth parent gave you? You can't remember, but it doesn't matter. Your servants call you "Master" anyways. You wake up on the sunny beaches on your own private island on your own private planet. You had a restful 14 hours of sleep. Your smart watch alerts your personal Disposapeople that you are awake. Disposaperson #1337 brings you your breakfast: scrambled eggs, fresh milk, and sizzling bacon.

You get flashbacks to the time one of your Disposapeople tried to bring you oatmeal. You hate oatmeal. It's too similar to the food those Disposapeople eat, even though you are the CEO of Soylent. You don't thank your personal disposaperson, and eat your meal. You have a nice life, after Soylent became the leading company in the galaxy. It's nice to have all your work done for you.

You check your profits for the day. You get angry after you see that they are only up by 756%. You'll have to pull some strings with your government connections later to only keep the top 1% of coal miners. That should raise your profits, and encourage those workers to work harder and follow the rules. Haven't they seen the ads?

You are almost done with your meal when your spouse barges in. Your spouse urgently tells you to come quick. Your spouse tells you that your child has been infected with a deadly disease. You ask how that could have happened. The doctor informs you that your child likely caught it from a contagious Disposaperson who had been in the mines.

Outraged, you know that the only solution is to cut the number of workers in the mines. You make a few phone calls and order any miner not in the top 1% to be disengaged immediately. You and your spouse can now rest easy knowing that no more of those workers will be infecting your family anymore. Plus, your profits are up by 1,058%!

If you chose Government official:

Your name is Steve. You are the government official in charge of planet C-137. Today is election day, so you have to put on a good show to make it seem like there is competition. You make sure the news is convincing as many people as possible, and you partner with Soylent to launch an ad campaign. "Work hard, and follow the rules." You like it, it's catchy.

Your assistant informs you that the planet needs to cut back on planting trees, otherwise there will be no room for bunker 9736. You thank her for informing you. They say being polite to your assistants increases the chances of winning an election, after all.

You check the numbers. Good. you think. Bunker #42 is unanimous. An alert pops up: 'Potential defiance detected in worker #42069' You scan the worker to check if the it is voting for you. The worker isn't fully confident. You decide to feed the worker its favorite flavor of Soylent, and promise to increase production of that flavor by 5%. It's convenient to know every worker's preferences.

That should do it you think. You tell your assistant to disengage that worker once the election is complete, just to be sure. You tried Soylent once. It was the worst thing you've ever tasted, but you had to put on a good face, or else the CEO of Soylent wouldn't have partnered with you.

The phone rings. You pick up the phone. It's the CEO of Soylent. The CEO tells you that you have to disengage any coal worker not in the top 1%. You remind the CEO that it's already at 2%. The CEO tells you it's urgent. You need Soylent to vote for you in the election, so you give in under the pressure. You order your assistant to disengage any coal workers not in the top 1%.

You turn on the TV to watch the workers from the satellite cameras. You couldn't imagine what it would be like if anyone could hide their actions. Only criminals would do that.

It's finally time to cast the votes. You push a button, and the votes are collected almost instantly. You won the election, you should be happy... Why aren't you happy?

A Private Society

Let's compare that dystopia to a private society. In this society, privacy is a fundamental human right.

Your Personal Life

Your information is yours, and stays yours. Personal information is never collected. There's no reason to collect it, because you never need to identify yourself using personal data.

If you want to rent a house, you just start paying for it. If you try to stop paying rent, the house gets seized. No identity required.

Healthcare is either free or a very small price that you pay for on the spot. No identity required.

Voting is done in closed buildings so nobody can try going to the back of the line to vote a second time. No identity required.

You buy a car by paying on the spot. Budgeting money and saving up is a common practice. No identity required.

People are civil. If you get in an accident, you pay each other's medical bills. No identity required.

If you want to board a plane, you pay for a ticket and board. No identity required.

When you get a job, you work and get paid at the end of the day. No income taxes, no background checks. If there are references on your résumé (which are not required), jobs can call those references as a "background check". No identity required.

No taxes at all. There's no way to enforce it without tracking income, and there are plenty of other ways to fund the government. No identity required.

Education is either free or you pay for an access card to the building. If you stop the payments, the access card is revoked. No identity required.

Immigration is something that can be done while respecting privacy, but it's apparently a controversial topic, so I will avoid talking about it. I will leave this as an exercise for the reader.

Stores can prevent theft in many different ways without surveillance cameras. Some examples are putting products in lock boxes to be unlocked at checkout, or vending machines. I'd love to hear some of your clever ideas for this.

Your data remains yours. No more online accounts to read an article about bigfoot. No more "send us a picture to verify your age". No more surveillance cameras. No identity requirements.

All communications are private by design. Aliases are common. Also, you can wear clothes.

Security

Breaches hit near zero as security becomes a requirement. Software is mandated to be open source, and government used software is required to be heavily audited. People use proper multi-factor authentication in day to day life. Funds are kept secure by using anonymous digital currencies or cash. ATMs to swap these are around every corner.

Centralized banking exists, but is used less commonly. The ones that exist are closely regulated to make sure they use good privacy practices. Companies are regulated in the same way.

Innovations in physical locks skyrocket, since cameras are no longer strapped to your doorbells. People realize surveillance isn't safety, and that they can get hacked quite easily. Those who do have surveillance systems use a closed circuit to host it locally. Laws are in place so these cameras only record the owner's property. Not the sidewalk, not the road, not the neighbors. Notices must be clearly posted outside.

Self hosting becomes widespread, with the most common tool to self host being blockchain miners. Those servers can double as heating systems in the winter. This person tried mining cryptocurrencies to heat his apartment, but the post with the results got deleted.

The society runs on a full mesh network. This ensures that internet is free and not tracked or censored.

Powers

Companies and governments are fully transparent, so any misconduct is easy to spot and fix. Individuals have privacy, but businesses and corporations do not. This society prioritizes individual privacy, but also transparency.

If misinformation spreads, it is neither the government's nor a company's job to censor it. People will learn to spot misinformation on their own.

Open source software is mandated for use in the government. The government takes security very seriously. National security is not kept by obscuring actions, but by putting real protections in place.

Without being able to sell your data, companies charge for products and services, not software. This not only encourages self hosting, but provides a better business model for things that cannot be self hosted. Things like VPNs, cloud storage, streaming services, etc. are open source but paid. Essentially, you pay with money, not data.

People are not controlled by any entity, and so they can think freely and express freely. Of course, free speech always has social consequences, but it is still free speech.

Conclusion

I could flesh out a lot of the fine details, but you get the picture. Society can function and thrive with privacy, and you need privacy for a free society. It really helps you appreciate the privacy we have today, and helps you realize how our privacy is slowly being eroded. It's a fun thought experiment to see some creative solutions to work around some of the challenges with privacy. We should have privacy as an essential baseline, and work around the problems, rather than defaulting to "more cameras in schools!". Can an AI camera stop a bullet?

Anyways, thanks for reading! My mandated 30 minute brain activity period is over, so I have to go.

P.S. I've undoubtedly made some pretty stupid mistakes while writing this, but I wrote this in good faith.

Edit: Typo

I need help installing Fedora CoreOS on a Raspberry Pi 5.

I've tried this method that uses Fedora Media Writer. The Raspberry Pi fails to boot from the flash drive.

I've tried this method that uses the Fedora Arm Installer. The Raspberry Pi fails to boot from the microSD card.

I've tried adapting this method but it seems to be exclusively for the Raspberry Pi 4, and no substitute tools exist. It didn't seem to even install anything on the microSD card.

I'm at a loss. I have no idea how to install it. Can anyone help? I'd be happy to give a step-by-step process of exactly what I did for each method, if needed.

I am making this post in good faith

In my last post I asked about securely hosting Jellyfin given my specific setup. A lot of people misunderstood my situation, which caused the whole thread to turn into a mess, and I didn't get the help I needed.

I am very new to selfhosting, which means I don't know everything. Instead of telling me that I don't know something, please help me learn and understand. I am here asking for help, even if I am not very good at it, which I apologize for.

With that said, let me reoutline my situation:

I use my ISP's default router, and the router is owned by Amazon. I am not the one managing the router, so I have no control over it. That alone means I have significant reason not to trust my own home network, and it means I employ the use of ProtonVPN to hide my traffic from my ISP and I require the use of encryption even over the LAN for privacy reasons. That is my threat model, so please respect that, even if you don't agree with it. If you don't agree with it, and don't have any help to give, please bring your knowledge elsewhere, as your assistance is not required here. Thank you for being respectful!

Due to financial reasons, I can only use the free tier of ProtonVPN, and I want to avoid costs where I can. That means I can only host on the hardware I have, which is a Raspberry Pi 5, and I want to avoid the cost of buying a domain or using a third party provider.

I want to access Jellyfin from multiple devices, such as my phone, laptop, and computer, which means I'm not going to host Jellyfin on-device. I have to host it on a server, which is, in this case, the Raspberry Pi.

With that, I already have a plan for protecting the server itself, which I outlined in the other post, by installing securecore on it. Securing the server is a different project, and not what I am asking for help for here.

I want help encrypting the Jellyfin traffic in transit. Since I always have ProtonVPN enabled, and Android devices only have one VPN slot enabled, I cannot use something such as Tailscale for encryption. There is some hope in doing some manual ProtonVPN configurations, but I don't know how that would work, so someone may be able to help with that.

All Jellyfin clients I have used (on Linux and Android) do not accept self-signed certificates. You can test this yourself by configuring Jellyfin to only accept HTTPS requests, using a self-signed certificate (without a domain), and trying to access Jellyfin from a client. This is a known limitation. I wouldn't want to use self-signed certificates anyways, since an unknown intruder on the network could perform a MITM attack to decrypt traffic (or the router itself, however unlikely).

Even if I don't trust my network, I can still verify the security and authenticity of the software I use in many, many ways. This is not the topic of this post, but I am mentioning it just in case.

Finally, I want to mention that ProtonVPN in its free tier does not allow LAN connections. The only other VPN providers I would consider are Mullvad VPN or IVPN, both of which are paid. I don't intend to get rid of ProtonVPN, and again that is not the topic of this post.

Please keep things on-topic, and be respectful. Again, I am here to learn, which is why I am asking for help. I don't know everything, so please keep that in mind. What are my options for encrypting Jellyfin traffic in transit, while prioritizing privacy and security?

Please take this discussion to this post: https://lemmy.ml/post/28376589

I'm making this post to share some interesting less talked about things about privacy, security, and other related topics. This post has no direct goal, it's just an interesting thing to read. Anyways, here we go:

I made a post about secureblue, which is a Linux distro* (I'll talk about the technicality later) designed to be as secure as possible without compromising too much usability. I really like the developers, they're one of the nicest, most responsible developers I've seen. I make a lot of bug reports on a wide variety of projects, so they deserve the recognition.

Anyways, secureblue is a lesser known distro* with a growing community. It's a good contrast to the more well known alternative** Qubes OS, which is not very user friendly at all.

* Neither secureblue, nor Qubes OS are "distros" in the classical sense. secureblue modifies and hardens various Fedora Atomic images. Qubes OS is not a distro either, as they state themselves. It's based on the Xen Hypervisor, and virtualizes different Linux distros on their own.

** Qubes OS and secureblue aren't exactly comparable. They have different goals and deal with security in different ways, just as no threat model can be compared as "better" than any other one. This all is without mentioning secureblue can be run inside of Qubes OS, which is a whole other ballpark.

secureblue has the goal of being the most secure option "for those whose first priority is using Linux, and second priority is security." secureblue "does not claim to be the most secure option available on the desktop." (See here) Many people in my post were confused about that sentence and wondered what the most secure option for desktop is. Qubes OS is one option, however the secureblue team likely had a different option in mind when they wrote that sentence: Android.

secureblue quotes Madaiden's Insecurities on some places of their website. Madaiden's Insecurities holds the view that Linux is fundamentally insecure and praises Android as a much better option. It's a hard pill to swallow, but Madaiden's Insecurities does make valid criticisms about Linux.

However, Madaiden's Insecurities makes no mention of secureblue. Why is that? As it turns out, Madaiden's Insecurities has not been updated in over 3 years. It is still a credible source for some occasions, but some recommendations are outdated.

Many people are strictly anti-Google because of Google's extreme history of privacy violations, however those people end up harming a lot of places of security in the process. The reality is, while Google is terrible with privacy, Google is fantastic with security. As such, many projects such as GrapheneOS use Google-made devices for the operating system. GrapheneOS explains their choice, and makes an important note that it would be willing to support other devices as long as it met their security standards. Currently only Google Pixels do.

For those unfamiliar, GrapheneOS is an open source privacy and security focused custom Android distribution. The Android Open Source Project (AOSP) is an open source project developed by Google. Like the Linux kernel, it provides an open source base for Android, which allows developers to make their own custom distributions of it. GrapheneOS is one such distribution, which "DeGoogles" the device, removing the invasive Google elements of the operating system.

Some Google elements, such as Google Play Services can be optionally installed onto the device in a non-privileged way (see here and here). People may be concerned that Google Pixels can still spy on them at a hardware level even with GrapheneOS installed, but that isn't the case.

With that introduction of secure Android out of the way, let's talk about desktop Android. Android has had a hidden option for Desktop Mode for years now. It's gotten much better since it was first introduced, and with the recent release of Android 15 QPR2, Android has been given a native terminal application that virtualizes Linux distros on the device. GrapheneOS is making vast improvements to the terminal app, and there are many improvements to come.

GrapheneOS will also try to support an upcoming Pixel Laptop from Google, which will run full Android on the desktop. All of these combined means that Android is one of, if not the, most secure option for desktop. Although less usable than some more matured desktop operating systems, it is becoming more and more integrated.

By the way, if you didn't know, Android is based on Linux. It uses the Linux kernel as a base, and builds on top of it. Calling Qubes OS a distro would be like calling Android and Chrome OS distros as well. Just an interesting fact.

So, if Android (or more specifically GrapheneOS) is the most secure option for desktop, what does that mean in the future? If the terminal app is able to virtualize Linux distros, secureblue could be run inside of GrapheneOS. GrapheneOS may start to become a better version of Qubes OS, in some respects, especially with the upcoming App Communication Scopes feature, which further sandboxes apps.

However, there is one bump in the road, which is the potential for Google to be broken up. If that happens, it might put GrapheneOS and a lot of security into a weird place. There might be consequences such as Pixels not being as secure or not supporting alternative Android distributions. Android may suffer some slowdowns or halts in development, possibly putting more work on custom Android distribution maintainers. However, some good may come from it as well. Android may become more open source and less Google invasive. It's going to be interesting to see what happens.

Speaking of Google being broken up, what will happen to Chrome? I largely don't care about what happens to Chrome, but instead what happens to Chromium. Like AOSP, Chromium is an open source browser base developed by Google. Many browsers are based on Chromium, including Brave Browser and Vanadium.

Vanadium is a hardened version of Chromium developed by GrapheneOS. Like what GrapheneOS does to Android, Vanadium removes invasive Google elements from the browser and adds some privacy and security fixes. Many users who run browser fingerprinting tests on Vanadium report it having a nearly unique fingerprint. Vanadium does actually include fingerprint protections (see here and here), but not enough users use it for it to be as noticeable as the Tor Browser. "Vanadium will appear the same as any other Vanadium on the same device model, and we don't support a lot of device models." (see here)

There's currently a battle in the browser space between a few different groups, so mentioning any browser is sure to get you involved in a slap fight. The fights usually arise between these groups:

• The group that is strictly anti-Google and uses Firefox-based browsers
• The security focused group that recognizes that Firefox is insecure and opts for privacy enhanced versions of Chromium
• The political group that only care about the politics behind an organization rather than the code itself (examples: Firefox Terms of Use update, Brave Browser including a crypto wallet)

For that last one, I would like to mention that Firefox rewrote the terms after backlash, and users have the ability to disable bloatware in Brave. Since Brave is open source, it is entirely possible for someone to make a fork of it that removes unwanted elements by default, since Brave is another recommended browser by the GrapheneOS team for security reasons.

Another interesting Chromium-based browser to look at is secureblue's Trivalent, which was inspired by Vanadium. It's a good option for users that use Linux instead of Android as a desktop.

Also, about crypto, why is there a negativity around it? The reason is largely due to its use in crime, use in scams, and use in investing. However, not all cryptocurrencies are automatically bad. The original purpose behind cryptocurrency was to solve a very interesting problem.

There are some cryptocurrencies with legitimate uses, such as Monero, which is a cryptocurrency designed to be completely anonymous. Whether or not you invest in it is your own business, and unrelated to the topics of this post. Bitcoin themselves even admit that Bitcoin is not anonymous, so there is a need for Monero if you want fully decentralized, anonymous digital transactions.

On the topic of fully decentralized and anonymous things, what about secure messaging apps? Most people, even GrapheneOS and CISA, are quick to recommend Signal as the gold standard. However, another messenger comes up in discussion (and my personal favorite), which is SimpleX Chat.

SimpleX Chat is recommended by GrapheneOS occasionally, as well as other credible places. This spreadsheet is my all time favorite one comparing different messengers, and SimpleX Chat is the only one that gets full marks. Signal is a close second, but it isn't decentralized and it requires a phone number.

Anyways, if you do use Signal on Android, be sure to check out Molly, which is a client (fork) of Signal for Android with lots of hardening and improvements. It is also available to install from Accrescent.

Accrescent is an open source app store for Android focused on privacy and security. It is one of the default app stores available to install directly on GrapheneOS. It plans to be an alternative to the Google Play Store, which means it will support installing proprietary apps. Accrescent is currently in early stages of development, so there are only a handful of apps on there, but once a few issues are fixed you will find that a lot of familiar apps will support it quickly.

Many people have high hopes for Accrescent, and for good reason. Other app stores like F-Droid are insecure, which pose risks such as supply chain attacks. Accrescent is hoped to be (and currently is) one of the most secure app stores for Android.

The only other secure app store recommended by GrapheneOS is the Google Play Store. However, using it can harm user privacy, as it is a Google service like any other. You also need an account to use it.

Users of GrapheneOS recommend making an anonymous Google account by creating it using fake information from a non-suspicious (i.e. not a VPN or Tor) IP address such as a coffee shop, and always use a VPN afterwards. A lot of people aren't satisfied with that response, since the account is still a unique identifier for your device. This leads to another slap fight about Aurora Store, which allows you to (less securely) install Play Store apps using a randomly given Google account.

The difference between the Play Store approach and the Aurora Store approach is that Aurora Store's approach is k-anonymous, rather than... "normal" anonymity. The preference largely comes down to threat models, but if you value security then Aurora Store is not a good option.

Another criticism of the Play Store is that it is proprietary. The view of security between open source software and proprietary software has shifted significantly. It used to be that people viewed open source software as less secure because the source code is openly available. While technically it's easier to craft an attack for a known exploit if the source code is available, that doesn't make the software itself any less secure.

The view was then shifted to open source software being more secure, because anyone can audit the code and spot vulnerabilities. Sometimes this can help, and many vulnerabilities have been spotted and fixed faster due to the software being open source, but it isn't always the case. Rarely do you see general people looking over every line of code for vulnerabilities.

The reality is that, just because something is open source, doesn't mean it is automatically more or less secure than if it were proprietary. Being open source simply provides integrity in the project (since the developers make it as easy as possible to spot misconduct), and full accountability towards the developers when something goes wrong. Being open source is obviously better than being proprietary, that's why many projects choose to be open source, but it doesn't have to be that way for it to still be secure.

Plus, the workings of proprietary code can technically be viewed, since some code can be decompiled, reverse engineered, or simply read as assembly instructions, but all of those are difficult, time consuming, and might get you sued, so it's rare to see it happen.

I'm not advocating for the use of proprietary software, but I am advocating for less hate regarding proprietary software. Among other things, proprietary software has some security benefits in things like drivers, which is why projects like linux-libre and Libreboot are worse for security than their counterparts (see coreboot).

Those projects still have uses, especially if you value software freedom over security, but for security alone they aren't as recommended.

Disclaimer before this next section: I don't know the difference in terminology between "Atomic", "Immutable", and "Rolling Release", so forgive me for that.

Also, on the topic of software freedom, stop using Debian. Debian is outdated and insecure, and I would argue less stable too. Having used a distro with an Atomic release cycle, I have experienced far less issues than when I used Debian. Not to mention, if you mess anything up on an Atomic distro, you can just rollback to the previous boot like nothing happened, and still keep all your data. That saved me when I almost bricked my computer motifying /etc/fstab/ by hand.

Since fixes are pushed out every day, and all software is kept as up to date as possible, Atomic distros I argue give more stability than having an outdated "tried and tested" system. This is more an opinion rather than factually measured.

Once I realized the stable version of Debian uses Linux kernel 6.1, (which is 3 years old and has had actively exploited vulnerabilities), and the latest stable version of the kernel is 6.13, I switched pretty quick for that reason among others.

Now, many old kernel versions are still maintained, and the latest stable version of Android uses kernels 6.1 and 6.6 (which are still maintained), but it's still not great to use older kernel versions regardless. It isn't the only insecurity about Debian.

I really have nothing more to say. I know I touched on a lot of extremely controversial topics, but I'm sick of privacy being at odds with security, as well as other groups being at odds with each other. This post is sort of a collection of a lot of interesting privacy and security knowledge I've accrued throughout my life, and I wanted to share my perspective. I don't expect everybody to agree with me, but I'm sharing this in case it ever becomes useful to someone else.

Thanks for taking the time to read this whole thing, if you did. I spent hours writing it, so I'm sure it's gotten very long by now.

Happy Pi Day everyone!

This post is long and kind of a rant. I don't expect many to read the whole thing, but there's a conclusion at the bottom.

On the surface, recommended security practices are simple:

• Store all your credentials in a password manager
• Use two factor authentication on all accounts

However, it raises a few questions.

• Should you access your 2FA codes on the same device as the password manager?
• Should you store them in the password manager itself?

This is the beginning of where a threat model is needed. If your threat model does not include protections against unwanted access to your device, it is safe for you to store access your 2FA codes on the same device as your password manager, or even in the password manager itself.

So, to keep it simple, say you store your 2FA in your password manager. There's a few more questions:

• Where do you store the master password for the password manager?
• Where do you store 2FA recovery codes?

The master password for the password manager could be written down on a piece of paper and stored in a safe, but that would be inconvenient when you want to access your passwords. So, a better solution is to just remember your password. Passphrases are easier to remember than passwords, so we'll use one of those.

Your 2FA recovery codes are something that are needed if you lose access to your real 2FA codes. Most websites just say "Store this in a secure place". This isn't something you want to store in the same place as those (in this case our password manager), and it's not something you will access often, so it's safe to write it down on a piece of paper and lock it in a safe.

Good so far, you have a fairly simple system to keep your accounts safe from some threats. But, new problems arise:

• What happens if you forget your master passphrase?
• What happens if others need access to your password manager?

The problem with remembering your passphrase is that it's possible to forget it, no matter how many times you repeat it to yourself. Besides naturally forgetting it, things like injuries can arise which can cause you to forget the passphrase. Easy enough to fix, though. We can just keep a copy of the passphrase in the safe, just in case we forget it.

If someone else needs to access certain credentials in your password manager, for example a wife that needs to verify bank information using your account, storing a copy of the password is a good idea here too. Since she is a trusted party, you can give her access to the safe in case of emergencies.

The system we have is good. If the safe is stolen or destroyed, you still have the master passphrase memorized to change the master passphrase and regenerate the 2FA security codes. The thief who stole the safe doesn't have your password manager's data, so the master passphrase is useless. However, our troubles aren't over yet:

• How do you store device credentials?
• How do you keep the password manager backed up?

Your password manager has to have some device in order to access it. Whether it's a phone, computer, tablet, laptop, or website, there needs to be some device used to access it. That device needs to be as secure as your password manager, otherwise accessing the password manager becomes a risk. This means using full disk encryption for the device, and a strong login passphrase. However, that means we have 2 more passwords to take care of that can't be stored in the password manager. We access those often, so we can't write them down and store them in the safe, Remembering two more passphrases complicates things and makes forgetting much more likely. Where do we store those passphrases?

One solution is removing the passwords altogether. Using a hardware security key, you can authenticate your disk encryption and user login using it. If you keep a spare copy of the security key stored in the safe, you make sure you aren't locked out if you lose access to your main security key.

Now to keep the password manager backed up. Using the 3-2-1 Backup Strategy. It states that there should be at least 3 copies of the data, stored on 2 different types of storage media, and one copy should be kept offsite, in a remote location (this can include cloud storage). 2 or more different media should be used to eliminate data loss due to similar reasons (for example, optical discs may tolerate being underwater while LTO tapes may not, and SSDs cannot fail due to head crashes or damaged spindle motors since they do not have any moving parts, unlike hard drives). An offsite copy protects against fire, theft of physical media (such as tapes or discs) and natural disasters like floods and earthquakes. Physically protected hard drives are an alternative to an offsite copy, but they have limitations like only being able to resist fire for a limited period of time, so an offsite copy still remains as the ideal choice.

So, our first copy will be on our secure device. It's the copy we access the most. The next copy could be an encrypted hard drive. The encryption passphrase could be stored in our safe. The last copy could be a cloud storage service. Easy, right? Well, more problems arise:

• Where do you store the credentials for the cloud storage service?
• Where do you store the LUKS backup file and password?

Storing the credentials for the cloud storage service isn't as simple as putting it in the safe. If we did that, then anyone with the safe could login to the cloud storage service and decrypt the password manager backup using the passphrase also stored in the safe. If we protected the cloud storage service with our security key, a copy of that is still in the safe. Maybe we protect it with a 2FA code, and instead of storing the 2FA codes in the password manager, we store it on another device. That solves the problem for now, but there are still problems, such as storing the credentials for that new device.

When using a security key to unlock a LUKS partition, you are given a backup file to store as a backup for emergencies. Plus, LUKS encrypted partitions still require you to setup a passphrase, so storing that still becomes an issue.

Conclusion

I'm going to stop here, because this post is getting long. I could keep going fixing problems and causing new ones, but the point is this: Security is a mess! I didn't even cover alternative ways to authenticate the password manager such as a key file, biometrics, etc. Trying to find "perfect" security is almost impossible, and that's why a threat model is important. If you set hard limits such as "No storing passwords digitally" or "No remembering any passwords" then you can build a security system that fits that threat model, but there's currently no security system that fits all threat model.

However, that doesn't let companies that just say "Store this in a secure place" off the hook either. It's a hand wavy response to security that just says "We don't know how to secure this part of our system, so it's your problem now". We need to have comprehensive security practices that aren't just "Use a password manager and 2FA", because that causes people to just store their master passphrase on a sticky note or a text file on the desktop.

The state of security is an absolute mess, and I'm sick of it. It seems that, right now, security, privacy, convenience, and safety (e.g. backups, other things that remove single points of failure) are all at odds with each other. This post mainly focused on how security, convenience, and safety are at odds, but I could write a whole post about how security and privacy are at odds.

Anyways, I've just outlined one possible security system you can have. If you have one that you think works well, I'd like to hear about it. I use a different security system than what I outline here, and I see problems with it.

Thanks for reading!

cross-posted from: https://lemmy.ml/post/26453685

Not many people have heard about secureblue, and I want to spread the word about it. secureblue provides hardened images for Fedora Atomic and CoreOS. It's an operating system "for those whose first priority is using linux, and second priority is security."

secureblue provides exploit mitigations and fixes for multiple security holes. This includes the addition of GrapheneOS's hardened_malloc, their own hardened Chromium-based browser called Trivalent, USBGuard to protect against USB peripheral attacks, and plenty more.

secureblue has definitely matured a lot since I first started using it. Since then, it has become something that could reasonably be used as a daily driver. secureblue recognizes the need for usability alongside security.

If you already have Fedora Atomic (e.g. Secureblue, Kinoite, Sericea, etc.) or CoreOS installed on your system, you can easily rebase to secureblue. The install instructions are really easy to follow, and I had no issues installing it on any of my devices.

I'd love more people to know about secureblue, because it is fantastic if you want a secure desktop OS!

Not many people have heard about secureblue, and I want to spread the word about it. secureblue provides hardened images for Fedora Atomic and CoreOS. It's an operating system "for those whose first priority is using linux, and second priority is security."

secureblue provides exploit mitigations and fixes for multiple security holes. This includes the addition of GrapheneOS's hardened_malloc, their own hardened Chromium-based browser called Trivalent, USBGuard to protect against USB peripheral attacks, and plenty more.

secureblue has definitely matured a lot since I first started using it. Since then, it has become something that could reasonably be used as a daily driver. secureblue recognizes the need for usability alongside security.

If you already have Fedora Atomic (e.g. Secureblue, Kinoite, Sericea, etc.) or CoreOS installed on your system, you can easily rebase to secureblue. The install instructions are really easy to follow, and I had no issues installing it on any of my devices.

I'd love more people to know about secureblue, because it is fantastic if you want a secure desktop OS!

(In honor of Holiday. You know who you are.)

I didn't like Kodi due to the unpleasant controls, especially on Android, so I decided to try out Jellyfin. It was really easy to get working, and I like it a lot more than Kodi, but I started to have problems after the first time restarting my computer.

I store my media on an external LUKS encrypted hard drive. Because of that, for some reason, Jellyfin's permission to access the drive go away after a reboot. That means something like chgrp -R jellyfin /media/username does work, but it stops working after I restart my computer and unlock the disk.

I tried modifying the /etc/fstab file without really knowing what I was doing, and almost bricked the system. Thank goodness I'm running an atomic distro (Fedora Silverblue), I was able to recover pretty quickly.

How do I give Jellyfin permanent access to my hard drive?

Solution:

1. Install GNOME Disks
2. Open GNOME Disks
3. On the left, click on the drive storing your media
4. Click "Unlock selected encrypted partition" (the padlock icon)
5. Enter your password
6. Click "Unlock"
7. Select the LUKS partition
8. Click "Additional partition options" (the gear icon)
9. Click "Edit Encryption Options..."
10. Enter your admin password
11. Click "Authenticate"
12. Disable "User Session Defaults"
13. Select "Unlock at system startup"
14. Enter the encryption password for your drive in the "Passphrase" field
15. Click "Ok"
16. Select the decrypted Ext4 partition
17. Click "Additional partition options" (the gear icon)
18. Click "Edit Mount Options..."
19. Disable "User Session Defaults"
20. Select "Mount at system startup"
21. Click "Ok"
22. Navigate to your Jellyfin Dashboard
23. Go to "Libraries"
24. Select "Add Media Library"
25. When configuring the folder, navigate to /mnt and then select the UUID that points to your mounted hard drive