I use the pc to work professionally, but how can i improve security and privacy? O.S, Cloud Storage, Apps

Community Help! How to?
#1

Hi there! I am an Illustrator and I love to draw both digitally and traditionally. I got really interested on improving my privacy, not only to better understand whats happening with my data, but also to see if I could help other people, after I’ve successfully helped myself first, and learned the how to.

I wanted to share Here my daily equipment, composed by hardware devices, and digital software I do use.
I use several devices and digital services to consume and create content:

  • 1 Desktop PC (Windows + MacOS Hackintosh) --> Apps (Final Cut Pro, Adobe Photoshop, Clip Studio Paint, Safari, Qbtorrent, Handbrake, VLC, Microsoft Office Apps . --> Digital Services (DropBox, Gmail, Drive)
  • 1 Smartphone (Iphone 8) --> Apps (FB, IG, Whatsapp, Telegram, Youtube, Safari, Banking App) --> Digital Services (DropBox, Gmail, Drive)
  • 1 Tablet (iPad Pro 12.9 2020) --> Apps (Procreate, Clip Studio Paint, Safari, Youtube) --> Digital Services (DropBox, Gmail, Drive)

To use, the app I do use, I need sometimes MacOS, and sometimes Windows OS. Added to it, I do often use my phone to see other artists works and get inspiration (Mostly Instagram, Tumblr, Deviantart, Pixiv… I do only use them in Safari, I dont have the app installed on my device). Could you help me understand my privacy flaws, where I could improve to the highest point of privacy, based on the app I do use for my work? I mean… I could go 100% Privacy, and not use any of thoose OS’s, but then How do I get my work done?

Thanks YOU <3

#2

I feel you Marco. You want to use stuff that you need to use and still be private. This is quite a challenge because Microsoft, Adobe and to an extent, Apple does not care about your privacy. It is still quite doable.

First, do consider a Linux host system for your desktop to virtualize the Windows and Hackintosh. The reason to do this is to do image backups (via something like ZFS or maybe BTRFS). Windows has this tendency to commit suicide so having the capability to completely rollback changes to the OS at the VM level is good to have. You need a computer with lots of cores to achieve similar enough speed in your renders. You can offload the Handbrake, VLC and torrent software to the host Linux OS itself.

For the iphone, I would suggest:

  1. Use a VPN software (that uses the IKEv2 protocol)
  2. Install Lockdown to block the tracking and telemetry.
  3. Use Firefox for browsing instead of Safari and use it to browse the FB, Whatsapp and Youtube instead of using the app version.
  4. Install cryptomator to encrypt contents in DropBox and Google Drive/Google One. Consider using something like Nextcloud as replacement especially if you do not have a lot of online storage requirements. Maybe check out the enterprise version if it is worth it for you.
  5. Your banking app stays because it might trigger some weird fraud protection scheme if you do something weird with it.
  6. Consider moving on to a better email providers instead of remaining on GMail. Just transfer all your online accounts to whatever you choose. There is no need to totally delete Google for now (Google already has your personal data and there is no verifiable way for you to know if you they can actually delete your personal data).
  7. Consider making an Android VM to your pc (via Androidx86) to access Instagram (which cannot be accessed via a desktop computer).

The iPad should probably stay as is and also install Firefox, Lockdown and another VPN provider as well. Also remove the Youtube app and just watch straight from the browser.

Finally, also consider using the following devices:

  1. A new smartphone instead of iPhone. Google Pixel with Graphene OS. I havent used this myself though but I will try to remigrate my device once my old Lineage phone dies.
  2. Raspberry Pi 4 + PiHole - Use these to provide local network-wide DNS blocking for trackers and telemetry in all your devices. This is like what lockdown is, but for desktop. Previously you could edit the host file in microsoft but they have since then blocked modifications to it that pertains to telemetry.
2 Likes
#3

Man thats a lot :joy: okay my recommendation would maybe look dumb but here its:

  1. why use all of this? maybe try GIMP? (inside linux of course) and i know it going to take learning curve but i’m sure you going to like it (thats the dumb recommendation i said about, because most of people dont want to learn new apps)
  2. About “digital services” you can use something like nextcloud or at least encrypt your stuff before upload and give a try to protonmail or tutanota for your email address
  3. You can use Instagram, Tumblr, Deviantart, Pixiv inside harden browser like firefox or so
  4. about the apps on your devices you can use it’s web version or instead of youtube use invidious or newpipe like try to use the alts and if there is none then try use its web app (inside harden browser)
    at the end, nothing is 100% nothing is perfect
2 Likes
#4

or just use pihole on your linux itself (as what i was doing) if you cant get Raspberry Pi 4

2 Likes
#5

If you don’t need to be logged in on Twitter and Instagram, you can use Nitter(Twitter) and Bibliogram(Instagram), which are two frontend services which allows you to browse the whole content on these 2 websites without their tracking, there’s only a few things you won’t be able to use like Instagram stories (and possibly twitter’s too).

1 Like
#6

The advantage of using a separate device for PiHole is when you shut down the computer, your phones and tablets are still connected throughout the network.

1 Like
#7

@hauntsanctuary @esmailelbob Thanks everyone here :slight_smile:
I need to do professional illustration work on Photoshop, Clip Studio Paint, use Final Cut Pro x, File Management, Browsing the internet, and I currently have bought a NUC8i5BEK (i5-8259u), to do this 3build thing, where I could use Linux, Mac and Win, in the most secure way. It would be just amazing if I have to install only Linux, and then use Mac and Win as VM’s, if they work as native. (or even better)
Anyway thoose below are my main concerns right now :slight_smile: :

  1. Would I be able to run VM, MacOS and Windows, from Linux Host, at the same speed they would run with H4ck1nt0sh and Native? It would be cool to switch, back and forth, from Linux and Macos at the same time.

  2. I need a cloud service that could share my files with unknown people, because I do need to send them thoose files as a rewards for their Patreon Pledge, so I normally use Dropbox as a service, and I do normally zip my reward file of the month, and then I apply a password to It, and sync it in Dropbox, dragging it into a synced folder on my Mac. Is this a correct way of doing this, or there is a better one? Yes you may ask if they would pirate my files after they download from my dropbox, uploading them to other websites for free. They could, but what could I do? Could I stop them to doing so?

  3. Regarding the mobile device I need, The iPad and the iPhone, I could ditch the iPhone, but right now, I use Icloud Keychain as my main password manager, and I found it good, because it sync accroos all my iCloud Devices (Mac, iPad, iPhone). iF I could find any alternative that could sync between my Desktop (Linux, Mac, Win), iPad, Smartphone (android or ios), that would be amazing! Maybe better if it has a feature that could change every saved password, for each different account, every 30 or 60 days from the latest change. Would that be possible?
    For the smartphone, I am sensitive to PWM and I would not use any OLED device, so if there is any iPS smarpthone option, better than the actual iPhone 8 I do have right now, that would allow me to use the password manager, and have a better privacy than ios, I would buy it. Any advice on this particular one?

  4. I have done the first step in password management. What about the second step? How do I manage emails for each individual account I have for social media, digital services, apps, and others? How could I just remember one email address, to rule them all? (like the password manager does), and also How do I receive my emails, from different aliases, to only one Inbox, without the need to check every different inbox, every time?

  5. There would be also a correct and privacy focused way to manage all social media account, schedule post on them, use them all togheter, automatize some stuff, without the fear to have the account been stolen? How would you manage social media accounts?

Thanks again :slight_smile:

#8

@anony thanks :slight_smile:

#9

yup! i know :joy: it just my family uses my wifi and my router starts with my PC so it was kinda linked together lol (and Raspberry Pi costs around 1000 in here so like fuck customs :sweat_smile: )

#10
  1. I remember a video from Linus tech tips about using both Mac and windows side to side over redhat linux i will look about this video (but its setup was hard if i remember right) [found it: https://invidious.snopyta.org/watch?v=EozeSDeV3Vo]
  2. unknown people means you can encrypt the files using GPG, i would recommend website like upload.vaa.red because it encrypts the file before upload it
  3. Bitwarden? xD or keepass but you gotta export the database. im sorry but what is PWM ? :sweat_smile:
  4. I mean password manager saves the email alongside the password, right? im confused and for aliases for me i use simplelogin
  5. I dont use social media accounts :stuck_out_tongue: but it would be possible throughout APIs (i will look about it) [found it, thanks for the wonderful community of open source: https://github.com/search?q=schedule+post+on+social+media]
#11

Regarding the use of Photoshop I have dual boot for Linux and Windows 8 with Photoshop 2018. Apart from work, I spend all my time in Linux. Windows has all connections blocked by Tinywall and I unblock them only about once per year to renew PS subscription. I also use Krita in Linux which is sufficient in many stages of my work.

If I had two good video cards I would probably use Qemu/Kvm VM(heard that it has very good performance) under Linux to install Windows Ameliorated and a cracked version of Photoshop.

I have no qualms about it, still would subscribe to Adobe, but the idea that just because they have monopoly over swaths of market, they can squeeze me for money AND personal data is totally ludicrous.

#12

Does DropBox encrypt your file?

Would it be very hard for my intel nuc8i5bek to run MacOs and Win into Linux, as VM’s?

#13

I’m not sure but they say yes i’m still not sure “at-rest” yet because it means on fly so maybe they mean client side, i need someone to clarify me tho. and i remember mega.nz does this and their desktop client is open source (so point for them, even after searching again i found dropbox “loves” open source too) fuck it getting harder to compare :joy:. based on search its safe to use but with my experience (aka 0) i would say mega.nz even if their server side is closed source (so again i would say upload.vaa.red or something similar and im not good with hardware :grimacing:

EDIT: forgot to mention that you can use photoshop on linux (thanks to wine) https://linuxhint.com/install_adobe_photoshop_linux/

#14

  1. The NUC isnt really a proper desktop system so performance under a VM will not be at par with Windows (and Mac) running in bare metal. How much performance loss you have will be dependent on the NUC itself which isnt a lot. I am curious how you are doing in a Hackintosh because AFAIK, all of them live over an emulation layer and that also affects performance.

  2. Simple zipping should be sufficient to maintain privacy, for which 7zip should work wonderfully. The only concern is for metadata leakage if you are using Dropbox. Also, no, you really cant prevent content piracy.

  3. Bitwarden is pretty much everywhere in all of the major OSes, including iOS and Android. I would argue having a unique password and email plus two factor authentication for each account is better than changing password each month. Changing passwords every 2 years seems the reasonable amount of time or when there is a breach or leak.

    I also dont know what a PWM is and how it relates to OLED.

  4. Use Multifactor Authentication whenever you have the option (andOTP and the like). A hardware key like a Yubikey would be the more secure way moving forward. They also have NFC and lightning connectors for mobile use. Dont use SMS as two factor if you are in the US because it is easy to do sim swap attacks there, apparently.

  5. Social media account must be always secured with above mentioned multifactor authentication. I’ve stopped using all major social media, so I really dont have anything particularly to share, especially regarding post automation.

We also shouldnt probably be recommending cracks because cracks frequently have malware in them @fukcy. Legitimate copies are always better, just block their trackers and telemetry within PiHole. I dont recommend Windows Ameliorated for now because it doesnt have a proper Windows Defender, which is a competent protection for Windows, more than recent antiviruses could ever be.

1 Like
#15

How could I prevent this?

I only would have that for the main account manager. Is that ok?

Thats sad :slight_smile: . I would like to go deep here because maybe could I just schedule and automate posts without logging in?

Recently I came across this thing. Do you think I would be able to run the ADBlocker and Web Filtering, withtin Nextcloud for Home Cloud, Local file Sharing?

#16

The point was to be able to function completely without requiring internet connection and presumably cracked version of PS doesn’t need internet access ever. Whatever the likelihood for it to contain malware, it seems to me unlikely, that would have any effect in an environment like that. That is probably what I would do if I could effort another video card to pass thru, but you might be right, I am not an expert.

#17

Hiii :slight_smile:

One thing you can do is just editing your hosts file for your OS to include things like:
0.0.0.0 www.google-analytics.com
There you go now google analytics won’t track you, and you can repeat that with any other domain of your choice…including Microsoft telemetry URLs :slight_smile:

if you’re using a firewall you might be able to block ports as well - I personally block things like the NTP port (It’s the time-synch-update-thingy port). If you ALWAYS use HTTPS over HTTP, you can block ports 80 & 8080 as well :confused:

ooh and I like the Tor Browser Bundle, you can just run that then configure a web browser to connect to a SOCK5 proxy on port 9050 i think and there you goooooo. Also any chat or IM program that allows you to set a socks proxy can be configured the same way :smiley:

I don’t really use social media except sometimes nitter and bibliogram. I actually deleted my only social media account (Twitter) back when #blessed was trending very popularly.

By the way, THAT is how much I care about my privacy & security - I block NTP xD

Sometimes when I feel like making sure I am not tracked I leave my phone @ home when I leave the house

#18

You really cant prevent metadata leaking on the side of the server, if it was not designed as such. You really cant block information such as file size, created date, modified date, SHA file hash, etc.

1 Like
#19

I’ve never heard an idea more ridiculous than working with professional graphics in a virtual machine, and even more so on a mini PC. You will not only lose overall performance, but most importantly, you’ll lose the performance of the graphics card drivers on which all professional graphics software rely.

Working on a machine disconnected from the internet and reloading to linux in trialboot is also does not fit well with professional activities that require constant immediate exchange with other devices, cloud services, communication with colleagues and customers, search and download of graphic assets, etc.

Juggling with three systems and three sets of hardly compatible software is unlikely an improvement, unless the problem being solved is an excess of free time.

For Windows, it’s enough to disable telemetry and MS cloud services (the internet is full of instructions) and use the built-in firewall:

  1. A set of rules can be applied to block remaining telemetry connections: https://crazymax.dev/WindowsSpyBlocker/app/telemetry/firewall/
  2. Install the control panel for the built-in firewall and enable Medium Filtering to see every unauthorized connection from Windows, Adobe and other trial software: https://www.binisoft.org/wfc
#20

Its nice that you provide some advice here, but its ridiculous that you pretend like you know more than fckall about what kind of working environment suits whom. The problem being solved on this forum in general is privacy, not how to achieve the utmost convenience.
Don’t know about slower computers, but I know CG pro who’s happy with working in quemu/kvm and doesn’t have problems with performance.
To me, after I gather whatever data I need and start working, internet is nothing but a distraction. There is no requirement to constantly switch OS or to chat. If necessary I can be reached on other device.
Since the OP works also traditionally, I’m sure they are aware of the fact, that painters and illustrators have happily worked for most of history without their ass being constantly uploaded into the cloud.

Of course, if your tips really solve all the privacy issues with Windows and Adobe then kudos to you!

1 Like