Privacy on Your Computer

In an age where surveillance is cheap and data is currency, protecting your privacy starts with the device you use every day — your computer. This guide outlines best practices to harden your machine, minimize data exposure, and reclaim digital autonomy.

1. Choose a Privacy-Respecting Operating System

Most mainstream operating systems (Windows/macOS) come pre-installed with telemetry and tracking features. For better privacy, consider switching to one of the following:

• Qubes OS – A security-focused OS that uses virtualization to compartmentalize tasks.
• Tails – A portable, amnesic OS designed to leave no trace. Routes all traffic through Tor.
• Debian/Fedora with Hardening – More user-friendly but customizable for hardened setups.

If switching OS is not an option, you can still harden your existing one by disabling telemetry, uninstalling bloatware, and using strong local encryption.

2. Harden System-Level Privacy

• Disk Encryption: Use full-disk encryption (e.g., LUKS, BitLocker, FileVault).
• Firewall: Enable and configure it to block all incoming traffic by default.
• Disable Unused Services: Stop things like Bluetooth, printer daemons, location services, and voice assistants.
• Configure Host Files: Block known telemetry and ad domains locally.

3. Software Choices Matter

Every app you install is a potential privacy leak. Stick to trusted, open-source tools when possible:

• Browser: Firefox (hardened), LibreWolf, or Tor Browser.
• Email: Thunderbird with PGP, or ProtonMail via the browser.
• Office Suite: LibreOffice or OnlyOffice (self-hosted).
• Cloud Sync: Syncthing or Nextcloud (self-hosted if possible).
• PDF Viewer: Use something like zathura or MuPDF instead of Adobe.

Always check software permissions, avoid auto-updaters that phone home without consent, and sandbox risky applications using Flatpak, AppArmor, or Firejail.

4. Network-Level Privacy

• Use a privacy-first DNS: Like NextDNS or Quad9 (with DoH/DoT).
• Block Trackers: Use Pi-hole or browser-based blockers like uBlock Origin.
• VPN: Use a reputable, no-log VPN (Mullvad, IVPN). Avoid free ones.
• Tor: When anonymity is more important than speed, use the Tor network.

5. Hardware Considerations

Your hardware also affects your privacy. Here are some recommendations:

• Use Coreboot-compatible devices: To replace proprietary BIOS/UEFI firmware.
• Disable Intel ME/AMD PSP: When possible, or buy devices with it neutered (e.g., NitroPad).
• Physically remove microphones/webcams: Or use hardware kill switches.
• Prefer Ethernet over Wi-Fi: Less metadata leakage and more stable.

“If the device is designed to collect data, no amount of software will make it private.”
— nofingerprint

6. Daily Habits for Digital Privacy

Technology is just one side of the coin. Your behavior also matters:

• Use strong, unique passwords with a local password manager (e.g., KeePassXC).
• Regularly audit installed software and browser extensions.
• Disable location services and avoid syncing sensitive data to the cloud.
• Be cautious with USB drives and external devices.
• Power off your device when not in use.

7. Conclusion

You don’t need to be an expert to take back control. Start small: pick a secure browser, audit your apps, and use full-disk encryption. Over time, you can build a setup that respects your right to privacy — from the hardware you choose to the tools you run.

Your privacy isn't a toggle. It's a mindset.