I favor using tools that already exist. On my router, I block traffic from all the sites listed here: https://github.com/CHEF-KOCH/NSABlocklist For a password manager, I’ll use Bitwarden, built on Debian 9. Works just like last-pass or 1password or Chrome password vault - except all data is saved and encrypted on my own hardware. For browsing, I’ll use a commercial VPN product, but I’ll understand the functional limitations of such a product - which means that I know enough about how it works to know what is still available to be sniffed, what third parties are still able to get, and what not to search up. For searching, I’ll use DuckDuckGo. Self-explanatory. For my accounts, I’ll routinely purge them, delete them, recreate them. For email, I used to have a custom-built mail server but that was too much administration. Now I have Tutanota with a custom domain. For all my accounts and service, I have MFA enable. This is the best tool out of all of these, and the easiest to set up. Your bank, your trading account, all social media, email, etc. should all be using MFA. No exceptions. And, most importantly, I understand the limitations of each, and what information in a transaction/transfer/exchange/packet is still available for bad guys to sniff. There is no such thing as perfect security, but you can definitely go a lot further than the default settings. Signed, a cyber security engineer

Browsers: Brave and Chromium, both with uBlock Origin for ads. I also have a Raspberry Pi running Pi-Hole, thought I haven't set it up for DNS over TLS or HTTPS. Password managers, Bitwarden. Before, I used to use the same long password but slightly altered for each account. e.g. *foobarGGL* for Gmail, *foobarRDT* for Reddit, etc. Slightly better than reusing the exact same password, but honestly, just get a decent password manager. VPN: I'm finding ProtonVPN's free tier as perfectly fine for mostly text-based social media. For downloads and torrenting, Ultraseedbox has been treating me well. Search engines, DuckDuckGo and StartPage. If I need to use Google or Google Images I usually pop open an Incognito tab, just out of spite. VM: I'm not sure to what extent data and profiles might "leak" across different browser accounts, whether nefariously or by my own fat fingered accidents, so I've been running a VM for a while for all my "politically inappropriate" reading and posting. Between having my different login accounts on different browsers on different OSes on different IP addresses (VPN with Killswitch), I reckon it should buy me at least a *little* peace of mind that I'm not going to get doxxed and painted as some puppy kicking, orphanage burning monster, all because I had the sheer audacity to click on a link to some random "subversive" Op-Ed article.

Pi-Hole for home LAN, private VPS for hosting my own domain with email and VPN services. No mail is shared with Google, Apple or any other company and VPN (IKEv2) helps to get from public wifi networks. AdGuard in Safari, DDG for search, 10minute email for all new registrations, I added shitmail.org for specific cases. I can't even remember when was the last time that I registered somewhere with my real email address. 1Password as a password manager, stores everything sensitive. I use YubiKey 4 as a HW token for 2FA at crypto exchanges and generally anywhere where there is integration. I try to strictly separate private and work matters and not put absolutely any personal data or information on my work machine that is managed by corporate IT. Nobody is ever handed over my unlocked personal phone or laptop. (I've helped a stranger make an emergency phone call, the phone never left my hand) But most importantly I use my loaf, don't open "invoice.xlsx.exe", I recognize MITM and spoofed SSL certs, I don't easily hand out personal information, don't have Fb and other social media and don't ever connect any platforms together. I don't use AppleID (real ID) or GoogleID (fake ID) to log anywhere, I always create a new account using a temp email address. -network engineer, developer

pihole, VPN, protonmail, adblockers, force https

Very grateful for your answers! I'm trying to secure my phones, but it's hard to control android devices without root. A basic firewall setup isn't trivial.

OS: My laptop & my desktop both run Linux. I do not trust what Microsoft has become any more than I trusted what they were in the late 1990s. Browser extensions: uBlock Origin for privacy, Bitwarden for password manager, HTTPS Everywhere, and nothing else. Extensions are a huge privacy risk and you should only install ones that are both strictly necessary *and* open source. Phone: multiple shit cheap phones for different purposes, so if an app is farming my information and sending it off to Big Tech, the total amount of data they can harvest is minimal. I have one which runs Ubuntu Touch making calls & sending texts & checking email - this is the phone with the most truly private information, hence Ubuntu Touch. I have a shit Android phone for the sole purpose of running Signal. I used to have separate phones for Twitter and Instagram, logged into single-purpose Google accounts, but quitting the major social networks means I don't need this anymore. I also have one just for web browsing, but I barely use it anymore as I came to prefer reading books to pass the time on my commute (which was the only time I was browsing the web on my phone). If you're using Android, switch to Firefox, because that allows you to have extensions (i.e. uBlock Origin - your battery will thank you). As per the other comments, I've taken to using DuckDuckGo for my default search engine. I swear it actually returns better results these days without the recent-content bias of Google or Google's failed attempts to personalise it to what Google thinks my needs are. I'm still with Google for email. Yes, that sucks, but anyone who has access to my email has access to a few important accounts. I trust Google's ability to run a mail server much more than I do anyone else's, let alone my own. I've not bothered with a VPN, and I doubt I ever will unless I need/care to get around country restrictions some day. As I hinted earlier, I ran the fuck away from the mainstream social networks. I call or email my friends from time to time rather than liking Facebook posts. I use RSS to keep up with sites I like rather than following them on Twitter. I don't use any streaming music services. I buy MP3s instead. It doesn't require any special software to play, and no app on your phone = less privacy risk. Other than my phones I do not own "smart" anything and never fuckin will.

Brain.exe - best tool you can use for it.