Tor is great at reducing tracking done by ad companies. I use Facebook and Reddit (a big chunk of my social media activity) exclusively over Tor.
Step 1, block all Facebook and Reddit domains and subdomains at the DNS level. This is not to prevent visiting the cleartext websites (I could just, you know, not visit them), it’s to block the Like buttons and Reddit share icons embedded in normal websites from tracking my browsing activity.
Step 2, bookmark the Reddit and Facebook onion sites in Tor Browser.
These are faster and more secure than visiting reddit.com and facebook.com in Tor Browser (hidden services require fewer hops and have no exit node), and since they’re official means of accessing their respective sites, you’re less likely to get treated as a bot or banned for suspicious activity.
How well does this work? Pretty well, if the ads I get are any indication. Facebook and Reddit ads used to be highly correlated to my general browsing activity. When I first started doing this, I would still log in without Tor occasionally, and instantly ads would start matching my browsing activity again. Now that I’ve used these sites exclusively over Tor for years, the ads are either entirely random or based solely on my activity within the respective sites (which is exactly what I want), or they expose a privacy leak from something other than IP address or cookies (for example, it’s clear from the ads I get that my bank sells my credit card purchase history to Facebook, which has made me more open to using cash).
As long as Tor Browser isn’t illegal or dangerous to possess in your jurisdiction, I highly recommend downloading it and using it for mainstream sites that provide onion services. I wish more sites would provide them!
Once you’ve had the PIN scramble turned on for a while, it becomes second nature. I enter my GrapheneOS scrambled PIN about as quickly as the unscrambled PIN on my non‐GrapheneOS work phone. But it’s more of a defense against figuring out my PIN from the finger marks on my screen.
In environments where shoulder surfing is a concern, I prefer to use the multiple profiles feature: log out of my main profile (which is actually a secondary profile) to completely evict its keys from memory, and switch to a burner secondary profile containing no personal data, which unlocks with my fingerprint for convenience.
Second nature or not, I’m not sure how this protects you against the security camera watching you enter the passcode. I guess you’re hoping it can’t read the digit on each key?
How does one “demand better” from a handful of giant corporations? Did you personally negotiate that plan with your phone operator?
Besides that, neither tethering (for reasons other than cost, mentioned above) nor international roaming (increased latency) are a perfect replacement for fast local Wi-Fi at this point.
Cell signal is terrible for privacy, uniquely identifying each individual’s location at all times. Though Wifi can also be tracked, it at least is possible to use anonymously with MAC randomization as is the default on many phones. (Leaving aside countries like Switzerland which outlaw wifi without mandatory registration.)
I browse social media sites like Facebook and Reddit using their onion services. I was sick of seeing ads pop up that were clearly based on tracking my general browsing activity through IP correlation, tracking pixels and embedded “like” buttons. So now I block all cleartext Facebook/Reddit traffic completely.
Using Tor this way doesn’t anonymize me—on Facebook at least, I’m logged in under my own account—but it limits the profile Meta builds on me to the union of what it directly observes on Facebook and what it can purchase through data brokers. Ever since I started doing this, I’ve noticed a huge drop in relevance in my Facebook ads, so apparently it’s working. When the ads become suddenly relevant again (which has happened a few times), it exposes an information leak: usually a credit card purchase that Meta must have obtained from either my bank or the shop vendor and tied to my identity.
Using a VPN could theoretically provide the same benefit, but in practice Facebook tended to temporarily lock my account when using a VPN and Reddit blocks VPN traffic completely. So I stick to the onion services, which are run by the websites themselves and so are less likely to be treated as malicious traffic.
If you use these platforms, I recommend bookmarking their onion sites in Tor Browser and using it as your primary interface to them for a while. Then, if you don’t find it too inconvenient, start blocking the non‐onion versions of the sites on your network.
(P.S.: You shouldn’t trust the links I just posted; I could have posted fake ones! I recommend double‐checking against https://github.com/alecmuffett/real-world-onion-sites which links to proofs of onion site ownership under their usual domain names.)
For games, the equivalent level of ownership comes from DRM‐free digital purchases. That means buying games from platforms like GOG, Itch, and Zoom Platform, and then backing them up. Steam is distantly behind in terms of user ownership—their installers are always DRM‐locked, but some games can be run DRM‐free after that—and Xbox, PlayStation and Nintendo aren’t even on the same planet due to their hideous DRM and online service tie‐ins.
An SSH key can be freely reused to log in to multiple SSH servers without compromise. Passwords should never be reused between multiple servers, because the other end could log it.
An SSH key can be stored in an agent, which provides some minor security benefits, and more importantly, adds a whole lot of convenience.
An SSH key can be tied to a Yubikey out of the box, providing strong 2FA.
Step 1, block all Facebook and Reddit domains and subdomains at the DNS level. This is not to prevent visiting the cleartext websites (I could just, you know, not visit them), it’s to block the Like buttons and Reddit share icons embedded in normal websites from tracking my browsing activity.
Step 2, bookmark the Reddit and Facebook onion sites in Tor Browser.
https://www.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqn... ; proof: https://www.reddit.com/r/redditsecurity/comments/yd6hqg/redd...
https://www.facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg... ; proof: https://www.facebook.com/onion-service
These are faster and more secure than visiting reddit.com and facebook.com in Tor Browser (hidden services require fewer hops and have no exit node), and since they’re official means of accessing their respective sites, you’re less likely to get treated as a bot or banned for suspicious activity.
How well does this work? Pretty well, if the ads I get are any indication. Facebook and Reddit ads used to be highly correlated to my general browsing activity. When I first started doing this, I would still log in without Tor occasionally, and instantly ads would start matching my browsing activity again. Now that I’ve used these sites exclusively over Tor for years, the ads are either entirely random or based solely on my activity within the respective sites (which is exactly what I want), or they expose a privacy leak from something other than IP address or cookies (for example, it’s clear from the ads I get that my bank sells my credit card purchase history to Facebook, which has made me more open to using cash).
As long as Tor Browser isn’t illegal or dangerous to possess in your jurisdiction, I highly recommend downloading it and using it for mainstream sites that provide onion services. I wish more sites would provide them!