River's Ramblings

This guide will cover various recommendations for Windows/Linux/iOS with an eye for free, open-source, private software and privacy-enhancing tips. Given the amount I'll be covering, it will not be in maximum depth (i.e., I do not always offer all possible options or my full reasoning for recommendations). Please refer to my PC Privacy Guide, iOS Privacy Guide, and De-Googling Guide back on my old Substack for more focused guides.

And for the smart alecks, yes, non-corporate Linux and Graphene is vastly preferable to Windows and iOS. Your privacy on Windows and iOS is inherently compromised. You can, however, reduce data collection in some marginal ways, and you certainly can improve the external privacy of your system (i.e., reduce the amount that web trackers are monitoring you and such). Frankly, I do not yet have sufficient experience with either to really cover them in detail, nor do I think that installing a new OS is a privacy tip that most people will just up and follow. I do have some brief comments on both later on.

I plan to make a separate post focusing on moving away from major apps (largely about the Fediverse, but also discord alternatives, self-hosting, etc) in the next couple days, so stay tuned for that. I'll link it here if I remember to.

Additional Resources

• Privacy Tests – A website which compares open-source tests of browser privacy. It is one of the easiest ways to quickly compare the major browsers.

• Avoid the Hack’s Browser Comparison Tool – Similar to Privacy Tests, but more generalized and with information on more browsers.

• Privacy Guides and Avoid the Hack – Websites managed by people familiar with the privacy world, and so tend to have much better recommendations than similar sites. You can find recommended browsers, operating systems, email providers, etc.

• EFF’s Cover Your Tracks – A tool that attempts to fingerprint your browser in order to determine how protected you are. Extremely helpful for testing whether features are truly improving your privacy.

• O&O Software – Makers of a number of tools that can make Windows more secure/private. Many of the tools are paid, but AppBuster and ShutUp10++ are both free, and I highly recommend ShutUp10++ in particular for disabling Windows bloat/spyware.

De-Googling

While you may still need a Google account for certain things, you certainly can adjust settings to improve privacy and migrate most services away from Google.

For tweaks, most of the settings you'll want will be under Data & Privacy in Google Account. You'll ideally want to disable everything under Things you’ve done and places you’ve been. You'll also want to limit the amount of info shared under Info you can share with others and cut down on the number of third-party services under Data from apps and services you use.

Beyond the general tweaks, I'd highly recommend disabling all “personalization” and “smart” features, as nowadays that is often cover for AI-powered data harvesting. You can find a number of these features under general Gmail settings.

As for migration, Google's Dashboard, Takeout, and Delete Services will be your friends. Dashboard shows a general overview of your data and services, Takeout allows you to export your data, and Delete Services, of course, allows you to delete things.

Recommendations

• Google Search –> Startpage, DuckDuckGo, or SearXNG. Startpage is a simple Google and Bing wrapper, so should work well for most users. DDG has been implementing AI features I'm really not a fan of, but it does have some very handy features, an onion service, and a version of the engine without AI, so DDG NoAI is my personal choice. SearXNG is the most versatile of the 3, even including search functions for torrents and other specifics, but service can be a bit spotty in my experience.

• Gmail –> Tuta Mail or Mailbox Mail, and/or Thunderbird. Tuta and Mailbox Mail are both encrypted email providers that will be a significant step up from Gmail. That being said, bear in mind that the main gain is privacy in respect towards the provider – end-to-end encryption, by definition, is only ever enabled for these services if the person you are emailing uses a compatible encryption service. I've personally heard better things about Tuta's user experience, and it's what I personally use. If you continue to use Gmail, I'd recommend using Thunderbird as an email client, as it will provide some modest improvements over accessing your Gmail on the web (and does enable E2EE if you're looking to do so).

• Google Maps –> Open Street Map/Organic Maps or Apple Maps. Open Street Map is community-developed, which is great, but means that it isn't always as up-to-date. Organic Maps is the one iOS app for OSM that I know of (though there may be others), and it doesn't have the best routing features, nor is it always up-to-date with OSM, even. For most people with iPhones, I'd recommend just using Apple Maps, as it is marginally more private than Google Maps, and much more comparable in features/map data.

• Google Drive –> CryptPad or LibreOffice. Privacy Guides only recommends CryptPad, so it's my primary choice as well. Filen is a good second choice, especially if you need more than 1 free GB (Filen offers 10). LibreOffice is a decent primarily offline replacement, though as consequence it's more a Microsoft Office replacement than a Google one.

• Google Photos – Ente. If you're wanting a specifically online photo/video manager, Ente is your best bet. Naturally, you could also simply store things offline or use one of the Drive replacements.

• YouTube –> FreeTube. You have a lot of options for YouTube replacements, including alternative front-ends like Invidious and Fediverse equivalents like PeerTube. If you want to keep your subscriptions, however, a client is the way to go (Invidious had some support for accounts/subs, but I believe that's largely died). FreeTube is not the only client option, but it is easily my favorite. You can import your subcriptions quite easily, but for playlists you may have to import from URLs. Since Watch Later cannot be made public, to import it from URL you will have to copy it to another playlist, then import that playlist. The extension Multiselect for YouTube makes this fairly quick. FreeTube will occasionally break for a short time after YouTube changes things, but generally it works quite well, and has some fantastic features.

• Google News –> NetWireNews (iOS) or Feeder (Android). I'd highly recommend using RSS for your news aggregation. It gives you much better control, and you can avoid ads and all other nonsense. You can typically add news sources simply by pasting in their URL, though occasionally you may need to add /rss or /feed to the end.

• Google Keep –> Obsidian. It has so many great features; I truly can't recommend it enough.

• Google Meet –> Jitsi Meet. Naturally, you may not always have a choice, but Jitsi is the preferred option for secure video calls.

Hardware

Avoid smart home devices at any cost, end of story. For a phone, ideally, I'd recommend a Pixel with GrapheneOS, the gold-standard for secure mobile OSs (Graphene has plans to be available on other phones, but this is still in the works). Privacy Guides also has some app recommendations and advice on how best to obtain apps (of particular note – avoid the Google Play store, and F-Droid isn’t the best either).

iOS Recommendations

Privacy and Security Settings

Shut off everything under Analytics and Improvements and Apple Advertising. Under Tracking, disable Allow Apps to Request to Track and disable permissions for all the apps that requested it.

Under Location Services, review which apps have access and disable or limit any unnecessary ones. This should include location logging for the Camera app! Next, at the bottom of Location Services you’ll want to go into System Services. You can disable the vast majority of these services. Emergency Calls and SOS, Find My iPhone, and Share My Location should probably be left enabled for most people. Disabling Networking and Wireless can potentially impact performance, since you may not always be connected to the closest tower. Personally, I haven’t noticed a difference. Everything under Product Improvement (iPhone Analytics, etc) should be disabled as well.

Still under System Services, I would also highly recommend disabling Significant Locations. This feature logs locations you visit in order to determine the titular “significant” locations, allowing it to effectively have map pins for your home, work, favorite grocery store, friends’ apartments, etc. This will clear certain Apple Maps saved locations, but I would recommend it regardless.

Lastly, I'd recommend going through Safety Check to see and confirm/retract information you are still sharing. Enabling the App Privacy Report can also be useful, as it logs what domains apps are contacting. (Note that it'll be on you to go back later and see what apps are regularly contacting Facebook; it's just a passive report).

iCloud

Obviously, anything in your iCloud can potentially be accessed by Apple. Thankfully, Apple does offer end-to-end encryption for iCloud, though it is disabled by default. Be aware that enabling it means that if you ever fully get locked out of your phone / iCloud, Apple will not be able to retrieve your stuff.

Under iCloud, disable anything you don’t need backed up (and consider that that could mean everything). You may also want to consider disabling Access iCloud Data on the Web at the bottom. Most crucially, enable Advanced Data Protection.

Network

Go to Wi-Fi, then select the i by your Wi-Fi network. Scroll down to Private Wi-Fi Address. Set this to Rotating if it isn’t already, and below it enable Limit IP Address Tracking. While your iPhone generally will, by default, generate a different address for each network, it may not be set to randomize on the same network. Rotating is generally better, but for networks that force you through a portal (like hotels), it may make you sign back in each time. (This is why, you’ll note, these settings are individual to each network).

I'd recommend setting up a private DNS, with Mullvad's “base” DNS being my top recommendation. This will help keep your browsing a little more private, with the added benefit of blocking ads, trackers, and malware. You can follow Mullvad's instructions on setting it up. It is fairly straightforward, but do be sure to do the seemingly pointless step of selecting the profile in Files (step 7), otherwise the Profile Download button will not appear in step 9.

A VPN isn't a bad idea either, though in my experience mobile VPNs can be a bit buggy at times. Proton VPN is the only good free option I know of (even though I don't wholly trust Proton), while Mullvad VPN would be my recommendation for anyone who can pay for a VPN. IVPN is pretty good as well, and fairly comparable to Mullvad. I would strongly recommend against any VPN that isn't those 3.

Browser

While there are an array of options for iOS browsers, the choices are in actuality limited by the restrictions that Apple places on browsers that are not Safari. Brave, DuckDuckGo, and Firefox Focus do all have some improvements over base Safari. So barring any tweaking, I'd recommend DDG as a daily driver and Firefox Focus if you want permanent incognito (I do not recommend Brave, both for the crypto BS and because the CEO is homophobic).

Overall, however, if you truly want a private browser, Safari is the best choice. I would recommend following Privacy Guide's tips for settings to harden it, excluding their recommendation to enable FaceID for private browsing (I don't recommend biometrics in general, since they potentially allow access without your consent).

I would also highly recommend installing uBlock Origin Lite as a Safari extension, which will help further reduce ads/trackers/etc. uBlock Origin is the gold-standard content blocker; I wouldn't recommend a different one.

Other Apps/Reccs

Use Signal whenever possible. Other messaging apps like WhatsApp or Telegram are marginally more secure than iMessage, but are significantly less secure than Signal.

Do not include locations on images, and ideally, go a step further and scrub the metadata entirely. You can create a button via Shortcuts to do this pretty easily. Note that you’ll need separate shortcuts for photos, videos, and GIFs. Making a GIF shortcut is very similar to the photos shortcut, but instead of using Convert, you use Make GIF. You could also just install an app to scrub metadata, but I'd recommend against it, as you don't know what is truly being done with your photos.

As mentioned, you can use Organic Maps for a totally private maps, though it isn't amazing. Again, Apple Maps is at least marginally better than Google Maps.

PC Privacy

Naturally, many of my De-Googling recommendations will be relevant here, so refer back to that if needed (for Office/Drive replacements, search engines, email, etc).

Operating Systems

I'm still a relative noob to Linux, but I have some potential distro recommendations. Linux Mint is the common recc for users new to Linux, as it is made to resemble Windows and is pretty well maintained. Privacy Guides recommends Fedora, openSUSE Tumbleweed, Arch Linux, and NixOS for privacy-conscious distributions. Of those, Fedora is the most beginner-friendly (which may not be saying too much if you have 0 command-line or Linux experience).

You'll also often have a choice of desktop environment, such as GNOME, KDE, Cinnamon, LXQt, and Xfce. Across both distros and desktop environments, you may see that some are considered “lightweight”, meaning that they are less resource intensive, and so may be good for older hardware.

I have only really used Lubuntu, a lightweight fork of Ubuntu using the LXQt desktop environment (I wouldn't recommend Ubuntu itself, as it's become pretty corporate). I put it on several old laptops and it's been pretty nice, though I think I'd probably use Fedora KDE if I wanted a true daily driver (greater privacy and support as far as I know, probably lower likelihood to run into some of the issues I've hit).

You can get most OSs “live”, meaning you can put them on a USB and boot from them without overwriting your true OS. Very handy for testing, and actually pretty easy! There are also some OSs that are purely live, such as Tails, which is an OS designed specifically for maximum privacy, routing connections through Tor and wiping data when done. You can also use Virtual Machines to run different OSs, including Whonix, which is similar to Tails, but with greater security features (and cannot, to my knowledge, run outside of a VM).

Windows Settings

Again, I’d highly recommend anyone who feels comfortable to jump to Linux to do so (and consider testing out a live OS, switching over may be easier than you think!). Otherwise, software like Revision can “clean” existing Windows 10/11. Please tread carefully if you’re interested; I can't attest much to functionality or trustworthiness. There are other options available for cleaner installs, but if you're willing to reinstall your OS, I would again highly encourage switching to Linux (compatibility has improved dramatically in recent years!).

Barring messing with your operating system directly, though, there are certainly still important steps you can take. To start, use ShutUp10++ to disable invasive Windows features – it will provide a GUI with recommendations and explanations for what should be disabled. Some following settings changes will be redundant with ShutUp10++.

Privacy and Security – In settings, go under Privacy & Security. Under General, turn off the Advertising ID in particular, along with the other settings in that section (except notifications). Disable everything under Diagnostics & Feedback and Text & Image Generation. Under Location, turn off Let Apps Access Your Location (they can still see approximate location; this just gets rid of precise location).

General Settings – Under Personalization > Device Use, disable everything. Also disable and remove anything under System > AI Components.

Wi-Fi – Go under Network & Internet > Wi-Fi. Below Hardware properties, enable Random hardware address. This can potentially force additional sign-ins on networks with portals, such as hotels, but is a good privacy step.

Services – Disable SSDP Discovery and UPnP Device Host. Both enable discovery and communication with different types of devices on your network, so this could potentially disconnect a device. This does not apply to standard Bluetooth devices, so for most people this is a security risk more than anything.

Browser

Your only options for a browser are Chromium-based and Gecko-based (i.e., Chrome/Firefox-based). Chromium has several limitations that immediately shoot any option there in the foot, so in all practicality you should only be looking at Firefox and Firefox forks.

Firefox itself isn't the worst, but has been making a move towards AI lately, and takes some effort to make more private. Refer to Privacy Guide's page on Firefox for more info if interested.

There are a number of forks that are probably ok options for daily drivers, such as Waterfox and Zen Browser. They benefit in not having the AI enshittification, but being downstream, are slower to update than Firefox (and therefore potentially vulnerable). So, if you're going with a fork, I'd recommend just going for one of the more privacy-focused options.

When it comes to truly private browsers, the forerunners are Librewolf, Mullvad, and Tor. Tor is the choice for the truly privacy conscious, as connections are routed over several relays, making it extremely difficult to match your browsing activity to you. Unfortunately, a number of websites block Tor users, and it can be a bit slower at times, so while I do recommend it for general browsing/searching, it probably won't be the best fit for daily use for most people.

Mullvad is essentially just the Tor browser minus the relays, making it much more usable on the daily and more private out of the box than Librewolf. I should note, however, that Librewolf updates faster than Tor/Mullvad, meaning that it has an easier time blending in with general Firefox traffic. Therefore, I'd either recommend Mullvad, or Librewolf with uBlock Origin, Port Authority, and Canvas Blocker, plus some settings tweaks. If you really want privacy but aren't very tech savvy, just go with Mullvad, but hardened Librewolf might be my preference. (And if you aren't a privacy nut, base Librewolf really isn't bad).

VPN/DNS

As mentioned for iOS, I would recommend using Mullvad's “base” DNS for slightly improved privacy + some ad and tracker blocking. You can refer to their website for how to set it up via Wi-Fi hardware settings or via browser settings. Both are fairly straightforward, though browser is certainly a bit quicker to setup. Nonetheless, I would recommend setting it up on your Wi-Fi, so your whole system gets the benefits.

As for VPNs, again, Mullvad, IVPN, and Proton VPN are the only real forerunners. I personally would not trust Proton all that much. Mullvad and IVPN are fairly similar as far as protocols go. IVPN has better split-tunneling, though, while Mullvad offers more devices on their basic plan (5 vs 3) and has better IPv6 and anti-censorship features. If you know you'll need a few apps to always be split-tunneled, I'd recommend IVPN, otherwise I'd recommend Mullvad. (And if you think you desperately need to use a VPN for something, probably just use Tor. VPNs are far from infallible).

Additional Software

BleachBit – The primary use of BleachBit is to clear space, with some secondary privacy gains. Namely, BleachBit clears data fragments, temporary files, and even (optionally) browser caches, saved passwords, etc. This can potentially clear several gigabytes of space, and the cleaning of data fragments ensures that deleted files are well and truly deleted.

ExifTool – A command-line utility to strip metadata from photos and videos. Would highly recommend using it before posting stuff publicly.

KeePassXC – My preferred password manager. Bitwarden may be a better pick if you want to sync passwords across devices, but KeePass is the goat for local password management.

Lutris – Not a privacy thing, but too handy for Linux not to mention. It lets you play all your games! It really integrates everything; you can manually add games in addition to linking all of the major game stores. With the built in compatibility/emulation tools, you can launch everything right from Lutris. Might require a little setup in some cases (particularly for manually added games), but honestly super functional.