What is this page?

I always enjoyed the “what I use” genre of posts on hackerne.ws, The Verge, Slashdot, and the like. When I read them, I learned about some new piece of hardware, software, or a configuration option that I was previously unaware of. So, I figured it might be interesting to write one from a privacy professional’s perspective.

What’s your threat model?

A threat model is a way to formally think about the threats that data faces, and threat models are used by security practitioners to prioritize mitigations. Privacy threat modeling is an evolving field (it’s evolving, among other reasons, as “what does privacy mean” is an open question, and the first thing one has to answer as part of writing a privacy threat model [or at least “what does privacy mean in this context”]).

On the continuum of likely threats I personally face, the most likely and highest impact threat I personally face is that I lose a device and at the tail end is “targeted surveillance” at which point, I think that xkcd has it right. But somewhere in between is the threat of “my data is used in unconsented ways and/or is recorded (along with everyone else's) for posterity in mass surveillance sweeps”.

That said, given my work, I want to increase the costs for an attacker at all points on the spectrum both for myself and everyone else.

Things change quickly. When was this last updated?

I last updated this on March 30th, 2024. There’s a changelog at the bottom.

Work Computer

I use a Chromebook, a Pixel Tablet, and a Pixel Fold at work.

I will admit that I’m pleasantly surprised by the Chromebook and its versatility. I wrote Quadrilateral to make window management easier by letting you reposition and resize windows with keyboard shortcuts.

Personal Computer

My non-work computing is mostly web browsing, experimenting, and adding more smarts to my smart home. But, I am a dork so I run Arch Linux to be on the bleeding edge and have entirely too much control over my computer.

In terms of hardware, I have a Framework 13” and an old Thinkpad I picked up off eBay. I bought the Framework because I like the idea of a fully repairable / upgradable computer and have already upgraded my Framework with heavier hinges and the CNC top case.

The privacy decisions driving this setup were: I wanted full control over the code executing on my personal device. To mitigate the lost device threat, I have the disks encrypted with LUKS on LVM using a TPM2 backed key with PIN and using Secure Boot to ensure boot integrity.

Phone and Messaging

As much as I love having full-control over code executing on my personal device, that’s less an option in the mobile device space, and, in fact, I think that the two sane privacy options are iPhone or Pixel (binary blob firmware in chips that you’ll never be able to see etc. etc. etc.).

I currently have an iPhone Pro 15 Max. I upgrade my phone yearly to prioritize (in this order): 1) the current and best cameras and 2) the current and best silicon security. iOS encrypts data to a key derived from your passcode, mitigating the loss threat.

On the messaging front, I try to exclusively use end-to-end encrypted messaging services to mitigate the middle and tail end privacy threats. As a result, I use iMessage, WhatsApp, and Signal depending on whom I’m talking to about what.

Finally, I am enrolled in Apple’s Advanced Data Protection for iCloud which means Apple can’t decrypt and access the data I have in iCloud but I can’t use iCloud.com in a web browser and Apple can’t help me recover my account. I also have enabled Security Keys. This is a more secure but less straightforward/useful setup and I don’t recommend it for everyone.

Web Stuff

I run this site off of Squarespace.

My email / calendar / contacts are run off of Google Workspace.

I have Advanced Protection enabled on my Google account and use a variety of Google Titan and Yubico security keys.

My privacy calculus was roughly: I could self-host to have complete control over my data, but, defending websites / email / etc. against attackers in the modern era is hard, and I’m better off outsourcing defense to dedicated professionals. This arrangement also means I have contractual agreements with these companies about how they can process my data.

Passwords

I use 1Password exclusively to manage my passwords. It’s cross-platform and integrates well with all the operating systems I use. I have a family account so I also have access to my partner’s passwords and my in-laws’ should they ever need my help.

I try to use Passkeys whenever they’re available to me because they’re unphishable. If I can’t and can use only a password and OTP, I can live with it.

Keyboard and Mouse

I had a lengthy discussion once about which object totemically represents me, and, I think the answer is my keyboard and mouse.

My keyboard is a ZSA Moonlander with Zilent 78g and Kailh Silent Box Brown switches (I’m trying to balance clacky-ness with not infuriating my colleagues / neighbors / partner). I’m proudest of my keymap having hot keys for screenshots and emoji pickers.

My mouse is a Ploopy Classic that I assembled myself. I’ve used a trackball on and off since the early 2000s and the Classic hits all the right notes. Of course, I wrote a custom keymap because it runs QMK and I’m proudest of the “show all windows” support across multiple OSes.

There’s no privacy angle to this practically although I could force one by saying “QMK is open source.”

Monitor

I have a Samsung G9. It’s a fantastic bit of display that is super bright and lets me have a bunch of windows open at once and do things like present-to-a-meeting-while being-in-the-meeting well.

This has no privacy angle to it and is pure aesthetics (perhaps even moreso than my keyboard and mouse).

Network

My home network’s backend is a set of Netgear Orbis and a Raspberry Pi. The Orbis provide Wi-Fi mesh and the Raspberry Pi runs Pi-Hole to block malware and un-consented tracking at the DNS level (e.g. malware trying to connect to malware[.]com can’t find malware[.]com because the Pi-Hole blocks it by saying malware[.]com doesn’t exist).

Pi-Hole has only really hosed me once when someone added Slack’s image hosting domain to the denylist.

I picked the Orbis because they let me have the Pi-Hole serve both DNS and DHCP for the network.

My privacy preferences led me to this as I have a bunch of IoT devices that I don’t have full control over and I don’t want them connecting to known bad domains.

Smart Home

On the Raspberry Pi I also run Home Assistant to have local control over a variety of smart home devices. I integrate all my devices with Home Assistant and then expose them to HomeKit and Google Home. Some extremely brief thoughts/notes below (with more thoughts on GitHub):

• I try to use Z-Wave or Zigbee devices if possible as they’re purely locally controlled and don’t rely on the Internet;

• Zooz makes great Z-Wave switches and scene controllers; and

• Ikea has a lot of nice and decently priced Zigbee devices.

Smart home devices can have privacy impact as they can indicate when you’re home or away, whether you’re hot or cold, if you’re watching tv or reading a book. I try to mitigate that with the preference for locally controlled devices (e.g. no external services need to know when I’m home or not, etc.) and managing everything through Home Assistant. While there’s a chance that an app with access to HomeKit or Google Home could do something malicious with that data, I am careful as to what I allow to access said data.

I’ve also written some glue code to make certain types of smart home devices integrated more intelligently with Home Assistant.

Dog

This is Poe the Privacy Pup. Dogs are great, we don’t deserve them.