Encrypt all the things!

Which makes me tempted to spend a day writing up how I do the internet.

A summary would be:

• Pi-hole at home with almost all lists subscribed to and DNS-over-HTTPS configured against Cloudflare.
  
• NetGuard on my mobile in a default deny config and I have manually allowed every domain from every app - only web browser use is allowed by default
  
• Disable notifications on most apps (prevent background processing)
  
• Use an app like Bouncer to grant app permissions like location temporarily rather than permanently
  
• Delete most apps... just save links to their website on your device. i.e. Guardian app is riddled with tracking and adverts, but a link to the website that launches in Brave with JS disabled is not only faster but shows zero ads, and tracks nothing
  
• Different browsers everywhere: Chrome = Google properties only, Brave with JS disabled by default = most browsing, Firefox for things I care about and want long sessions on (i.e. LFGSS), Firefox Focus = must have full JS but zero trust
  
• Get off Facebook, Twitter, etc
  
• Disable automatic image viewing in Gmail
  
• Consider Protonmail if you want to go Google-less
  
• I prefer Signal or Keybase. I tolerate WhatsApp and Slack (but no privacy on Slack - so professional use only). I won't use Telegram, kik, others.
  
• I use BitWarden for password manager.
  
• 2FA with dual-yubikeys on every service that allows it
  
• Unique emails with every website - I'm a bit nuts and have wildcard aliases on multiple domains, but just using a couple of Google accounts and using the + separate is good enough in most cases: first.last+lfgss@gmail.com but if you have a few Google accounts that you use according to level of trust that is better (because websites will normalise email and some remove the + suffix)
  
• Only use Google sign-in on sites I absolutely trust (LFGSS, Philips Hue, etc)
  
• Only use home automation that functions without a working internet
  
• Bluetooth disabled whenever I'm not actually using it (i.e. wireless headphones)
  
• Google Maps timeline, Google Fit, etc... all disabled. The value is very minor but the data you provide to them is huge.
  
• Garmin Fenix configured not to upload to Garmin Connect - reduces utility but you still have a watch with info, and can get the data files for activities and use offline - I do the same with my Hammerhead.
  
• Use Plex and continue to buy and rip music and films and own your own copy
  
• Don't connect your "Smart TV" to a network, if you have you should factory reset it
  
• Connect games consoles and the like to your guest network
  
• Have a guest network... either the one that a decent networking device supplies, or if you're an advanced user VLAN that stuff
  
• If you can live with it, use a Linux - Ubuntu is good enough
  
  

Of all of that... the things you should care about and do most:

• Get off social media
  
• Use unique email addresses
  
• Use multiple browsers (uBlock in all) with JS disabled by default in the one you browse the web with