edric

I posted this before when another user posted a similar problem. Obviously yours is particular with google so some parts may not apply, but the gist is that you need to figure out your threat model.

You need to step back and review your threat model, then figure out the balance point between privacy and convenience/QoL. There is no such thing as complete privacy unless you go completely offline and live like a hermit. So something has to give, and your threat model will help you identify that. Figure out first what exactly you’re protecting, and from who. Then you can assess which ones you will deem non-negotiable when it comes to privacy, some where you can relax a bit in exchange for covenience (and this has levels as well), and lastly the ones where you have no choice because blocking something will make it cease to function. Having this threat model will also help you figure out what extent you would want to expose yourself depending on the service. Don’t put everything into the same tier because that will be impossible. Good luck.

This is the same for most businesses that offer customers to delete (or stop selling) your data. You have to fill out forms with a bunch of very personal information for them to delete your data, which is a hassle. You don’t even know what data they have on you and may very well be providing even more info than what they have just by requesting to delete it. IMO they should just ask for a name. Hell, if you have an account with them, then it should be straightforward to proceed if it’s requested by a user who is logged into their account. They can even send a confirmation email or something to ensure the account wasn’t compromised.

You’ll know it when you feel the satisfaction of getting to enter pacman -Syu in the terminal several times a day and a new update or two comes in. lol

I already do, and most hardware in the office are macbooks, toshibas, and dells. Also, it’s no longer as common for companies to allow employees to buy/adopt old hardware and they choose to recycle instead.

I wish someone randomly gifted me a thinkpad as well

Not small, but I think you’ll have better chances with the mid level commuter cars. You’ll probably get some error messages on some of them, but if you can ignore them, they wouldn’t stop the car from running.It’s the high end ones and EVs that have a higher chance of bricking if you disable the antenna.

You need to step back and review your threat model, then figure out the balance point between privacy and convenience/QoL. There is no such thing as complete privacy unless you go completely offline and live like a hermit. So something has to give, and your threat model will help you identify that. Figure out first what exactly you’re protecting, and from who. Then you can assess which ones you will deem non-negotiable when it comes to privacy, some where you can relax a bit in exchange for covenience (and this has levels as well), and lastly the ones where you have no choice because blocking something will make it cease to function. Having this threat model will also help you figure out what extent you would want to expose yourself depending on the service. Don’t put everything into the same tier because that will be impossible. Good luck.

This is very good insight and something that no one else touched on. OP if you see this, while being a power user on your personal linux machine does help with skills and getting you jobs, it’s still very different from administering an enterprise linux machine in a corporate environment. One thing you can do is set your own homelab and mini environment at home. This will get you more experience with actual administration and will be a great asset to disclose in interviews.

For people in this community, sure. Compared to the general population, not really. Imagine an international airport on a typical busy day. The number of people going through that aiport who are using burner phones is almost negligible.

While using a clean phone with nothing on it sounds like a good plan, it also looks very suspicious and can attract more attention. So take that into account when traveling regardless of the destination. Just like anonymization on your browser, the goal is to blend in, not stand out.

Honestly, it depends a lot on where you’re coming from and what you look like. And to be frank, it’s a little overblown to be paranoid enough to go that far, unless you are a high profile person of interest like a journalist or someone involved in politics. If you’re just an ordinary bloke going on vacation or attending a conference, you will be fine with basic precautions.

What about the IPv4 versions? I use Mullvad and ControlD on my router that only accepts IPv4 for DNS configuration.

It depends on what you’re getting it for and why. Also, never pay for training and certifications, especially the pricey ones. It should be your employer paying for it.

You can maybe add a residual risk section as a way to assess what level of risk remains after implementing a control.

Technically not a DE, but I like plain openbox.

As one comment mentioned, it depends more on the DE. But out of the box, I’d say Peppermint, Elementary, and Mint.

Not the exact (and only) solution, but some manufacturers may have a Do Not Sell My Information request form. Subaru has it on their website and I submitted a request for myself. Obviously we won’t know if they actually follow through, but it’s worth a shot. Some people have experimented with going in and actually disabling the antenna that the car uses for telemetry, but that’s at your own risk and likely voiding warranties in the process.

I think using carplay/android auto isn’t as bad since the infotainment system is just projecting your phone’s display, so your phone’s privacy policies apply. Whether you trust those policies is of course up to you. Cars that force their own systems (like GMC I think) are more risky because you are using it directly.

Does anyone else completely disconnect from security outside their jobs? I’m not talking about not being personally secure outside work, but more on not doing anything security-related on your spare time or hobbies. I know a lot of people and colleagues who live and breathe security. Outside of work, they spend their time doing the same things they do in the office, just removed from company resources of course.

I on the other hand just disconnect. I make music and play casual sports as exercise. I don’t do any security related hobbies (other than securing my and my family’s personal computing environment of course).

The first one (ads). I’m not a heavy user, but I don’t think I’ve ever seen ads or sponsored messages even in unencrypted chats. I use Mullvad’s DNS blocker.

Huh, I clicked the link and it’s blocked by my DNS content blocker. Have you tried using an adblocker on your phone?