Privacy

I recently switched to the iPhone. While it’s often marketed as “secure” and “privacy‑friendly” compared to Android, the reality is more nuanced. iOS has strong sandboxing, solid memory protections, and a tightly controlled app ecosystem, but it also contains layers of telemetry, hidden settings, cloud‑centric defaults, and convenience features that quietly expand your attack surface. This post focuses on turning iOS into a minimal, hardened, privacy‑respecting environment. Settings Apple Account iCloud Disable all services you don’t explicitly need Prefer offline storage Avoid iCloud Keychain if you use external password managers Media & Purchases Personalized Recommendations: Off Allow Friends to Find You: Off Wi-Fi Ask to Join Networks: Off Auto-Join Hotspot: Never Disable Wi-Fi when not in use Avoid public and guest Wi-Fi if possible Bluetooth Turn off in Settings, not Control Center Turn on only when needed Cellular If possible, avoid SIM usage for maximum privacy. Cellular Data Options Limit IP Address Tracking: On General AirDrop Choose Receiving Off AirPlay & Continuity Automatically AirPlay: Never Transfer to HomePod: Off Keep Audio with Headphones: Off Handoff: Off Continuity Camera: Off Keyboard Disable all cloud‑assisted or behavioral features ...

This post lists the changes I make to a vanilla Arch Linux installation for privacy and security hardening. Most of the changes will work on any Linux distro that’s reasonably up-to-date. Choosing distro I use Arch Linux as my main Linux distro because: Minimal: Arch base is relatively small and minimal compared to “prebuilt” or “OOTB” distros like Fedora, Ubuntu or Linux Mint. This means I add only what I need instead of debloating or disabling what I don’t. Latest software: Arch ships with latest kernel, latest software, upstream security patches. I don’t have to wait 6-12 months to be updated like Ubuntu or Mint. Full control: When using Arch, I can use what software, services, kernel, … I want, instead of using what shipped by default. Otherwise, you can use any Linux distros you want. ...

Recently, I had to switch to Windows because of some reasons (my school requires software that is not available on Linux, also I can’t configure the projector to work well with Linux). Although the software I use on Linux also works well on Windows, there’s a problem: Windows has too much bloatware. This post is a short guide on how I install Windows with as little bloatware as possible. Choosing Windows edition There are two editions I want to mention: ...

Brave is a good privacy-centric browser with many interesting features. However, it still has something weird like Brave Rewards, Brave Ads, Leo, … In this blog, I will show you how to mitigate Brave. Table of Contents Homepage Settings Flags Extensions Some tips Homepage Background Image Show Sponsored Image: Off Top Sites Top Sites: Off Cards Cards: Off Settings Get started On startup: Open the New Tab page Appearance Toolbar Show Brave News button: Off Show Brave Wallet button: Off Show autocomplete suggestions in address bar: On (you can turn off it if you want) Top sites Browsing history Bookmarks Leo AI Assistant Shields Tracker & ads blocking: Aggressive Privacy and security Privacy and security Allow privacy-preserving product analytics (P1A): Off Automatically send daily usage ping to Brave: Off Automatically send diagnostic reports: Off Brave Rewards Show Brave Rewards icon in address bar: Off Web3 Wallet Default Ethereum wallet: Extensions (no fallback) Default Solana wallet: Extensions (no fallback) IPFS Method to resolve IPFS resources: Disabled Web3 Domains Resolve Unstoppable Domains domain names: Disabled Resolve Ethereum Name Service (ENS) domain names: Disabled Resolve Solana Name Service (SNS) domain names: Disabled Leo Show Leo icon in the sidebar: Off Search engine Normal Window: DuckDuckGo Private Window: DuckDuckGo Improve search suggestions: Off Extensions WebTorrent: Off Widevine: On Autofill and passwords Password manager Offer to save passwords: Off Sign in automatically: Off Payment methods Save and fill payment methods: Off Allow sites to check if you have payment methods saved: Off Addresses and more Save and fill addresses: Off Other Allow auto-fill in private windows: Off Languages Spell check Check for spelling errors when you type text on web pages: Off System Continue running background apps when Brave is closed: Off Brave VPN Use WireGuard protocol in Brave VPN: Off Flags Launch Brave Ads as an in-process service (brave://flags/#brave-ads-should-launch-brave-ads-as-an-in-process-service): Disabled Should always run Brave Ads service (brave://flags/#brave-ads-should-always-run-brave-ads-service): Disabled Allow Brave Ads to fallback from native to custom push notifications (brave://flags/#brave-ads-allowed-to-fallback-to-custom-push-notification-ads): Disabled Brave News prompts on New Tab Page (brave://flags/#brave-news-peek): Disabled Enable Brave Wallet (brave://flags/#native-brave-wallet): Disabled Enable NFT pinning (brave://flags/#enable-nft-pinning): Disabled Enable Brave Rewards VBAT notices (brave://flags/#brave-rewards-vbat-notice): Disabled Enable Gemini for Brave Rewards (brave://flags/#brave-rewards-gemini): Disabled Brave AI Chat (brave://flags/#brave-ai-chat): Disabled Enable experimental Brave VPN (brave://flags/#brave-vpn): Disabled Enable DoH for Brave VPN (brave://flags/#brave-vpn-dns): Disabled SafeBrowsing (brave://flags/#brave-safe-browsing): Disabled Enable Brave Super Referral (brave://flags/#brave-super-referral): Disabled Extensions This is optional, you can install it if you want. ...