{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreih5w5szqn65vpftoy4ahqltvtykunnc5enqwr7tbezs7quswdv3om",
"uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mm2u7j5ysa72"
},
"path": "/t/android-privacy-setup-review/37978#post_1",
"publishedAt": "2026-05-17T15:22:15.000Z",
"site": "https://discuss.privacyguides.net",
"textContent": "## Threat Model & Goals\n\n**Objective:**\n\n 1. Avoid or minimise invasive cloud-based AI features where possible.\n 2. Reduce exposure to mass surveillance and age verification.\n 3. I’m not assuming targeted surveillance by intelligence agencies; I just don’t want to be an easy data harvesting target for big platforms, governments/law enforcement, and data brokers.\n\n\n\n**Convenience Balance & Constraints**: I don’t want to make drastic changes that significantly limit social interaction, convenience, or when the privacy gain starts becoming very minimal compared to the effort, or steps that require flashing a custom OS, self-hosting, or paid services. I’m using the free plans of all the services I mention below. I favour open-source, but don’t strictly need all apps to be open-source, especially if the service is independently audited and widely trusted.\n\n**Experience:** I’ve only really started being aware and serious about privacy since the start of 2026. I’m an Android-only user.\n\n**What I’m Looking For:**\n\n 1. Feedback on my threat model and “diminishing returns” approach.\n 2. Help designing a long-term privacy stack (VPN, DNS, email, drive, passwords, notes, photos, AI) that I can stick with for years without constant switching.\n 3. Opinions on: Proton ecosystem vs diversification and Bitwarden vs Proton Pass vs KeePass\n\n\n\n## Mobile Setup\n\n• Device & OS: OPPO running ColorOS 16\n\n• App Store/Sources: Primarily Google Play Store, but I also use Obtainium for downloading open-source apps and F-Droid Basic as the repository to find open-source apps.\n\n**Primary Apps:**\n\n• Communication: WhatsApp or Google Messages with RCS\n\n• Email: Proton Mail and Gmail\n\n• Calendar: Proton Calendar\n\n• Contacts: Proton Contacts\n\n• Meetings: Google Meet\n\n• Navigation: OsmAnd or Google Maps\n\n• Cloud/Backup: Filen for most files, Google Drive for non-sensitive files I want easily accessible\n\n• Photo Management: Ente Photos, Aves Libre\n\n• Notes: Notesnook (cloud-synced) and Standard Notes (local/not signed into am account)\n\n• Docs: Onlyoffice or CryptPad\n\n• Tasks: Tasksorg\n\n• Socials: Discord, Matrix (Element), Twitter (X), Mastodon\n\n• Frontends: Redlib (Reddit), LibreTube (YouTube), Metrolist (YouTube Music)\n\n• DNS: Mullvad DoT (Private DNS)\n\n• VPN: Windscribe, though I barely use it\n\n• Email & Aliasing: Proton Pass/SimpleLogin aliases\n\n• Password Manager: Bitwarden (cloud) with KeePassDX backup\n\n• TOTP: Aegis Authenticator (backed up to Filen)\n\n• File Sharing: LocalSend, though in practice, I usually just use WhatsApp because everybody I communicate with uses it\n\n• Browser: Brave for daily browsing and accounts, Cromite for disposable searches, and Tor Browser for more sensitive searches (also tried DDG, Firefox, and IronFox)\n\n• Search Engine: Brave Search (also tried DDG)\n\n• AI: I’ve tried Proton Lumo, Brave Leo, and Duck AI\n\n## Specific Questions\n\n 1. Is using Mail and VPN from the same company “putting all my eggs in one basket”?\n 2. What pros and cons have you noticed for going “all-in” on the Proton ecosystem or diversifying and how much does it affect your workflow, whichever fits you better?\n 3. Any thoughts on YT Music clients? There are quite a lot of them but I rarely see them mentioned in reputable privacy sources, maybe because most of them are hobby projects.\n 4. Given my situation, how would you design a long-term privacy stack that doesn’t encourage constantly switching between tools?\n\n",
"title": "Android Privacy Setup Review"
}