Privacy Chapter 2 - How I Protect My Digital Life: My Privacy Setup

As a cybersecurity professional, I've developed a robust privacy setup that balances security and convenience. I believe that while achieving perfect privacy is nearly impossible, we can take meaningful steps to protect our digital lives. Here's a glimpse into my personal privacy setup, which you can replicate to enhance your own online security.

Antivirus Protection and OS Selection

I use Bitdefender Total Security on my Windows PC. As a gamer, I find it challenging to switch to Linux due to its limited gaming support. However, for my work, I use specialised Linux distributions like Kali Linux, Parrot Security, Tails OS, and Mint OS to ensure maximum security and privacy. MacOS and iOS are generally secure, so I don't use dedicated Antivirus on them (as you will read in the blog series later).

In 2025, I also experimented with Orion Browser on macOS for its privacy-focused WebKit engine, and Linux Mint as my stable, non-offensive Linux distro. With macOS Sequoia introducing Apple Intelligence, I’ve been keeping an eye on Apple's on-device AI and Private Cloud Compute, which, while not perfect, still offers better privacy guarantees than Microsoft or Google’s cloud-heavy models.

Password Management

For managing my passwords, I rely on 1Password, a tool I've been using for over four years with great satisfaction. All my passwords, 2FA codes, and passkeys are securely stored in 1Password. I also keep my credit card details, addresses, and other confidential information there, protected by a strong master password - the only password I have to remember. For convenience and due to my threat model, I use 1Password for 2FA instead of a separate app, as it integrates seamlessly with my workflow. I'm content with 1Password for managing my passwords and sensitive information and hence have no plans to switch to Proton Pass (the 2nd best option in my opinion) though I have created a backup of all my passwords and 2FA codes on Proton Pass and Proton Authenticator/Ente Authenticator.

VPN Usage

Currently, I'm using ProtonVPN, but I've previously used Surfshark VPN, NordVPN and ExpressVPN as well. Each has its strengths and weaknesses. Surfshark offers excellent value for money with decent performance. Proton VPN has amazing security features and performance for Torrenting and browsing on my Windows PC and my Apple Devices, making it my current choice.

On my home network, I use a ProtonVPN + Tailscale hybrid setup on all my devices. Proton handles encrypted tunnels for browsing, while Tailscale gives me secure access to my self-hosted services remotely.

Secure Messaging

For secure messaging, I use Signal and iMessage with my closed ones, having convinced them of the privacy concerns associated with WhatsApp. Unfortunately, the majority of my conversations still happen on WhatsApp due to its widespread use. To mitigate risks, I've enabled end-to-end encryption on my WhatsApp backups.

Social Media Usage

I’ve quit Facebook and Threads because I strongly oppose Meta’s data hoarding practices. I avoid Snapchat for similar reasons. Occasionally, I post on Instagram since we are in a digital age, but I ensure to strip metadata from my photos beforehand.

Email Privacy

In 2024, I switched from Gmail to Proton Mail and subscribed to their yearly Proton Unlimited plan. Proton Mail is now my primary email service. With my subscription, I can use multiple email aliases to manage different communications:

• My main Proton email account earlier used for email communication with my friends and family. Now I use my own custom domain connected with Proton Mail as my primary email ID.

• One Proton Mail alias for login into government websites, bank accounts and other financial services (like investments, credit cards etc.)

• One Proton Mail alias for formal and work communications, and another for travel bookings.

• One Proton Mail alias for important websites (like Apple ID, Microsoft Account, Netflix).

• Individual aliases created with Proton Pass for each occasional or low-stakes services. I later import them into my main password manager - 1Password.

• SimpleLogin aliases for untrusted or one-time websites. I keep them into Proton Pass only, as SimpleLogin is a Proton Service and they sync really well.

This setup has significantly reduced spam and marketing emails. Whenever an alias starts getting too many marketing emails, I just disable it and create a new one.

Browser Privacy

I switched from Chrome to Firefox when Google announced plans to block the uBlockOrigin extension. While I liked Firefox, some essential extensions were missing. So I searched for a privacy-focused alternative and landed on Brave. I then switched to Brave on all my devices, which runs on Chromium, providing compatibility with Chrome extensions and enhanced privacy features out-of-the-box. Nevertheless, I use uBlockOrigin on Brave for additional privacy. While I occasionally use the TOR Browser for work, I don't recommend it for everyday use. If you are hesitant of switching to Brave because of its crypto settings, you can check out LibreWolf, Arc Browser or Orion Browser (for Apple Devices).

Search Engine

Since 2023, I have been using Brave Search Engine as my primary search engine, while rarely also utilising DuckDuckGo and Perplexity. Recently, Google's quality of search results have gone done significantly with every top result being an ad, and Google's business model being heavily dependent on these ads, I have started to avoid Google's Search Engine, mostly using Brave's Leo AI and Reddit discussions as my primary source to find an information. For searching Images, Google Image Search is still my top choice, I just use it without signing in into my Google account.

Cloud Storage

In addition to Proton Mail, I use Proton Drive to store confidential documents like my passport and driving license, medical reports, bank statements and in general keep my most important files here. With my Proton Unlimited subscription, I get 500 GB of storage in my Proton Drive including services like Proton Calendar; Proton VPN; and Proton’s password manager.

Since I mostly use Apple Devices, I also have iCloud+ subscription with Advanced Data Protection turned on.

I have created a 2-way sync between Proton Drive and Synology Drive (which hosts files stored on my NAS), hence I have 2 copies of my important files.

Photo Storage

When it comes to privacy, nothing freaks me out more than losing my photos. They’re basically the timeline of my life, and I’m not trusting that to a company whose entire business model is “data = money.”

Last year, I migrated fully from Google Photos to iCloud Photos with Advanced Data Protection turned on, which gives me full end-to-end encryption for everything - photos, iMessage, WhatsApp backups, and iCloud backups. This was a huge upgrade.

That said, I don’t put blind trust in any single company. So in true “Pallav-level paranoia but with convenience” style, I’ve backed up all my photos to my Synology NAS using Synology Photos. This gives me two fully encrypted-at-rest copies:

• One in Apple’s ecosystem

• One in my own home, under my full control

If you are looking to move away from Google (and Apple) and don't own a NAS, I highly recommend you to try Ente Photos. They are very secure and private and are the best alternative to Google and Apple Photos.

Notetaking

For people who are starting into Notetaking, look into Obsidian, AppFlowy, Joplin, AnyType or Affine Pro which are mostly self-hosted.

I’ve been using Notion for at least 5–6 years now. I love its flexibility, databases, linked pages, templates, and the way it lets me organise both work and personal life in one place. But Notion has always had two major drawbacks from a privacy and reliability perspective:

1. Everything is stored on their servers, with no true end-to-end encryption.

2. It was an online-only tool, meaning your notes lived behind Notion’s cloud.

   
   

Because of these limitations, I’ve been hunting for a privacy-friendly replacement since 2023, something offline-capable, self-hostable, secure, and with local storage options.

This year I tried to escape Notion - again. I gave AppFlowy a real shot (and it’s genuinely good now), I experimented with AnyType and Affine Pro, and even considered fully self-hosting my notes on my Synology NAS.

But the truth? Notion still wins for my workflow. Not because it’s perfect — it definitely isn’t — but because:

• my entire life system already lives there,

• the UX and speed still outperform every fully private/self-hosted app,

• and migrating thousands of notes would be a full-time job.

Notion finally introduced Offline Mode in 2025 - a long-awaited feature. While it’s a step in the right direction, it’s still not perfect:

• offline is available, but syncing can be inconsistent

• not all features work seamlessly offline

• the core issue remains: your notes are still not end-to-end encrypted.

  
  

However, I’ve made peace with one thing: Notion is not private. So I keep anything sensitive out of it and store those files in Proton Drive or Synology or 1Password instead.

Self-Hosting

This year, I finally took the plunge into self-hosting. I set up my Synology DS224+, bought my own domain (pallavavatarit.com), and connected it to Proton Mail for fully private email. At home, I now host services like AdGuard Home, Tailscale, NGINX Proxy Manager, Sonarr, Radarr, and Synology Photos - all running smoothly inside my growing home network.

A huge part of this shift was media. Streaming platforms in 2025 have become comically bad value: higher prices, shrinking libraries, and ads inside paid plans. I watch a lot of movies, and instead of juggling four subscriptions, I use Plex every day to stream my own collection ad-free on all my devices. I now have Plex Lifetime Pass which allows me to stream my own media outside my home network. Jellyfin sits right beside it as my backup, ready to take over if and when Plex goes down.

Self-hosting isn’t magical. It requires maintenance, patience, uptime management, and some occasional hair-pulling. But the trade-off is worth it. I get speed, privacy, freedom from Big Tech lock-ins, and complete control over how my digital life is stored, streamed, and protected. It’s not perfect, but it’s the closest I’ve ever felt to owning my data instead of renting it from someone else.

Future Plans

In 2024 and 2025, I began moving my digital life into my own hands - starting with my Synology NAS. But this is only the first step. My next move is to set up a dedicated mini-PC running Proxmox and expand my homelab into a more powerful, self-hosted ecosystem.

The goal is simple:

Here’s the roadmap:

1. Migrate key workloads to the mini-PC

Services like AdGuard Home, Tailscale, NPM, and Vaultwarden will move from Synology to the mini-PC for better performance and flexibility.

2. Build a clean separation between home-only services and internet-facing ones

Using NGINX Proxy Manager + Cloudflare, I’ll properly isolate and secure services based on where they are accessed from - internal LAN vs external internet.

3. Deploy more privacy-focused self-hosted apps

Some planned additions:

• Immich for private photo backup

• Uptime Kuma for monitoring all services

• Dashy / Homarr for a unified dashboard

Even in 2025, I’m far from perfectly private. I still use Google Maps because it’s simply better in India, I still use Instagram, ChatGPT, and Reddit, and I still rely on Apple’s ecosystem because the convenience is unbeatable. My goal isn’t to disappear - it’s to reduce unnecessary data exposure without ruining my quality of life. Privacy is a spectrum, not a switch. I do what I can, and I try to keep improving.

Throughout this blog series, you'll learn more about these services and softwares and the tips and tricks that I use to secure my digital life.