Slow walking compliance is normal. It keeps assets liquid and processes & people in place as long as possible before making changes. It also prevents the cost of changing back and forth if a new rule is struck down before its final date.

What will happen often is that a compliant procedure will be developed as soon as possible, but no changes will be made until absolutely necessary. That gives the organization maximum time to figure out other routes of compliance, fight the rule and continue at pace before they change.

Either pay for an vpn and clear your cache and cookies constantly or pay directly to the advertisers.

Freedom isn’t free, there’s a hefty fuckin fee.

If you don’t kick in your buck-o-5 who will?

I can’t help you with the budget. That’s not enough money to buy a laptop new with that particular functionality.

If you can tolerate getting something older (and your described use case doesn’t sound like it would prohibit an older device!), thinkpads, MacBooks and the like almost always have removable wireless and Bluetooth modules.

These older devices are often a better choice than newer ones because they’re repairable and parts are plentiful and inexpensive. You will be much happier spending $200 on a used t480 or 2012 mbp than you will buying a new computer at that price.

You need to yank the antennas too if you’re really a paranoiac, but if a killswitch would be enough then you’re very clearly not that person.

Good.

A vps can be had for $10 a year. You gotta be smart about what you do and how you do it, but that neatly sidesteps some of the problems you’d run into when using your own hardware.

it runs a voltage regulator inside the cable

All mods are cops

Says rule 1 in the modlog.

Didn’t seem like it was bigoted, but the comment claimed the news source was pro-Iran and pro Syria or something with a Wikipedia link as evidence.

Think critically and perhaps engage the services of a lawyer to provide expert advice before you rely on that system.

Yeah only use doh on router, expect per device security otherwise.

I don’t use nextdns so I don’t know. Some mullvad stuff (like their http proxy!) is only functional when you’re using their vpn, but the doh server works fine without it.

DNS over https makes a connection with the dns server using the encrypted https protocol. That means that when I want to go to hanksbuttplugemoprium.com my isp doesn’t see the request because it’s encrypted. Normally those requests get passed up the chain in plaintext and that’s a Big Problem.

Like I said, I don’t know about nextdns, but it seems like it’s built around using dns level blocking.

The problem with blocking stuff through dns at the router level (like pihole and nextdns and if you’re not careful with what you choose, mullvads doh) is that you might end up stopping normal legitimate internet use. I stopped using pihole and later uhh the one with home in the name for that reason. Shit didn’t work and people wouldn’t tell me when it happened so I couldn’t whitelist stuff.

If you’re worried about your isp seeing dns requests and cataloging them, selling them or just blocking them and reporting you to the authorities, set up dns over https at the router level.

What are you trying to accomplish?

You can pay for mullvad month to month by sending them five bucks and a piece of paper with your special number written on it in an envelope.

Might make it more affordable.

There is one thing you should probably change post haste (see what I did there?): get you one of those polarized privacy screen protectors and stop using biometrics. At least in the us biometrics aren’t protected by laws against unlawful search and compelled speech.

Now do the cables 😈

Brand doesn’t matter. They’re all equally bad.

There’s two passwords to change: your routers administrator password and your WiFi password.

There’s mainly one setting to disable, but it’s often broken up into many across several parts of the device’s configuration page: wan administration or access to anything under any circumstances.

The smart starting point with dns is: dns over https. It’s probably all you need so don’t worry about pihole or other stuff. You mentioned mullvad. Use theirs.

These recommendations will provide a good baseline for security that doesn’t break the places you want to go on the internet. You could do more on the client side like use a vpn from your computer or configure your browser to use encrypted client hello and never store cookies or cache.

Buy unlocked. It’ll cost more and you won’t have the option of doing the carrier/manufacturers no interest payment system, but that’s what it costs to actually not be locked into a particular carrier for the foreseeable future.

My actual advice about phone choice is to learn the unjailbroken ios way of doing things because what you’re asking for in your post knocks out a lot of the more specific things people recommend on android devices and pushes you to smaller or not privacy focused roms.

You’re not auditing the code so you need the most eyes on it that you can get so running smaller or less privacy oriented software becomes more of an issue.

If you haven’t already, make a threat model and see if/how that changes your requirements and desires.