Compartmentalisation with Dedicated Devices
You have the gold standard of compartmentalisation, which is dedicated devices. So if you have a company laptop...you are already winning. (SR Apr 25 Q&A 3:30)
This snippet of conversation—spoken by host Henry—on a recent Surveillance Report podcast caught my attention. Compartmentalisation is a recurring term in privacy discussions.
Today, I want to look at how I have ended up separating different aspects of my digital life by using pieces of refurbished hardware, acquired or found over the years. This is compartmentalisation through using dedicated devices on a budget.
What is compartmentalisation?
When I do a quick DuckDuckGo, I see compartmentalisation come up as a human psychological defense mechanism, whereby we keep certain thoughts or feelings completely separated in our minds.
Separation is key to the type of compartmentalizing I want to look at today. Webster's online dictionary talks about 'separate divisions or sections' (i.e. 'compartments') and the Oxford Learner's Dictionary says that when we compartmentalize something, we do so
especially so that one thing does not affect the other
The modern idea of aiming for a healthy work-life balance is a good example of compartmentalisation in action; the goal is to observe a strict separation between working hours and free time, in order to gain a sense of meaningful direction over your own life.
In the digital world, compartmentalisation is a method for keeping your data private and perhaps more secure. By not mixing work emails with personal emails, for example, the chance of your personal email address getting added to your colleagues' email address books is reduced.
I asked a friend who works in IT security years ago about his tips for best practices for keeping data private and secure. He emphatically stated that keeping the number of downloaded applications on your phone to a minimum is key. As users, we don't have any insight into how these apps communicate with one another behind the scenes on our devices, nor how they feed data to company servers.
Two approaches to compartmentalisation
There are two ways to compartmentalize your data:
- Create different user accounts on a single device
- Use different devices for different purposes
My preferred method has always been the latter. Using different physical devices for different purposes helps me see the compartmentalisation that is taking place, and I can literally shelve work for the day by shutting down the device and putting it away.
Creating user profiles as a means to compartmentalise different aspects of your life works really well on some of the Android custom ROMS, like GrapheneOS and CalyxOS. I have also been experimenting with the Linux operating system Qubes, which takes the concept of on-device compartmentalisation to extremes. But today, I want to focus on how compartmentalisation can be achieved by using different physical devices for different purposes, and, hopefully show you what that this can be done with a reasonable IT budget using older hardware.
Dedicated devices - eggs in separate baskets
The idea of a dedicated device seems counterintuitive. The key feature of modern-day computers, big or small, is that they are versatile and can solve different types of problems using the same piece of hardware. I can use one PC to write and publish this blog, answer work emails and plan my lessons, and mix 30+ tracks into a song.
When work or school institutions provide us with a computer (usually a laptop), it can be tempting to have them double as personal devices. In some places I have worked, we were even encouraged to do this. I never thought it was a good idea, especially once I learned just how much of your activity on the device a systems administrator can potentially see. On the flip side, I also often see friends log into their work email on their own smartphones.
Digital mimimalists argue that this kind of messy overlap of identities results in stress, and a loss of peace of mind. To regain a healthy balance between work and personal life, they argue we need to take steps to keep our professional or student online lives compartmentalised. To achieve this, they encourage deleting work email apps on personal devices, to give just one example.
I think the mimimalists are right. I also believe that this approach to compartmentalisation can be taken further in order to begin building walls around the different aspects of our online identities and data, in order to resist profiling.
Dedicated devices on a budget
I have gone through a number of iterations before arriving at my current setup. Before I describe how I use my devices for dedicated purposes, I want to address the problem of cost.
If you are a student struggling to make ends meet, then perhaps this approach is not the best for you, and you may want to explore compartmentalisation through setting up different user profiles on one device. But for most others, and perhaps even students with access to second-hand markets (online or physical ones) I would argue that a multiple devices approach is attainable on a budget; the refurbished devices market is too often overlooked.
Most of the devices I describe below were either bought second-hand or are repurposed bits of hardware, previously discarded as junk. Some devices did cost more, but not all items listed are essential. Breathing new life into old devices by using Linux desktop systems is a magic trick I never tire of, and so, as my family members correctly point out, this particular hobby has become a bit of an obsession for me.
My approach
Here's an overview of my own approach to compartmentalisation, by using dedicated refurbished devices, and by adhering strictly to their intended purposes.
Gaming
I have always played video games on consoles. My kids do the same. Though Microsoft and other companies have tried (and failed) to turn their gaming consoles into all-purpose entertainment machines, game consoles today are still a good example of devices optimised for one specific purpose: gaming.
I do need to log in with a Microsoft user account on my Xbox, which has my personal and credit card details, which will inevitably be used on other devices, but I try to create single-use accounts where possible.
Waking up
I use an alarm clock.1
Reading
After years of using a Kindle, I've gone back to printed books. I buy these new or second-hand, and often pass them on when I'm finished. I also have a library card, but don't use it enough.
Streaming and TV
I like watching TV on our family television. I don't watch films or series on laptops or phones. I am a fan of channel surfing (as opposed to browsing media libraries). I love TV.
Personal laptop
I use a Lenovo Thinkpad with Bodhi as my Linux desktop operating system. I got an excellent deal on a second-hand market with the T440p. The previous owner had looked after it well, and had already implemented hardware improvements, such as a better screen. I upgraded the CPU myself—a hair-raising first attempt that actually worked!
I have one user profile on this device and it is for personal use only.
I use cloud-based services (self-hosted Nextcloud, pCloud, Standard Notes), or USB drives to send data between this personal device and other devices, only when necessary. I occasionally send emails to my own work email using an alias.
Work & Music production computer
Some of the older mini desktop PCs still pack a fairly good punch. I was able to purchase one of these refurbished, and use it for specific CPU-hungry tasks.
Importantly, this computer runs Windows, and I have set up several separate user profiles: one for sound production, the other for my work.
Rather than foolishly attempt a hardcore FOSS and Linux approach on all fronts (I did try, for a while), I just use all the Microsoft systems my work expects me to use2 on this computer, and I can install third-party audio plugins without any bother in Windows.
This is what Henry and Nathan were discussing on the Surveillance Report quote above. Why fight against the current in places where you don't need to? You actually end up standing out more. I just make very sure I don't have any cross-over with personal applications or data on those two Windows profiles, and I never log into profiles or platforms for personal use on a work office computer.
Whoogle on Raspberry Pi
I run a local Whoogle instance on a cheap Raspberry Pi. I describe that here. Surprisingly, this is my most regularly read article to date.
Whoogle enables us to access the Internet at home using Google's excellent search tool but without sacrificing any personal data in return.
The Raspberry Pi was bought new, but it was not expensive. While having a dedicated Whoogle instance in your home is not a necessity, I learned a lot from this project, and it's great to see it still works!
Server computer
I realise my obsession is starting to show a little at this point, but keep in mind that I acquired these refurbished PCs over a period of five or more years, so the average cost per year is low.
The server PC is always on at sits below my desk. From it I run a Nextcloud server and a full Monero node. Both were hobby projects for learning, but the Nextcloud server has become a tool with real practical value, for example, for exchanging large files, or organising documents and notes.
Running a full Monero node and mining from it has been educational and fun, but I make no money—the cost of electricity is always higher than the weekly cents I make mining. I do use my personal node to sync my wallets on the local network, which is faster.
Data backups on old hard drives
I found several large (3TB), discarded hard disk drives (HDDs) in a cupboard, and am using these for manual backups of my data and for cloning my computers. HDDs are mostly a thing of the past, but work just fine for backups, because it doesn't matter if the process takes a bit longer, and are therefore a very cheap solution.
You can buy housing shells for these chunky drives that will supply them with power. Any unused solid state drives (SSDs) can also be used for backup; all you need here is an adapter USB cable, as SSDs don't require their own power source.
Smartphone for home use
I need a smartphone at home for all the familiar conveniences, from banking to chatting on Signal. For several years running, I used old Motorola smartphones with /e/OS. Motorola smartphones have very good battery life, on the whole, and are cheap.
But I began to feel antsy about using a permanently unlocked smartphone, and was able to purchase an older model of the Google Pixel second-hand, so I could learn how to install CalyxOS and later GrapheneOS. These operating systems only work on Google Pixel devices, but they allow you to lock your smartphone back up after installation, which is good for peace of mind.
I use my WiFi smartphone mostly at home for listening to music, podcasts and chatting with friends and family on Signal. I sometimes swap in a SIM card and take it with me when I travel.
Light Phone 2
I found one of these second-hand. My LP2 is the one device I always carry with me. On occasion, I use it as an alarm clock or music player too.
Problems
It's a lot of devices. When it comes to updates, backups and general maintenance, it might seem simpler to just do everything on one device. A silver lining to the extra maintenance work is that when something breaks, only a portion of my digital life is affected, never everything all at once.
It may seem compartmentalisation by using dedicated devices is too expensive. True, the Xbox and Light Phone 2 were expensive purchases. But, the other devices and peripherals probably cost less combined than one new high end smartphone or computer.
Compartmentalisation by using dedicated devices requires time. I have spent up to several months on some of the individual projects listed above. I take detailed notes, and then describe some of these in this blog. I personally don't mind giving up the time, because tinkering with technology is fun for me, I always learn something new, and I believe that giving old hardware a new life is a good idea! But I understand that it may not be for everyone. If time is too valuable, I would at least try using separate of work and personal devices.
Compartmentalisation requires a level of discipline. It can be so tempting to just quickly log into work platforms on personal devices, and vice versa, but you have to be strict with yourself, and find sometimes tedious work-arounds for sending data from one system to another when you need to, or wait with a hotel booking until you get home, in order to maintain the separation.
Conclusions
Compartmentalising your data by using dedicated physical devices may or may not work for you. I'll admit that it has helped that I enjoy these projects; it's part hobby, part learning, which justifies some of the extra time and money investment over the years for me.
If this is not your cup of tea, or if you simply don't have the time, then I would try the software compartmentalisation route, setting up different user profiles for different purposes. I plan to describe that when I write about my experiences with GrapheneOS.
And for those readers who feel you might enjoy repurposing refurbished or discarded devices for compartimentalisation, I say: go for it! Writing as someone without any formal background in IT, if I can do it, then you certainly can too, one step at a time.
Documentation
Surveillance Report Q&A, 25 April 2024
Compartmentalisation in psychology
Oxford Learner's Dictionary 'compartmentalize'
e/OS custom ROM for Android phones
-----Discuss on Reddit-----
Subscribe to my blog via email or RSS feed.
Find me on Mastodon and Twitter.
Back to Blog
Subscribe to my blog via email or RSS feed.
Back to Blog
I should add that I never buy Internet of Things devices. An alarm clock, a fridge, a coffee maker, sex toys—these do not need to be networked.↩
If you want to have a real taste of bloated, counter-intuitive corporate software, try using Microsoft's Edge browser. It sucks, but I sign into and sync all my work platforms and applications via this monstrosity.↩