Linux tools to assist in privacy, security, and anti-censorship.
Do you want piece of mind when working online? Concerned about privacy, security, or censorship? If so, here are some suggestions to put your mind at ease, at least a little. Just be aware that nothing is full proof, but making things harder for the bad guys sure makes you feel better.
First thing is first, install Linux and encrypt your home drive during install. I do not trust Microsoft at all. I do not distrust Apple as much. But they too are a big corporation that can be controlled by the powers that be. Plus they dictate too much for my tastes. Chrome is not even worth my time, but some of these tools might run fine if you enable the Linux subsystem. Again, Google may be beholden to the powers that be just as Apple could be. In my opinion, Linux is safer for many reasons, as is most of the software.
One thing I always do is change the admin password on the router I use. I suggest doing that if you haven’t already. If you have a router from a provider, look up how and if they allow you to change that password. I harden my router also, but I don’t know what kind of access these internet providers allow their customers on leased equipment. I do believe they will use a default user/pass for all their equipment though.
Installing Linux Tip
I do not think installing Linux on a single drive is the way to go. I like to separate my home from root so they live on their own drives, but you can use separate partitions on a single drive to separate them or use the whole drive if that is your preference. Another reason for this, that I don’t think I mention in that other post, if your OS gets compromised you can simply install a fresh Linux OS of your choice to your system drive and all of your settings and data stay safe. This will also ease the setup process as your configs are still intact.
Here are my thoughts on using a separate drive for home (all your data, software and their configurations are separate from the OS).
Privacy and Security Focused Distributions
Linux is fairly consistent so any Linux distribution will do, however, if you are super paranoid there are distros that are considered more secure than others. You could also go Unix and install FreeBSD or GhostBSD for a cleaner more strict approach to security and secure open source software as well.
Here are three Linux distros considered more secure or private than others:
Qubes OS (Requires more technical ability and hardware requirements then the others)
Other: non-Linux
I already mentioned Unix. Here are three OSes that would likely not be on any radar at all. They are not Linux or Unix and will run on modern hardware. It is very likely these would be overlooked by bad actors.
FreeDOS FreeDOS is a open source DOS rewrite, which has some modern features and can run older DOS games and software. Software is mostly public domain or abandon-ware and can be freely downloaded from various sites like WinWorld or Internet Archive.
HaikuOS Haiku is a complete rewrite of one of my favorite OSes from the nineties, BeOS. It looks dated though it has some great features I think other operating systems should adopt. Be aware, it’s beta so there are issues and bugs. There are some Linux applications ported; although, you will find software limited for advanced usage and some programs are older or have bugs as well.
ReactOS React is a from the ground up rewrite of Windows NT. It allows some Windows software to install and run like you are on Windows. Much like Haiku, it looks a little dated (think Windows from early 2k). It can be buggy. React is not without its bugs and quirks. Installing Windows software and drivers is hit or miss.
Linux Install Options
There are four ways to install Linux. If you wish to keep Windows, you can dual boot (installing Linux on a second drive or partition along side another OS, er, Windows).
You can also install Linux on a large USB thumb drive so you can plug it in, boot to it when you need it, do your work, and boot back to the OS on your internal drive without leaving a trace on your system. This way nothing is installed on your main machine and you can hide your thumb drive if you feel the need. Installing as opposed to just booting to a live USB is that it is persistent so all your software, settings, and files are available next time you use it.
You can also install on a virtual using VMWare or VirtualBox, which can be convenient since you can run it while you are booted into you main system. Virtual separates its disk from your OS, besides the virtual disk file it creates. You can also skip creating a bootable install thumb drive and simply use the ISO directly if you don’t care about losing data or configs when you shut down.
My choice is to only run Linux. Linux is my main OS and has been for many years. My current setup is Ubuntu 24.04 on my daily driver laptop (System 76 drivers are my reason for running Ubuntu), Ubuntu 24.10 on my Surface Pro 6 (Simply works great on this device), and Fedora and Haiku OS on my backup laptop.
Security and Privacy Tools
Here are the tools that I use and recommend for privacy and tightened security while still enjoying a friendly modern system. They are quite good and should mostly be found in the software repos for your system through its package manager. You may also find them as snaps, flatpaks, or appimages, which could be newer than those offered by the standard package manager of some systems.
* If you do not know what snaps, flatpaks, appimages, or repos are, look them up and get familiar.
Vaults is a tool to create one or more encrypted virtual drives on Linux. There are two installs. One is terminal only and the other is a GUI app (Flatpak version is the safest bet). You can use it to store sensitive data on top of an already encrypted drive. Overkill, I know, but if someone gets to your machine unlocked, any data in Vaults will still be secured if you keep it locked when you data there is not in use. Would also be a s useful if you prefer to not encrypt you whole home partition, but want some level of encryption for personal stuff.
I use gocryptfs as the back-end. You can install on Ubuntu with: sudo apt install gocryptfs
Note: I use Vaults to store my Secrets password database. It requires that I log into the Vault then Secrets to retrieve passwords. I do not sync passwords between devices nor do I store them in my web browser.
Secrets Password manager. It lacks a lot of the features of the big proprietary products, but I like that. Convenience is a security issue in of itself.
Portmaster is a super charged firewall, network viewer, and tracking/malware/app blocking tool. You can download the .deb (Ubuntu/Debian) or .rpm (Fedora) from their site and install manually by double clicking the file or, maybe, right click install.
Session is a decentralized secure chat platform. You do not need to give any personal information to create an account and your chats and sharing are encrypted. You can also choose to only connect with people you know by giving them your ID. Desktop and Smartphone apps available.
Riseup VPN Free VPN. It is not the fasted and I am unsure about installing this from the web, but it is in the Ubuntu repos and works great. I would only recommend this for quick things that you want to make harder to track. Not good for streaming and downloading illegal content.
Tor Browser Hard to track web browser running on the tor network (dark web). It’s slow, but you will be more difficult to track.
Rymdport Transfers files between your computers, on your local network, encrypted.
Joplin This is my favorite notes application. Allows you to organize notes, sync between devices, and encrypt notes. You can write notes in markdown with live view.
Vivaldi, Opera, or Brave web browsers. I use Vivaldi and have it setup to not store anything other than cookies while I am surfing and have the ad blocker on (I also block ads at my router). I have Vivaldi scrub history and cookies when I exit. I use the Privacy Badger extension along with DuckDuckGo Privacy Essentials, which can both be installed from the extensions manager found in the main drop down menu (top right) in the web-browser. My main search engines are Startpage and DuckDuckGo. I do not create accounts for the browser for syncing and such. I do believe Brave and Opera support all of that as well.
Metadata Cleaner View and remove metadata from files, like geo location data in images, before posting online.
Tuba Fediverse client with support for most services, like Mastodon. These are decentralized social networks with alternatives to services like X, Instagram, and YouTube. Also see Whalebird or Fedistar.
FreeTube Private YouTube client.
Final thought
In closing, as of this writing there seems to be blocking of Linux related information sharing on Facebook and the shutdown of some hacker forums by the FBI. You may want to get setup if things go further and they go after VPN services, certain sites, open source software, and various Linux distros. I am usually not paranoid, but you never know and it is better to be safe than sorry. If nothing else, the chaos in the U.S. government presently could embolden hackers and allow them the pleasure of taking advantage of the chaos.