Configure Your Privacy in Linux

In light of the revelation of government snooping by William Binney, Edward Snowden as well as WikiLeak contributors and others, many people are increasingly concerned for their privacy and for their security. This has many people exploring Linux, as they have “heard” that it is harder to attack, has fewer viruses etc. Many install simple distros such as Mint or Ubuntu, and assume once they have it up and running and drivers installed, that all is well. This simply isn’t the case. I am not going to go into details regarding why this isn’t the case, I am simply going to provide a simple guide to those that want to use the web as anonymously as possible be it for reasons of paranoia, or desire to shop Macey’s online without being tracked and getting a drove of SPAM mail as a result. While some of us may be able to make do with a live distribution built for security, such as TAILS, (used by Edward Snowden), I suspect many people would prefer a persistant operating environment that saves files, settings and more. While TAILS can be configured to do so, it just isn’t the same as a regular desktop experience. So it is the entry level users rather than the power users that this instructional targets.

Step one, they pretty much got correct in switching to Linux, though Ubuntu and similar distros are questionable, and that is, use only programmes which have open source code that anyone can review. Closed source software like Microsoft Windows, or Skype, have been found to have deliberate “backdoors” through which attackers may gain access. Why they were added, one can only speculate, but they are there and they compromise your security. You will want to find software for your Linux distro which is open source so that you know that you have a community constantly pouring through the code, ready to blow a whistle at the slightest provocation.

Step two, is to get the software necessary for securing and anonymizing your internet connection. For this, we naturally look to the Tor Project. While it is not perfect (nothing is), it is well tested, in constant development, and is better than nothing at all. One of the main components of the Tor Project is their Tor Browser Bundle. For details on exactly how it functions, see HERE. Installing is a breeze.

For Debian users, add this line to your/etc/apt/sources.list file:

 

deb http://deb.torproject.org/torproject.org <DISTRIBUTION> main

 

where you put the codename of your distribution (i.e. lenny, sid, saucy or whatever it is) in place of <DISTRIBUTION>. Then add the gpg key used to sign the packages by running the following commands at your command prompt:

 

gpg –keyserver keys.gnupg.net –recv 886DDD89 gpg –export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add –

 

Now refresh your sources, running the following command (as root) at your command prompt:

 

apt-get update

 

If there are no errors you’re good to continue. To finally install Tor just run:

 

apt-get install tor

 

Once you have successfully installed the Tor Browser Bundle, I recommend using Vidalia for a graphical user interface to control Tor. Installing Vidalia is similarly simple:

To install Vidalia as a Debian user, simply add this line to your /etc/apt/sources.list file:

 

deb http://deb.torproject.org/torproject.org <DISTRIBUTION> main

 

where you substitute the above word (etch, lenny, sid, karmic, jaunty, intrepid, hardy) in place of <DISTRIBUTION>. Then add the gpg key used to sign the packages by running the following commands at your command prompt:

 

gpg –keyserver keys.gnupg.net –recv 886DDD89 gpg –export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add –

 

Now refresh your sources and install Vidalia by running the following commands at your command prompt:

 

apt-get update apt-get install vidalia deb.torproject.org-keyring

 

Now you will have to configure Firefox (and Thunderbird if you have it) to use the proxy supported by Tor. To do this, open the browser and go into the settings. Under the settings select proxy settings. Select either SOCKS or SOCKS5 as a protocol, and use port 9050. For host, just enter “localhost”. You will also need to install two plugins to FireFox which will lessen your digital footprint. The first is HTTPS Everywhere, and the second is NoScript. They can be configured to allow certain pages, for instance, FaceBook which will essentially be non functional with scripts turned off. Just keep in mind, every allowance is an open door. A few other scripts that are noteworthy: Adblock, Self-Destructing Cookies and Disconnect. They aren’t necessities, but they certainly increase your experience.

As for Thunderbird, if configuring it manually is too much for you, you can try TorBirdy. It will set up your Thunderbird install to rout everything through the Tor Network. This isn’t enough, however; you will still want to install the EnigMail plugin. Enigmail is a security extension to Mozilla Thunderbird. It enables you to write and receive email messages signed and/or encrypted with the OpenPGP standard. Sending and receiving encrypted and digitally signed email is simple using Enigmail.

Once you have that done and working, you will want to do the same to your instant messaging software. For this, I strongly recommend Pidgin, with the “OTR” Off the Record plugin. It works much the same way. Simply click on your account, select the proxy tab and use the same settings as for your browser. This routs all of your internet communications (FireFox, ThunderBird and Pidgin) through Tor which anonymizes your location, data and details.

Installing Pidgin really couldn’t be easier…

apt-get install pidgin

That’s it. Really. Now you will want to make use of websites that do not track you, so rather than using Google as your goto, try performing searches using DuckDuckGo. The website uses scripts, but it doesn’t track you, or keep record of your searches. It also doesn’t start submitting advertisements based upon your search history.

For securing the contents of your hard drive, I recommend installing BleachBit both for its capabilities and for its ease of use. And lastly, for your passwords, PWSafe. It’s pretty self explanatory.

If you follow this guide, you will have a fairly secure setup with an anonymization cloak. It isn’t foolproof, and it isn’t perfect, but it minimizes your digital footprint and the information that you send each time you use your computer. Please be aware that with these settings, you can expect to have to verify common logins such as Facebook, Google etc. due to their security measures. It will often tell you that you are logging in from an unrecognized location (such as Germany or Romania) and require you to identify photos of friends, or enter a code sent to your phone etc.  If you can live with these little annoyances in the name of privacy, then enjoy!

Have any suggestions to make this guide better? Email or message me! I’ll get it added and credit you as a contributor!

Comments

comments