this post was submitted on 21 Feb 2024
28 points (85.0% liked)

Technology

59534 readers
3195 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

I've delayed making the transition to a fully "secure" set up until upgrading my PC and moving to a Linux distro from windows. now that that is happening and my parts are in the mail, what does the Lemmy community recommend for my personal network data to remain as eyes free as possible from potential hostile gov & non gov entities?

For context, I have 2 years of Ubuntu experience on a non daily driver laptop, recently acquired a CCNA, and have a deeply seated hatred & paranoia of being spied on. I have many hours of security content bookmarked, but am curious to hear the Lemming communities recommendations. I am currently studying for my AWS cloud practitioner cert, then Linux+, then my CCNP.

TLDR me Lemmy ๐Ÿคฃ

you are viewing a single comment's thread
view the rest of the comments
[โ€“] lemmy_user_838586@lemmy.ml 11 points 9 months ago* (last edited 9 months ago) (2 children)

Oh boy. First off, unless you're a high profile activist, a high profile government agent, or a high profile hacker, your threat model isn't really targeted to you specifically. For a regular person, you usually just want to try to keep some amount of privacy on the internet and not be the lowest hanging fruit for bots and scripts.

Any of the big name Linux distros will all be fine, Ubuntu, Debian, fedora, Linux mint, etc, etc. With exception of arch, its fine, but make sure you're in a position to update regularly, and possibly deal with some breakage and fixing after an update with arch. (don't use it for server)

Anyway, these are the things I do, if you'd like to take inspiration:

I use LUKS for full disk encryption on my laptop. Not because of paranoia about the government, but because its nice to know if you're in a cafe working and someone steals your laptop while you get up to go to the restroom or something, your data is safe from prying eyes.

I use an opnsense firewall for my network, for flexibility and control over my devices and connections.

I use an openWRT WiFi router,again for flexibility and control over my WiFi connections.

I use a Firefox based browser, (firefox, fennec, ice raven, etc) its hardened enough I'm sure there's some crazy hardened version of chrome or whatever, but for the safety of the web, I like supporting a browser that's not chrome, there's really only 3 big players and one of them is Google, they alllmost have a monopoly on the web. All the other browsers are using Chrome's rendering engine except Firefox and I think safari.

Use Ublock Origin firefox or chrome extension for ad blocking

For a phone, I'd probably use a pixel device that supports grapheneOS, but right now i'm just using LineageOS, again in use Firefox for android with ublock origin extension.

For passwords, I use keepassxc, and sync it across my devices with syncthing

Oh, and don't use google for your search engine.

[โ€“] meekah@lemmy.world 3 points 9 months ago* (last edited 9 months ago) (2 children)

Have you used graphene os? I like the idea but I'm kind of afraid of bricking my phone and also I'm not entirely sure how I'm supposed to move over 2 factor auth entication stuff properly when I (probably?) need to wipe my phone to install graphene.

[โ€“] PlantObserver@lemmy.world 1 points 9 months ago (1 children)

Graphene is awesome, super easy to install with their web tool.

For 2FA if you're still using G00gle's there is no way to export to try and keep you locked in. Go ahead and start switching all your stuff over to Aegis now (my recommendation, or another that's on fdroid and allows exports) and then you literally just export the file to your secure backup (I use filen) and then import on your new graphene install. Super easy. This allows you to keep manual backups as you please as well.

[โ€“] meekah@lemmy.world 2 points 9 months ago

luckily I'm not using google but all this sounds very promising. I might try it out this weekend!

[โ€“] lemmy_user_838586@lemmy.ml 1 points 9 months ago* (last edited 9 months ago) (1 children)

I haven't, I use my phone as a medical device, so I haven't taken the grapheneOS plunge yet as I'm not sure if the medical app would work. Yes, you'd have to wipe your phone to install GrapheneOS. For authenticator, if the app you used doesn't allow exporting them, you have to disable 2 factor on all services and websites that use the authenticator 2 factor codes, switch to the new phone and new app, and re-enable on all services to get the new authenticate code. Pretty shitty, that some authenticator apps don't give you a way to export (I don't think the google app allows you to, correct?)

[โ€“] meekah@lemmy.world 1 points 9 months ago

I never really thought to check if there is some way to export but I suppose that will be the way I'll go about this. Thanks for your input :)

LUKS for sure. If you're really paranoid and want some extra protection, look into something with Coreboot. You can go wild with it's configurables.