Open Source Privacy

I’ve blogged about OpenSource software and the Linux operating system before – I’ve even convinced friends and family members to join me. CentOS and Debian are my distros (distributions) of choice, but for most of them, moving over from the Windows world; simpler is better. To resolve that, I’ve set them up mainly with Ubuntu (shudder) and Mint. My own children use Xubuntu. I get asked a lot –

How do you get anything done since (insert overpriced product here) doesn’t run on Linux?

Well, I’ve blogged about that too, HERE. But in the wake of US programs for spying on the American public, such as PRISM, merely using OpenSource and expecting the lack of anything Microsoft to protect you isn’t enough. I’ve touched on configuring TOR, using Off the Record plugins for Pidgeon and other similar privacy enhancements HERE.

But I’d like to take a moment to post on a basic level for beginners, about the bare essentials in protecting their privacy. Simple changes that they can make without having to do any real major configuration to their system.

For this, you need to be a bit more clever by taking certain steps such as changing your search engine, what browser you use, how you email and how you generally make use of any web based products. Read more about giving the NSA the finger HERE, and opting out of global data surveillance HERE.

The “Opting out of Global Data Surveillance” link should pretty much cover what you need, and for Linux users like myself, this specific LINK in the opt-out information is useful. But at the basic level, even if you don’t feel a need to install, configure and make use of TOR, at the minimal, use Firefox and make either https://duckduckgo.com or https://www.startpage.com your go-to for your searches each time you search. StartPage has the obvious advantage as it provides Google search results (let’s face it, we call searching “Googling” for a reason) but strips out your personal information so that Google never receives your IP or has a chance to laden your machine with cookies. That’s not to say that DuckDuckGo isn’t useful, but you will see a noteworthy difference in the quality of search results.

For your email, while it does not have anywhere near the bells and whistles of Google/Gmail, I highly recommend Autistici-Inventati. Their service does offer all the following, free, and naturally they accept donations to keep these services available. Find them HERE. The web mail is plain and uses Roundcube, but it’s free, private and secure. Couple it with Thunderbird or Earlybird (HERE‘s how you secure them), and it’s a win! Also, you can use K-9 on your Android phone for the secure email feature.

There exist other email alternatives, of course, aside from even those mentioned in the opt-out link. A friend of mine on Mastodon (more on this in a bit) recommends ProtonMail. I haven’t tried it to date, and as such, cannot comment on it positively or negatively. I respect his opinion and assume that if he recommends it, it’s worthy of said recommendation. You can read about his move to Linux HERE. You can also read his write-up on online privacy (in which he touches on ProtonMail) HERE.

Anyway, these are the surface level important bits gleaned from the opt-out information. You can read more details and customize more of your desktop environment with apps and web services as you wish based on their guide. These presented here are the absolute BASICS for preserving a shred of privacy in an ever increasingly watched, regulated and data mined digital world.

The last subject I’d like to touch on, is… well… a touchy one. Social networking. I know… you’re old and stuck in your ways. Facebook is familiar and easy. Twitter is comfortable and doesn’t need any configuration. Well – that may be true, but they’re also undoing everything that we are trying to do in the entire preceding part of this blog post. Facebook caches every single search. Whether for people or for products. Every page you like. Every status you like. Each news story that you read from their web app. Twitter does the same. Everything that you do on either site is monitored, collected, and placed into a nice little package that allows them to serve all those ads that you see all over in the side bars, and between posts. Your email… your birthday… all your relationships. This data is all theirs. You gave it to them. And they use it.

There exist two main alternatives for Social Networking that I highly recommend. The first is older (if you don’t count OpenSource predecessors) and is called Diaspora. It’s pretty much got all the functionality of Facebook, but without the clutter, without the ads, and without fear of all your data being mined and sold to any and all bidders. They have a large pool of “pods” to choose from, and you can join any of them. They allow you to follow people from other “pods”, but they aren’t ruled by a centralized, authoritarian data miner. I know, it’s a pain getting your family and friends to switch, but persistence does pay off! The second is Mastodon. It’s essentially a fuller featured Twitter, which allows more character input as well. Like Diaspora, it’s broken into “instances” and not all housed in a central server somewhere. You can join any instance that you like, and like Diaspora, follow people from other Instances. Again, no centralized authoritarian data miner granting you the right to use a website in exchange for all your digital data. Both Diaspora and Mastodon have mobile apps that you can use. Both are well worth a try, and both will help you protect / control your own data. That isn’t to say that either is foolproof, but both by far outweigh the negative aspects of Facebook and Twitter.

Useful Linux Commands

​Here is a list of the most common commands that you will probably find useful. The commands and descriptions are all separated by “=”, so don’t include the = sign in the commands

The most important one which will make your life MUCH easier is:

sudo apt-get install <enter a programme name here>

This finds the most up to date repository for you, and installs the latest version of the software. No going to different websites, downloading and then trying to figure out how to install from an extracted bzip etc…

Now… on to the rest of the goodies.

  • cat /proc/cpuinfo # CPU info
  • cd # change directory
  • convert -resize 640×480 -colors 14 wallpaper.png splashimage.xpm && gzip splashimage.xpm # change picture into grub splash.
  • cp # copy
  • df -h # disk space usage
  • fglrxinfo # graphics driver info
  • free -m # memoryusage
  • glxgears # check 3d graphics
  • glxinfo # opengl info
  • ifconfig # network configuration info
  • killall gnome-panel # kill,refresh panel
  • locate # find target
  • lsb_release -a # OS info
  • lshw # list hardware
  • ls # list contents
  • lspci # list pci devices
  • man command | col -b > file.txt # save man uotput to file
  • man -f # man title of target
  • man intro # user commands help
  • man -k # man file for target
  • man man # man manual
  • mkdir # make directory
  • mv # move
  • netstat -l –tcp –udp (and then) watch -n 1 netstat -an –tcp –udp # watch port activities
  • rmdir # remove directory
  • rm # remove
  • rm -r # remove all
  • sudo apt-cache # debian apt library
  • sudo apt-cache search (search subject) # Search debian repo for apps
  • sudo apt-get dist-upgrade # upgrade all
  • sudo apt-get update # update sources.list
  • sudo cp /<filename.backup>/<filename> # reset to backup file
  • sudo deborphan | xargs sudo apt-get -y remove –purge # remove orphans
  • sudo dmidecode | more # Detailed hardware info
  • sudo dpkg -l | cut -d ” ” -f 3 # list installed packages
  • sudo dpkg-reconfigure menu sudo dpkg-reconfigure menu-xdg (reboot) # fix Debian menu
  • sudo dpkg-reconfigure xserver-xorg # Reconfigure periphials, graphics
  • sudo fdisk -l # View Hard drive partitions
  • sudo hdparm -l /dev/sda # hard drive settings
  • sudo hdparm -tT /dev/sda # hard drive speed
  • sudo ln -s ~/.themes /root/.themes sudo ln -s ~/.icons /root/.icons sudo ln -s ~/.fonts /root/.fonts # make root look like user
  • top # system,processes,resources,cpu,ram,etc. info
  • uname -a # kernel version
  • update-menu # update gnome menu
  • whereis program-name # location of program/man page
  • which <program name> # location of program

Cheat sheet may. be downloaded HERE. All credit for it goes to http://fosswire.com

Thanks to Michael Lindner for reading and offering insight. A few corrections made, thanks to his assistance!

Another update from a different Michael:

alias claer=”clear”

“There are lots of variations on that for other common misspellings, but I think I’ve used ‘claer’ instead of ‘clear’ far more than any other mistake. Also, if you’re going back and forth between Windows and Linux a lot, it might not be a bad idea to make ‘cls’ an alias of ‘clear’, and maybe do the same for ‘ls’/’dir’.”

Configure Your Privacy in Linux

In light of the revelation of government snooping by William Binney, Edward Snowden, WikiLeak contributors and others: people are increasingly concerned for their privacy and security. This has many people exploring Linux, as they have “heard” that it’s harder to attack, has fewer viruses etc. Newer users tend to install simple distros such as Mint or Ubuntu, and assume once they have it up and running and drivers installed, that all is well. This isn’t the case. I am not going to go into details on why this isn’t the case, I am simply going to offer a simple guide to those that want to use the web as anonymously as possible be it for reasons of paranoia, or desire to shop Macey’s online without being tracked and getting a drove of SPAM mail as a result. While some of us may be able to make do with a live distribution built for security, such as TAILS, (used by Edward Snowden), I suspect people would prefer a persistent operating environment that saves files, settings and more. While TAILS can be configured to do so, it isn’t the same as a regular desktop experience. It is the entry level users rather than the power users that this instructional targets.

Step one, they pretty much got correct in switching to Linux, though Ubuntu and similar distros are questionable, and that is, use only programmes which have open source code that anyone can review. Closed source software like Microsoft Windows, or Skype, have deliberate “backdoors” through which attackers may gain access. Why they were added, one can only speculate, but they are there, and they compromise your security. You will want to find software for your Linux distro which is open source so that you know that you have a community constantly pouring through the code, ready to blow a whistle at the slightest provocation.

Step two, is to get the software necessary for securing and anonymizing your internet connection. For this, we naturally look to the Tor Project. While it is not perfect (nothing is), it is well tested, in constant development, and is better than nothing at all. One of the main components of the Tor Project is their Tor Browser Bundle. For details on exactly how it functions, see HERE. Installing is a breeze.

For Debian users, add this line to your/etc/apt/sources.list file:

deb http://deb.torproject.org/torproject.org <DISTRIBUTION> main

where you put the codename of your distribution (i.e. lenny, sid, saucy or whatever it is) in place of <DISTRIBUTION>. Then add the gpg key used to sign the packages by running the following commands at your command prompt:

gpg –keyserver keys.gnupg.net –recv 886DDD89 gpg –export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add –

Now refresh your sources, running the following command (as root) at your command prompt:

apt-get update

If there are no errors you’re good to continue. To install Tor, run:

apt-get install tor

Once you have installed the Tor Browser Bundle, I recommend using Vidalia for a graphical user interface to control Tor. Installing Vidalia is similarly simple:

To install Vidalia as a Debian user, simply add this line to your /etc/apt/sources.list file:

deb http://deb.torproject.org/torproject.org <DISTRIBUTION> main

where you substitute the above word (etch, lenny, sid, karmic, jaunty, intrepid, hardy) in place of <DISTRIBUTION>. Then add the gpg key used to sign the packages by running the following commands at your command prompt:

gpg –keyserver keys.gnupg.net –recv 886DDD89 gpg –export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add –

Now refresh your sources and install Vidalia by running the following commands at your command prompt:

apt-get update apt-get install vidalia deb.torproject.org-keyring

Now you will have to configure Firefox (and Thunderbird if you have it) to use the proxy supported by Tor. To do this, open the browser and go into the settings. Under the settings select proxy settings. Select either SOCKS or SOCKS5 as a protocol, and use port 9050. For host, enter “localhost”. You will also need to install two plugins to FireFox which will lessen your digital footprint. The first is HTTPS Everywhere, and the second is NoScript. They can be configured to allow certain pages, for instance, FaceBook which will essentially be non functional with scripts turned off. Keep in mind, every allowance is an open door. A few other scripts that are noteworthy: Adblock, Self-Destructing Cookies and Disconnect. They aren’t necessities, but they certainly increase your experience.

As for Thunderbird, if configuring it manually is too much for you, you can try TorBirdy. It will set up your Thunderbird install to rout everything through the Tor Network. This isn’t enough, but; you will still want to install the EnigMail plugin. Enigmail is a security extension to Mozilla Thunderbird. It enables you to write and receive email messages signed and/or encrypted with the OpenPGP standard. Sending and receiving encrypted and digitally signed email is simple using Enigmail.

Once you have that done and working, you will want to do the same to your instant messaging software. For this, I strongly recommend Pidgin, with the “OTR” Off the Record plugin. It works much the same way. Click on your account, select the proxy tab and use the same settings as for your browser. This routs all your internet communications (FireFox, ThunderBird and Pidgin) through Tor, which anonymizes your location, data and details.

Installing Pidgin couldn’t be easier…

apt-get install pidgin

That’s it. Really. Now you will want to make use of websites that do not track you, so rather than using Google as your goto, try performing searches using DuckDuckGo. The website uses scripts, but it doesn’t track you, or keep record of your searches. It also doesn’t start submitting advertisements based upon your search history.

For securing the contents of your hard drive, I recommend installing BleachBit both for its capabilities and for its ease of use. And lastly, for your passwords, PWSafe. It’s pretty self explanatory.

If you follow this guide, you will have a relatively secure setup with an anonymization cloak. It isn’t foolproof, and it isn’t perfect, but it minimizes your digital footprint and the information that you send each time you use your computer. Please be aware that with these settings, you can expect to have to verify common logins such as Facebook, Google etc. due to their security measures. It will often tell you that you are logging in from an unrecognized location (such as Germany or Romania) and require you to identify photos of friends, or enter a code sent to your phone etc. If you can live with these little annoyances in the name of privacy, then enjoy!

Do you have any suggestions to make this guide better? Email or message me! I’ll get it added and credit you as a contributor!

Linux Programmes

A friend of mine has installed Linux, and asked me for my opinion on software that he should install. I figured I would share it here too, in case any of you have toyed with the idea of making the switch over to Linux.

ESSENTIALS

COMMERCIALWARE REPLACEMENTS

GAMING

And as always, to maximize your experience, ALWAYS look into plugins. There is a plugin for EVERYTHING, so if you want to do it, all you need to do is find it. My most used plugins are for GIMP, and for that, I go to: http://registry.gimp.org/popular

It is important to remember that just because you are using Linux now, does not automatically make you secure and safe from the snooping of government overlords or hackers extraordinaire. To ensure your privacy and security, I recommend you read the following two links HERE and HERE.

Have a few that you think should be on the list? Send me an email, and I’ll get them added!