one of the many things i do but one of the most important i think is i use a paid vpn that has p2p and tor options plus i set tor as a systemd service so at boot my machine is completely torrified and under many layers of anonymity. A big plus about learning to use tor like a pro is I can stream youtube through vpn + tor at 1080p so when ppl say tor is slow, they just don’t understand how to maximize there exp. Oh, I also manually edit and configure my torrc file.
Yes, agreed. Rolling your own VPN server is very difficult. I’ve set up both OpenVPN, and now Wireguard too. Both were gruelling experiences, which took huge amounts of tinkering to get right.
You would do well to have networking skills like a professional Network Administrator, if you dare.
If you just need a Peer-to-peer VPN (with automatic firewall-punching goodness), I recommend Zerotier. Zerotier is one order of magnitude easier to set up than a Wireguard server, and Zerotier is two orders of magnitude easier to set up than an OpenVPN server.
In addition to those above, I’ll add that there is a configuration you can add to Thunderbird that will remove links from all emails. It allows the text to be displayed, but it will no longer be ‘clickable’.
VPN is installed on the router. I’m in the process of setting up a new pfsense router soon as I can figure out how to get it to connect. I’ll use that to block a lot of ads and crypto-mining sites. And the hard drives in the desktop are in a just installed Icy Dock for easy ejection so they can be locked up when I travel. I’ve also got to figure out how to encrypt the OS drive since that was not done during installation.
The thing about Wireguard is that all by itself, it just makes secure tunnels between hosts. That’s all it does, strictly speaking. To make a VPN solution out of these secure peer-to-peer tunnels (as is commonly expected from a VPN) you also have to combine iptables or other such firewalling rules with those secure tunnels (which wg-quick makes possible, but not in a simple way).
In essense, Wireguard is a framework, not a solution. I think it’s misleading for it to be called a VPN. Wireguard is a framework that a VPN solution could possibly be constructed out of, if you really know what you’re doing. Even wg-quick wasn’t solution-enough for me. I had to write a bash wrapper script to make it more user friendly for myself for day-to-day use. So it’s just barely a VPN “solution” for me, on the desktop.
If you followed some 3rd-party guide for Wireguard, and that made Wireguard easy for you, then I say great. But that 3rd-party guide was not an upstream, integral part of Wireguard.
I finally set up ProtonVPN. Was straightforward with protonvpn–cli. Thank you @mrgfy for mentioning the Github site.
So, some of my hygiene is using obviously a VPN when I want anonymity. Other things I do is having strong and individual passwords for everything including the login to my laptop. I use a master password for Firefox, too. A lot of things are adjustments in the browser like an ad-blocker, no tracking, blocking of cookies and avoiding Google and its products as much as possible including the search, though I am addicted to Youtube. I also use Firefox containers and for email I use ProtonMail.
There are a lot of things I still should do but that is it for now.
PS: Regular updates of the operating system, that is also very important especially if you have to support other people’s machines, like my wife’s.
First and foremost, using Linux at all is my first security practice.
Not installing software from companies I don’t trust (especially ‘free’ software coming from a company that is probably scraping my data for it’s value instead).
Hosting my own stuff (work in progress).
Lots of the simple practices (like not enabling login for root at all, SSH keys or installing updates) we all do, right? So I won’t list those.
Firefox plugins Forget Me Not and Ghostery.
AirVPN to avoid profiling or to circumvent my ISPs opinion.
A simple iptables firewall on any internet reachable machine to filter out malformed, unneeded or excessive network traffic.
I don’t know if it counts but I tend to disable history and suggestions wherever I can, perhaps that’s a good thing for web browsing, stating explicitly what I want not clicking the first thing that comes up, but the intention is just that I like a clean computing experience that isn’t cluttered with helpful advice.
I use a paid VPN, and switch the egress everytime, when I’m doing anything related to banking or personal information.
All my systems use luks encryption, desktop systems require my yubikey for authentication and authorization.
I will soon be getting a dedicated network firewall, and enforce firewall rules on all my machines. Ssh requires pubkey auth, and my keys get cycled out regularly.
I use password-store (standard Unix password manager) for password management. It’s simple, relies on gpg for encryption, and is integrated with git for easy sharing.
I run “track this” every once in a while, just to screw with data collection that can’t be avoided. I’ve started getting ads for all sorts of crazy stuff (like I’m apparently in the market for new breasts), but it’s worth it to see the trackers thrown off so much.
I run an ad blocker for most sites, but some I let the ads through.
The majority of my software is managed using containers and flatpaks, keeping the amount of data that can be accessed to a minimum.
Even with all my restrictions and self imposed paranoia, it’s not inconvenient to use Linux. Doing these same things on MacOS or Windows still leaves you unable to control where your data goes. Linux lets me lock it all down without making my system a pain to use!