Transcript of APPS & TOOLS to improve LINUX PRIVACY & SECURITY

hey everyone this is Nick and while you might not have picked Linux for its security and privacy these are still advantages that it holds over other operating systems but what if you wanted to go further and try to improve the privacy and security of your Linux system well that's why you clicked on this video I guess so we're going to take a nice tour of plenty of applications and tools you can use on your Linux system to make it more secure and more private which is perfect because those two words also apply to our sponsor this video is sponsored by lenode lenode is the only solution I use to run my own nexcloud server and my only office server as well it's a super easy solution to deploy basically anything you want in one click they have a huge Marketplace of applications you can host from nextcloud WordPress Drupal gitlab or grafana to gaming servers for Minecraft RX CS go rust valheim and more they take care of all the configuration for you all you have to do is click the thing you want to deploy fill in a few details and your server is up and running and once everything is live it's still super easy to manage your servers to upgrade or downgrade them add some storage back them up and get help if you're stuck I've been using linode for years now and I can only recommend them if you want to give them a shot click the link in the description below and you'll get a hundred dollars of free credit to get started let's begin with encryption a simple way to secure your device from anyone who might get their hands on it well almost anyone it won't prevent your cat or your kid randomly pressing things on your keyboard when the computer is on a lot of Linux distributions will offer to encrypt your hard drive when you install them Ubuntu popos Elementary OS and a lot more they all have this option and what encryption does is simple it ensures no one can access your files if they steal your computer because even when using a strong password for your user account anyone with a live CD can mount your hard drive and copy all your files very easily not so if your disk is encrypted you on the other hand have the security key or password to decrypt the disk when you're booting your computer the side effect is that if you lose that password you're gonna have a really really bad time so make sure you pick something that you can actually remember if you didn't enable the encryption when installing your system you can encrypt your home folder or partition after the fact using ecrypt utils a command line utility I left a link to a tutorial on how to do that in the description it's written for Ubuntu but it will work on most distros as long as you can install the equipped utils and crypt setup packages but if you prefer to encrypt certain folders and not your entire system or partition then you might want to take a look at KDE then have something called plasma volts a great feature that in true KDE fashion hasn't been showcased at all well until they introduced their first Run Tour app in KD 5.27 Volts lets you create encrypted folders with a nice graphical interface with the ability to set different passwords for each folder accessing these volts is then done simply using the little widget in the notification tray and once they're mounted you can access them using the file manager like any normal folder and here again don't lose your password or you'll lose your files now you might think you don't need an antivirus on Linux and while that is generally true if you often interact with people using Windows and pass files back and forth with them then it might not be a terrible idea to have one Linux also isn't completely safe from viruses Trojans and rootkits it's not targeted as often as Windows computers at least for the Linux desktop but it still had its fair share of malicious programs and here your best option will probably be clam AV it detects malware viruses Trojans and it's completely free of charge and it's open source and it also won't wake you up in the middle of the night to shout at you that the viral database was updated you can find clam AV in most distros repositories and it works using the command line by default but thankfully you can also install clam TK which is a graphical interface for it it looks a bit old and it has some icon on issues on recent systems but it will do everything you need it to you can scan a specific file or a directory you can set up a white list for things you want to let through you can update the database graphically as well or you can view scan history and files placed in quarantine if you plan to scan your whole system do enable the scan directories recursively option this will let the antivirus scan folders inside of the folder you told it to scan and it will also come in handy if you run programs with wine proton or bottles especially if your games are from a less than reputable Source if you know what I mean certain Windows viruses can run with wine and can access your Linux system entirely so be wary of that now let's talk sandboxing if you run flat pack apps then chances are your applications are already sandbox as in they can't freely access everything on your system and you can check their permissions and restrict them if need be but if you want to actually restrict these permissions then you will will probably need flat seal it's an application that will list all your flat pack apps and let you grant or remove permissions to them you can find the app on flat Hub and it's pretty easy to use you just toggle on or off what you feel the app should or shouldn't have access to this includes access to the X server or Weyland the d-bus system the GPU or virtualization features Bluetooth or even access to files and interestingly it also lets you fix certain flat back apps that don't have the necessary permissions by default for example the Discord flat pack out of the box doesn't let me upload files from anywhere in my computer because it can just access the videos pictures and downloads directories I can grant it permission to access my slash home folder to solve the problem or just give it access to files in a specific directory that I tend to use to upload stuff to Discord now if you want the benefits of a Sandbox but with without using flat back apps you can also run any app installed from a regular package or an app image in a sandbox using fire jail I would recommend you install fire tools it's a graphical app that will run in your system tray and let you create profiles for various apps for example restricting access to the network to various directories to specific Hardware peripherals or making them use a specific DNS server and sure it doesn't look very good and for some reason you have to double click on icons to actually access the feature in the fire tools little bar but it's still an additional security layer that you can slap on top of applications that don't have a permission system or that you don't necessarily trust all that much now if what you want is to make sure that the apps or Services you run don't do anything weird with your internet connection then there's portmaster it's open source it's free of charge and it lets you monitor every Network request every part of your system makes and restrict them as you see fit and it also has a system-wide ad and tracker blocker and I should really not encourage you to use that because YouTube money but hey it's your computer now it's a tool I personally use on all my computers it works on Linux and on Windows and it has packages for Debian and Ubuntu Fedora Arch and a manual install guide for everything else the interface might look a bit daunting at first but it's actually pretty simple you just click on an app and you have a toggle to immediately block connections and a list of current connections the app makes to various servers if you identify one that you really don't like or don't trust click the three dot menu in front of it and you can block that specific IP address for that specific app you can also change the whole settings let the ad blocker or tracker blocker for each application or for the system as a whole and they even have a toggle to block services from Big tech companies like meta Amazon Google apple or Microsoft now of course it means that you will not be able to access any of their websites Once you turn this toggle on so don't be surprised if you remove access to all Google if YouTube doesn't work anymore that's sort of the point now through the portmaster you can also access their in-house VPN called the SPN for saving privacy Network it's completely opens Source it removes Geo blocking and it lets you use multiple identities at the same time so every request any of your apps make will be made using a different location and fingerprint so tracking you becomes very very difficult that SPN thing is comparable to Tor basically but with the ability to set settings per app and apply them also for the whole system instead of being restricted to the web browser now saving is a sponsor of certain videos on the channel but not of this one and speaking of vpns there are also a tool you can use to be more private online I don't have any specific recommendations but you can check the link I left in the description to techlor's VPN chart to find one that is suitably private just remember that all your traffic through a VPN goes through the company's servers so you need to really trust them or host your own if you regularly use public computers or someone else's what you might want is your own operating system in your pocket and that's Tails tails is basically just a live USB but with persistent storage that is encrypted so you can keep your files if you need to it also comes with a big selection of privacy and security focused tools like Tor Browser Thunderbird the keepass XC password manager or onion share to share files through Tor all your browsing history recent files Wi-Fi networks and more are automatically erased and they leave no trace and all apps are blocked from connecting to the internet if they don't use Tor Tails will be very very useful if you often have to work from public computers like in the library for example or if you use someone else's computer and you absolutely do not want to leave any trace on it or if you're a complete paranoid that also works and of course your web browser will also be a big part of how private you are on the internet and so if you use something like Microsoft Edge Google Chrome beyondex browser or Safari it's high time to switch to something else because they're either not open source all that plus they collect and sell your data to advertisers if you prefer to stick to Chrome's rendering engine then something like Brave will be way less intrusive and well configured by default and if you don't want to encourage Google's Monopoly on the internet then Firefox is also very private once you disable the opt out Telemetry in the privacy and security settings and Telemetry isn't always bad it all depends on what is collected but opt out Telemetry I don't like this like it should be off by default now you also have Libre wolf which is Firefox without the Telemetry and with privacy focused search engines out of the box it's nothing you can't replicate in 5 seconds in the regular Firefox version but if you don't want to have to do those extra steps there it is and speaking of search engines as well this is also something you should look at for privacy Google or Bing are just not what you want for that I personally use ecosia as my default search engine because the results are pretty good it's private and it might be environmentally friendly depending on your stance on planting trees when ecosia falls short I use start page which is basically Google's results but with complete anonymization of all queries so Google doesn't know who or from where the query has been made and I have a dedicated video on search engines There's the link in the description and maybe like you know card somewhere and there and there are other tools you can use on Linux bleach bit will let you delete cache files cookies internet history temporary files logs and more it's open source you get to pick what you want to delete or keep and it can completely Shred the files to make sure no one can recover them it also will let you free up some disk space in the process if you want to just shred any single file then there's gnome file Shredder you just drag the files in the window press the shred button and it will completely delete the file without any hope of recovering it even with dedicated software and if you need to share certain images but hide some information on it blurring it with a gaussian blur isn't enough as it's now relatively easy to de-bler an image so the recommended technique is just to apply a big fat square of pure black color on top of your image but if you don't want to use a complex tool like for example to do that you have obfuscate it has a blur tool and they will warn you that it's insecure and it has a fail tool where you can just draw shape and fill it with black so it can't be recovered yeah you can do that with any other drawing software but obfuscate will open faster and the interface is so simple that is just easier to use for this one specific use case and so that's about it for this one this one for a server or Enterprise context because that's a whole other video but it should give you a few ideas and a few tools to make sure that your Linux system is as private and as secure as you want and have the most control over it just like I'm in control of this segue to today's sponsor if you plan to run Linux on a computer the best way is to actually buy Hardware that supports Linux out of the box not something that runs windows and trying to retrofit Linux on it but something that was designed to run Linux from today's sponsor tuxedo they have a big range of laptops and desktops for every need and every price point all the devices are very customizable when you buy them you can pick them with a selection of popular distros but you can also just install your own after the fact because the hardware is Linux compatible and on top of that all their laptops are openable repairable upgradable including the battery the SSD and the RAM and sometimes the even the wireless card so if you need a new computer and you want to run Linux on it don't buy something that runs Windows click the link in the description below and get yourself a tuxedo device they're really really good so thanks everyone for watching the video I hope you enjoyed it if you did don't hesitate to like to subscribe to turn on notifications and to write a comment and if you didn't like the video well there's always that dislike button it still works and you can also tell me why down there and if you really enjoy the channel and you want to support it there are plenty of links in the description below for Libra pay patreon PayPal YouTube memberships and whatever else YouTube things you know what to do plus my social networks and everything outside so thanks for watching and I guess you'll see me in the next one bye [Music] thank you [Music] foreign [Music]