Find out the best ways to improve privacy on your Linux laptop.
Linux is commonly viewed as a privacy-conscious operating system, free from the surveillance usually associated with Microsoft and even Apple. Nevertheless, there are some actions you can take to enhance your anonymity more; here are the strategies I personally employ to enhance privacy on my Linux laptop.
Establish Screen Lock
Fortunately, it is simple to enable screen lock on the majority of Linux distributions. Just like Windows or Apple, Mint and Ubuntu will function immediately; simply set the password (usually the same as your system password) and the screen lock will activate when you leave your laptop.
Nevertheless, the preset time frame is 15 minutes and it seems quite lengthy. Typically, you should aim for a five-minute duration, which is brief enough to reduce troublemaking but not so brief that it bothers you. In Ubuntu, you can find this option in the Privacy section of your System Settings.
For Mint, users can easily access it by searching for Screensaver on their start screen. Even better is to always lock your screen when you step away from your laptop. By default, press Ctrl+Alt+L to achieve this, but you have the option to modify any shortcuts on Linux.
Nevertheless, the preset time frame is 15 minutes and it seems quite lengthy. Typically, you should aim for a five-minute duration, which is brief enough to reduce troublemaking but not so brief that it bothers you. In Ubuntu, you can find this option in the Privacy section of your System Settings.
For Mint, users can easily access it by searching for Screensaver on their start screen. Even better is to always lock your screen when you step away from your laptop. By default, press Ctrl+Alt+L to achieve this, but you have the option to modify any shortcuts on Linux.
Set Up a VPN Connection
Another crucial measure in enhancing the privacy of your Linux laptop is setting up a virtual private network, commonly referred to as a VPN. These useful programs redirect your connection and also encrypt it within a VPN tunnel. However, not all of the top VPNs will be compatible with Linux systems, despite VPNs being a useful tool. Nevertheless, you can try out Proton VPN and Mullvad VPN.
Change to a Personal DNS Server
Even though VPNs are useful, they may not always fulfill your requirements. Good VPNs usually come with a price tag, so it's recommended to steer clear of free ones because they can cause a decrease in your internet speed. If your primary concern is your ISP spying on you, you can switch to private DNS to ensure they can't see your online activity.
You should direct your DNS requests through one of these private DNS servers to prevent it. In order to do this, navigate to your Network Settings, choose the specific connection to redirect (this must be repeated for each network, such as home or work), and input the desired private DNS configuration.
You should direct your DNS requests through one of these private DNS servers to prevent it. In order to do this, navigate to your Network Settings, choose the specific connection to redirect (this must be repeated for each network, such as home or work), and input the desired private DNS configuration.
Utilize a Browser That Respects Your Privacy
It is important to consistently utilize a browser that respects privacy. While some debate exists on which browser provides optimal privacy, it is recommended to steer clear of Google Chrome due to past concerns.
Many Linux distributions include Mozilla Firefox pre-installed, so you already have access to one of the top browsers. Other options are Brave and the Mullvad browser; all providing improved privacy, but keep in mind the importance of using private browsing and a VPN for optimal results with any of these choices.
Many Linux distributions include Mozilla Firefox pre-installed, so you already have access to one of the top browsers. Other options are Brave and the Mullvad browser; all providing improved privacy, but keep in mind the importance of using private browsing and a VPN for optimal results with any of these choices.
Establish a Deadline For Your Keys
One more simple method to protect your GPG key in Linux is by setting expiration dates for your primary key and subkeys. Although this doesn't impact the key's signing, encrypting, and authenticating capabilities, enabling it encourages other GPG users to consistently verify your key on a keyserver.
Begin by launching your main encryption key within the GPG command line interface tool. Modify the key with your GPG email address using: gpg --edit-key YOUR-GPG@EMAIL.ADDRESS, type "expire," and then hit Enter to modify the expiration date of your main key. A terminal displaying the main key's key size validity prompt.
Enter your GPG key password, then press Enter to confirm the updated expiration date. Execute the provided commands to choose the internal subkeys of your GPG key. Then, execute the expire command and enter an expiration date for your subkeys. Typically, these keys should have a shorter expiration time than your main key.
A terminal will show the main validity period for mass updating the group of subkeys. To record your modifications to your GPG keyring, enter "save" and then hit Enter. Verify that your key has the correct expiration dates by executing: gpg --list-keys
Begin by launching your main encryption key within the GPG command line interface tool. Modify the key with your GPG email address using: gpg --edit-key YOUR-GPG@EMAIL.ADDRESS, type "expire," and then hit Enter to modify the expiration date of your main key. A terminal displaying the main key's key size validity prompt.
Enter your GPG key password, then press Enter to confirm the updated expiration date. Execute the provided commands to choose the internal subkeys of your GPG key. Then, execute the expire command and enter an expiration date for your subkeys. Typically, these keys should have a shorter expiration time than your main key.
A terminal will show the main validity period for mass updating the group of subkeys. To record your modifications to your GPG keyring, enter "save" and then hit Enter. Verify that your key has the correct expiration dates by executing: gpg --list-keys
Back-Up Your GPG keys on a Security Token
Security keys are tiny gadgets created for the sole purpose of storing private authentication information. In this aspect, you can utilize them for storing your GPG keys without jeopardizing your overall security. Begin by inserting your security key into your device, then execute the specified command to verify if GPG recognizes it.
Initiate the GPG prompt with your main key, then execute the list command to display all the information in your keyring. Run the following command to edit your GPG key with your email address: gpg --edit-key YOUR-GPG@EMAIL.ADDRESS. Locate the subkey marked with the value "S" and execute the key along with its corresponding position in the subkey list.
In this example, if my "S" subkey comes first on the list, I will use key 1. Transfer the "S" subkey to the internal storage of your security key. Choose option "1" on the transfer prompt, enter the password for your main GPG key, and then repeat the key command to deselect the initial subkey. Locate the subkey labeled as "A" and proceed to execute the key command along with the subkey's index.
Move the "A" subkey to your security device using the keytocard command, choose "3" when prompted for transfer, then repeat the key command and deselect the "A" subkey. Locate the subkey labeled "E" and choose it by using the key command. Move the "E" subkey to your security device with the keytocard command, then choose "2" when prompted.
Execute save and then hit Enter to finalize the changes to your GPG keyring. Finally, make sure you have correctly exported the subkeys from your device by typing gpg --list-secret-keys YOUR-GPG@EMAIL.ADDRESS. This action will display a ">" symbol next to the "SSB" tags of your subkeys.
Initiate the GPG prompt with your main key, then execute the list command to display all the information in your keyring. Run the following command to edit your GPG key with your email address: gpg --edit-key YOUR-GPG@EMAIL.ADDRESS. Locate the subkey marked with the value "S" and execute the key along with its corresponding position in the subkey list.
In this example, if my "S" subkey comes first on the list, I will use key 1. Transfer the "S" subkey to the internal storage of your security key. Choose option "1" on the transfer prompt, enter the password for your main GPG key, and then repeat the key command to deselect the initial subkey. Locate the subkey labeled as "A" and proceed to execute the key command along with the subkey's index.
Move the "A" subkey to your security device using the keytocard command, choose "3" when prompted for transfer, then repeat the key command and deselect the "A" subkey. Locate the subkey labeled "E" and choose it by using the key command. Move the "E" subkey to your security device with the keytocard command, then choose "2" when prompted.
Execute save and then hit Enter to finalize the changes to your GPG keyring. Finally, make sure you have correctly exported the subkeys from your device by typing gpg --list-secret-keys YOUR-GPG@EMAIL.ADDRESS. This action will display a ">" symbol next to the "SSB" tags of your subkeys.
Conclusion
A Linux laptop offers a greater level of privacy compared to other options and these suggestions can further assist in staying under the radar of Big Tech and its data brokers. Enhancing privacy on your Linux laptop is the best for you.
