[Edited 2024-01-21] "Security, Privacy and Anonymity in Linux Mint" Guide.

Write tutorials for Linux Mint here
More tutorials on https://github.com/orgs/linuxmint/discu ... /tutorials and (archive) on https://community.linuxmint.com/tutorial
Forum rules
Don't add support questions to tutorials; start your own topic in the appropriate sub-forum instead. Before you post read forum rules
Shorten3353
Level 1
Level 1
Posts: 4
Joined: Sat Sep 23, 2023 8:56 am

Re: [Edited 2023-09-18] "Security, Privacy and Anonymity in Linux Mint" Guide.

Post by Shorten3353 »

Thank you very much.
Very useful:)
User avatar
MikeNovember
Level 7
Level 7
Posts: 1779
Joined: Fri Feb 28, 2020 7:37 am
Location: Nice, Paris, France

Re: [Edited 2023-10-24] "Security, Privacy and Anonymity in Linux Mint" Guide.

Post by MikeNovember »

Hi,

Updated on 2023-10-24, see viewtopic.php?p=2334665#p2334665.

Regards,

MN
_____________________________
Linux Mint 21.3 Mate host with Ubuntu Pro enabled, VMware Workstation Player with Windows 10 Pro guest, ASUS G74SX (i7-2670QM, 16 GB RAM, GTX560M with 3GB RAM, 1TB SSD).
User avatar
MikeNovember
Level 7
Level 7
Posts: 1779
Joined: Fri Feb 28, 2020 7:37 am
Location: Nice, Paris, France

Re: [Edited 2023-11-06] "Security, Privacy and Anonymity in Linux Mint" Guide.

Post by MikeNovember »

Hi,

Updated on 2023-11-06, see viewtopic.php?p=2334665#p2334665.

Regards,

MN
_____________________________
Linux Mint 21.3 Mate host with Ubuntu Pro enabled, VMware Workstation Player with Windows 10 Pro guest, ASUS G74SX (i7-2670QM, 16 GB RAM, GTX560M with 3GB RAM, 1TB SSD).
ReyMysterio
Level 1
Level 1
Posts: 12
Joined: Tue Nov 28, 2023 11:54 pm

Re: [Edited 2023-11-06] "Security, Privacy and Anonymity in Linux Mint" Guide.

Post by ReyMysterio »

Thank you for this. But it's missing the one thing I'm looking for.

Can you please add a guide on how to setup a VPN killswitch in general, neutral of the VPN provider. People in the privacy community usually recommend the use of iptables or ufw, and recommend against relying on the killswitch provided by VPN clients, as you suggest doing in the guide.

Could you include whether the use of iptables/ufw in conjunction with the VPN client killswitch would add extra security, or may it cause complications?

And also, could you include how to enable split-tunneling so select applications/browsers can bypass the VPN. Most users will need to disable VPN for some activities, and I believe the foolproof way of doing this is to have a separate browser which bypasses the VPN, and is used only for these specific activities.

I think this would be a great addition to the guide. For those in heavily surveilled countries, it is essential to have a robust kill-switch.
User avatar
MikeNovember
Level 7
Level 7
Posts: 1779
Joined: Fri Feb 28, 2020 7:37 am
Location: Nice, Paris, France

Re: [Edited 2023-11-06] "Security, Privacy and Anonymity in Linux Mint" Guide.

Post by MikeNovember »

ReyMysterio wrote: Wed Nov 29, 2023 12:50 am Thank you for this. But it's missing the one thing I'm looking for.

Can you please add a guide on how to setup a VPN killswitch in general, neutral of the VPN provider. People in the privacy community usually recommend the use of iptables or ufw, and recommend against relying on the killswitch provided by VPN clients, as you suggest doing in the guide.

Could you include whether the use of iptables/ufw in conjunction with the VPN client killswitch would add extra security, or may it cause complications?

And also, could you include how to enable split-tunneling so select applications/browsers can bypass the VPN. Most users will need to disable VPN for some activities, and I believe the foolproof way of doing this is to have a separate browser which bypasses the VPN, and is used only for these specific activities.

I think this would be a great addition to the guide. For those in heavily surveilled countries, it is essential to have a robust kill-switch.
Hi,

A firewall will work in any cases, whatever you use (normal connection, Tor network, VPN...). So, if you block incoming connections with UFW they will be blocked for all your connections kinds.

I have not spoken of VPNs in general but only of Proton VPN.
(Because of its no log policy, the possibility to use it freely, and to pay with bitcoins)
I addressed most of your points in the appendix related to Proton VPN:

- I don't recommend the use of kill switch because it can cause problems (though I explain how to cope with). To my opinion, it doesn't offer any sizeable security: it would block internet connection if VPN connection fails down. This may occur very seldom, so you can use kill switch when you think your privacy is at high risk. Enabling or disabling kill switch is in Proton VPN GUI. For more privacy, use Tor in Proton VPN (you connect with Proton VPN, than use Tor Browser or Mullvad Browser on Tor Network, you have a double anonymity layer).

- Split tunneling is not in Linux Proton VPN GUI because it is included in... Linux! I have mentioned a way to print to a printer on Wi-Fi LAN. With Proton VPN running you have access to your local network. [this should be the same with other VPNs, though I have not tested it].

- Proton VPN can be disabled with the icon in the taskbar. If you need to disable / enable Proton VPN very often, you can use the pay version, with a browser extension.

Regards,

MN
_____________________________
Linux Mint 21.3 Mate host with Ubuntu Pro enabled, VMware Workstation Player with Windows 10 Pro guest, ASUS G74SX (i7-2670QM, 16 GB RAM, GTX560M with 3GB RAM, 1TB SSD).
ReyMysterio
Level 1
Level 1
Posts: 12
Joined: Tue Nov 28, 2023 11:54 pm

Re: [Edited 2023-11-06] "Security, Privacy and Anonymity in Linux Mint" Guide.

Post by ReyMysterio »

I see. I am using Mullvad as it ticks all the boxes you mention, except for the free option. The GUI allows for split tunneling.

I would like to know why the VPN client killswitch is as reliable in preventing IP address leakage as the iptables or ufw. Otherwise it is kind of just one person's word against the next.

Many sites are blocked on Tor, including this.

Also, specifically to Mint - there is the option in the Network Connections GUI, MyWifi, General - to "automatically connect to VPN". I wonder if this would amount to an OS level killswitch, as in could I rely on that box being ticked to ensure I don't leak my IP address. I notice however, the drop down box to the right is blank in spite of me having Mullvad installed.

(also, in my prior post I may have misused the word security. I meant reliability in ensuring IP address is not leaked)
User avatar
MikeNovember
Level 7
Level 7
Posts: 1779
Joined: Fri Feb 28, 2020 7:37 am
Location: Nice, Paris, France

Re: [Edited 2023-11-06] "Security, Privacy and Anonymity in Linux Mint" Guide.

Post by MikeNovember »

ReyMysterio wrote: Wed Nov 29, 2023 2:53 pm I see. I am using Mullvad as it ticks all the boxes you mention, except for the free option. The GUI allows for split tunneling.
Hi,
As I said, split tunneling is enabled in Linux and does not need to be in a GUI. With Proton VPN, and others, you can access your local network, this is called split tunneling.
I would like to know why the VPN client killswitch is as reliable in preventing IP address leakage as the iptables or ufw. Otherwise it is kind of just one person's word against the next.
Firewalls and kill switch are two different beasts: firewalls allow controlling your incoming or outgoing connections, while kill switch stops any internet connection when the VPN connection falls down, and prevent your true IP address to be shown.
Many sites are blocked on Tor, including this.
That's right, there are some 2000 computers in Tor network acting as internet relays; they are identified, and easy to be blocked. Linux Mint is protected by Sucuri, and Sucuri blocks Tor. Main use of Tor is to browse the Darknet, not the Clearnet...
Also, specifically to Mint - there is the option in the Network Connections GUI, MyWifi, General - to "automatically connect to VPN". I wonder if this would amount to an OS level killswitch, as in could I rely on that box being ticked to ensure I don't leak my IP address. I notice however, the drop down box to the right is blank in spite of me having Mullvad installed.
I don't know how this works, I don't use and can't comment.
(also, in my prior post I may have misused the word security. I meant reliability in ensuring IP address is not leaked)
So, you meant privacy...

Regards,

MN
_____________________________
Linux Mint 21.3 Mate host with Ubuntu Pro enabled, VMware Workstation Player with Windows 10 Pro guest, ASUS G74SX (i7-2670QM, 16 GB RAM, GTX560M with 3GB RAM, 1TB SSD).
User avatar
MikeNovember
Level 7
Level 7
Posts: 1779
Joined: Fri Feb 28, 2020 7:37 am
Location: Nice, Paris, France

Re: [Edited 2024-01-21] "Security, Privacy and Anonymity in Linux Mint" Guide.

Post by MikeNovember »

Hi,

I have updated today the Guide to its revision 25.

See: viewtopic.php?p=2334665#p2334665

Regards,

MN
_____________________________
Linux Mint 21.3 Mate host with Ubuntu Pro enabled, VMware Workstation Player with Windows 10 Pro guest, ASUS G74SX (i7-2670QM, 16 GB RAM, GTX560M with 3GB RAM, 1TB SSD).
mmm
Level 4
Level 4
Posts: 227
Joined: Sun Sep 03, 2017 6:57 am

Re: [Edited 2024-01-21] "Security, Privacy and Anonymity in Linux Mint" Guide.

Post by mmm »

How secure is Anydesk when using MINT to help a remote friend?
sylvain1_
Level 2
Level 2
Posts: 93
Joined: Wed Jan 24, 2024 1:43 pm

Re: [Edited 2023-11-06] "Security, Privacy and Anonymity in Linux Mint" Guide.

Post by sylvain1_ »

MikeNovember wrote: Thu Nov 30, 2023 1:19 pm
ReyMysterio wrote: Wed Nov 29, 2023 2:53 pm I see. I am using Mullvad as it ticks all the boxes you mention, except for the free option. The GUI allows for split tunneling.
Hi,
As I said, split tunneling is enabled in Linux and does not need to be in a GUI. With Proton VPN, and others, you can access your local network, this is called split tunneling.
I would like to know why the VPN client killswitch is as reliable in preventing IP address leakage as the iptables or ufw. Otherwise it is kind of just one person's word against the next.
Firewalls and kill switch are two different beasts: firewalls allow controlling your incoming or outgoing connections, while kill switch stops any internet connection when the VPN connection falls down, and prevent your true IP address to be shown.
Many sites are blocked on Tor, including this.
That's right, there are some 2000 computers in Tor network acting as internet relays; they are identified, and easy to be blocked. Linux Mint is protected by Sucuri, and Sucuri blocks Tor. Main use of Tor is to browse the Darknet, not the Clearnet...
Also, specifically to Mint - there is the option in the Network Connections GUI, MyWifi, General - to "automatically connect to VPN". I wonder if this would amount to an OS level killswitch, as in could I rely on that box being ticked to ensure I don't leak my IP address. I notice however, the drop down box to the right is blank in spite of me having Mullvad installed.
I don't know how this works, I don't use and can't comment.
(also, in my prior post I may have misused the word security. I meant reliability in ensuring IP address is not leaked)
So, you meant privacy...

Regards,

MN
Using tor when on the clearnet is absolutely essential in 2024. This is explained in viewtopic.php?p=2423130#p2423130. It is also what Edward Snowden does. Read Permanent Record for more information.

How similar is your guide to https://anonymousplanet.org/guide.html?

Do you recommend the use of Dangerzone to clean potentially dangerous pdfs? https://dangerzone.rocks/

Have you considered throwing your guide into a torrent, so that other people can help you host it?
User avatar
MikeNovember
Level 7
Level 7
Posts: 1779
Joined: Fri Feb 28, 2020 7:37 am
Location: Nice, Paris, France

Re: [Edited 2023-11-06] "Security, Privacy and Anonymity in Linux Mint" Guide.

Post by MikeNovember »

sylvain1_ wrote: Mon Jan 29, 2024 10:37 pm
Using tor when on the clearnet is absolutely essential in 2024. This is explained in viewtopic.php?p=2423130#p2423130. It is also what Edward Snowden does. Read Permanent Record for more information.

How similar is your guide to https://anonymousplanet.org/guide.html?

Do you recommend the use of Dangerzone to clean potentially dangerous pdfs? https://dangerzone.rocks/

Have you considered throwing your guide into a torrent, so that other people can help you host it?
Hi,

Tor in the clearnet has two disadvantages:
- There are a lot of Tor users, few Tor internal relays, and very few (some two thousands) Tor internet relays; so, Tor is slow, and Tor browsing internet Clearnet is till slower.
- The Tor internet relays are well known and identified, and it is easy for a website manager to block them. This forum is protected by Sucuri, and Sucuri blocks (most of? all?) Tor internet relays, since they are very often misused.

The use of https connections whenever it is possible, and the use of encrypted DNS requests to public DNS servers (not to your ISP's ones) is already a strong improvement.

The use of a non-logging VPN such as Proton VPN is a faster alternative to Tor, without the risk to be blocked.
Proton VPN is based on Switzerland (not in USA), and has won several years ago a trial: it is not considered as an ISP, has no logging obligation, and doesn't log the use of the VPN. So, even with a request from Switzerland justice, Proton VPN could not reveal anything about its use or its users. You can use the free option, or the pay one and pay with bitcoins.

And, browsing the Darknet, I use Tor and Proton VPN. This adds an extra layer of tunneling above Tor ones.

Tor, like Proton VPN or any other VPNs, may have security breaches. In the past some Tor breaches have been exploited. Users should always use the latest versions of Tor or of the VPN they use.

I don't know the guide you mention, I wrote mine from a blank page, as a security analysis (threats / prevention / detection / pre-established arrangements). I will take a look at the guide you mention.

Furthermore, I don't know Dangerzone. What I recommend for PDFs is:
- Use Virus Total.
- Don't open them by double-clicking but by launching your PDF reader and opening the PDF file (general recommendation for all attachments or downloads).

My guide is now on archive.org, it will survive me!

Regards,

MN
_____________________________
Linux Mint 21.3 Mate host with Ubuntu Pro enabled, VMware Workstation Player with Windows 10 Pro guest, ASUS G74SX (i7-2670QM, 16 GB RAM, GTX560M with 3GB RAM, 1TB SSD).
User avatar
HappyWarrior
Level 1
Level 1
Posts: 33
Joined: Thu May 18, 2023 12:42 am

Re: [Edited 2024-01-21] "Security, Privacy and Anonymity in Linux Mint" Guide.

Post by HappyWarrior »

Wow! Thank you!
Post Reply

Return to “Tutorials”