In light of the revelation of government snooping by William Binney, Edward Snowden, WikiLeak contributors, and others: people are increasingly concerned about their privacy and security. This has many people exploring Linux, as they have “heard” that it’s harder to attack, has fewer viruses, etc. Newer users tend to install simple distros such as Mint or Ubuntu, and assume once they have it up and running and drivers installed, that all is well. This isn’t the case. I am not going to go into details on why this isn’t the case, I am simply going to offer a simple guide to those that want to use the web as anonymously as possible be it for reasons of paranoia, or desire to shop Macey’s online without being tracked and getting a drove of SPAM mail as a result. While some of us may be able to make do with a live distribution built for security, such as TAILS, (used by Edward Snowden), I suspect people would prefer a persistent operating environment that saves files, settings and more. While TAILS can be configured to do so, it isn’t the same as a regular desktop experience. It is the entry-level users rather than the power users that this instructional targets.
Step one, they pretty much got correct in switching to Linux, though Ubuntu and similar distros are questionable, and that is, use only programmes which have open-source code that anyone can review. Closed source software like Microsoft Windows, or Skype, have deliberate “backdoors” through which attackers may gain access. Why they were added, one can only speculate, but they are there, and they compromise your security. You will want to find software for your Linux distro which is open source so that you know that you have a community constantly pouring through the code, ready to blow a whistle at the slightest provocation.
Step two is to get the software necessary for securing and anonymizing your internet connection. For this, we naturally look to the Tor Project. While it is not perfect (nothing is), it is well tested, in constant development, and is better than nothing at all. One of the main components of the Tor Project is their Tor Browser Bundle. For details on exactly how it functions, see HERE. Installing is a breeze.
For Debian users, add this line to your/etc/apt/sources.list file:
deb http://deb.torproject.org/torproject.org <DISTRIBUTION> main
where you put the codename of your distribution (i.e. Lenny, Sid, Saucy or whatever it is) in place of <DISTRIBUTION>. Then add the gpg key used to sign the packages by running the following commands at your command prompt:
gpg –keyserver keys.gnupg.net –recv 886DDD89 gpg –export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add –
Now refresh your sources, running the following command (as root) at your command prompt:
apt-get update
If there are no errors you’re good to continue. To install Tor, run:
apt-get install tor
Once you have installed the Tor Browser Bundle, I recommend using Vidalia for a graphical user interface to control Tor. Installing Vidalia is similarly simple:
To install Vidalia as a Debian user, simply add this line to your /etc/apt/sources.list file:
deb http://deb.torproject.org/torproject.org <DISTRIBUTION> main
…where you substitute the above word (etch, Lenny, Sid, Karmic, Jaunty, Intrepid, Hardy) in place of <DISTRIBUTION>. Then add the gpg key used to sign the packages by running the following commands at your command prompt:
gpg –keyserver keys.gnupg.net –recv 886DDD89 gpg –export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add –
Now refresh your sources and install Vidalia by running the following commands at your command prompt:
apt-get update apt-get install vidalia deb.torproject.org-keyring
Now you will have to configure Firefox (and Thunderbird if you have it) to use the proxy supported by Tor. To do this, open the browser and go into the settings. Under the settings select proxy settings. Select either SOCKS or SOCKS5 as a protocol, and use port 9050. For host, enter “localhost”. You will also need to install two plugins to Firefox which will lessen your digital footprint. The first is HTTPS Everywhere, and the second is NoScript. They can be configured to allow certain pages, for instance, FaceBook which will essentially be non-functional with scripts turned off. Keep in mind, every allowance is an open door. A few other scripts that are noteworthy: Adblock, Self-Destructing Cookies and Disconnect. They aren’t necessities, but they certainly increase your experience.
As for Thunderbird, if configuring it manually is too much for you, you can try TorBirdy. It will set up your Thunderbird install to rout everything through the Tor Network. This isn’t enough, but; you will still want to install the EnigMail plugin. Enigmail is a security extension to Mozilla Thunderbird. It enables you to write and receive email messages signed and/or encrypted with the OpenPGP standard. Sending and receiving encrypted and digitally signed email is simple using Enigmail.
Once you have that done and working, you will want to do the same to your instant messaging software. For this, I strongly recommend Pidgin, with the “OTR” Off the Record plugin. It works much the same way. Click on your account, select the proxy tab and use the same settings as for your browser. This routs all your internet communications (Firefox, Thunderbird, and Pidgin) through Tor, which anonymizes your location, data, and details.
Installing Pidgin couldn’t be easier…
apt-get install pidgin
That’s it. Really. Now you will want to make use of websites that do not track you, so rather than using Google as your goto, try performing searches using DuckDuckGo. The website uses scripts, but it doesn’t track you, or keep a record of your searches. It also doesn’t start submitting advertisements based upon your search history.
For securing the contents of your hard drive, I recommend installing BleachBit both for its capabilities and for its ease of use. And lastly, for your passwords, PWSafe. It’s pretty self-explanatory.
If you follow this guide, you will have a relatively secure setup with an anonymization cloak. It isn’t foolproof, and it isn’t perfect, but it minimizes your digital footprint and the information that you send each time you use your computer. Please be aware that with these settings, you can expect to have to verify common logins such as Facebook, Google, etc. due to their security measures. It will often tell you that you are logging in from an unrecognized location (such as Germany or Romania) and require you to identify photos of friends or enter a code sent to your phone etc. If you can live with these little annoyances in the name of privacy, then enjoy!
Do you have any suggestions to make this guide better? Drop me a message and I’ll get it added and credit you as a contributor!