N.E.P.T.R

I’m the Never Ending Pie Throwing Robot, aka NEPTR.

Linux enthusiast, programmer, and privacy advocate. I’m nearly done with an IT Security degree.

TL;DR I am a nerd.

  • 4 Posts
  • 246 Comments
Joined 4 months ago
cake
Cake day: November 20th, 2024

help-circle


  • I highly recommend openSUSE Tumbleweed (or Slowroll). It is a rock-solid rolling-release where most things can be done from the YaST GUI. The installer is very granular, you can pick and choose based on groups of programs (like internet, office, desktop environment, etc) or individual packages (in advanced mode).

    It has never broke on me and I have used it on and off for several years now. I like to tinker so I often do reinstalls of other distros when I break them but never needed to with Tumbleweed.

    It is modern but not unfamiliar, rolling but not unstable, granular but not overwhelming (imho).

    If rolling-release isn’t your thing there is also openSUSE Slowroll which does updates monthly (apart from security updates which are back ported)

    Even if you don’t pick Tumbleweed, there are plenty of good options. Rapid fire I’ll recommend some others.

    • Fedora Workstation: my next favorite distros for many of the same reasons as Tumbleweed, semi-rolling and major updates every 6 months, but no YaST or granular installer. It uses GNOME desktop environment.

    • Fedora Atomic: pretty much Fedora Workstation but more stable because the root filesystem is read-only and updates are pushed as an OCI image. You can still install anything supported by Fedora.

    • Universal Blue: Modified versions of Fedora Atomic which aim to be much more user-friendly and preconfigured out of the box. I recommend them over Fedora Atomic vanilla images. Bazzite is my recommendation for any gamer on Linux (though most distros work).

    If you want to have a good experience on Linux, avoid perpetually out of date distros like Debian/Ubuntu and their derivatives. Linux game support is always improving, same thing with basically everything, so dont kneecap yourself with slow/stable release distros.



  • N.E.P.T.RtoPrivacy@lemmy.mlMinimising Browser Telemetry
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 days ago

    That is not what I was referring to. DoH is easy to access in the settings, but with a SOCKS5 proxy you want DNS from the provider to avoid fingerprinting of your location by using a network or DoH provider, which may be a geographically closer server because of your host IP.

    Under about:config, change “network.proxy.socks5_remote_dns” to true.

    I don’t know definitively why they were fingerprinted to there local city, this is just a theoretical reason.



  • N.E.P.T.RtoPrivacy@lemmy.mlMinimising Browser Telemetry
    link
    fedilink
    English
    arrow-up
    1
    ·
    5 days ago

    It might have been your DNS that was identified? It depends on whether you enabled proxy DNS for SOCKS5.

    For best fingerprinting protection, use either:

    • Mullvad Browser with a VPN (prefer Mullvad VPN)
    • Tor Browser

    Avoid using Tor with a normal browser because you will stick out like a sore thumb.









  • N.E.P.T.RtoLinux@lemmy.mlCan I ignore flatpak indefinitely?
    link
    fedilink
    English
    arrow-up
    16
    ·
    16 days ago

    I personally like flatpak and its build system. Flatpak applications are sandboxed by default and don’t require root during any part of installation, reducing the risk of malicious/broken software damaging the host. They also are available for basically any base distro, meaning i can use the same apps if a ever distrohop and i can even just copy over the config folders as if nothing happened.





  • N.E.P.T.RtoPrivacy@lemmy.mlThe question of browsers
    link
    fedilink
    English
    arrow-up
    4
    ·
    19 days ago

    It seems like an interesting setup. I don’t really have too much to say other than nitpicks.

    Why not use Mullvad browser for both scenarios. Mullvad with security level safest should block all JS. You could create a 2nd profile for safest only mode.

    Using Linux .desktop launcher scripts, you could:

    • Create a .desktop launcher (in ~/.local/share/applications/) for each profile
    • Edit default desktop launcher to always prompt to choice profile on start (using the launch option -P)
    • Edit the default launcher to offer a menu option for each profile.

    Related to your choice of host OS, I personally avoid Debian for desktop because it is slow to adapt (cus its Debian). I know it isnt directly applicable to situation since your main concern seems to be anti-fingerprinting, but a secure base is important. I’d like to know your reason for picking it. I don’t dislike Debian and I still use it for different things (mostly VMs and some dev work).


  • Thanks for the rant, I liked your write-up.

    I think it may also help some people to create simple decision flowcharts to help with acting consistent and avoid making simple mistakes with a complex threat model. Basically a scenario and the decision tree. Say for example someone is using QubesOS and needs to keep consistent what each qube is for and why.

    Of course creating charts that show your strategy and make your decision predictable is itself just even more privileged information you now need to protect.

    Also, any effective threat model also requires consistent reevaluation to assess the effectiveness of your methods and adjust with the evolution of threats.