Improving Privacy on Linux Machines

Congratulations if you’re using Linux (Debian, Ubuntu, Fedora etc) then you’ve already made a massive step towards more privacy and also you’re no longer financially supporting the likes of Bill Gates or other Billionaires. Bravo! That said there’s other steps to take to increase your privacy on Linux. Hint: Some of these can be put in place on Mac OS X and on Windows too, so even if you are behind the linux curve, you’ll still get lots of helpful hints and tips from this article.

All that said being on a Linux system alone isn’t a silver-bullet solution and even on Linux there are vulnerabilities which means we can give away our privacy without even realising it!

• Logging into Meta (facebook, instagram, whatsapp), Google, Microsoft on a browser or via their apps grants those companies access to the memory space of your browser. Often they leave background workers monitoring ALL our tabs open on that browser, reporting back what you’re doing on other sites!
• The big tech companies try and profile you from the unique fingerprint your machine has “mac address, processor serial number etc”.
• Wifi / Location probing.
• What if someone got hold of your physical machine? What secrets will they get from your browser history?

I’m no expert and I follow people like Rob Braxman to stay informed. So if you’ve got suggestions please put them in the comments below. I’ll keep this post up to date as I learn and implement new things, so please feel free to bookmark this and check in from time to time.

Basic Privacy & Security Steps 101

1. Make sure you’ve built your machine with LUKS encrypted hard drive. It’s an option during the install process and obviously make sure the password is long and secure.
2. Have a strong password for all your users (not just root).
3. Never have auto-login enabled.
4. Always lock your desktop when walking away from it. Even if just going to get a coffee.
   You might think, but there’s no one in the house, but what if some malicious person decides to have you SWATed and a three letter agency or burglar breaks down your door while you’re in the bathroom or making a cuppa. If your desktop isn’t locked your machine and everything on it belongs to them now!
5. Don’t write your passwords down. Instead use a password manager. I recommend KeePassXC
6. Disable Wifi and use an ethernet connection (if you can). It’s better for your health, more secure, more private.

Improve Firefox’s Security

Change Firefox Search From Google to DuckDuckGo

1. Open Firefox
2. Click on the right hand side menu icon (burger) and then Settings
3. Choose Search on the left hand side
4. Drop down the options for Default Search Engine and select DuckDuckGo. This is a better option out the box. You can also install your own search engine later.

Tighten up Firefox’s Privacy Settings

While in the settings there are loads of changes you can optionally make. Take time to understand them as they may not suit your habits and workflow. But at least you’ll have a chance to review your practices and spot potentials for more privacy.

Key:
[ ] = Uncheck this option
[X] = Check/select this option

• Search
  • Search Suggestions
    • Show trending search suggestions [ ]
• Search
  • Search Shortcuts
    • Google [ ]
    • Bing [ ]
• Privacy & Security
  • Enhanced Tracking Protection
    • Strict [X]
  • Web Site Privacy Preferences
    • Tell web sites not to sell or share my data [X]
    • Send web sites a “Do Not Track” request [X]
  • Cookies & Site Data
    • Delete cookies and site data when Firefox is closed [X]
  • Passwords
    UNCHECK [ ] everything under passwords and then click on the SAVED PASSWORDS folder and delete them all. Never ever use this feature on any browser. Turn it off.
  • Autofill
    • Save and fill payment methods [ ]
• Firefox Data Collection and Use
  Make sure everything here is unchecked [ ]
• DNS over HTTPS
  • Enable DNS over HTTPS using:
    • Max Protection [X]

Install KeePassXC on Debian & Securely Manage Passwords

KeePassXC is an open source password manager with a great reputation. Although available via flatpak I prefer the distribution repository install. Having evaluated it I ended up migrating all my passwords from Lastpass over to a local KeePass store.

$ sudo apt install keepassxc
Suggested packages:
  webext-keepassxc-browser xclip

I didn’t install the suggested packages but as ever, I list them here for later referral.

Changelog:
This post is a work in progress and so I will add to it as I implement better security and privacy on my linux machine.
2025-03-26 – Initial post

Install the “Brave Browser”

Brave is a privacy focused browser which is free and available on Mac, Windows and importantly Linux. They provide Linux Distro-specific install instructions here: https://brave.com/download/

Brave Browser Install Instructions for Debian

sudo apt install curl

sudo curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg

echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main"|sudo tee /etc/apt/sources.list.d/brave-browser-release.list

sudo apt update

sudo apt install brave-browser

Follow the instructions above as a regular user and you’ll have Brave Browser installed.

Things I do to improve Brave Privacy/Security

1. I personally do not sign up to their anonymised data for search improvement:

2. Uncheck the options to send diagnostics and insight date:

3. Now let’s set things up
4. Click on the mini menu RHS (burger) and go to Settings
5. Privacy and Security
   • Delete browsing data >
     • On Exit tab
       • Check [X] all of the options so that these things are cleared when the browser is closed.
   • Data collection
     • Uncheck ( ) Automatically send daily usage ping to Brave
6. Leo
   Leo is an AI Agent. I personally do not like or use AI and I shut it down as much as possible on my machine.
   • Uncheck ( ) Show Leo icon in the sidebar
   • Uncheck ( ) Show Leo in the context menu on websites
   • Uncheck ( ) Show Leo in the context menu on websites
   • Hit the “Delete all Leo AI conversation data” link
7. Autofill and passwords
   • Uncheck ( ) Allow auto-fill in private windows
   • Password Manager
     • Settings
       • Uncheck ( ) Offer to save passwords and passkeys
       • Uncheck ( ) Sign in automatically

Browser Separation For Privacy

One of the most powerful things you can do for privacy is to separate out your “Private browsing” from your “Public Browsing“.

• Public Browsing: anything you don’t mind the most untrustworthy organisations & agencies discovering [FIREFOX]
• Private Browsing: things you want to keep private for any reason. [BRAVE]

What we need to understand is that when you log into Google, Microsoft, Apple, Spotify, Government Gateways, Amazon etc. you provide them with a hook into your computer. They can legitimately then identify your and even geolocate you. Plus they can run background threads in your browser so that even if you log out of Google, it can continue to track everything you do in all the other open tabs!

So one way to maintain your privacy is to only do public stuff in Firefox, and only do private stuff in Brave. And don’t be fooled, a Firefox private browser window is still exposed and vulnerable to the big tech companies knowing what’s going on in there.

There’s loads more you can do to improve privacy, but separating out your private activity from your public one is a big one! And yes, you can use other combinations of browsers, but do make sure you set your browser up to be as secure as possible. The key thing is to use different browsers for private v public browsing and NEVER cross-over.