Get 100$ credit for your own Linux and gaming server: www.linode.com/linuxexperiment

I'm usually paranoid when it comes to privacy and security, but that's one thing I forgot to do is encrypt my hard drive.

I feel like as a community, we need to talk more about tools like Selinux. I know it's not the sexiest thing to talk about but there is a lot of power and extensibility. I think the part that keeps most folks away is the learning curve.

Librewolf does more than just changing your default search engine. They change the config files. Canvas resizing for example changes the size of your screen. Really needed if you have a screen with a resolution that's not common. I'm not sure but I think they also report that you are on windows by default. Anyways, those are all things that Firefox can do because librewolf is just Firefox but it would take forever to make those edits.

Again, you always have at least one or 2 programs in these things that I've never heard of, but are super useful. Thanks

Wine works so well, it will even run windows viruses.

something that's worth mentioning if you've got a laptop is usbguard. Prevents usb devices from functioning until you manually whitelist them. Fantastic if you're in an environment where you're required to move around (you'd also ideally be able to lock your laptop, but when you're presenting that's not always possible). Great for universities and schools!

Nice video. My suggestions: 1) The biggest security tool (after knowledge and caution 😉) is selinux in enforcing mode, and I think it is not mentioned here. 2) Update everything often. I do it every day with one click. 3) Don't install software from not trusted sources. 4) Don't give your user the permission to run software as "root", unless you know what you are doing. Become root instead, when needed. 5) 05:20 "virus ... can access your linux system entirely". That's not exact. They can access what the user which runs it can access. Therefore nothing that can be accessed only by another user, be it "root" or another. It is also noteworthy that a malware which targets Windows, has no effect on linux. To have effect, it should be a malware which runs via wine *and* it targets linux.

For the record: Portmaster's SPN and Tor may share some properties, they are definitely quite different Specifically: With Tor you usually use the same chain for each request (within the same Tor-connection), and the chain is longer than 2, with SPN (as I understand it) you use different routes per request, but always with a 'chain' of just 2

Long term the solution for most convenient encryption is homed (from systemd). You can store and encrypt your whole home directory per user inside a file. This file can be moved between devices but only accessed with the users password. The advantage is that it supports using the password from login to decrypt during login. So you don't need multiple passwords on boot/startup. Also this makes a lot of sense for multi-user setups which would weaken a LUKS partition with one password to share.

Thank you Nick 💜💜💜 Please do a video where the default security apps are configured such as AppArmor, UFW and SELinux 🙏🙏🙏

Thanks!

As we grow, this will be a more and more important topic. Tnx, mate. Infotained as usual.

Great video. I really love privacy and security content. You present the tools in a way everyone can understand. Thanks.

At 10:09 VPNs.... He should have mentioned that VPN users should check the legality of using a VPN in their area. Currently, vpns illegal in Russia, Iran, China, last I heard India. Pakistan, Vietnam, and Thailand might also have restrictions on them. Since China and India combined has nearly 40% human population, there is a significant number of people that cannot use them....

Thanks for putting together this list. Looking forward to looking through some of these tools.

Was literally just about to look into Linux security. What timing!

now THAT is a great browser recommendation segment! Told everyone about the tracking, explained a proper chromium alternative BUT also mention the monopoly of google.

Great video, Nick!

Always have been a big fan of AV solutions that capture viruses on the fly rather then by doing scans.

As I begin my Linux journey, this channel has been invaluable! I’m glad I found it

1:41😂😂 The cat is pawsome!😊🐈

I really like this video as the one about your workspace with Fedora. Always interesting to see how we can improve how we use Linux. Thanks a lot for sharing.

Nice collection. Thanks for creating this one.

Super content, i was looking for such programs

Very good and needed video....thanks

Thanks for the brilliant video Nick. Contemplating on moving back to Linux after a hiatus of many years (because of being forced into using Windows in the corporate environment). Found several new tools that I didn't know existed, Portmaster being one! You've got a new subscriber!

Lol, "It won't shout at you in the middle of the night it's updated" ... I sense some Avast trauma's there XD

These types of videos are super helpful I always learn something new even if I knew some of these apps. Thanks!

USBguard is an extra security step, if you can handle the annoyance.

Thanks Nick, for another great video!

Great video as always Nick

Super useful information. Thank you. I will try many of them.

Note that shred isn't effective on SSD like it is on mechanical hard drives.

As always writing a comment to support the channel

Another great video and some useful tools/apps in my journey through linux!

Great tips for Linux users! Thank you very much 💪🏻

This info is incredible. My respects. Thank you.

The issue with opt in telemetry is that it provides a very distorted view of user behavior. Only people who check the settings and want telemetry will turn it on. That's such a small and restricted sample. It's much more important what is shared than if it is shared by default or not.

Merci!

This channel is a goldmine!

Thanks, a very helpful intro!

Really like this video! Thanks!

Super interesting, thanks !

Very very cool i will definitely try them

As the vast majority of systems have SSDs now, "shredding" files does not work. Encryption is your best friend, as well as ensuring TRIM is executed regularly and hoping it is correctly implemented. I personally have a ton of ram, encrypted swap file, mount /tmp as tmpfs, and mount an addition temp space in my home folder as tmpfs. I have tens of gigabytes of in-memory storage for things that do not have to be saved. You can symlink a bunch of work folders from various apps to this space and end up not crowding tons of subfolders with crap.

5:08 Will be helpful :)

How does encrypting the hard drive work together with dual booting *sigh* windows?

I love full disk encryption but god damn it's so hard to troubleshoot a Linux install when the drive is encrypted; if only somebody could make it easier... 😅

What about enabling firewall with gufw?

I've been using Zorinn for a half a year, and it's been great. The district on the website is old enough, but it updates the system regularly. I would revise that decision of yours

Useful, thank you!

Hi, do you have a link for the obfuscate program? Thanks in advance.

Can someone go into more detail about blurring being easy to unblur?

Nice one, thanks!

Ah a fellow Ecosia enjoyer I see ^_^

Instead of firejail or firetools, I'd recommend bwrap. It's command line and it's what flatpak uses underneath.

It would be cool to see you review a Framework laptop, as they're basically open source hardware, so I would assume they're very compatible with Linux, but it would be nice to have confirmation.

Can I add usbguard (and usbguard-notifier) to the list? It protects you from sneaky malware filled USB drives or other Bad USB devices slipped into your ports. A must have for anyone who works for a company that may be actively targeted for hacks (banks, infra, govt, etc)

8:33 if you have an application that you don't trust some of it's internet connection... should the application not be on your computer in the first place?

Encrypted /home here 😊

Hey, I have a question: When I enable system encryption on installation, do I have to type the security key every time I open my computer

For max privacy you have to use a new device that has never had its ID seen on the internet with any assocation to you.

also i would say replace librewolf for the mullvad browers it is like the tor browser without tor

Plasma by now comes with something like flatseal... if the used distro has updated packages. My issue with flatseal is mainly that for a normal user, various descriptions just make downright no sense. Otherwise your list is great, Nick!

thanks

I enjoy your videos Nick, which cover really useful stuff. Having just had a warranty anulled on my HP for having installed exotic software, (i.e. Linux), I am wondering whether it will soon be necessary to tux up. Geekom assure me that they are not Linux-phobic. For portmaster on Fedora, it is necessary to make it play nice with Selinux I do a cron job system update that runs every time I turn on. Will definitely be exploring these tools you mention.

Wow, this is a great of apps. I didn't even know some of these existed.

This video was really helpful! Any suggestions for software/tools which can backup and rollback Linux if needed? Thank you.

Must see video

Is it possibile to encrypt a specific folder, making it possible to open it only with a password in GNOME?

Thanks Man 💓

I just installed ClamTK using Discover on MX Linux KDE but it doesn't appear in any menu and there's no search result for it. Maybe it will show up when I reboot the system. Anyone else had any problems after installing it?

good video buddy - thx

Title: APPS & TOOLS My brain: APRIL FOOLS Me: Kinda late huh?

Portmaster isn't available on flathub or from the apt repo on ubuntu, at least not on 22.04. For a long time, Ubuntu/Mint has come with a builtin firewall frontend to ufw. ufw is easy to use, especially if you want to quickly enable the must have security settings: block incoming. Adding exceptions is also a breeze. I'm used to manage it from the command line, but the frontend seems intuitive enough. Some people will tell you you don't need a firewall because you're behind a router. You should not take advice from people who discourage you from such simple security measures that have you covered if your wifi gets hacked, or if visitors frequently use your main LAN, or if you take your computer to other locations.

Hello, first a big thank you for your videos! really informative and useful. I have installed portmaster and find it very good, my question which is probably a stupid one is do I keep GUFW firewall now or remove it. Regards Phil

7:28 No Opensnitch firewall 9:00 Mullvad VPN 11:08 No Ungoogled Chromium

Just a quick question: I’m thinking of downloading ClamAV, Portmaster, and most likely Flatseal. But I wanna double check with you to see if Having all that software together will mess everything up? Like would the security from Portmaster clash with the security of ClamAV? I know Clam is antivirus software, and Portmaster is firewall and network monitoring software, but would they interfere with each other? Same with Flatseal if I add that to my system too?

Is Brave search worth using privacy wise as it is the default search engine on the Brave browser?

While good start, the ultimate secure OS is obviously templeOS.

I would tout gocryptfs instead of ecryptutils for file system encryption.

Thank you for your video! What do you think about Self Encrypted Drives (SED)?

Great video but i wonder if Portmaster actually works on Debian and if it's better than firewalls like ufw or firewalld ?

Oh my, Nick, why would you feel the need to scan those Warhammer novels you surely aquired from the reliable and fairly priced Black Library? But back to Wine, wouldn't deleting the Z: folder that links to your /home directory and restricting Lutris/Steam to a dedicated folder with Flatseal solve most security concerns?

I tried full disk encryption on openSUSE, but was frustrated by the double entry of the encryption password during boot. I ended up only encrypting the home directory using the guided setup. Not the up to the level of Fedora or Ubuntu, but at least my personal data is encrypted at rest.

for tail is persistent not the wrong word because for me it means that all my data is saved even when i unplug it

Still looking for a tool capable of encrypt a folder easily and that works with Linux and Windows.

doesn't ecosia use bing as search engine? Besides the crappy results - last time I checked the environmental footprint of bing servers was worse than googles and ecosia planting trees could not mitigate that. Ecosias idea paired with real privacy and servers that don't waste the trees again would be great.

clam always tells me it's outdated, and it never scans what i tell it. i have ticked the right options, and looked at tutorials, haven't gotten it to work :( other than that, thanks for all of the really good suggestions!

Which Linux distro did you use for this video?

LOL it won't wake you up in the middle of the night 🤣😂

3:29 we will tell him about Veracrypt?

where is the techlore link?

read how flatpak works. pretty neat system. my worries about every tiny app taking 2 gig hard dist were put to rest. no more nightmares when this guy is talking about flatpaks.

Will Kaspersky work with Linux?

hey nick can you make a guide on OBS and how to setup on Linux , the reason im asking is because it is very easy to set up OBS but on linux we dont have a good encoder FFMEG is the default but GloriousEggroll suggested Gstreamer-VAAPI and that works to some extent but when recording a video / game the gpu usage goes 100% all time even when nothing demanding is happening , its a pain to record at 720p30 , going any higher means the gpu usage goes 100% and will slow down the system , even with an RX 570 :(

I don't get it. What is the difference between Windows bitlocker and Linux disk encryption?

Is encrypting ssd dangerous?

Since we talking of security can someone tell me why does linux firewalld make chromecast and kde connect not work ( at least in firewalld kde connect has a service ) what about chromecast and airplay I use services called cider that helps me use my family apple music account .