I recently stumbled upon Extreme Privacy: What it takes to disappear by Michael Bazzell. This book is a practical and informative guide that provides clear, step-by-step instructions on how to improve your privacy. What sets it apart is that it's not just theoretical - it gives you actionable advice that you can start implementing right away.
As someone who's already taken some basic steps to protect my privacy, I found this book to be a useful resource to take it to the next level. I'm still using Windows and Apple devices, but after reading this book, I'm planning to switch to more secure alternatives. If you're interested in improving your privacy, I recommend checking out this book.
In this post, I'll give you a brief overview of the steps outlined in the book, along with some visual guidance to help illustrate the process. I won't delve too deep into the reasoning behind each step - that's all covered in the book. Instead, I'll document my own progress as I work to upgrade my privacy setup and break away from Big Tech. Let's get started.

Section One: Linux Computers 🐧

Eat that frog. The book recommends starting with the biggest challenge: ditching Windows and Apple in favor of a Linux-based operating system. The reason is simple: they collect a ton of data.

1️⃣ Configure a Linux Operating System

Before diving in, the book takes a close look at the fundamentals, exploring the trade-offs between older and newer hardware, and navigating the varied world of Linux distributions. After careful consideration, Pop!_OS is selected as the go-to operating system, and we'll be following that recommendation.
  • Install Balena Etcher from https://etcher.balena.io/.
  • Launch Balena Etcher and click Flash from file.
  • Select the downloaded iso file.
  • Click Select target and choose your USB drive.
  • Click Flash and allow the process to complete
Note: this process will completely wipe the chosen USB drive, so proceed with caution. Once complete, you'll have a bootable USB drive ready for Linux installation. To install, insert the drive, restart your computer, and immediately press the key that opens the boot options menu (usually ESC, F1, F7, F8, F10, or DEL). Select the USB drive with your Pop!_OS installation, then follow the on-screen instructions to complete the installation.
  • Click Try or Install Pop!_OS.
  • Choose your desired language, location, and keyboard.
  • Choose clean install and select your internal drive.
  • Click Erase and Install.
  • Provide your desired user name and password.
  • Select the default option to encrypt the drive.
  • If desired, allow the same Linux password to be used for the drive encryption. This is more convenient but could pose a security risk. If you want an extra layer of protection, you could specify a unique password for each option of drive encryption and Linux, but this may be overkill for most users. I use the same password for both options.
  • Allow the process to complete and click Restart Device
Now after reebot we need to provid our password and then again a screen with user selection and also need to include password again. We will change that redunancy steps later in the settings.
Continue through the one-time setup with the following steps.
  • Choose your layout options for the dock and click Next.
  • Choose your Top Bar options and click Next.
  • Click Next twice to continue through the menu.
  • Choose your desired appearance and click Next.
  • Choose your Wi-Fi (if available), supply the password, and click Next.
  • Keep location services disabled and click Next.
  • Choose your desired time zone and click Next.
  • Click Skip to bypass any online accounts then click Start Using Pop!_OS
To remove the requirement to enter the password twice upon each boot, follow the next steps:
  • Launch the Settings application in the lower dock.
  • Choose Users in the left menu.
  • Click Unlock and enter your password.
  • Enable the Automatic Login toggle.
  • Close Settings and reboot the computer by clicking the upper-right menu bar and selecting Power Off/ Log Out > Restart > Restart.
Additionally Bazzell recommends some optional modifications to the default setup:
  • Launch the Settings application in the lower dock.
  • Click Bluetooth in the left menu and disable the toggle.
  • Click Privacy in the left menu and disable Connectivity Checking.
  • Click File History & Trash and disable everything.
...and add some not privacy related but useful preferences:
  • Click Screen and change Blank Screen Delay to a longer period.
  • Go back to the main screen, click Power in the left menu and disable Automatic Power Sever.
  • Click Automatic Suspend and disable all options.
  • Enable Show Battery Percentage
There are noumerous background images available, anyway if you want to have a solid color you need to use e.g. follwoing comands within the terminal
gsettings set org.gnome.desktop.background picture-uri ´´ gsettings set org.gnome.desktop.background picture-uri-dark ´´
what gives us a great dark background screen.
The next modification I like to execute is to move the Dock from the bottom to the left with the following Terminal command.
gsettings set org.gnome.shell.extensions.dash-to-dock dock-position LEFT
Next, I prefer to decrease the default size of the icons since I will be adding numerous programs soon. You can change the number to any size appropriate for your screen size with the following Terminal command.
gsettings set org.gnome.shell.extensions.dash-to-dock dash-max-icon-size 30
When you right-click a file or folder to delete it, you currently have the option to Move to Trash. The following Terminal command adds a new option directly underneath the Trash entry titled Delete Permanently. This allows me to bypass the Trash altogether and simply eliminate any desired content.
gsettings set org.gnome.nautilus.preferences show-delete-permanently true
By default, most Linux operating systems hide hidden files from view. These are typically system files but can also include cache and configuration files which we may need to access. Therefore, I execute the following two Terminal commands in order to make these valuable files visible at all times.
gsettings set org.gnome.nautilus.preferences show-hidden-files true gsettings set org.gtk.Settings.FileChooser show-hidden true
You likely have pending operating system updates which should now be applied.
  • Click the Pop!_Shop icon in the dock bar next to Settings.
  • Click the Installed tab and then Update All.

2️⃣ Install Linux Applications

In this section, we will follow Bazzell's guidance on installing applications within the Pop!_OS Shop. This will lay the foundation for our system, providing us with the necessary tools for productivity, media management, and more.
Note-taking and Organization
We begin by installing Standard Notes, a note-taking application that allows for end-to-end encryption.
Ebook Management
For managing ebooks, he recommends Calibre, a powerful and feature-rich application that makes it easy to organize and read digital books.
Media Playback
Next, we install mvp, a media player that allows for secure playback of media files.
Office Productivity
For office tasks, LibreOffice is the preferred choice. This comprehensive suite of applications provides everything we need for word processing, spreadsheet analysis, and presentation creation.
System Maintenance
To keep our system running smoothly, we install BleachBit Cleaner, a useful utility that helps remove unnecessary files and free up disk space.
Virtual Currency Management
For managing virtual currencies, Bazzell suggests Electrum, a popular and user-friendly application specifically designed for Bitcoin transactions.
This concludes the initial setup of our system. In later sections in the book, we will cover email, calendars, contacts, password management, VPS, and VoIP services, each of which will be configured and explored in detail.

3️⃣ Apply Linux Updates

This section guides you through the process of keeping your Linux system up-to-date by applying the latest updates. To streamline this process, it's recommended to save the following essential commands in a local notes application for easy copying and pasting:
sudo apt update // updates package lists sudo apt upgrade -y // applies pending updates sudo apt full-upgrade -y // applies pending updates and removes unnecessary data sudo pop-upgrade recovery upgrade from-release // updates the recovery partition sudo pop-upgrade release upgrade // applies pending Pop!_OS stable release upgrades sudo apt autoremove -y // removes unnecessary software dependencies sudo apt autoclean -y // removes unnecessary data from local software repositories sudo flatpak update -y // updates Flatpak applications
These commands can be copied and pasted into the terminal to keep your system updated. Later, we'll learn how to create a custom script to automate these commands, making it even easier to maintain our system.

4️⃣ Create a Custom Linux Script

As promised we'll learn how to create a custom script to automate the update process. We have two options:
  1. Download a Pre-Configured Script: Get started quickly with a pre-configured script that's ready to use.
  2. Create a Custom Script from Scratch
Option 1: Download a Pre-Configured Script
To download and set up the pre-configured script, run the following commands:
cd ~/Documents && wget https://inteltechniques.com/data/linux.sh chmod +x linux.sh && sudo mv linux.sh /usr/share/applications/ wget https://inteltechniques.com/data/linux.desktop sudo mv linux.desktop /usr/share/applications/
Option 2: Create a Custom Script from Scratch
To create a custom script, follow these steps:
  • Open a text editor and create a new file.
  • Copy the script text and paste it into the text editor.
#!/bin/bash clear PS3="Selection: " options=( "Apply All Updates" "Launch Files with Admin Privileges" ) select opt in "${options[@]}" do case $opt in "Apply All Updates") sudo apt update && sudo apt upgrade -y && sudo apt full-upgrade -y && sudo pop-upgrade recovery upgrade from-release && sudo pop-upgrade release upgrade && sudo apt autoremove -y && sudo apt autoclean -y && sudo flatpak update -y ;; "Launch Files with Admin Privileges") sudo nautilus ;; esac done
  • Save the file with a .sh extension (e.g., linux.sh) in a location of your choice (e.g., your home directory)
  • Open a terminal and navigate to the directory where you saved the script.
  • Make the script executable using the following command: chmod +x linux.sh
  • run the script using the following command: ./linux.sh
Running the Script
After executing the script, you'll see the following menu:
1) Apply All Updates
2) Launch Files with Admin Privileges Selection:
Create and Configure the .desktop File
The linux.desktop file tells the operating system to launch the script from your Applications menu.
  1. Open a text editor and create a new file.
  2. Copy the following code and paste it into the text editor:
[Desktop Entry] Type=Application Name=Maintenance Categories=Application;Maintenance Exec=/path/to/.linux.sh Terminal=true
Replace /path/to/ with the actual path where you saved the linux.sh file.
  1. Save the file with the name linux.desktop in a location of your choice.
  2. Move the linux.desktop file to the /usr/share/applications/ directory using the following command:
sudo mv linux.desktop /usr/share/applications/
  1. Update the Exec path in the linux.desktop file to point to the correct location of the linux.sh file.
  2. Make the linux.desktop file executable using the following command:
sudo chmod +x /usr/share/applications/linux.desktop
Verify the Shortcut
  1. Go to your Applications menu and look for a new shortcut titled "Maintenance".
  2. Clicking this shortcut should launch the linux.sh script.
Using the script
You can now launch the script by clicking on the Maintainance shortcut in your Application menu. The script will present you two options:
1) Apply All Updates
2) Launch Files with Admin Privileges Selection:
Selecting the first option will apply all updates, while selecting the second option will launch the Files application with root privileges, allowing you to modify system protected files.
Tips and variations
You can modify the script to automate any Terminal commands you want. Simply edit the linux.sh script and add or modify the commands needed. You can also create new desktop entries and scripts to automate other tasks. Remeber to make the script executable and move it to the correct location for it to work properly.

5️⃣ Store Documents Locally in Linux

Bazzell recommends storing documents locally on the Linux system to maximize privacy. This is because storing documents online can make them vulnerable to hacking and surveillance. By storing documents locally, users can ensure that their documents are secure and private.

6️⃣ Create a Linux System Backup

In this section, we'll create a backup of your Linux system. To ensure your system is up-to-date and clean, follow these preliminary steps:
  1. Running the Maintenance script to apply updates and remove unnecessary items.
  2. Checking for additional updates in Pop!_Shop and Settings -> OS Upgrade & Recovery.
  3. Running BleachBit as root to clean the system (excluding Free Disk Space).
  4. Rebooting the machine.
Creating a Full Backup with FreeFileSync
To create a full backup of your Linux device, follow these steps:
  1. Install the free and open-source program FreeFileSync, available in Pop!_Shop.
  2. Format an external USB SSD (recommended) specifically for backups:
  • Launch Files, right-click the external drive, and select Format.
  • Choose Internal disk for use with Linux systems only (Ext4) and consider encrypting the drive via Password protect volume
  1. Configure FreeFileSync:
  • Browse to your Home folder and select it as the source.
  • Browse to your external hard drive, create a "Backup" folder, and select it as the destination.
  • Click the right arrow icon next to the green whell near "Synchronisze" and choose the Mirror option to ensure an exact replica of your computer's data.
  1. Run the backup:
  • Click Compare to analyze the data.
  • Ignore the warnings and click Synchronize to begin the backup process.
Subsequent Backups
To maintain an up-to-date backup, follow these steps:
  1. Connect the external drive and unlock the encryption (if used).
  2. Open FreeFileSync and select the Compare button to identify modified files.
  3. Run the synchronization process to update the backup.
Best Practices
Bazzell recommends making backups on a regular schedule (e.g., weekly) and shutting down the machine when not in use to maintain a tidy and updated Linux device. By following these steps, you'll ensure your system is protected and easily recoverable in case of data loss or system failure.

7️⃣ Create an Off-Site Linux Backup

To ensure data protection, follow the 3-2-1 rule:
  • 3 copies of your data
  • 2 types of media (e.g., external hard drive and micro SD card)
  • 1 copy off-site
Create a "Desperation Copy"
Store a third copy of your data on a micro SD card off-site, using FreeFileSync to keep it current. This ensures a safe and recoverable copy of your data in case of a disaster.

8️⃣ Configure a Dual-Boot Laptop

This final section of PART 1 - Linux explores the concept of secure dual-booting, where two operating systems coexist on separate drives. This setup is ideal for situations where specific Windows software is required, but cannot be run through virtual machines. The following example illustrates a configuration where Pop!_OS is the default option, alongside Windows.
The starting point for this setup is a system with Windows 10 Pro installed, booting in UEFI mode, and two separate existing drives. To prepare for dual-booting, take the following steps in Windows:
  1. If you prefer to have full-disk encryption, activate BitLocker.
  2. Open the Disk Manager to view the connected drives and their partitions.
  3. Identify the drive or partition where you want to install Pop!_OS, right-click on it, and select Shrink Volume. Allocate a minimum of 40GB or more for the new partition.
  4. Insert the Pop!_OS USB installer and restart your computer.
  5. Enter the BIOS settings (usually by pressing ESC, F2, or F9) and make the following changes:
  • Enable USB boot
  • Set the USB drive as the primary boot device in the Boot order settings
  • Disable Secure boot
  • save your changes and exit the BIOS settings.
With the USB drive set as the primary boot device, the system will now boot into Pop!_OS. Follow the initial setup process until you reach the installation screen.
To configure the installation, select Custom (Advanced) and then:
  1. Identify the drive or partition with the free space you previously allocated for Pop!_OS.
  2. Click Modify Partitions to begin configuring the partitions.
  3. Create the boot partition:
  • Right-click on the unallocated space and select New.
  • Set the partition size to 1000MB using the slider.
  • Choose Primary Partition and fat32 as the file system.
  1. Create the root partition:
  • Right-click on the remaining unallocated space and select New.
  • Use the entire free space for this partition.
  • Choose ext4 as the file system.
  1. Click Apply All Operations to apply the changes and proceed with the installation.
Next, you need to assign a role to each partition:
  1. Select the fat32 partition (the boot partition) and configure it as follows:
  • Toggle on Use partition and Format.
  • Set Use as to Boot.
  • Confirm the file system is set to fat32.
  1. Select the root partition and configure it as follows:
  • Toggle on Use partition and Format.
  • Set Use as to Root.
  • Leave the file system set to Default (ext4).
  1. With the partitions configured, click Erase and Install to begin the installation process. Follow the on-screen instructions to complete the installation.
After rebooting, the screen will go black. Press the Space bar to bring up the system-d boot menu. Press the letter t to increase the boot time, and then select Pop!_OS to enter the newly installed operating system. Follow the on-screen instructions to complete the initial setup.
Since System-d couldn't detect the Windows boot manager, we need to add it manually. To do this, open a Terminal and run the following commands:
sudo apt update sudo apt install os-prober sudo os-prober
The os-prober command will scan for the Windows boot manager. Take note of the output, which should indicate the location of the Windows boot manager (e.g., nvme0n1p2).
Next, run the following commands to mount the Windows partition and copy the necessary files:
lsblk sudo mount /dev/nvme0n1p2 /mnt sudo ls -la /mnt/EFI/ sudo cp -ax /mnt/EFI/Microsoft /boot/efi/EFI sudo ls -lh /boot/efi/EFI
After completing these steps, reboot the computer. This time, the System-d boot menu should display a Windows entry. Congratulations, you now have a dual-boot laptop with Pop!_OS alongside Windows!

Conclusion 🎯

We've taken the first step in our extreme privacy journey by setting up a Linux system using Pop!_OS. We've configured the OS, installed necessary applications, and created backups to ensure data security and integrity. The journey to more privacy is not an easy one, but with each step, we move closer to having full control over our data and digital lives.
Next: PART 2 - Graphene OS Mobile Devices
In PART 2, we'll focus on securing our mobile devices using Graphene OS, a security-focused mobile operating system. We'll explore its features and benefits, and provide a step-by-step guide on how to install and configure it. Stay tuned for the next part of our extreme privacy journey!

Resources 📚

21 sats \ 1 reply \ @OT 15 Oct
I'm still reading this one. Its very thorough and it seems that a lot of the best practices in bitcoin are similar to what he goes through in the book.
reply
Yes, I totally agree. And he has also written more books on the specific topics - more rabbit holes to explore
reply
21 sats \ 1 reply \ @nym 15 Oct
Good advice and nod to the Electrum recommendation. I used to have problems with Pop OS updates and prefer Debian now, but the former is good for beginners.
reply
I hadn’t issues yet. What type of problems did you notice?
reply
Waiting for the PART 2
reply
21 sats \ 1 reply \ @Bee_Aye 15 Oct
love it, keep it coming! how do you like the book, good read?
reply
Thanks, although I haven't finished it yet, I appreciate the book's hands-on approach and would definitely recommend it
reply
Good article! What criteria did you use to choose PopOS?
reply
I followed the book.
Pop!_OS: Finally, we have my preferred operating system for myself and clients. Pop!_OS is based on Ubuntu, but redesigned for privacy and security. There are many differences from stock Ubuntu, including the following. • The Pop!_OS installer applies full-disk encryption by default. • All telemetry is disabled and third-party connections are opt-in. • The application store can install and update Flatpak/Deb programs. • Snap is not installed. • Pop!_OS has better window tiling options. • It includes a recovery partition to easily restore your system when needed. • It feels less sluggish and more polished
reply
Got it, thanks for the reply.
reply
Next, we install mvp, a media player that allows for secure playback of media files.
Typo, should be mpv
reply
reply