I recently stumbled upon Extreme Privacy: What it takes to disappear by Michael Bazzell. This book is a practical and informative guide that provides clear, step-by-step instructions on how to improve your privacy. What sets it apart is that it's not just theoretical - it gives you actionable advice that you can start implementing right away.
As someone who's already taken some basic steps to protect my privacy, I found this book to be a useful resource to take it to the next level. I'm still using Windows and Apple devices, but after reading this book, I'm planning to switch to more secure alternatives. If you're interested in improving your privacy, I recommend checking out this book.
In this post, I'll give you a brief overview of the steps outlined in the book, along with some visual guidance to help illustrate the process. I won't delve too deep into the reasoning behind each step - that's all covered in the book. Instead, I'll document my own progress as I work to upgrade my privacy setup and break away from Big Tech. Let's get started.
Section One: Linux Computers 🐧
Eat that frog. The book recommends starting with the biggest challenge: ditching Windows and Apple in favor of a Linux-based operating system. The reason is simple: they collect a ton of data.
1️⃣ Configure a Linux Operating System
Before diving in, the book takes a close look at the fundamentals, exploring the trade-offs between older and newer hardware, and navigating the varied world of Linux distributions. After careful consideration,
Pop!_OS
is selected as the go-to operating system, and we'll be following that recommendation.- Navigate to https://pop.system76.com/ and click
Download
.
- Install Balena Etcher from https://etcher.balena.io/.
- Launch Balena Etcher and click
Flash from file
. - Select the downloaded iso file.
- Click
Select target
and choose your USB drive. - Click
Flash
and allow the process to complete
Note: this process will completely wipe the chosen USB drive, so proceed with caution. Once complete, you'll have a bootable USB drive ready for Linux installation. To install, insert the drive, restart your computer, and immediately press the key that opens the boot options menu (usually ESC, F1, F7, F8, F10, or DEL). Select the USB drive with your Pop!_OS installation, then follow the on-screen instructions to complete the installation.
- Click
Try or Install Pop!_OS
. - Choose your desired language, location, and keyboard.
- Choose
clean install
and select your internal drive. - Click
Erase and Install
.
- Provide your desired user name and password.
- Select the default option to encrypt the drive.
- If desired, allow the same Linux password to be used for the drive encryption. This is more convenient but could pose a security risk. If you want an extra layer of protection, you could specify a unique password for each option of drive encryption and Linux, but this may be overkill for most users. I use the same password for both options.
- Allow the process to complete and click
Restart Device
Now after reebot we need to provid our password and then again a screen with user selection and also need to include password again. We will change that redunancy steps later in the settings.
Continue through the one-time setup with the following steps.
- Choose your layout options for the dock and click
Next
. - Choose your Top Bar options and click
Next
. - Click
Next
twice to continue through the menu. - Choose your desired appearance and click
Next
. - Choose your Wi-Fi (if available), supply the password, and click
Next
. - Keep location services disabled and click
Next
. - Choose your desired time zone and click
Next
. - Click
Skip
to bypass any online accounts then clickStart Using Pop!_OS
To remove the requirement to enter the password twice upon each boot, follow the next steps:
- Launch the Settings application in the lower dock.
- Choose
Users
in the left menu. - Click
Unlock
and enter your password. - Enable the
Automatic Login
toggle. - Close Settings and reboot the computer by clicking the upper-right menu bar and selecting
Power Off/ Log Out
>Restart
>Restart
.
Additionally Bazzell recommends some optional modifications to the default setup:
- Launch the
Settings
application in the lower dock. - Click
Bluetooth
in the left menu and disable the toggle. - Click
Privacy
in the left menu and disableConnectivity Checking
. - Click
File History & Trash
and disable everything.
...and add some not privacy related but useful preferences:
- Click
Screen
and changeBlank Screen Delay
to a longer period. - Go back to the main screen, click
Power
in the left menu and disableAutomatic Power Sever
. - Click
Automatic Suspend
and disable all options. - Enable
Show Battery Percentage
There are noumerous background images available, anyway if you want to have a solid color you need to use e.g. follwoing comands within the terminal
gsettings set org.gnome.desktop.background picture-uri ´´ gsettings set org.gnome.desktop.background picture-uri-dark ´´
what gives us a great dark background screen.
The next modification I like to execute is to move the Dock from the bottom to the left with the following Terminal command.
gsettings set org.gnome.shell.extensions.dash-to-dock dock-position LEFT
Next, I prefer to decrease the default size of the icons since I will be adding numerous programs soon. You can change the number to any size appropriate for your screen size with the following Terminal command.
gsettings set org.gnome.shell.extensions.dash-to-dock dash-max-icon-size 30
When you right-click a file or folder to delete it, you currently have the option toMove to Trash
. The following Terminal command adds a new option directly underneath the Trash entry titledDelete Permanently
. This allows me to bypass the Trash altogether and simply eliminate any desired content.
gsettings set org.gnome.nautilus.preferences show-delete-permanently true
By default, most Linux operating systems hidehidden
files from view. These are typically system files but can also include cache and configuration files which we may need to access. Therefore, I execute the following two Terminal commands in order to make these valuable files visible at all times.
gsettings set org.gnome.nautilus.preferences show-hidden-files true gsettings set org.gtk.Settings.FileChooser show-hidden true
You likely have pending operating system updates which should now be applied.
- Click the
Pop!_Shop
icon in the dock bar next to Settings. - Click the
Installed
tab and thenUpdate All
.
2️⃣ Install Linux Applications
In this section, we will follow Bazzell's guidance on installing applications within the
Pop!_OS Shop
. This will lay the foundation for our system, providing us with the necessary tools for productivity, media management, and more.Note-taking and Organization
We begin by installing Standard Notes, a note-taking application that allows for end-to-end encryption.
Ebook Management
For managing ebooks, he recommends Calibre, a powerful and feature-rich application that makes it easy to organize and read digital books.
Media Playback
Next, we install mvp, a media player that allows for secure playback of media files.
Office Productivity
For office tasks, LibreOffice is the preferred choice. This comprehensive suite of applications provides everything we need for word processing, spreadsheet analysis, and presentation creation.
System Maintenance
To keep our system running smoothly, we install BleachBit Cleaner, a useful utility that helps remove unnecessary files and free up disk space.
Virtual Currency Management
For managing virtual currencies, Bazzell suggests Electrum, a popular and user-friendly application specifically designed for Bitcoin transactions.
This concludes the initial setup of our system. In later sections in the book, we will cover email, calendars, contacts, password management, VPS, and VoIP services, each of which will be configured and explored in detail.
3️⃣ Apply Linux Updates
This section guides you through the process of keeping your Linux system up-to-date by applying the latest updates. To streamline this process, it's recommended to save the following essential commands in a local notes application for easy copying and pasting:
sudo apt update // updates package lists sudo apt upgrade -y // applies pending updates sudo apt full-upgrade -y // applies pending updates and removes unnecessary data sudo pop-upgrade recovery upgrade from-release // updates the recovery partition sudo pop-upgrade release upgrade // applies pending Pop!_OS stable release upgrades sudo apt autoremove -y // removes unnecessary software dependencies sudo apt autoclean -y // removes unnecessary data from local software repositories sudo flatpak update -y // updates Flatpak applications
These commands can be copied and pasted into the terminal to keep your system updated. Later, we'll learn how to create a custom script to automate these commands, making it even easier to maintain our system.
4️⃣ Create a Custom Linux Script
As promised we'll learn how to create a custom script to automate the update process. We have two options:
- Download a Pre-Configured Script: Get started quickly with a pre-configured script that's ready to use.
- Create a Custom Script from Scratch
Option 1: Download a Pre-Configured Script
To download and set up the pre-configured script, run the following commands:
cd ~/Documents && wget https://inteltechniques.com/data/linux.sh chmod +x linux.sh && sudo mv linux.sh /usr/share/applications/ wget https://inteltechniques.com/data/linux.desktop sudo mv linux.desktop /usr/share/applications/
Option 2: Create a Custom Script from Scratch
To create a custom script, follow these steps:
- Open a text editor and create a new file.
- Copy the script text and paste it into the text editor.
#!/bin/bash clear PS3="Selection: " options=( "Apply All Updates" "Launch Files with Admin Privileges" ) select opt in "${options[@]}" do case $opt in "Apply All Updates") sudo apt update && sudo apt upgrade -y && sudo apt full-upgrade -y && sudo pop-upgrade recovery upgrade from-release && sudo pop-upgrade release upgrade && sudo apt autoremove -y && sudo apt autoclean -y && sudo flatpak update -y ;; "Launch Files with Admin Privileges") sudo nautilus ;; esac done
- Save the file with a
.sh
extension (e.g.,linux.sh
) in a location of your choice (e.g., your home directory) - Open a terminal and navigate to the directory where you saved the script.
- Make the script executable using the following command:
chmod +x linux.sh
- run the script using the following command:
./linux.sh
Running the Script
After executing the script, you'll see the following menu:
1) Apply All Updates
2) Launch Files with Admin Privileges Selection:
Create and Configure the
.desktop
FileThe
linux.desktop
file tells the operating system to launch the script from your Applications menu.- Open a text editor and create a new file.
- Copy the following code and paste it into the text editor:
[Desktop Entry] Type=Application Name=Maintenance Categories=Application;Maintenance Exec=/path/to/.linux.sh Terminal=true
Replace
/path/to/
with the actual path where you saved the linux.sh
file.- Save the file with the name
linux.desktop
in a location of your choice. - Move the
linux.desktop
file to the/usr/share/applications/
directory using the following command:
sudo mv linux.desktop /usr/share/applications/
- Update the
Exec
path in thelinux.desktop
file to point to the correct location of thelinux.sh
file. - Make the
linux.desktop
file executable using the following command:
sudo chmod +x /usr/share/applications/linux.desktop
Verify the Shortcut
- Go to your Applications menu and look for a new shortcut titled "Maintenance".
- Clicking this shortcut should launch the
linux.sh
script.
Using the script
You can now launch the script by clicking on the
Maintainance
shortcut in your Application menu. The script will present you two options:1) Apply All Updates
2) Launch Files with Admin Privileges Selection:
Selecting the first option will apply all updates, while selecting the second option will launch the Files application with root privileges, allowing you to modify system protected files.
Tips and variations
You can modify the script to automate any Terminal commands you want. Simply edit the linux.sh script and add or modify the commands needed. You can also create new desktop entries and scripts to automate other tasks. Remeber to make the script executable and move it to the correct location for it to work properly.
5️⃣ Store Documents Locally in Linux
Bazzell recommends storing documents locally on the Linux system to maximize privacy. This is because storing documents online can make them vulnerable to hacking and surveillance. By storing documents locally, users can ensure that their documents are secure and private.
6️⃣ Create a Linux System Backup
In this section, we'll create a backup of your Linux system. To ensure your system is up-to-date and clean, follow these preliminary steps:
- Running the Maintenance script to apply updates and remove unnecessary items.
- Checking for additional updates in Pop!_Shop and
Settings
->OS Upgrade & Recovery
. - Running
BleachBit
as root to clean the system (excludingFree Disk Space
). - Rebooting the machine.
Creating a Full Backup with FreeFileSync
To create a full backup of your Linux device, follow these steps:
- Install the free and open-source program
FreeFileSync
, available in Pop!_Shop. - Format an external USB SSD (recommended) specifically for backups:
- Launch
Files
, right-click the external drive, and selectFormat
. - Choose
Internal disk for use with Linux systems only (Ext4)
and consider encrypting the drive viaPassword protect volume
- Configure FreeFileSync:
- Browse to your Home folder and select it as the source.
- Browse to your external hard drive, create a "Backup" folder, and select it as the destination.
- Click the right arrow icon next to the green whell near "Synchronisze" and choose the
Mirror
option to ensure an exact replica of your computer's data.
- Run the backup:
- Click
Compare
to analyze the data. - Ignore the warnings and click
Synchronize
to begin the backup process.
Subsequent Backups
To maintain an up-to-date backup, follow these steps:
- Connect the external drive and unlock the encryption (if used).
- Open
FreeFileSync
and select theCompare
button to identify modified files. - Run the synchronization process to update the backup.
Best Practices
Bazzell recommends making backups on a regular schedule (e.g., weekly) and shutting down the machine when not in use to maintain a tidy and updated Linux device. By following these steps, you'll ensure your system is protected and easily recoverable in case of data loss or system failure.
7️⃣ Create an Off-Site Linux Backup
To ensure data protection, follow the
3-2-1 rule
:- 3 copies of your data
- 2 types of media (e.g., external hard drive and micro SD card)
- 1 copy off-site
Create a "Desperation Copy"
Store a third copy of your data on a micro SD card off-site, using
FreeFileSync
to keep it current. This ensures a safe and recoverable copy of your data in case of a disaster.8️⃣ Configure a Dual-Boot Laptop
This final section of
PART 1 - Linux
explores the concept of secure dual-booting, where two operating systems coexist on separate drives. This setup is ideal for situations where specific Windows software is required, but cannot be run through virtual machines. The following example illustrates a configuration where Pop!_OS
is the default option, alongside Windows
.The starting point for this setup is a system with Windows 10 Pro installed, booting in UEFI mode, and two separate existing drives. To prepare for dual-booting, take the following steps in Windows:
- If you prefer to have full-disk encryption, activate
BitLocker
. - Open the
Disk Manager
to view the connected drives and their partitions. - Identify the drive or partition where you want to install Pop!_OS, right-click on it, and select
Shrink Volume
. Allocate a minimum of 40GB or more for the new partition. - Insert the Pop!_OS USB installer and restart your computer.
- Enter the BIOS settings (usually by pressing ESC, F2, or F9) and make the following changes:
- Enable USB boot
- Set the USB drive as the primary boot device in the
Boot order
settings - Disable
Secure boot
- save your changes and exit the BIOS settings.
With the USB drive set as the primary boot device, the system will now boot into Pop!_OS. Follow the initial setup process until you reach the installation screen.
To configure the installation, select
Custom (Advanced)
and then:-
Identify the drive or partition with the free space you previously allocated for Pop!_OS.
-
Click
Modify Partitions
to begin configuring the partitions. -
Create the boot partition:
-
Right-click on the unallocated space and select
New
. -
Set the partition size to 1000MB using the slider.
-
Choose
Primary Partition
andfat32
as the file system.
- Create the root partition:
-
Right-click on the remaining unallocated space and select
New
. -
Use the entire free space for this partition.
-
Choose
ext4
as the file system.
- Click
Apply All Operations
to apply the changes and proceed with the installation.
Next, you need to assign a role to each partition:
- Select the
fat32
partition (the boot partition) and configure it as follows:
-
Toggle on
Use partition
andFormat
. -
Set
Use as
toBoot
. -
Confirm the file system is set to
fat32
.
- Select the
root
partition and configure it as follows:
-
Toggle on
Use partition
andFormat
. -
Set
Use as
toRoot
. -
Leave the file system set to
Default (ext4)
.
- With the partitions configured, click
Erase and Install
to begin the installation process. Follow the on-screen instructions to complete the installation.
After rebooting, the screen will go black. Press the
Space bar
to bring up the system-d boot menu. Press the letter t
to increase the boot time, and then select Pop!_OS
to enter the newly installed operating system. Follow the on-screen instructions to complete the initial setup.Since System-d couldn't detect the Windows boot manager, we need to add it manually. To do this, open a
Terminal
and run the following commands:sudo apt update sudo apt install os-prober sudo os-prober
The
os-prober
command will scan for the Windows boot manager. Take note of the output, which should indicate the location of the Windows boot manager (e.g., nvme0n1p2
).Next, run the following commands to mount the Windows partition and copy the necessary files:
lsblk sudo mount /dev/nvme0n1p2 /mnt sudo ls -la /mnt/EFI/ sudo cp -ax /mnt/EFI/Microsoft /boot/efi/EFI sudo ls -lh /boot/efi/EFI
After completing these steps, reboot the computer. This time, the System-d boot menu should display a Windows entry. Congratulations, you now have a dual-boot laptop with Pop!_OS alongside Windows!
Conclusion 🎯
We've taken the first step in our extreme privacy journey by setting up a Linux system using Pop!_OS. We've configured the OS, installed necessary applications, and created backups to ensure data security and integrity. The journey to more privacy is not an easy one, but with each step, we move closer to having full control over our data and digital lives.
Next: PART 2 - Graphene OS Mobile Devices
In PART 2, we'll focus on securing our mobile devices using Graphene OS, a security-focused mobile operating system. We'll explore its features and benefits, and provide a step-by-step guide on how to install and configure it. Stay tuned for the next part of our extreme privacy journey!