Just jumped deep into Linux, Librem and deGoogling

Just over a month ago I was introduced to Rob Braxman and the idea of deGoogled phones. Rob really opened my eyes about privacy, and a couple of weeks ago, Linux started to seem not very scary, and very, very useful.

I struggled for a couple of weeks deciding which laptop to buy (I’ve been using an iPad as a laptop for way too long), and Rob narrowed it down for me in his 2019 4th Quarter video on Best Privacy Laptops.

I easily vetted the Mark IV as a possible choice, then realized I had better consider other models, too. A few people on Brax.Me recommended System76, so I reviewed Galago Pro and Darter Pro carefully, and – not caring too much about price – I quickly realized the Darter Pro was within very easy reach. After looking at specs and reading about lifetime support, Darter knocked itself into first place.

Ready to buy the Darter. OK. Aware of my impulsive nature. OK. Thought it was a good idea just to review the Librem 14", so I built a 3-column spreadsheet comparing specs and prices of all three machines. It forced me to pay attention. Boy, was I surprised.

After I included a reasonable amount of add-ons on the Librem – knowing not to go crazy, but make sure I had the power and memory for the work I will do – the Librem 14" I built in my shopping cart was only $90 more than the Darter I had configured. I was stunned. Rob speaks well of all three, but put Librem in first place for privacy.

So Librem easily brushed Darter out of the top spot, and I move some money into the right accounts and started getting serious about a purchase. At that point, I looked again at memory for the software I’d be using, and realized I should upgrade to 32GB. At this point it made a lot of sense (and the price difference was still negligible).

Then I read Librem was on backorder. Cr@p.

This is when my “wise side” talked myself back down to Earth, realizing that even a LabTop III or IV would suit me perfectly well. And being impulsive and impatient, I decided I didn’t want to wait so long, and that moving forward with something (and it would be something wonderful) would make me happy.

So I began getting an order put together for the Mark IV. And darn, also on backorder.

Now I was jacked up to buy, money was ready, and I knew I’d be waiting either way.

So this was my solution: I spoke to my brother who just got interested in Linux and privacy as well, and is buying new home, and needs a new computer, and I told him I would buy the LabTop for him and his wife as a house-warming present (with a specially gifted VM of Windows 10 Professional just for her), use it while I set it up for him, and order a Librem 14" for myself. So Monday I ordered his Mk IV and this morning I ordered my L14.

I should be a rascal and pit the two companies against each other to see which one delivers the fastest, but I probably won’t. Instead, I’m taking on the study plan I will need to get my brother’s computer up and running the way it should be, learn from that experience, then set up my own Librem when it arrives. Or, if it comes first, the other way around.

A month under Rob’s tutelage and two weeks of orientation to Linux, and I ordered two laptops in three days.

I’m not crazy, I promise. This is going to work out GREAT!

— Privacy, yay.

If you are looking to de-google even more decisively, I would recommend looking at deCloudUs which I am currently using in conjunction with algo vpn

Wow, thank you, I am. I’ll check it out and get back to you.

One more person has seen the light. Welcome.

PS If you are really diving in then I recommend that the first thing that you learn is how to backup and restore your computer.

And accept the fact that at some point not very far in the future, you -will- wipe your operating system.

IW and Gavaudan:

Yes, and yes, Brax recommends when setting up a new computer (carefully), once set up, to make an image (I believe that’s the right term) of the computer, save it somewhere, and periodically wipe clean and go back. It’s a known starting point.

Also, to set up a sort of “guest account” type profile, and always work off that, only logging in as the main host user when software changes, preferences, etc. are needed. Then log back in as the non-primary user.

Also, to name the device and the main user name and your everyday non-privileged user login carefully. Never call the main user “admin” or “Judy’s Mac 15” or “Gunderson Family Computer.” Call your non-privileged user “admin” and the main user something very boring or even misleading. My phone name shows up as ‘sub_enable.txt.’ My Librem may be called Acer Iconia Tab A150 or some other old cr@ppy POS hunk a sh¡t no one would want (pardon my Anglo Saxon). Or Plantronics BT100. Or (and I think this is good):

Dell 11.3-Inch Inspiron (unrecoverable)*

• Or: (device error) or (unmountable) or (boot failure)

If I am not mistaken, those are his suggestions for a windows machine. Linux machines are more or less set up like that by default, thanks to sudo:

I think you’ll find that personal computing with Linux is not really so different from other operating systems you may be used to. (Well, it’s much nicer, of course!)

Don’t be intimidated by all you read or watch on the internet regarding “complex” command-line stuff. You’ll probably spend most of the time pointing and clicking, with gradual entry into using commands in the terminal.

Enjoy!

Good to know, and come to think of it, I believe he would agree. His rationale for this (I’m sure you know) is so if any snooping or hacking or malware attacks are made while you are in a guest account, even if they get in, that profile has no administrator privileges and attempts at installing software or getting through to the core will fail. And THAT is why you call the account ‘admin’ — another misinfo to distract and engage them where they can do little no harm.

I’m super excited!

This sounds like security through obscurity, which is usually discouraged and does not help.

mmm feels more like honeypot than security through obscurity
He doesn’t obfuscate anything, he is misleading an eventual human attack with the potential waste of time before realising it was a trickery

tastes like it, too, mmm.

— Privacy, yay.

I see it as more similar to not logging intto linux as the root user.

On a linux machine you can take some of his ideas even further. He talks about browser isolation in which he banishes google to one browser and uses a (or multiple) browsers for everything else (in order to make browser fingerprinting difficult). On linux you can set up multiple virtual machines (vm) and dedicate them to different tasks (a poor-mans’ qubes, as it were). I have google banished to a single vm on my linux machine, which has the added benefit that I am less tempted to use google and find better replacements for it.

Virtual machines usually do not help against fingerprinting very much. Use Tor browser instead for that. See this discussion for more details: https://qubes-os.discourse.group/t/is-your-browser-fingerprint-unique/987.

I think that renaming normal user as admin really is what security through obscurity is. It is meant to hide the real situation, which is a standard installation. It does not usually help against attack while taking a lot of time to set up and to not break things later. Such time is better spent on real security.

I was not concentrating on the cosmetic aspect of naming, but the actual separation of the admin/super user role from the regular user. If one merely concentrates on the cosmetic aspect then yes, it is security through obscurity if one pays attention to the real separation of users, it is not.

Virtual machines usually do not help against fingerprinting very much

In an absolute sense, perhaps not, but it segments one’s activities. I just used the panopticlick on browsers in two separate vm’s: on one machine I get “One in x browsers have this value: 118.59” and on the other " One in “x browsers have this value: 86.6” so I should appear as two different browsers and, presumably, two different users.

Use Tor browser

Forgot to add: Yes, I agree completely. When I want to make myself as anonymous as I can, I use Tor after passing through a vpn.

See this discussion for more details: https://qubes-os.discourse.group/t/is-your-browser-fingerprint-unique/987

This is a very good discussion. Thanks!

Good transitional strategy! I started playing with Linux in the mid 90’s and kept going back and forth because there was always some program that was Windows only. But exiting Windows/Apple/Google etc. is kind of like shopping at Walmart, once you realize there is nothing there you need that you can’t obtain otherwise and you haven’t been back for 6 months, you realize you never need to go back.

I think it’s worth poinying out that that Android uses Linux as GNU uses Linux - so, perhaps what is meant is thst ‘GNU started to seem not very scary, and very, very useful.’?