Seeking software suggestions for internet security [Solved]

[onion_rings]

I am starting a blog, and I want to protect my privacy while blogging and using social media. I am using a separate laptop specifically for blogging. This way, if someone managed to trace the blog or my social media accounts back to me and hack my computer, they wouldn't be able to access any of my personal files, because all of my personal files are on my other laptop. However, it occurs to me that if someone were to target my computer, they might be able to determine what network I was on, and then target my personal laptop, because it's connected to the same network. I thought about using TOR browser to prevent this, but I wondered if that would be overkill.

Would using a VPN, like OpenVPN, be enough to prevent a hacker from tracking my location and IP address? Are there any other applications I should consider?

Does my boot firmware matter, for the purposes of internet security? I am using UEFI with secure boot disabled. Would it be better to use Libreboot or another boot firmware, or does that even matter?

I am using a firewall and my laptop's user and root accounts are password protected. MX-21.3_x64 on a Dell Latitude 7480, Core i7 vPro, 5.10.0 21-amd64.

Thank you for your suggestions!

[edited to include full system info]

Code: Select all

System:    Kernel: 5.10.0-21-amd64 [5.10.162-1] x86_64 bits: 64 compiler: gcc v: 10.2.1 
           parameters: BOOT_IMAGE=/boot/vmlinuz-5.10.0-21-amd64 
           root=UUID=<filter> ro quiet splash 
           Desktop: Xfce 4.18.1 tk: Gtk 3.24.24 info: xfce4-panel wm: xfwm 4.18.0 vt: 7 
           dm: LightDM 1.26.0 Distro: MX-21.3_x64 Wildflower January 15  2023 
           base: Debian GNU/Linux 11 (bullseye) 
Machine:   Type: Laptop System: Dell product: Latitude 7480 v: N/A serial: <filter> Chassis: 
           type: 10 serial: <filter> 
           Mobo: Dell model: 00F6D3 v: A00 serial: <filter> UEFI: Dell v: 1.30.0 date: 12/21/2022 
Battery:   ID-1: BAT0 charge: 19.6 Wh (46.4%) condition: 42.2/60.0 Wh (70.4%) volts: 7.3 min: 7.6 
           model: SMP DELL DM3WC64 type: Li-poly serial: <filter> status: Discharging 
CPU:       Info: Dual Core model: Intel Core i7-6600U bits: 64 type: MT MCP arch: Skylake 
           family: 6 model-id: 4E (78) stepping: 3 microcode: F0 cache: L2: 4 MiB 
           flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx bogomips: 22399 
           Speed: 800 MHz min/max: 400/3400 MHz Core speeds (MHz): 1: 800 2: 800 3: 800 4: 800 
           Vulnerabilities: Type: itlb_multihit status: KVM: VMX disabled 
           Type: l1tf mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable 
           Type: mds mitigation: Clear CPU buffers; SMT vulnerable 
           Type: meltdown mitigation: PTI 
           Type: mmio_stale_data mitigation: Clear CPU buffers; SMT vulnerable 
           Type: retbleed mitigation: IBRS 
           Type: spec_store_bypass 
           mitigation: Speculative Store Bypass disabled via prctl and seccomp 
           Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization 
           Type: spectre_v2 
           mitigation: IBRS, IBPB: conditional, RSB filling, PBRSB-eIBRS: Not affected 
           Type: srbds mitigation: Microcode 
           Type: tsx_async_abort mitigation: Clear CPU buffers; SMT vulnerable 
Graphics:  Device-1: Intel Skylake GT2 [HD Graphics 520] vendor: Dell driver: i915 v: kernel 
           bus-ID: 00:02.0 chip-ID: 8086:1916 class-ID: 0300 
           Device-2: Sunplus Innovation Integrated_Webcam_HD type: USB driver: uvcvideo 
           bus-ID: 1-5:2 chip-ID: 1bcf:2b96 class-ID: 0e02 
           Display: x11 server: X.Org 1.20.11 compositor: xfwm4 v: 4.18.0 driver: 
           loaded: modesetting unloaded: fbdev,vesa display-ID: :0.0 screens: 1 
           Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x285mm (20.0x11.2") 
           s-diag: 582mm (22.9") 
           Monitor-1: eDP-1 res: 1920x1080 hz: 60 dpi: 158 size: 309x173mm (12.2x6.8") 
           diag: 354mm (13.9") 
           OpenGL: renderer: Mesa Intel HD Graphics 520 (SKL GT2) v: 4.6 Mesa 20.3.5 
           direct render: Yes 
Audio:     Device-1: Intel Sunrise Point-LP HD Audio vendor: Dell driver: snd_hda_intel v: kernel 
           alternate: snd_soc_skl bus-ID: 00:1f.3 chip-ID: 8086:9d70 class-ID: 0403 
           Sound Server-1: ALSA v: k5.10.0-21-amd64 running: yes 
           Sound Server-2: PulseAudio v: 14.2 running: yes 
Network:   Device-1: Intel Ethernet I219-LM vendor: Dell driver: e1000e v: kernel port: f040 
           bus-ID: 00:1f.6 chip-ID: 8086:15d7 class-ID: 0200 
           IF: eth0 state: down mac: <filter> 
           Device-2: Intel Wireless 8265 / 8275 driver: iwlwifi v: kernel modules: wl port: f040 
           bus-ID: 02:00.0 chip-ID: 8086:24fd class-ID: 0280 
           IF: wlan0 state: up mac: <filter> 
Bluetooth: Device-1: Intel Bluetooth wireless interface type: USB driver: btusb v: 0.8 
           bus-ID: 1-7:3 chip-ID: 8087:0a2b class-ID: e001 
           Report: hciconfig ID: hci0 rfk-id: 3 state: up address: <filter> bt-v: 2.1 lmp-v: 4.2 
           sub-v: 100 hci-v: 4.2 rev: 100 
           Info: acl-mtu: 1021:4 sco-mtu: 96:6 link-policy: rswitch hold sniff 
           link-mode: slave accept service-classes: rendering, capturing, object transfer, audio 
RAID:      Hardware-1: Intel 82801 Mobile SATA Controller [RAID mode] driver: ahci v: 3.0 
           port: f060 bus-ID: 00:17.0 chip-ID: 8086.282a rev: 21 class-ID: 0104 
Drives:    Local Storage: total: 119.24 GiB used: 7.92 GiB (6.6%) 
           SMART Message: Unable to run smartctl. Root privileges required. 
           ID-1: /dev/sda maj-min: 8:0 vendor: SanDisk model: SD8SN8U-128G-1006 size: 119.24 GiB 
           block-size: physical: 4096 B logical: 512 B speed: 6.0 Gb/s type: SSD serial: <filter> 
           rev: 0006 scheme: GPT 
Partition: ID-1: / raw-size: 112.98 GiB size: 110.65 GiB (97.94%) used: 7.92 GiB (7.2%) fs: ext4 
           dev: /dev/sda2 maj-min: 8:2 
           ID-2: /boot/efi raw-size: 256 MiB size: 252 MiB (98.46%) used: 282 KiB (0.1%) fs: vfat 
           dev: /dev/sda1 maj-min: 8:1 
Swap:      Kernel: swappiness: 15 (default 60) cache-pressure: 100 (default) 
           ID-1: swap-1 type: partition size: 6 GiB used: 0 KiB (0.0%) priority: -2 dev: /dev/sda3 
           maj-min: 8:3 
Sensors:   System Temperatures: cpu: 32.5 C mobo: N/A 
           Fan Speeds (RPM): cpu: 0 
Repos:     Packages: note: see --pkg apt: 1973 lib: 990 flatpak: 0 
           No active apt repos in: /etc/apt/sources.list 
           Active apt repos in: /etc/apt/sources.list.d/debian-stable-updates.list 
           1: deb http://deb.debian.org/debian bullseye-updates main contrib non-free
           Active apt repos in: /etc/apt/sources.list.d/debian.list 
           1: deb http://deb.debian.org/debian bullseye main contrib non-free
           2: deb http://security.debian.org/debian-security bullseye-security main contrib non-free
           Active apt repos in: /etc/apt/sources.list.d/mx.list 
           1: deb http://mxrepo.com/mx/repo/ bullseye main non-free
Info:      Processes: 230 Uptime: 1h 38m wakeups: 4 Memory: 7.66 GiB used: 3.09 GiB (40.3%) 
           Init: SysVinit v: 2.96 runlevel: 5 default: 5 tool: systemctl Compilers: gcc: N/A 
           alt: 10 Client: shell wrapper v: 5.1.4-release inxi: 3.3.06 
Boot Mode: UEFI

[Eadwine Rose]

Please post your Quick System Info using Copy for forum, thanks.

[onion_rings]

Code: Select all

System:    Kernel: 5.10.0-21-amd64 [5.10.162-1] x86_64 bits: 64 compiler: gcc v: 10.2.1 
           parameters: BOOT_IMAGE=/boot/vmlinuz-5.10.0-21-amd64 
           root=UUID=<filter> ro quiet splash 
           Desktop: Xfce 4.18.1 tk: Gtk 3.24.24 info: xfce4-panel wm: xfwm 4.18.0 vt: 7 
           dm: LightDM 1.26.0 Distro: MX-21.3_x64 Wildflower January 15  2023 
           base: Debian GNU/Linux 11 (bullseye) 
Machine:   Type: Laptop System: Dell product: Latitude 7480 v: N/A serial: <filter> Chassis: 
           type: 10 serial: <filter> 
           Mobo: Dell model: 00F6D3 v: A00 serial: <filter> UEFI: Dell v: 1.30.0 date: 12/21/2022 
Battery:   ID-1: BAT0 charge: 19.6 Wh (46.4%) condition: 42.2/60.0 Wh (70.4%) volts: 7.3 min: 7.6 
           model: SMP DELL DM3WC64 type: Li-poly serial: <filter> status: Discharging 
CPU:       Info: Dual Core model: Intel Core i7-6600U bits: 64 type: MT MCP arch: Skylake 
           family: 6 model-id: 4E (78) stepping: 3 microcode: F0 cache: L2: 4 MiB 
           flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx bogomips: 22399 
           Speed: 800 MHz min/max: 400/3400 MHz Core speeds (MHz): 1: 800 2: 800 3: 800 4: 800 
           Vulnerabilities: Type: itlb_multihit status: KVM: VMX disabled 
           Type: l1tf mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable 
           Type: mds mitigation: Clear CPU buffers; SMT vulnerable 
           Type: meltdown mitigation: PTI 
           Type: mmio_stale_data mitigation: Clear CPU buffers; SMT vulnerable 
           Type: retbleed mitigation: IBRS 
           Type: spec_store_bypass 
           mitigation: Speculative Store Bypass disabled via prctl and seccomp 
           Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization 
           Type: spectre_v2 
           mitigation: IBRS, IBPB: conditional, RSB filling, PBRSB-eIBRS: Not affected 
           Type: srbds mitigation: Microcode 
           Type: tsx_async_abort mitigation: Clear CPU buffers; SMT vulnerable 
Graphics:  Device-1: Intel Skylake GT2 [HD Graphics 520] vendor: Dell driver: i915 v: kernel 
           bus-ID: 00:02.0 chip-ID: 8086:1916 class-ID: 0300 
           Device-2: Sunplus Innovation Integrated_Webcam_HD type: USB driver: uvcvideo 
           bus-ID: 1-5:2 chip-ID: 1bcf:2b96 class-ID: 0e02 
           Display: x11 server: X.Org 1.20.11 compositor: xfwm4 v: 4.18.0 driver: 
           loaded: modesetting unloaded: fbdev,vesa display-ID: :0.0 screens: 1 
           Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x285mm (20.0x11.2") 
           s-diag: 582mm (22.9") 
           Monitor-1: eDP-1 res: 1920x1080 hz: 60 dpi: 158 size: 309x173mm (12.2x6.8") 
           diag: 354mm (13.9") 
           OpenGL: renderer: Mesa Intel HD Graphics 520 (SKL GT2) v: 4.6 Mesa 20.3.5 
           direct render: Yes 
Audio:     Device-1: Intel Sunrise Point-LP HD Audio vendor: Dell driver: snd_hda_intel v: kernel 
           alternate: snd_soc_skl bus-ID: 00:1f.3 chip-ID: 8086:9d70 class-ID: 0403 
           Sound Server-1: ALSA v: k5.10.0-21-amd64 running: yes 
           Sound Server-2: PulseAudio v: 14.2 running: yes 
Network:   Device-1: Intel Ethernet I219-LM vendor: Dell driver: e1000e v: kernel port: f040 
           bus-ID: 00:1f.6 chip-ID: 8086:15d7 class-ID: 0200 
           IF: eth0 state: down mac: <filter> 
           Device-2: Intel Wireless 8265 / 8275 driver: iwlwifi v: kernel modules: wl port: f040 
           bus-ID: 02:00.0 chip-ID: 8086:24fd class-ID: 0280 
           IF: wlan0 state: up mac: <filter> 
Bluetooth: Device-1: Intel Bluetooth wireless interface type: USB driver: btusb v: 0.8 
           bus-ID: 1-7:3 chip-ID: 8087:0a2b class-ID: e001 
           Report: hciconfig ID: hci0 rfk-id: 3 state: up address: <filter> bt-v: 2.1 lmp-v: 4.2 
           sub-v: 100 hci-v: 4.2 rev: 100 
           Info: acl-mtu: 1021:4 sco-mtu: 96:6 link-policy: rswitch hold sniff 
           link-mode: slave accept service-classes: rendering, capturing, object transfer, audio 
RAID:      Hardware-1: Intel 82801 Mobile SATA Controller [RAID mode] driver: ahci v: 3.0 
           port: f060 bus-ID: 00:17.0 chip-ID: 8086.282a rev: 21 class-ID: 0104 
Drives:    Local Storage: total: 119.24 GiB used: 7.92 GiB (6.6%) 
           SMART Message: Unable to run smartctl. Root privileges required. 
           ID-1: /dev/sda maj-min: 8:0 vendor: SanDisk model: SD8SN8U-128G-1006 size: 119.24 GiB 
           block-size: physical: 4096 B logical: 512 B speed: 6.0 Gb/s type: SSD serial: <filter> 
           rev: 0006 scheme: GPT 
Partition: ID-1: / raw-size: 112.98 GiB size: 110.65 GiB (97.94%) used: 7.92 GiB (7.2%) fs: ext4 
           dev: /dev/sda2 maj-min: 8:2 
           ID-2: /boot/efi raw-size: 256 MiB size: 252 MiB (98.46%) used: 282 KiB (0.1%) fs: vfat 
           dev: /dev/sda1 maj-min: 8:1 
Swap:      Kernel: swappiness: 15 (default 60) cache-pressure: 100 (default) 
           ID-1: swap-1 type: partition size: 6 GiB used: 0 KiB (0.0%) priority: -2 dev: /dev/sda3 
           maj-min: 8:3 
Sensors:   System Temperatures: cpu: 32.5 C mobo: N/A 
           Fan Speeds (RPM): cpu: 0 
Repos:     Packages: note: see --pkg apt: 1973 lib: 990 flatpak: 0 
           No active apt repos in: /etc/apt/sources.list 
           Active apt repos in: /etc/apt/sources.list.d/debian-stable-updates.list 
           1: deb http://deb.debian.org/debian bullseye-updates main contrib non-free
           Active apt repos in: /etc/apt/sources.list.d/debian.list 
           1: deb http://deb.debian.org/debian bullseye main contrib non-free
           2: deb http://security.debian.org/debian-security bullseye-security main contrib non-free
           Active apt repos in: /etc/apt/sources.list.d/mx.list 
           1: deb http://mxrepo.com/mx/repo/ bullseye main non-free
Info:      Processes: 230 Uptime: 1h 38m wakeups: 4 Memory: 7.66 GiB used: 3.09 GiB (40.3%) 
           Init: SysVinit v: 2.96 runlevel: 5 default: 5 tool: systemctl Compilers: gcc: N/A 
           alt: 10 Client: shell wrapper v: 5.1.4-release inxi: 3.3.06 
Boot Mode: UEFI

[CharlesV]

So, in trying to be safe online there are a few things you can do.

First, if you really don’t want to draw attention or be targeted, then start off using a different email than you regularly use. (preferably one that doesn’t link back to you, and ONLY get those emails on that blogging laptop.)

Second a good firewall at your internet connection is good!

If your on a static IP for your main internet, then yes a good VPN can redirect and help move attention away from your real IP.

If your seriously concerned, then you could also isolate the laptop your using into a completely different network from your other computer(s) and create a further divide. (Segmenting the two networks is simple to do, just add a second router to your network and a little planning.)

[onion_rings]

What is a good VPN for me to use? Looks like there are a lot of options in the package manager.

The firewall I'm using is gufw.

[figueroa]

You are very safe by default. After that, you may make yourself vulnerable by your changes from default settings or use of unsafe practices and unsafe software. As a minimum, be behind a router and its built-in NAT firewall, and use a non-default username and a strong password. In general, a malicious operator can't just crawl back to a user's computer over it's network connection without the user doing something unsafe first.

A VPN adds another layer of security. Don't let using a VPN lead to complacency.

One can use a Live-usb with persistence either turned off when you use it for your Internet work, or with dynamic persistence that you DO NOT SAVE when shutting down or rebooting after doing that work on the Internet. That prevents permanent changes to your operating system. Save your personal files in /home/USERNAME/Live-usb-storage and keep both those files and your Live-usb backed up. Use Snapshot to backup the Live-usb operating system.

[luigi lins]

nord vpn open source protection, tor web browser websites or configured browser.

[CharlesV]

gufw is the computer firewall. Like figueroa said, a hardware router for your incoming internet and NAT is what you should have. (then gufw on all your machines if your worried about computers inside your network.)

Personally, I prefer Private Internet Access VPN, but many use others.

[onion_rings]

nord vpn open source protection, tor web browser websites or configured browser.

I just installed Nord and am trying to register my account, but it doesn't seem to like my password. I guess I'll have to Read The Manual or contact their support staff and see if I can get it set up.

[onion_rings]

You are very safe by default. After that, you may make yourself vulnerable by your changes from default settings or use of unsafe practices and unsafe software.

You raise a good point here. I think it will help that I am using this laptop for blogging and related social media only, therefore I don't need to install much new software--I will mostly be using LibreOffice and Firefox anyway.