How does one avoid Big Brother?

security is one of the main advantages of linux; furthermore hardened kernels, real encryption and so on. But what should one do beyond that? Avoiding social media is a start and so is using a vpn. What would your "go to" guide for security be?

What browser do you recommenced?

what search engine?

what email service? 

what VOIP service? 

what kernel?

what vpn?

what router/modem ?

what harware? 


and so on.

(more of a general discussion than a question)

I use PIA (private internet access)  as VPN but  email I cant say much about that but I use on of the smaller ones one smaller is maybe you/me for that fact should switch it up often, but as VOIP and stuff's go maybe other peeps here would know better ..

search engine , you could use then all you're search goes through they're server before getting 2 google but it's like bing not as good as google but it's free.

and why I use PIA's VPN is because they promise not too store anything so that's nice.

Some hints:

avoiding big brother is not all that simple really, as a lot of servers go through american servers which is where a lot of it happens, so first off to help minimise your footprint use firefox, get HTTPS everywhere, Noscript, WOT, Bluhell firewall and Ghostly.

I personally use google still, I just prefer it, I believe duck duck go is a good one but I am unsure fully, I personally dont like it, Avoid yahoo, its a great site but the NSA absolutely love that thing.

Kernel there is only one really, GRSecurity, it gives you PaX patches which alter the memories states such as read only not write, and you get SELinux which is a brilliant tool now installed into every Linux kernel by default.

 As for modems build your own, seriously knowing everything that is happening on your router and been able to control it to a major extent is a massive boon to your security, PFSense on a old machine is brilliant.

Hardware there is the Libre X60, a Core 2 duo based Lenovo X60 laptop, its been edited with coreboot and linux by default, very very nice laptop, a bit pricey but it saves you doing any work to the bios, I would also recommend a distro that is full libre, or using something like Arch with Libre kernel, or even debian, use only FOSS software to maximise security and stability in the system, seeing all the code is key to security, hence why firefox is also a brilliant choice to go for browsing, also avoid all proprietary plug ins and software such as adobe and java, this is recommended by default as your system lives better on open source, also use a security scanner like ClamAV and network tools like wireshark and Nmap to see traffic

For a VPN you could build your own, I dont have much knowledge of which is a good VPN these days, 

Thats it I am sure zoltan will lend his two cents in also, he generally knows on the best software and OS to be using in Linux.


Simple answer - you can't evade BB.

Longer answer - without getting into the nuts and bolts of why internet anonymity is not possible.

You browser/OS/mac address can be detected through your JavaScript engine and OS/TCP/IP stack as well as several other fingerprinting methods which easily make your system uniquely identifiable. This is especially true for end-to-end correlation attacks, or website fingerprinting.

People sometimes believe they are anonymous behind a VPN, or Onion - bouncing off relays, routing cryptographically, while they are being observed over ASes and correlation attacked on AS. Yeah, you just got de-anonymized.

Also, with the constant plethora of 0day client-side vulnerabilities and publicly available combined hardware/software entropy defaults, it's next to impossible to hide behind anything unless you have a purposely built system from a custom hardware/software/OS standpoint.

You could buy a second hand laptop for cash from some random in a different state to use your 4G dongle you purchased with your fake ID from a gas-station 1600 kilometres from home. Use your custom USB-bootable linux distro that employs virtual machines using NATted IP address to resolve your fake MAC address' but you'll still be leaking self-identification to those few who can read it.

Using google for searches is a big privacy risk, as with many search engines who are not privacy oriented.

Here's a very nice picture explanation why using google for searching is really bad:

On top of that, google search results are skewed because they move paying sites at the top of the search results.

I moved to many months ago, and while it was a bit unsual at first (ironically, you get used to have the paying sites show up first in the search results), I quickly started to love it.