1 day ago
1
Linux and privacy go hand in hand.
Also: I'm a Linux power user, and this distro made me rethink what an operating system can be
That starts with robust security and ends with smart, preventative behavior on the part of the user. Fortunately, it is not hard to gain extra privacy when using the Linux operating system and, even better, it can (mostly) be done for free.
1. Use an anonymous-centric distribution
Certain Linux distributions, such as Kodachi and Tails, are created with privacy in mind.
These distributions tend to be used live (which means they are not installed like a traditional operating system) and include components geared toward helping you keep your privacy intact. You will find tools for anonymity, encryption, logging, and much more -- all of which go a long way toward bolstering your privacy.
Also: 5 best Linux distros for staying anonymous -- when a VPN is not enough
The one caveat to using such a distribution is that every time you reboot, you are back at square one (which is by design and helps prevent your OS from leaving any trace of you behind).
2. Use Tor Browser
If you do not like the idea of using a live distribution, you should at least employ Tor Browser.
When using Tor Browser, your web activity is automatically encrypted and anonymous. Tor Browser is the best web browser for security and privacy, and no other browser can touch it. This browser is for those who want to ensure their time on the web is protected from those who would steal information and use it against them.
Also: I found the most private and secure way to browse the web -- and it isn't incognito mode
Tor Browser can be installed from most standard repositories and used free of charge.
3. Use encryption
Another addition you can make is the use of encryption.
Linux enjoys GnuPG, which is a free implementation of Pretty Good Privacy, and does an outstanding job of encrypting data. You can not only encrypt files and folders, but also integrate it with your email client to send encrypted communications.
Also: How to encrypt any email - in Outlook, Gmail, and other popular services
The one thing to remember, however, is that you must have the public keys of those to whom you want to send encrypted messages. Other than that, using GnuPG is very simple and worth the time involved in getting it set up.
4. Disable location sharing
Some Linux distributions (especially those based on either the GNOME or KDE Plasma desktops) include systems for telemetry (sending user information to the development teams).
Also: How to find out if an AirTag is tracking you - and what to do about it
You might not want such information being sent out from your machine (even if the receiving party can be trusted, you never know if it will be intercepted). GNOME makes it easy for you to disable such information, which includes location sharing. In the Privacy section of Settings, you will find the Location Services option, which you can click the On/Off slider until it is in the off position.
For KDE Plasma, you can disable the geoclue service with sudo systemctl disable geoclue.
5. Use a VPN
When in doubt, use a VPN.
Why? A VPN not only anonymizes your traffic, but also encrypts it, making it nearly impossible for your data to be intercepted and used. Here is the thing, though: you should be using more than just a web browser extension for your VPN because you should also add this protection to email and other network-based traffic.
Also: The best VPN services: Expert tested and reviewed
Fortunately, there are desktop VPN clients for Linux, such as ProtonVPN, ExpressVPN, and Windscribe.
6. Delete temp files and logs
Linux retains temp files and logs, which are often helpful for troubleshooting (this is especially true for log files). However, those files can contain information that could be used to negatively impact your privacy (such as IP addresses and running services).
Fortunately, Linux has features in place to automatically purge those files at set intervals. For example, the contents of the /tmp directory are usually deleted upon a reboot. Logs are also rotated on a regular basis.
Also: Linux laptop lagging? 5 simple ways to speed it up fast
You can, however, take care of those tasks manually. For example, you can simply issue the command sudo rm /tmp/*. Even better, you can delete all files that are older than 10 days (in case you need the most recent temporary files) with a command like sudo find /tmp -type f -atime +10 -delete.
As far as logs are concerned, you can use logrotate, which is a bit more complicated. You have to create a configuration file in /etc/logrotate.d/ that might look like this:
/var/log/myapp/*.log { rotate 7 daily compress missingok notifempty create 0640 myapp myapp postrotate systemctl reload myapp endscript }You could then run logrotate with that config like so:
logrotate -f /etc/logrotate.conf
7. Use 2-factor authentication
With any application or service you use that offers 2-factor authentication, you should use it.
The reason is that it is one extra layer of security for your accounts that you would not otherwise have. Once set up, 2FA requires an extra 6-digit passcode (that you either receive via SMS or get from a mobile authentication app). Without that 6-digit passcode, you will not be given access to your account.
Also: Why multi-factor authentication is absolutely essential in 2025
This might be an inconvenience, but it is one that is worth every extra second -- even on Linux.
8. Monitor system activity
You should make a regular habit of monitoring system activity. But how do you do that?
There are certain log files you should know about, such as syslog (which collects information from services, daemons, and applications), auth.log (to monitor and troubleshoot authentication), secure (authentication and authorization events), audit.log (security-related events), wtmp (to track user activities and login times), and btmp (to track unauthorized login attempts and potential security breaches).
Also: This is the most helpful new Linux tool I've tried in years -- here's why and how I use it
If you run other services (such as Apache or MariaDB), you should also regularly monitor the associated log files.
Get the morning's top stories in your inbox each day with our Tech Today newsletter.
English (US) ·