(The updated version of this series can be found here (gone).)
First, a pop quiz. You will need a package called “gdebi”; based on the previous lesson, install it as you wish. It will bring with it a few other packages as dependencies. If you are using apt on the CLI, gdebi is the full name of the package. Once you have it installed, this lesson continues. You may also want the package called “ttf-mscorefonts-installer” — a collection of fonts particularly well suited for Internet use. It comes with a license.
The problem with surfing the Net is that most people aren’t paranoid enough. We have no reason to be fearful, but the average computer user is entirely too trusting of what’s on the other end of that network connection. Despite the commercial reality of being in a dependent status as a user connecting to the Internet, once you are on, you are among equals. The theory was explained long ago here. While a majority of commercially owned systems on the Net assume a highly manipulative stance as the norm, you have a significant advantage, in that it’s your computer. You get to set some of the rules for interaction with websites, and there isn’t much the servers can do without simply refusing to serve up the information you requested.
That refusal is, for the time being, quite rare. The folks on the other end will whine and play mind games to seek an advantage, but in the end, their income depends on delivering the content. They will have a hard time picking you out in the crowd of surfers and harassing on you. The time it takes to make detailed configurations to block those who won’t kiss their feet is often more trouble than they are willing to take. Virtually the entire Internet is designed for the statistically dominant operating system plugged into the Internet: Windows. Because they are a business, Microsoft will grant other businesses some advantages over you, the user. There is a sense in which running Windows means the operating system is not the product being sold; the Windows user is the product sold to vendors and advertisers. By running Debian, you turn the tables and regain control. You become an equal partner; you are running the same operating system as a significant number of servers on the Net.
A part of the battle to preserve your privacy is the web browser. There are dozens and each is better at some things than others. Choosing Chromium is a compromise, balancing several priorities. It won’t offer everything you might want, but it also doesn’t force you to accept just anything the advertisers and other creeps want to throw at you. However, in order to work at all, browsers by their very nature will swallow a lot of data (putting it into a “cache”) that isn’t really necessary for you to consume stuff offered on the Net. It’s stuff they believe will help them make money and is not at all good for you. We will use other software with the browser, and some if it in the browser, to help us preserve some advantage against them.
But don’t rely too heavily on the software to do it all for you. This is not a war where you can fire off your super missiles and forget about the target. It requires a mindset of responsible watchfulness. If the Internet is important to you, it’s worth as much time and attention as driving on a crowded freeway. You might be using some pretty wimpy hardware, but Linux in general, and Debian in particular is like driving a tank with modular armor. You have to consciously install the right amount of armor to protect without interfering with your normal operations. No one can give you a pre-packaged savvy to match your particular behavior, but we can put you in a position to survive until you can make your own way — the very nature of DIY computing.
The biggest single issue is various attempts at tracking you. I mentioned how Chromium as a browser grants you slightly more control than it’s brother, Google’s Chrome browser. They are almost like twins in how they work on your computer; the differences tend to be rather subtle. What works on one generally works on the other, so you have access to all the same extensions that provide control and security on the Net. We won’t take the time to explore all the specific dangers from that sort of tracking, but simply assert your inherent right to decide. Once you have Chromium installed (previous lesson), there are adjustments you need to make for comfort and security.
You can find Chromium in the XFCE main menu under “Internet.” Launch it and adjust the window size and location to suit your tastes (we assume you know you can drag the whole thing by clicking and holding onto the top of the window frame). In the upper right corner of the window is an icon consisting of three parallel horizontal lines; this the main menu for Chromium. Select “Settings”; this will open a new tab in the browser. You can take a look at what’s visible so far. The top item, “Sign in” is a reference to your Google accounts if you have any. I highly recommend you not do this until you actually need to use it for some specific reason. We shouldn’t put much trust in Google any more than every other predatory advertiser. Most of what’s visible there for settings you can figure out by playing with them.
Unless you have a preferred homepage somewhere already, I recommend you choose either Start Page or DuckDuckGo — both of these are search engines famous for preserving your privacy. The first one uses Google’s search engine but doesn’t let Google track you. The Duck is based on Yandex (another good one you probably never heard of) and preserves your privacy just the same.
Toward the bottom of the page, is a button to make Chromium your default browser. Good idea, but it doesn’t always work properly on XFCE. You can set that in the XFCE Settings menu > Preferred Applications. If you don’t see Chromium listed, just click “other” and type into the little window “chromium-browser” (as always, without the quotation marks). If Chromium continues to nag you, just select the option to quit asking you.
Below that is “Show advanced settings…” Click on that. The first item displayed now is “Privacy.” Click “Content settings…” next. A smaller window opens, and I suggest for the first item that you select “Keep local data only until I quit my browser.” This has nothing to do with saving your passwords, but just about everything else websites inject into your system when you visit their pages. You don’t have much choice with images and scripts, but you can be pretty restrictive on the other items listed there. I suggest you choose “Click to play” on plug-ins. If you want to see a Flash video, you can click it. Otherwise, you’ll be distracted by busy advertising images you don’t really need to see. When you’re done with that set of items, close the window by clicking “done.” Then take a look at the list of checkboxes below the privacy heading. Without going into all the details, I recommend you de-select the first two items and select the rest.
You can enable autofill and passwords, but I recommend against it. If you have a really large number of passwords for a large number of sites where you have to login, consider using a password safe. I don’t trust any of the online providers, but the alternative won’t fit in this lesson. You’ll have to wait for the next one. For now, I recommend you disable that feature.
Take a moment to look at the font settings under “Web content.” You can customize in detail, and most people find the default fonts not the best (which is why I recommended you install the MS web fonts), and the size is typically too large. If you click the customize button, a small window opens to allow detailed settings. When finished, you can close that small window. Moving on down the list of advanced settings, you probably should enable “Check for server certificate revocation” and disable running background apps down at the bottom of this page of settings. When you are finished, you can close that tab and the settings will be automatically saved.
Go back up to the main menu for Chromium and select Tools > Extensions. You won’t have much, but there is a link to the Google Chrome store for extensions. Not all of them are free, so pay attention. There will be a search input box on the page displayed there, and I recommend you search for and install three items: Adblock (not Adblock Plus), Ghostery and Click & Clean. A fourth nifty add-on is the DuckDuckGo search button. Instead of entering your search terms in the URL bar at the top of the browser, you click the duck icon and it opens its own search window. The search results will open up in a new tab. All of these extensions come with their own tutorials. Ghostery has a configuration wizard (hint: click the “all” option on the block list). If you don’t understand why they matter or how they work, you’ll simply have to take the time to read up on it.
There are some other security tools and you’ll get the feeling they tend to overlap somewhat, yet none of them does it all. One final secure surfing addition requires that you install a package made for Debian, but the one included with Debian is a little out of date: BleachBit. Using your new DuckDuckGo search tool, open the search dialog and enter “bleachbit download”. Ignore the “sponsored link” in the yellow background and notice what comes up first: a page on a website called “Source Forge.” In general, something you get from that site is likely safe and sane, but it so happens that BleachBit is especially trustworthy. You can click on the link to that page and simply wade through the series of pages clicking the links to download the Linux version for your Debian system. It will be listed on the download page as “Debian 7 (Wheezy)” — get use to seeing variations of this. What you get will be dropped into your Download folder, which is in your home directory.
This will be a “deb” package and it’s not very large. If you open Thunar (file manager) and click on the link to your Download folder, you’ll see an icon for a package and the name “bleachbit” in part of the text. The package is made for Debian and at the beginning of this lesson we installed the utility for handling this without the commandline, which can get very complicated very quickly. The gdebi utility saves you a lot of heartache; just double-click the package icon and you’ll be presented with a window demanding your root credentials password. Once you’ve given that password, another window opens. Give it time to process. You may see a notice that an earlier version of the package is available, but we knew that already. We want the latest and greatest version. Click the big “install” button and let it do it’s job. Several things will flash on your display, but eventually it all settles down and that button changes to “reinstall” — that means you are done. Close that window.
Bleachbit shows up in your XFCE main menu under “System” — you aren’t likely to ever need the link for “Bleachbit as Administrator” so you can ignore that and run the first one. A small window opens up, and a smaller one pops up on top for configuration options. There is nothing there that needs your attention so close that little pop-up and look at the main application window. Bleachbit allows you to choose what sort of things it will remove. This is called a “cache cleaner” — it deletes all the tracking junk websites use to invade your privacy. For the most part, you should be able to identify the various things listed in that long column on the left side of the window. One of the first items is “Chromium”. You should select everything except Passwords and Search engines. If you intend using Debian’s “Iceweasel” (Firefox) browser, you can select similar options under the “Firefox” heading. You probably won’t need much else.
Notice that Bleachbit has two large icons on the upper left corner. The first is to inspect the contents of your various browser caches; the second deletes them. Quite honestly, you should run this every time you close your browser, several times a day.
More safe surfing the next time.
