A handy trio of tools for protecting your privacy
Triple Trick

Maybe you can't stop the NSA, but you can still take meaningful steps to protect your privacy.
We've all read the reports about Internet companies and government agencies that are tracking people. Like many Linux users, you might be interested in making your system as "NSA-proof" as possible. The tools and techniques for cyberprivacy are far too numerous to cover in a single article, but most of the challenge boils down to three basic objectives:
- Secure data at rest
- Secure data in transit
- Clean up
Securing data at rest means encrypting the data as it sits in storage somewhere – which might be on your own drive or in a Dropbox or Carbonite folder in the cloud. Securing data in transit means encrypting and anonymizing information so no one can read your messages or trace your Internet activity. Cleaning up means you don't leave information around for others to find.
This article tours a trio of tools for keeping intruders, spies, and traffic analyzers off your trail. The software described helps you raise the bar to make it more difficult for anyone to snoop your data and your browsing habits. Some of these tools have appeared in previous articles, but it is still useful to see the information all in one place. I have no illusion that these tools are impregnable, fool-proof solutions. They simply make it more difficult for any entity to snoop, track, and analyze your activities.
Encrypting at Rest: TrueCrypt
Several open source tools offer the ability to encrypt data at rest. Some of these tools operate at the file and directory level, and others operate on a whole block device. One example of a block encryption tool is TrueCrypt [1]. See the article on block encryption elsewhere in this issue for more on TrueCrypt and the differences between disk-level versus file-level encryption. I'll just give you a quick tour of the GUI so you can see how easy it is to get started with encrypting your data.
TrueCrypt sports a nice graphic interface for those who don't want to go the command-line route. If you want to use TrueCrypt, you'll have to download it from the site; most Linux distributions don't support it from any of their installation tools. Installing TrueCrypt is quite simple, however: Download the tarball, unzip it, and follow the wizard shown in Figure 1.
To run TrueCrypt after you install it, open a terminal and issue the following command:
truecrypt &
The TrueCrypt application shown in Figure 2 will run.
From the TrueCrypt main window, you can:
- Create a volume: A "container" that acts as an encrypted directory and holds any file or subdirectory you wish. Any file or subdirectory dropped into this volume is automatically encrypted and decrypted, as long as you know the password to the volume.
- Specify the encryption algorithm you wish to use: In addition to AES, you can specify Serpent, Twofish, and Cascades. I almost always use AES with the highest key size possible. In the United States, that's 256 bits. In general, a larger key size means it will be harder to break the encryption. See the TrueCrypt website for more on the available encryption algorithms. [2]
- Hide and unhide volumes: TrueCrypt lets you hide an encrypted volume inside another encrypted volume. If someone manages to decrypt the outer volume (or if you are forced to reveal the password) the hidden volume will look like random data inside the outer volume. See the TrueCrypt website for more on hidden volumes [3].
Creating a Simple Volume
TrueCrypt uses convenient wizards to get you going. To create a simple volume (that basically acts as a giant TrueCrypt file and allows you to place new files inside it), simply click on the Create Volume button. The wizard will begin to create the volume. At the initial screen, select the Create an encrypted file container radio button, then click Next. Creating an encrypted file container means you won't be encrypting an entire partition or USB drive. You'll simply be creating a file inside a standard Linux partition or a directory or file on a USB drive.
At the next screen, you can specify whether you want to create a standard or hidden volume. Clicking Next takes you to the Volume Location window, which is where you tell TrueCrypt where the TrueCrypt volume should be stored. You can specify any location, including a directory off your home directory or a directory on a USB drive.
Creating an initial volume is quite straightforward. Remember that if you have existing files in a directory, TrueCrypt won't encrypt them. If you specify an existing file, that file will be overwritten, which means you'll lose any data in that file.
Encrypt an Entire Drive
To encrypt an entire drive, simply start the TrueCrypt wizard, then select Create a volume within a partition/drive and click Next. The remaining steps are similar to creating a simple volume, but instead of selecting a file or a directory for the file, you are asked to specify a volume, which can include any hard disk partition or USB drive.
Understand that any information on the volume you choose will be destroyed. Don't specify partitions that contain valuable information or system files. If you want to use TrueCrypt to encrypt an entire partition, proceed carefully; do yourself a favor and back up any important data.
Your data at rest is considerably more secure with encryption. TrueCrypt is an easy and convenient encryption tool that even comes with a simple GUI for encrypting volumes and disks. See the article on block encryption elsewhere in this issue for more on TrueCrypt at the command line and other encryption techniques.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Direct Download
Read full article as PDF:
Price $2.95
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs
News
-
KDE Plasma 5.27 Beta is Ready for Testing
The latest beta iteration of the KDE Plasma desktop is now available and includes some important additions and fixes.
-
Netrunner OS 23 Is Now Available
The latest version of this Linux distribution is now based on Debian Bullseye and is ready for installation and finally hits the KDE 5.20 branch of the desktop.
-
New Linux Distribution Built for Gamers
With a Gnome desktop that offers different layouts and a custom kernel, PikaOS is a great option for gamers of all types.
-
System76 Beefs Up Popular Pangolin Laptop
The darling of open-source-powered laptops and desktops will soon drop a new AMD Ryzen 7-powered version of their popular Pangolin laptop.
-
Nobara Project Is a Modified Version of Fedora with User-Friendly Fixes
If you're looking for a version of Fedora that includes third-party and proprietary packages, look no further than the Nobara Project.
-
Gnome 44 Now Has a Release Date
Gnome 44 will be officially released on March 22, 2023.
-
Nitrux 2.6 Available with Kernel 6.1 and a Major Change
The developers of Nitrux have officially released version 2.6 of their Linux distribution with plenty of new features to excite users.
-
Vanilla OS Initial Release Is Now Available
A stock GNOME experience with on-demand immutability finally sees its first production release.
-
Critical Linux Vulnerability Found to Impact SMB Servers
A Linux vulnerability with a CVSS score of 10 has been found to affect SMB servers and can lead to remote code execution.
-
Linux Mint 21.1 Now Available with Plenty of Look and Feel Changes
Vera has arrived and although it is still using kernel 5.15, there are plenty of improvements sure to please everyone.