Manage Internet uploads with Portmaster
Full Control
Security and anonymization play an increasingly important role on the Internet due to the endless appetite of Internet companies for personal data. Portmaster and the Safing Privacy Network will help you protect your privacy – even if you're not a security expert.
Intensified data grabbing is making life difficult for users on the Internet. It's not just the usual suspects like Google or Facebook who are collecting user data. Even conventional software packages have increasingly started phoning home and sending "telemetry data" to their vendors or third parties.
Users typically don't notice this data transfer and cannot track what data is being sent to whom. To stop this bad habit, a startup by the name of Safing, which has already twice received funding from the Austrian innovation incubator Netidee, has developed an application firewall called Portmaster that lets everyday users track and control the flow of data to hidden recipients [1].
Idea
Portmaster combines several privacy-related services in a single package. Included within the Portmaster application is a firewall, a system of filter lists to identify trackers and other undesirable sites, a secure DNS service, and an optional privacy service (similar to the TOR network) called the Safing Privacy Network (SPN).
Perhaps the most interesting part of Portmaster is the way the developers have encapsulated all that functionality into a single user interface that you don't have to be an expert to understand and manage. The intuitive Portmaster user interface makes it easy to monitor and block network connections, set filters to automatically block trackers and adware, and configure different filter settings for different applications. Portmaster is free software hosted on GitHub [2] and provided under the GNU Affero General Public License (AGPL 3.0).
How It Works
Under the hood, what is known as a Portmaster Core Service that sits between the kernel and the user interface on one side and the kernel and the Internet on the other (Figure 1). This core service consists of several components, the most important of which are the SPN, the privacy filters, and the Secure DNS service.
The Secure DNS service uses the DNS-over-TLS (DoT) protocol, which sends DNS queries over an encrypted TLS connection. This encrypted connection stops unauthorized third parties from viewing the DNS queries. The privacy filters, which act much like a firewall, also use filter lists. The system references the filter lists to block undesirable connections.
The manufacturer is continuously developing the filter lists – lists of sites associated with malware, tracking, phishing, or other nefarious activities. The lists are maintained on a separate GitHub page (Figure 2). You can also add your own entries defining sites you wish to filter.
The SPN is an ambitious project that is still in its early stages of development. The company's long term plan appears to be to continue to give Portmaster away for free, but to sell access to SPN, which the company says will eventually obfuscate IP addresses [3] and prevent third parties from viewing data. SPN routes data packets through multiple servers on the Internet in an approach that is similar to the TOR service. (See the article on the TOR network elsewhere in this issue.) SPN is currently in what the company describes as the alpha stage. According to the Safing website, "Treat the SPN as a VPN in your threat model for now. Please be aware that there are not enough users and servers during the alpha phase in order to protect you from VPN traffic analysis" [4]. But even if you don't decide to experiment with SPN, the intuitive user interface and background services of Portmaster are worthy of some attention.
Installation
Portmaster is available in binary package form for most popular Linux distros. A compatibility list available in the documentation shows which kernel versions and desktop environments Portmaster supports.
Most recent Linux kernels are fully compatible with Portmaster, except for version 5.6, which has a problem accessing the Netfilter queue. The widely used KDE Plasma, Gnome, Xfce, and Cinnamon desktop environments all work with Portmaster, although Budgie appears to have a problem with displaying the Portmaster icon in the taskbar.
The project's website offers installation instructions for many popular Linux distros, including information on the dependencies you need to resolve in order to achieve a speedy installation.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
AlmaLinux 10.0 Beta Released
The AlmaLinux OS Foundation has announced the availability of AlmaLinux 10.0 Beta ("Purple Lion") for all supported devices with significant changes.
-
Gnome 47.2 Now Available
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.