Manage Internet uploads with Portmaster
Full Control
Security and anonymization play an increasingly important role on the Internet due to the endless appetite of Internet companies for personal data. Portmaster and the Safing Privacy Network will help you protect your privacy – even if you're not a security expert.
Intensified data grabbing is making life difficult for users on the Internet. It's not just the usual suspects like Google or Facebook who are collecting user data. Even conventional software packages have increasingly started phoning home and sending "telemetry data" to their vendors or third parties.
Users typically don't notice this data transfer and cannot track what data is being sent to whom. To stop this bad habit, a startup by the name of Safing, which has already twice received funding from the Austrian innovation incubator Netidee, has developed an application firewall called Portmaster that lets everyday users track and control the flow of data to hidden recipients [1].
Idea
Portmaster combines several privacy-related services in a single package. Included within the Portmaster application is a firewall, a system of filter lists to identify trackers and other undesirable sites, a secure DNS service, and an optional privacy service (similar to the TOR network) called the Safing Privacy Network (SPN).
Perhaps the most interesting part of Portmaster is the way the developers have encapsulated all that functionality into a single user interface that you don't have to be an expert to understand and manage. The intuitive Portmaster user interface makes it easy to monitor and block network connections, set filters to automatically block trackers and adware, and configure different filter settings for different applications. Portmaster is free software hosted on GitHub [2] and provided under the GNU Affero General Public License (AGPL 3.0).
How It Works
Under the hood, what is known as a Portmaster Core Service that sits between the kernel and the user interface on one side and the kernel and the Internet on the other (Figure 1). This core service consists of several components, the most important of which are the SPN, the privacy filters, and the Secure DNS service.
The Secure DNS service uses the DNS-over-TLS (DoT) protocol, which sends DNS queries over an encrypted TLS connection. This encrypted connection stops unauthorized third parties from viewing the DNS queries. The privacy filters, which act much like a firewall, also use filter lists. The system references the filter lists to block undesirable connections.
The manufacturer is continuously developing the filter lists – lists of sites associated with malware, tracking, phishing, or other nefarious activities. The lists are maintained on a separate GitHub page (Figure 2). You can also add your own entries defining sites you wish to filter.
The SPN is an ambitious project that is still in its early stages of development. The company's long term plan appears to be to continue to give Portmaster away for free, but to sell access to SPN, which the company says will eventually obfuscate IP addresses [3] and prevent third parties from viewing data. SPN routes data packets through multiple servers on the Internet in an approach that is similar to the TOR service. (See the article on the TOR network elsewhere in this issue.) SPN is currently in what the company describes as the alpha stage. According to the Safing website, "Treat the SPN as a VPN in your threat model for now. Please be aware that there are not enough users and servers during the alpha phase in order to protect you from VPN traffic analysis" [4]. But even if you don't decide to experiment with SPN, the intuitive user interface and background services of Portmaster are worthy of some attention.
Installation
Portmaster is available in binary package form for most popular Linux distros. A compatibility list available in the documentation shows which kernel versions and desktop environments Portmaster supports.
Most recent Linux kernels are fully compatible with Portmaster, except for version 5.6, which has a problem accessing the Netfilter queue. The widely used KDE Plasma, Gnome, Xfce, and Cinnamon desktop environments all work with Portmaster, although Budgie appears to have a problem with displaying the Portmaster icon in the taskbar.
The project's website offers installation instructions for many popular Linux distros, including information on the dependencies you need to resolve in order to achieve a speedy installation.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Thousands of Linux Servers Infected with Stealth Malware Since 2021
Perfctl is capable of remaining undetected, which makes it dangerous and hard to mitigate.
-
Halcyon Creates Anti-Ransomware Protection for Linux
As more Linux systems are targeted by ransomware, Halcyon is stepping up its protection.
-
Valve and Arch Linux Announce Collaboration
Valve and Arch have come together for two projects that will have a serious impact on the Linux distribution.
-
Hacker Successfully Runs Linux on a CPU from the Early ‘70s
From the office of "Look what I can do," Dmitry Grinberg was able to get Linux running on a processor that was created in 1971.
-
OSI and LPI Form Strategic Alliance
With a goal of strengthening Linux and open source communities, this new alliance aims to nurture the growth of more highly skilled professionals.
-
Fedora 41 Beta Available with Some Interesting Additions
If you're a Fedora fan, you'll be excited to hear the beta version of the latest release is now available for testing and includes plenty of updates.
-
AlmaLinux Unveils New Hardware Certification Process
The AlmaLinux Hardware Certification Program run by the Certification Special Interest Group (SIG) aims to ensure seamless compatibility between AlmaLinux and a wide range of hardware configurations.
-
Wind River Introduces eLxr Pro Linux Solution
eLxr Pro offers an end-to-end Linux solution backed by expert commercial support.
-
Juno Tab 3 Launches with Ubuntu 24.04
Anyone looking for a full-blown Linux tablet need look no further. Juno has released the Tab 3.
-
New KDE Slimbook Plasma Available for Preorder
Powered by an AMD Ryzen CPU, the latest KDE Slimbook laptop is powerful enough for local AI tasks.