New Linux setup

Privacy and Security Get Advice
1

What do you want advice about?
I am soon going to get a new linux setup and I want advice about disk encryption, a VPN setup, and Virtual Machines. I am looking to create a usable but also reasonably secure setup.

… … … … … … … … … …

disk encryption questions:
1a) How much does disk encryption slow down read/write speeds. ?
I found confliction information, some people say it slows down the computer alot, some people say that because programs run on RAM, it doesn’t matter.
From this I infer that disk encryption has some impact on read/write speeds but lots of impact on CPU. Is this correct ?

2a) I plan to use VeraCrypt for it’s plausible deniability but is there any other partition encrypting software that I should consider.
.
.

Virtual machine quesions:
1b) Which linux distro should I consider that is similar to mint (if any)?
I will only do things in virtual machines but currently I’m planning to use linux mint (host) with a linux mint VM (school stuff), a windows vm (gaming), and a couple other things.
I am coming from windows and I have mostly usability in mind so I ruled out things like tails, whonix, and qubes because they seem extremely inconvenient and tor is way too slow.

2b) are there any other performance focused virtual machine software(s) like QEMU that you would recommend that are not so barebones that they are difficult to use?
.
.

VPN questions:
1c) Are there any privacy focused VPNs should I consider other than Mullvad, IVPN, OVPN, and Proton VPN.

2c) How can I route VPN traffic through two VPNs?
I have an existing subscription for a vpn and the plan is to run a wireguard configuration on the host desktop using that VPN provider and then use one of the vpn providers above for usage within the virtual machines. The problem is that I would prefer to not run a VPN client in the VM. Is there any way to run both VPNs outside the VM, but route the traffic through both.

3c) Any good cheap way to get a residential ip address?
I know lots of websites that I want to use require a phone number verification if you register using a vpn. I am ok sacrificing privacy using a single ip address for creating an account with everything because I will be anonymous because of the VPN on my host system.
Are there any good VPN providers or proxy services or VPS(es) that are cheap, that can be used exclusively for things like discord or google?
My current plan is to get a dirt cheap VPS from buyvm and use a vm exclusively for social media.
.
.
Bonus questions
1d) I plan to use a vps to create a nextcloud instance so that I can wipe my VMs before crossing borders. Are there any good VPS providers that are privacy focused and accept monero that you would recommend for this purpose.

2d) is there anything that I can use to improve this general opsec setup without making it any more inconvenient to launch daily

… … … … … … … … … …

In brief, tell us about your privacy threat model?
I will likely run into the need for extra security, I am not able to turn back time and be secure in the past.

2

here is a article that I know I will forget and have to look for again so I am pasting it here so I remember: WireGuard Kill Switch - IVPN Help

3

A little capped on time so I’ll try to at least get back to your first few questions:

Unless you have a very weak machine, OR you need to squeeze every last drop of performance - you probably won’t notice a massive difference with full disk encryption. Even in stressful benchmark environments the impact is pretty negligible for most modern machines.

Most people on Linux would actually probably push you towards LUKS for FDE, which is even natively supported on setup for some distros. The installation of LUKS may vary depending on what distro you choose to go with though.

What about Linux Mint do you want in other distros? If it’s the look & feel, you should be able to run Cinnamon on most distros. Like there’s an official Fedora Cinnamon spin for example that should feel very familiar to Mint users.

Most Linux users really enjoy KVM, myself included. What features do you need?

Mullvad/IVPN/Proton/Windscribe seem to be the top choices for people right now in the privacy community. OVPN just received some iffy news today that may send some people away. The VPN Toolkit is a resource you can use to compare VPNs to see what works best for you if you. My guess is most people will push you to the four I already listed though unless there’s a niche use-case for something else.

3 Likes
4

Thank you so much for the response! The main thing I was looking for was alternative programs that I would have missed

What about Linux Mint do you want in other distros? If it’s the look & feel, you should be able to run Cinnamon on most distros. Like there’s an official Fedora Cinnamon spin for example that should feel very familiar to Mint users.

I am looking for whatever is similar to windows and won’t require tedious driver tweaks.

Most Linux users really enjoy KVM, myself included. What features do you need?

I am looking for maximum preformance without then need for constant tweaks

Mullvad/IVPN/Proton/Windscribe seem to be the top choices for people right now in the privacy community. OVPN just received some iffy news today that may send some people away. The VPN Toolkit is a resource you can use to compare VPNs to see what works best for you if you. My guess is most people will push you to the four I already listed though unless there’s a niche use-case for something else.

Thanks for this news, I saw somewhere a blogpost where OVPN was defending their services being used as a reverse proxy of the Pirate Bay and assumed that because it is run by people like that with privacy engraved into their bones the service would be fine.
I will look into windscribe as well Thanks!

5

Fedora KDE maybe?

6

Thanks, I will check it out

7

The KDE version may also be a good choice because it supports fractional display sizes, whereas GNOME by default offers only 100% (which may be too small) and 200% (which may be too large).

1 Like
8

Thanks for the reply
I decided on going with Fedora for the perpetual updates and the fact that it is backed by red hat. I will install cinnamon and KDE and play around with it for a bit

1 Like
9

Ok so here are updates for anybody with similar questions:

1a) and 2a) I will go with LUKS because it is built for the express purpose of encrypting entire storage medias. I will use veraCrypt for encrypting the individual vms to avoid configuring LUKS every time on a new VM.
source

1b) (what linux distro): I think I said this previously but I will use fedora because it is backed by red hat, which means there is a guarantee of future updates. While the package manager gui there is rat poop the software is more mature.

2b) (is QEMU the best): basically QEMU is the way to go for performance reasons.

1c) (what VPN provider): turns out the most reliable ones are Mullvad, IVPN, and Proton. I would avoid Windscribe because they record how much traffic you use a month.

2c) (how to route through two vpns at once): stil trying to figure this out, worst comes to worst I can just use a separate vpn on the VM

3c) (how to get a residential ip address): the cheapest way to do something like this is use a sketchy “residential proxy” service that likely, runs from a botnet. This is not the way to go because there is no guarantee that cybercriminals respect their own privacy policy and don’t track you.
The issue with a VPS is that in the event that you earn the ire of a three letter agency, your traffic can be easily recorded because you are the only one that is using that specific VPS (although this applies to any IP address that is just you)
Oddly enough windscribe that I said to avoid one paragraph above also offers a residential IP address service, in which only a few users have access to one IP, I might go with this.
Another option is to rent a VPS in a country that does not divulge details to my country.

1d) (any good vps providers?): I found some:
trilightzone
swisslayer
flokinet
njal. la
privex
incognet
cryptoho .st
host-world

1 Like