The Onion Router

In networking, choosing the right browser is very important. Browsers act as gateways that companies use to monitor user activity. For example, Google Chrome works more like a data collection tool than just a browser, tracking things like keystrokes and browsing habits. This highlights how important it is to pick a browser that focuses on user privacy.

Always check your systems “Software Manager” before going to their Official website.

How The Onion Router Works

TOR is a decentralized network designed for privacy and anonymity. By using a series of layered encryption and multiple relay nodes, TOR helps obscure users’ locations and online activity.

TOR Architecture

  • Multiple Layers of Encryption: The name “Onion Router” comes from the way it encrypts data in layers, similar to the layers of an onion. Each layer is decrypted at a different node in the network.

  • Voluntary Relays: The TOR network is made up of thousands of volunteer-run relays that forward users’ traffic, making it difficult to trace back to the original source.

How TOR Works Step-by-Step

  1. User Connection:

    • When a user connects to the TOR network, they use the TOR Browser, which is a modified version of Firefox. The browser encrypts the user’s data.

  2. Circuit Creation:

    • The browser establishes a “circuit” through the TOR network. This involves selecting three relays: an entry (or guard) node, a middle relay, and an exit node. The entry node is the first point of contact in the TOR network and knows the user’s IP address, while the exit node communicates with the destination website.

  3. Layered Encryption:

    • The user’s data is encrypted in layers before travel. The TOR Browser adds encryption for each relay in the circuit:
      • The first layer is encrypted for the exit node.
      • The second layer is for the middle relay.
      • The third layer is for the entry node.

  4. Routing through Relays:

    • Your data exits the TOR Browser and is sent to the entry node, which decrypts the first layer of encryption and forwards the data to the middle relay. The middle relay decrypts the second layer and sends the traffic to the exit node.

  5. Exiting the Network:

    • The exit node decrypts the final layer and forwards the original, unencrypted data to the destination server. Importantly, the exit node cannot see the user’s original IP address, only that of the entry node.

  6. Return Traffic:

    • When the destination server responds, the traffic is sent back to the exit node, which encrypts it again and routes it back through the middle relay to the entry node. Finally, it reaches the TOR Browser, which decrypts the layers and presents the content to the user.

Anonymity and Security Features

  • Randomized Relays: The selection of relays is random and changes periodically to prevent correlation attacks.

  • Traffic Analysis: While TOR provides enhanced privacy, it is still susceptible to certain forms of traffic analysis. Combining TOR with other privacy-enhancing technologies can improve anonymity.

  • Hidden Services: TOR allows for the creation of hidden services (with .onion domains), enabling users to host websites without revealing their physical location.

This list will be updated over time and is always under development. The list will not consist of links that has to do with criminal activity and will only be legal useful links.

Useful Links:
  1. ProtonMail: 
    https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/
  2. DuckDuckGo: 
    https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/
  3. Invidious:
    http://inv.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion
Operating Systems:
  1. Whonix
    http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/

Firefox Desktop Browsers

In networking, choosing the right browser is very important. Browsers act as gateways that companies use to monitor user activity. For example, Google Chrome works more like a data collection tool than just a browser, tracking things like keystrokes and browsing habits. This highlights how important it is to pick a browser that focuses on user privacy.

Always check your systems “Software Manager” before going to their Official website.

Firefox is a popular browser that can be changed into a very private tool when set up correctly and used with the right resources. It offers a strong base for user privacy, thanks to the Mozilla Foundation, which supports privacy and user rights. Many of us like Firefox and think everyone should use a version made especially for privacy.

In addition, the browser’s open-source nature makes it easy to see the code. This transparency allows anyone to check the code, so independent developers can confirm that the browser does not secretly collect or sell user data.

Download Here (Comes pre-installed on most Linux)

The Firefox Browser

While we can set up Firefox for better privacy, doing so needs some specific changes and settings. By default, it might not meet everyone’s privacy needs, which is why we need to adjust it.

To maximize privacy during installation, some users may want to disconnect from the internet. By downloading the installation file and turning off all internet connections, users can stop any data from being sent back to Mozilla. This method also makes sure that no data is sent during the setup process. Let’s get started!

Home

  • In settings go to the “Home” tab on the left side of the page.
  • Set both options in “New Windows and Tabs” to “Blank Page”.
  • Disable everything else.

Search

  • In the “Search” tab on the left.
  • Set your default search engine to “DuckDuckGo”.
  • Disable all under “Search Suggestions” and “Address Bar”.

Privacy & Security

  • Set “Enhanced Tracking Protections” to Strict.
  • Under “Website Privacy Preferences” enable “Delete cookies and site data when Firefox is closed”.
  • Disable all under “Passwords” and “Payment methods”.
  • Under history set “Firefox will” to “Use custom settings for history”.
  • Disable everything and enable “Clear history when Firefox closes”.
  • In “Permissions” go into each permission and click “Block new requests asking to access your…”.
  • Disable all in “Firefox Data Collection and Use”.
  • in “HTTPS-Only Mode” choose “Enable HTTPS-Only Mode in all windows”.
  • Scroll down to “DNS over HTTPS” and pick max protection and pick custom DNS. Enter your custom DNS.

Final Note

You now have a fully functional browser without any extra features or tracking, and all settings are optimized for privacy. We believe this setup is the best option unless you decide to turn off JavaScript. With your main browser ready to go, there is just one final step, which is to install uBlock Origin. We suggest visiting the uBlock Origin page to finish this important improvement.

Firefox is a popular browser and if you don’t want to set it up from the start, Waterfox is a hardened version of Firefox. The browsers design might be different but the browser works exactly like Firefox only we don’t need to make as many tweaks.

First Launch & Initial Setup

At first launch you get a screen saying “Welcome to Waterfox”.

  • Below the welcome text there is a button saying “Let’s Get Started”, click it.
  • Then in the lower right corner click “Skip”.
  • Pick a theme and press “Save and Continue”. 
  • If you desire add SponsorBlock and Multi-Account Containers. (iCloud Password is not recommended).
  • Make it default and pin if desired then click “Continue”.
  • Decide if you want the Android version and then click “Continue”.
  • Then click the three lines at the upper right corner then find and click “Settings”.

General

In General it is mostly to do with optional stuff, we will go through our prefered settings that we recommend. This does not mean you can’t do something else. We will also make sure to give you reasons why. The first option in the start-up section is the only must option for privacy.

Startup

  • Disable “Open previous windows and tabs”. (This actually should be off at all times)

Tabs (Optional)

  • Disable “Ctrl+Tab cycle through tabs in recently used order”.
  • Enable “Open links in tabs instead of new windows”.
  • Disable “When you open a link, image or media in a new tab switch to it immediately”.
  • Enable both “Ask before closing multiple tabs” and “Ask before quitting with Ctrl+Q”.
  • Disable “Show an image preview when you hover on a tab”.
  • We also want to make sure the “Enable Container Tabs” is enabled.

Container tabs is a form of browser isolation which isolates the tabs from each other. This is so that the tabs cant spy on each other.

Digital Rights Management (DRM Content)

  • Enable “Play DRM-Controlled Content”.
  • Click on “Home”

 

Home 

In Home we want to disable everything and set “Homepage and new windows” and “New tabs” both to “Blank Page”. The reason for this is data control, you want to be able to decide if data is sent and if you connect to a page it will already start comunicating.

Search

This is a tab that makes a big difference for privacy so here you should really follow the steps. Obviously we want to give as much options as possible within a privacy framework. The very first option might be one of the most important decisions you can make in your browser, pick wisely.

Default Search Engine

Startpage and Duckduckgo uses the Bing search index while Ecosia and Qwant partnered to make their own search index. The same is with Mojeek that also uses their own search index. Waterfox Private Search uses an anonymized version of the Google search index. The following options are all great options which we’ve tried and tested.

  • Duckduckgo.
  • StartPage.
  • Qwant.
  • Mojeek.
  • Ecosia.
  • Waterfox Private Search.
Search Suggestions & Address Bar (Optional)

We disabled all of these because we don’t see a good use for it, we see these options as extras. If you like them you should keep them, they don’t really do much in terms of privacy or secruity at all.

Search Shortcuts

Remove Google and Bing as we wont be using them. This is obviously because they record every search we make.

Privacy Area (Privacy & Security)

This is where it gets very important. If this browser is to be private we do need to make some tweaks. Certain things are going to break if this is done wrong but fear not, we will make sure all your things will work.

  • Set “Enchanced Tracking Protection” to strict.
  • Scroll down a little further and disable “Tell websites not to sell or share my data”.

The reason we do not want to send these requests to not sell or share our data is that ironically this becomes another data point. This means the request actually can be used to track you further. 

  • Right below that enable “Delete cookies and site data when Waterfox is close”.
  • Go into “Clear Data”.
  • Set the dropdown at the top to “Everything”.
  • Check all and click “Clear”.
  • Enable “Automatically refuse cookie banners.
  • Disable all in both the “Passwords” and “Autofill” categories.
  • Leave “History” as it is or optionally click the drop down and set to “Never remember history”
  • In the “Permissions” category click “Settings…” for each option and then at the bottom of the window enable “Block new requests…”

Security Area (Privacy & Security)

Scroll down and click the “Enable HTTPS-Only Mode in all windows”. Then leave on the “Ultra Protection” within the “Enable DNS over HTTPS using:” area. Please note if certain things wont work this is most likely where you should take a look and lower the level a bit. This is only in case it doesn’t work and most things will still work, we did not have any problems while testing Waterfox and were able to stream even.

LibreWolf is a hardened version of Firefox, the browser has several things we like, this is a great privacy browser if you want a hardened version of firefox.

Here is how to acquire it.
  • On Linux Mint go to the Software Manager and search for it.

Initial Setup

When you first launch the browser you will see nothing but a “Search the web” text field with a Duckduckgo logo next to it.

  • Click the three lines and go to settings.
  • We are now in the General tab.
  • Verify that “Open previous windows and tabs” is on.
  • Then verify that “Open links in tabs instead of new windows” is on.
  • And then verify that the “Enable Container Tabs” is checked as well.
  • Check both “Ask before closing multiple tabs” and “Ask before quitting with Ctrl+Q”.
  • Go to the “Home” tab.

Home (Mandatory)

In Home we want to disable everything and set “Homepage and new windows” and “New tabs” both to “Blank Page”. The reason for this is data control, you want to be able to decide if data is sent and if you connect to a page it will already start comunicating.

Also disable the “Support LibreWolf” option.

Search (Mandatory)

This is a tab that makes a big difference for privacy so here you should really follow the steps. Obviously we want to give as much options as possible within a privacy framework. The very first option might be one of the most important decisions you can make in your browser, pick wisely.

Default Search Engine

Startpage and Duckduckgo uses the Bing search index while Mojeek uses their own search index. The following options are all great options which we’ve tried and tested.

  • Duckduckgo.
  • Duckduckgo Lite.
  • Mojeek.
  • Searx Belgium.
  • Startpage.
Search Suggestions & Address Bar (Optional)

We disabled all of these because we don’t see a good use for it, we see these options as extras. If you like them you should keep them, they don’t really do much in terms of privacy or secruity at all.

Search Shortcuts

Remove Google and Bing as we wont be using them. This is obviously because they record every search we make.

Privacy Area (Privacy & Security)

This is where it gets very important. If this browser is to be private we do need to make some tweaks. Certain things are going to break if this is done wrong but fear not, we will make sure all your things will work.

  • The option “Enchanced Tracking Protection” is already set to strict. Make sure to check “Fix major site issues”. Verify that Fix minor site issues is off.
  • Scroll down a little further and disable “Tell websites not to sell or share my data”.

The reason we do not want to send these requests to not sell or share our data is that ironically this becomes another data point. This means the request actually can be used to track you further. 

  • Right below that enable “Delete cookies and site data when LibreWolf is close”.
  • Go into “Clear browsing data”.
  • Set the dropdown at the top to “Everything”.
  • Check all and click “Clear”.
  • Enable “Automatically refuse cookie banners.
  • Disable all in both the “Passwords” and “Autofill” categories.
  • Leave “History” as it is or optionally click the drop down and set to “Never remember history”
  • In the “Permissions” category click “Settings…” for each option and then at the bottom of the window enable “Block new requests…”

Security Area (Privacy & Security)

Scroll down all the way to the end and select “Max Protection”. here you can pick Custom and set your own DNS or pick a pre-configured one. Please note if certain things wont work this is most likely where you should take a look and lower the level a bit. There should essentially be no issues with your browser.

Chromium Desktop Browsers

In networking, choosing the right browser is very important. Browsers act as gateways that companies use to monitor user activity. For example, Google Chrome works more like a data collection tool than just a browser, tracking things like keystrokes and browsing habits. This highlights how important it is to pick a browser that focuses on user privacy.

Always check your systems “Software Manager” before going to their Official website.

Brave Browser is a stronger version of Chromium, built with a focus on user privacy and security. For those who enjoy the look and function of Google Chrome but want better privacy features, Brave is a great alternative.

One of the best features of this browser is its built-in ad blocker, which removes ads and trackers easily. Also, Brave uses advanced methods to protect against browser fingerprinting, which helps keep your data safe and reduces how users are identified online. This includes blocking third-party cookies, which are often used to track what users do on different websites. By using these privacy features, Brave creates a browsing experience that prioritizes both privacy and security.

Download Here
On Linux Mint go to the Software Manager and search for it.

Brave Browser 

Brave is an excellent browser for privacy, making it a simple choice for anyone wanting to boost their online security. It’s much easier to recommend to a family member than a browser like Firefox, which, while also good for privacy, usually needs more setup and adjustments to reach the best privacy settings.

Brave is built to be private from the start, giving users a more secure browsing experience without needing complicated configurations. This makes it a great option for people who may not be very tech-savvy.

Brave Settings

  1. Click on the “Appearance” button in the left menu.
  2. Disable all options within the entire page.
  3. Keep “Show bookmarks bar” set to Always, as I use bookmarks.

Brave Shields

  1. Click on the “Shields” button on the left bar.
  2. Set “Trackers & ads blocking” to “Aggressive.”
  3. Set “Upgrade connections to HTTPS” to “Strict.”
  4. Confirm that “Block scripts” is off, as it can break everything.
  5. Set “Block fingerprinting” to “Strict; may break sites” (I personally have never had issues).
  6. Set “Block cookies” to “Block third-party cookies.”
  7. Enable “Forget me when I close this site.”
  8. Disable “Store contact information for future broken site reports.”
  9. Disable all options in the “Social media blocking” section at the bottom.
  10. Click on the “Content filtering” option.
  11. Under “Filter lists,” click “Show full lists” and enable what you find useful to block.

Privacy & Security

  1. Click on the “Privacy and security” option in the left menu.
  2. Click on the “Delete browsing data” option.
  3. Select the “On exit” option.
  4. Check all available options.
  5. Click Save.
  6. Click on the “Security” option and verify that “Standard protection” is on.
  7. We will go over secure DNS here: NextDNS.
  8. Click back.

Last Tinkering

  1. Verify that “Use Google services for push messaging” is off.
  2. Enable the three options that follow.
  3. Disable “Send a ‘Do Not Track’ request with your browser traffic,” as this can become an identifier.
  4. Enable “Private window with Tor” (never use Tor in Brave!).
  5. Disable “Tor windows” and “Data collection.”
  6. Click on the “Search engine” option in the left menu.
  7. Pick either DuckDuckGo.com or Brave for both Normal and Private windows.
  8. Disable everything else in this section.
  9. Click on the “Extensions” option in the left menu.
  10. Disable “Allow Google login for extensions.”
  11. Disable “Media Router.”
  12. Enable “Widevine,” as it’s required for most video.

Final Note

We have now set up the Brave browser with the right settings. One thing that might be a bit overwhelming is all the extra features, like cryptocurrency options, which may not appeal to everyone. For those who want a simpler experience, these features can seem unnecessary. The good news is that you can easily turn them off if you want.

Vanadium is our Chromium-based browser built into GrapheneOS, featuring all the necessary security enhancements. In addition, the browser is frequently updated and is a strong choice for privacy-focused users. If you follow the steps below, you will be using Vanadium. However, if you prefer Firefox, Brave, or another browser, you will need the Aurora Store.

Technical Details

Getting Into Settings

  1. Open Vanadium.
  2. Click on the three dots in the upper right corner.
  3. Click on “Settings.”

Privacy and Security Configuration

  1. Click on “Privacy and security.”
  2. Click on “Third-party cookies” and ensure it blocks third-party cookies.
  3. Go back.
  4. Enable “Close tabs on exit.”
  5. Disable “Improve search suggestions.”
  6. Disable “Open external links in incognito.”
  7. Disable “Send a ‘Do Not Track’ request” (explained later at the bottom).
  8. Set “Safe Browsing” to “Enhanced protection.”
  9. Set “Always use secure connections” to “Warns you for insecure public & private sites.”
  10. Set “Use secure DNS” to your custom NextDNS (note: I use a different profile than on my network setup).
  11. Disable “Access payment methods.”

Password, Payment And Autofill Settings

  1. Go back.
  2. Click on “Password Manager” and disable all.
  3. Go back.
  4. Click on “Payment methods” and disable all.
  5. Go back.
  6. Click on “Addresses and more” and disable it.
  7. Go back.
  8. Click on “Autofill services” and disable it.

We don’t want our browser to save information, as there are browser-specific attack methods that can be utilized to steal all the information Vanadium holds. This is still the case, even if it is significantly less than other browsers, I am sure. With that said, a lot of convenience is often tied to less privacy; however, it’s not always the case. In this case, I believe it’s not a good idea.

Tab Management

  1. Go back.
  2. Click on “Tabs and tabs groups.”
  3. Click on “Move to inactive section.”
  4. Set to “After 7 days inactive.”
  5. Enable “Archive duplicate tabs.”
  6. Enable “Automatically close inactive items.”

Site Settings

  1. Go back to “Settings.”
  2. Click “Site settings.” Disable all under the “Permissions” section.
  3. Set “Clipboard” to ask first.
  4. Under the “Content” section (same tab), block “JavaScript JIT.”
  5. Block “Pop-ups and redirects.”
  6. Block “Ads.”
  7. Block “Background sync.”
  8. Block “Automatic downloads.”
  9. Enable “Automatically remove permissions.”

Final Note

Now we have set up Vanadium, giving us a very secure browser. It has many built-in security and privacy features. However, we need to remember to delete our browser history manually. If we make a habit of regularly deleting our browser data, Vanadium is all we need. We recommend keeping Vanadium and getting into the habit of deleting our browser data each time since it’s made by GrapheneOS.

If we aren’t fans of Chromium, we could consider switching to Firefox. I tried Firefox on my phone, but we find Vanadium to be better overall. If we need something even more secure, we could look into using Tor.

Be cautious with Do Not Track. It can actually be used to identify and track us, so we should avoid using it.

Extensions

In networking, choosing the right browser is very important. Browsers act as gateways that companies use to monitor user activity. For example, Google Chrome works more like a data collection tool than just a browser, tracking things like keystrokes and browsing habits. This highlights how important it is to pick a browser that focuses on user privacy.

This extension is a free and open-source browser tool designed to block ads. It effectively blocks different types of ads, such as banners, video ads, and pop-ups, using multiple filter lists. Additionally, you can block specific elements by right-clicking and selecting ‘Block element.’ This feature is helpful, for example, if you want to read an article about death but come across a disturbing photo. Blocking that element can make your reading experience more comfortable.

The Lite version differs from the standard version mainly because it doesn’t include the ‘advanced user’ features found in the full version. Instead, it uses a slider to decide what to block, providing essential ad-blocking functionality without any unnecessary extras.

uBlock Origin (Firefox)
uBlock Origin Lite (Chromium)

Initial Setup

  1. Download and Enable.

  2. Allow it to run in private windows as well.

Pinning

    • Go to the puzzle piece icon at the top, next to the menu.
    • Click the puzzle piece and press the pin icon to keep it accessible.

Configuration Steps

  1. Right-click the uBlock Origin icon and press Options.
  2. Scroll to the bottom and click on “I am an advanced user.”
  3. Click on “Filters” at the top and select the filters you want. I selected most of them (in the lite version, you can’t pick all).
  4. Click the “Apply Changes” button.

uBlock Origin

Now, if you go to duckduckgo.com or bravesearch.com and left-click the uBlock Origin icon, you will see several fields. The rule is: if it’s red, it blocks.

  • The right side is for local blocking, so if you want to unblock things locally, that’s how to do it.
  • If you block on the left, then it applies global blocking.

uBlock Origin Lite

The lite version just have a slider instead of the other things. Therefore slide towards the right for more blocking and to the left for less.

Final Note

Now you should have one or more fully set up browsers with uBlock Origin or uBlock Origin Lite. After all, you couldn’t download it without a browser. We have made strides for your privacy, as many privacy issues occur on the internet.

Privacy & Security For All!