That isn’t any protection; it just hides your normal IP address.
And the address isn’t private either; it belongs to your VPN provider.
4 Likes
Nev, always use your distribution’s update tools. For example, Garuda is an Arch-based distribution, and they provide an update script named (of course) garuda-update and in my terminal there is an alias upd to run it. You should be able to check your distribution’s website to learn what tools are provided.
If we all make sure to use our distribution’s update, and upgrade tools, we will only update software with updates provided by our distribution’s, that come from their repositories. When/if you see anything online, or in an email telling you to update from some hyperlink, DON’T DO IT!!! Instead, use your distribution’s tools, that were installed with your distribution to update your installation, and you should be safe. AFAIK, most distributions vet any updates or software they add to their repositories, so this procedure should protect you as well as possible in this new time of malware, spam, and bad intentions!
If you use software from closed source providers, like NVIDIA, etc., only install updates from their official websites. I’m sure you already know how to identify a valid URL, but if you don’t, I can provide that information in another post. Copy that URL to your clipboard, then create a desktop icon leading you there, or keep a text document containing any such URLs and where they are for right three on your desktop, or in your Documents directory.
I hope this helps,
Ernie
4 Likes
If you can trust the dev and maintenance teams of your distribution enough to install and use it on your computer, you should be able to trust them to properly vet any software they put on their repositories, don’t you think? If not, you need to find a distribution you can trust! Agreed?
Ernie
5 Likes
It can be, when used with proper care. For example, I use the MEGAsync desktop app to manage my storage space on MEGA, and set up what I’m going to sync with them. To install the app, MEGA provides a command on their website to get and install it. I trust MEGA well enough to let them store my files on their website, so I reason that I should be able to trust them well enough to use their command to get and install their desktop app (it uses curl). I have two reasons for choosing MEGA, 1. They provide 20GB storage with their free account. 2. They employ end-to-end encryption, with the encryption key stored only on my computers, so anything that’s transmitted between us is encrypted on my system, and stored in it’s encrypted form on their website, so only I can see the contents of the files I’m syncing with them.
For me, the bottom line for the security purposes of adding any third party software to your computer, is to be very careful about whatever you decide to add from any third party source, and that you can trust them as much as you do the dev and maintenance teams from your distribution.
Ernie
4 Likes
Tech savvy users will usually be prudent enough to take proper security precautions, such as those described here, and hopefully Newbies coming from Windows will be cautioned about such procedures in their distribution’s documentation, of on their website.
Ernie
1 Like
Again, if you can trust the language providers enough to use their language, you should be able to trust them enough to use whatever they add for your use. If not, I think you should find another language.
Ernie
3 Likes
Well, it really is based on Googles take on what the Linux ecosystem is …
Ernie
1 Like
As for me, I don’t bother with VPNs, instead, I always make sure that the URL of any website I visit begins with ‘https’, because that tells me that my connection is encrypted, and I never surf blindly, meaning that I don’t go to sites I’m unfamiliar with, or that weren’t recommended by sources I trust. I usually have accounts with sites I frequent, and I always add them to my password manager so I can use the stored link to access those sites. Finally, anytime I encounter a hyperlink (either on the Internet, or in any email message) I want to explore, I check that the URL it will take me to matches the content on it’s label. When in doubt, I DON’T CLICK!!
Ernie
7 Likes
There are questions about Arch’s AUR , and Ubuntu’s PPA.
There are languages ( eg Python, Julia, Rust) that run their own repos and bypass the package system
There are browser addons that come from goodness knows where
Some apps ( eg Inkscape, Gimp) have addons
I am not sure about Gentoo… I think it does not keep a repo, but gets its source code directly from upstream suppliers.
Some apps (eg keenwrite) come as static binaries direct from the developer
and
there are people who ignore your advice and download from anywhere.
3 Likes
The problem is, the language developers are not the only ones who add software to these language libraries. Users can add code too. It is vetted, but I am not sure how well it is vetted.
Using pip to install stuff for Python is like using PPA’s in Ubuntu.
1 Like
You’re right about what you say, but one of the reasons I have selected Garuda Linux as my distribution of choice is that they curate a fairly sizable portion of what’s most popular on AUR and after vetting any updated software, not only for security purposes, but for package dependencies too, they make it all available on their Chaotic AUR repository, which is one of the official Garuda repositories, I have everything I need without resorting to using AUR. Since Inkscape and Gimp (both of which I use) are vetted by the Garuda repository maintenance team, and I trust them enough to use their distribution, I trust them to do everything in their power to make sure what I get from their repositories is safe too. The same logic goes for my use of the MEGAsync desktop app. Because I trust MEGA enough to use them as my cloud storage service of choice, I also trust them to make sure their desktop app is safe for me to use too.
With all this said, I don’t blindly trust any of the entities whose products I use. I’ve learned to carefully examine the reputations of each and every entity I rely on before deciding to use their product or service. I also pay careful attention to the opinions of the pundits and individuals I know and trust as I evaluate these products and services. All in all, I think I’m about as safe and secure as I can be in this world of malware and miscreants, and I start with the knowledge that there is no such thing as being completely or absolutely safe from all the threats we all must face if we want to be connected to the Internet, so I take things from there, and I try to keep myself as well protected as reasonably possible by keeping all my software as up to date as I can, and by remaining as vigilant and skeptical as I reasonably can regarding my behavior on the Internet. The end result is that I’ve only encountered one malware infestation on any of my computers in all the years that I’ve been online, dating back to the late 1990s, and I got that one from a program I downloaded from a BBS while I still used MS-DOS on a Gateway IBM compatible PC (my/our first PC ever). I think I have a pretty fair track record so far!
Ernie
3 Likes
So you have to decide if you trust them enough to use their software. Do your research to determine whether their reputation for security is good enough to warrant your trust. If not, find another language. It’s as simple as that. There are no absolutes in computer security, and the good guys are always playing catch up because the bad guys are incessantly coming up with new exploits and ways to steal what the rest of us have worked so hard to get.
Ernie
3 Likes
But this means nothing !
I run several web sites and each year the hosts (i have different hosts for each site, not out of choice) offer me the https security for a small fee, last time around 25 uk pound. It does not prove my sites are trouble free or dont contain something wrong. No checking is done by the hosts its all down to me. But Yes I virus scan etc before during and after, never found anything on my sites but they dont contain anything to down load, no tracking cookies etc.
3 Likes
No, it isn’t. Nowadays we cannot ignore, e.g. Python, even if I would like to. There is no option.
3 Likes
Not exactly! While I still don’t have any guarantees about the security of the site itself, I am assured that any communication between my browser and the site is encrypted, so no one along the way can see the content of what I’m transferring, be it a file up/down load, a post to a forum, etc.
1 Like
I understand what you’re saying, but Python also has a very good reputation, doesn’t it? Even if you don’t like how the language provides extensions, you do have the choice to install it, or not, don’t you? And, don’t you have any way to evaluate the reputation of any given extension? If not, perhaps you should suggest that to the dev team!
Ernie
1 Like
Meanwhile, I have learned to live with it.
2 Likes
Ok I agree with that part. Good for the banking or on line purchases. But not 100 % secure contents.
No risk, no fun! 
You never can get 100%.
But nowadays, https is standard and certificates are freely available, so there is rarely a reason for browsing unencrypted.
How and where last time I tried could not find anything