The other thing to keep in mind with PiHole - some things are just going to break with it’s default blocking, namely the Google suggested results.
i know, I know - just don’t use google, but android phones/parents have a hard time not just braindead going to Google for results.
It’s not the end of the world - I’ve trained myself to just keep scrolling to actual results.
Another feature for PiHole is local DNS - if you want, you can set up custom dnsmasq entries for self hosted/internal services.
The brand/type of wifi router is more of a technical requirements discussion than privacy discussion.
For instance, I live in a two story townhome rental with the modem in the basement - so I picked up an Orbi mesh system to bounce wifi up to the second floor. I also have a fairly complex network with IoT VLAN, DMZ (for remote VPN) and other network segments - again the orbi doing different VLANs per SSID was a deciding factor.
I’ve also only used the Orbi as an access point, relying on a dedicated firewall/router for that stuff.
If you’re looking at a flat network (e.g. everything on one segment - the typical home user setup), pretty much any WiFi router from Best Buy or equivalent will do the job. Check your current devices to see if you can take advantage of WiFi 7 technology - otherwise save a few bucks and go WiFi 6.
For security purposes, change the default SSID (the wireless name) to something unique - and change the password to something from correcthorsebatterystaple.net. You don’t need the default jumble of letters and numbers to be secure.
Lastly, getting to your privacy concerns, look at the DHCP settings - that’s what hands out IP addresses to your devices so they can reach the internet. Change the DNS servers to something other than your ISP. This looks like a good starting point.
The big things are to make sure you don’t expose your router management to the Internet (the default shouldn’t do that) and to make sure you periodically check for firmware updates.
If you want to up your game, you could look at spinning up a self-hosted DNS server like Pi-Hole - but that can be a bit more advanced to get setup and troubleshoot if something goes wrong.
Yeah, I may catch flak but I wouldn’t be inclined to ditch windows altogether. Unless you literally only do web browsing on your laptop, there’s a high likelihood you may run into a few things that need troubleshooting to get working under Linux, and dual being able to switch back to Windows seamlessly is a huge help/comfort.
If you can find the model number or service tag, that would be a big help for troubleshooting.
There should be a sticker under your laptop with a bunch of tiny text, or if I recall correctly you can use System Information. See this article
There should be a a button that you can press repeatedly to open up a boot menu - it can be the delete key, f2, etc.
Depending on how new your laptop is, you may need to disable something called “Secure Boot”. Keep in mind if your windows installation is encrypted with BitLocker or whatever else Windows is using these days. If it is encrypted, and you have secure boot enabled you may run into issues booting back into Windows - it will freak out that secure boot was disabled and require your encryption key.
At least, that’s what happened with my ROG Zephyrus M16 - I had to find my BitLocker key to boot into Windows and then decrypt it using the settings menu.
Also, if you want to be able to use both Windows and Linux - see if your laptop has an expansion port for a second hard drive. Windows historically has screwed over dual booted Linux grub with updates, and if you can just boot to a entirely different drive that won’t happen.
I think that mitigation requires two things for it to work.
- You need to use a a Type 2 hypervisor (like Virtualbox, VMware Workstation/Fusion).
- That VM needs to be configured in NAT mode.
The two primary ways you can configure a network for a local virtual machine are NAT and Bridged.
Bridged mode places your VM effectively on the same network as your host OS, meaning that any DHCP server that exists on your network (rogue or otherwise) will give your virtual machine and IP.
In NAT mode, the virtualization platform itself includes a DHCP server to dole out IPs, and handle the routing between your virtual machine and your host OS’s network.
The thought process is that if you trust your laptop, the DHCP address handed out for NAT mode will not have the VPN breaking DHCP option and your VPN inside the VM will not have it’s route table screwed with.
Are you looking for a Windows, server, replacement or desktop replacement? Your experience will differ depending on which one you’re trying to replace.
For instance, if you’re trying to replace Windows active directory services with a single Linux server, might have a bad time. I’m in the process of migrating from AD to FreeIPA, PowerDNS, and isc-dhcp (or something similar for DHCP).
I found it myself, Note that if you’re on a Steam Deck (like I am), you’ll need to go to desktop mode.
- Go to Steam, then Settings
- Scroll down to Compatiblity, then look for the two toggles: Enable Steam Play for supported titles, and Enable Steam Play for all other titles. Ensure both are checked.
- I also noticed that my “Run other titles with:” was not set to the latest Proton, but the dialbo 4 proton. Not sure if this made a difference?
I put grapheneos on my old Pixel 6 as a “Yolo” phone for a Infosec conference this past year.
It’s very… okay for apps. You effectively have two options, install a third party app store (F-Droid), or setup a new profile with Google services enabled and use Play store over on that.
GApps alternatives are mixed quality - nothing really beats Maps (at least in the US), but other things like Chrome are easily replaced with DuckDuckGo browser or Firefox.
It was an interesting experiment to see if I could go Google apps free, and it worked okay for 4 days, but going full time to it would be rough.
I’ve used the Authenticator app on Ubuntu and Arch (and the Steamiffied Arch running on the Steam Deck). I found the best thing is to manually download the tar from their official site, the make symlinks as necessary to get it in your path.
In theory flatpaks are trustworthy, but I wouldn’t spend the money and time to get TOTP on my Yubikeys (always have a backup!) - just to hope nobody is injecting something malicious into the flatpak.
An alternative is to not rely on desktop apps, but use the iOS or Android apps - both are signed/authored by Yubico if I recall correctly.
To mirror what another commenter said, also look at using FIDO whenever possible - it’s not going to get caught up by a keylogger or a shoulder surfer.
There’s two ways to share with Google maps - time based and just for a trip. My wife and I use both, the trip share gives an ETA for when you will arrive and it’s great for when one person gets take out and the other preps dishes, sets the table.
I used to recommend the ubiquiti security system. Relatively inexpensive, all data stays onsite, wide range of gear.
But lately I’ve had some support issues and their hardware is next to impossible to find. Fun fact, unless you buy this from their site or one of a handful of authorize resellers, they won’t support shit. I had a Cloud Key Gen2 from December of last year just die on me, but since I bought it from the Ubiquiti Amazon “store” (not actually sold by Ubiquiti), I was SOL.
Ideally, sure use a password generator - but I wouldn’t worry about the security of a password generator like the one I linked.
Again, use bitwarden’s generator - or equivalent - for passphrases, but in the absence of that correcthorsebatterystaple.com is good enough for a non-shared password.