goal

share configurations for digital emancipation

principles

1. freedom (open licenses)
2. privacy protection
3. minimalism
4. stability

compare software and service with https://alternativeto.net/

computer

os

• download https://www.debian.org/ and mount iso on USB
• boot from USB

graphic installation

• for the hostname use: deb
• don’t put root password (allows using sudo)
• use LVM encrypted (encrypt the os)
• for now do not install the desktop environment but only: standard system utilities, print server

manual installation

• login: enter user and password on tty2
• connect an ethernet cable or a smartphone in USB tethering mode
• run a sudo apt update and sudo apt upgrade
• then launch:

sudo apt install \
     gnome-session \
     gnome-terminal \
     gnome-shell-extension-prefs \
     gnome-tweaks \
     seahorse \
     gnome-disk-utility \
     mpv \
     eog \
     foliate \
     transmission \
     audacity \
     gnome-characters

settings

• since it is encrypted, it is advisable to enable: Settings > User > Automatic Login
• on gnome-terminal using nano (^ stands for ctrl) modify the following files:

grub

/etc/default/grub to have GRUB_TIMEOUT=1 and GRUB_TERMINAL=console, then run sudo update-grub

sources

/etc/apt/sources.list to have:

deb http://deb.debian.org/debian/ stable main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian/ stable main contrib non-free non-free-firmware

deb http://deb.debian.org/debian/ stable-updates main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian/ stable-updates main contrib non-free non-free-firmware

then you can install firmware non-free, in my case (lenovo thinkpad x1 1ts gen) sudo apt install firmware-iwlwifi

bluetooth

/etc/bluetooth/main.conf to have: AutoEnable=false

mpv

create a ~/.config/mpv/mpv.conf and add fs=yes

browser

sudo apt install firefox-esr then write about:config in the address bar and set:

• network.security.esni.enabled to true
• extensions.screenshots.disabled to true

in settings set:

• DuckDuckGo as Default Search Engine
• in Enhanced Tracking Protection set Custom with blocking of cookies from unvisited sites
• “Do Not Track” always
• Delete cookies and site data when Firefox is closed with the exception of a few sites
• history: custom, only when i close firefox
• OCSP disabled
• HTTPS-Only in all windows
• DNS secure: MaxProtection - NextDNS

advanced privacy (compromises some services)

write about:config in the address bar and set:

• media.peerconnection.enabled to false

add-ons

• uBlock Origin
• ClearURLs
• Bitwarden
• Simple Translate

GNOME Shell integration

• Auto Move Windows, Auto Activities
• Unite, Hide Top Bar
• Bluetooth Quick Connect

more privacy

still using gnome-terminal and nano:

macchanger

run sudo apt install macchanger and modify /etc/NetworkManager/conf.d/macchanger.conf to have:

[device]
wifi.scan-rand-mac-address=no

[connection]
wifi.cloned-mac-address=random

nextdns per so

run sudo apt install systemd-resolved and modify /etc/systemd/resolved.conf to have https://my.nextdns.io setups

privoxy-tor

run sudo apt install privoxy tor and modify /etc/privoxy/config to have forward-socks5t under: Settings > Network > Network Proxy > Manual; set:

HTTP: 127.0.0.1 8118
HTTPS: 127.0.0.1 8118
Socks: 127.0.0.1 9050

test privacy with https://browserleaks.com/

sync files

sudo apt install syncthing

systemctl --user enable syncthing.service

vc

sudo apt install git

git config --global user.signinKey <key>
git config --global user.name <name>
git config --global user.email <email>
git config --global commit.gpgsign true

editor

sudo apt install \
     emacs \
     hunspell-en-us \
     hunspell-it \
     ripgrep \
     sox \
     mpg123 \
     libtool-bin \
     libvterm-dev

git clone [email protected]:francesco-cadei/.emacs.d.git you can now sudo apt autoremove --purge gnome-terminal and use terminal inside emacs with C-x C-d.

languages

tex

sudo apt install \
     texlive \
     texlive-pictures \
     texlive-publisher \
     texlive-pictures \
     dvipng

c

sudo apt install \
     cmake \
     clang \
     libclang-dev

java

sudo apt install \
     openjdk-17-jdk \
     openjdk-17-source

power manager

install specific package for thinkpad’s fan:

sudo apt install \
     acpi-call-dkms \
     thinkfan \
     tp-smapi-dkms

tlp

sudo apt install tlp tlp-rdw

sudo tlp start
sudo tlp-stat

powertop

sudo apt install powertop

sudo systemctl enable powertop.service

thermald

sudo apt install thermald

other stuff

sudo apt install \
     libreoffice \
     libreoffice-gnome

mobile (or tablet)

• do initial setup of an android device without google account (prefer a device with pure android)
• i use Nokia because of the partnership with https://www.ifixit.com/
• under: Settings > Network & internet > Private DNS; use https://nextdns.io/ config
• with usb cable provide https://f-droid.org/ apk, install it
• install OpenBoard from F-Droid and disable GBoard
• uninstall or disable all unused app

System > Developer options (tap 7 times: About phone > Build nember)

• setup Wi-Fi non persistent MAC randomization to true
• setup animations to 0.5x

F-Droid, installs:

• Olauncher Clutter Free
• Syncthing, Orgzily Revived
• RiMusic, Tuta, Tuta Calendar, Silence
• Aegis, Aurora Store

Aurora Store, installs:

• Bitwarden, PosteID, Kena Mobile
• Wise, ING Italia
• Maps, Translate
• Firefox, Beats, WhatsApp
• Meta Horizon, Audible, Kena Mobile

Firefox extensions

• uBlock Origin
• Video Background Play Fix

another mobile (backup), installs:

• F-Droid
• OpenBoard
• Syncthing
• Aegis, Aves Libre