Just bought a Linux pre-installed laptop with the specific goal of maximising privacy/anonymity (in preparation for a full transition away from google/Microsoft etc). I chose to trust Mullvad VPN and only Mullvad VPN with my IP address. I downloaded Tutanota flatpack software then uninstalled when I figured I would be increasing the risk of IP address leakage if the killswitch fails. Soon later, the killswitch failed and I found the Tutanota software was somehow still on my PC (I got notified when I got mail and found in the .var files).
I am now considering setting up a new email address which cannot be traced to my IP address, unless my reasoning turns out to be flawed as I know little about this stuff?
(Extra question of course is how to set-up an OS-level vpn killswitch for when Mullvad fails, if anyone has an answer for that)
when you do remote Flatpak installations (importat bit being remote) then of course, to establish a connection the server will get your IP Address. Flathub is where you’ll usually be downloading software from, but they don’t really do much with that information.
Either way, when using something like a VPN, you should not have to worry about that information as Flathub (or another remote) would only see the IP Address of your VPN, not your personal IP.
Additionally, local flatpak installations from a file do not have this issue unless they need extra dependencies that are downloaded from the internet (if not already installed)
Is it bad idea using Tor Browser, Tails or Whonix when accessing Tutanota or Protonmail? No more worrying about leaks.
Thank you. But do you know if I install a flatpack using the VPN, would the server be sent my actual IP address merely through my VPN killswitch not working for a few minutes while browsing the web?
Your right. I’ll probably do this going forward - though am still interesting n OP question for learning sake.
OpenSnitch is a good FOSS firewall to see what is trying to connect to the internet.
No, apps installed through Flatpak work exactly the same as non-flatpaks. For example, running Firefox as a Flatpak won’t let Flathub.org know that you’re using it, or when. Only during installation or updates.
The question is rather, is having an app installed equivalent to visiting a URL, in terms of sharing IP address to the company running the app/URL.
simply having it installed does nothing. During installation you connect to a remote to download the program.
Other than that, Flatpak does nothing network-related.
Hmm. But if the flatpack application in question provides notifications in the tray, it indicates there is constant traffic between my PC and the application. Hence, wouldn’t the IP address leak in the moment of a killswitch failure?
the Killswitch is there quite literally to prevent a leak like that from happening.
And again, that isn’t a flatpak related issue, that’s the program.
Also, no, not necessarily. Some offline music players offer tray icons to facilitate background playback.