New to Ubuntu. Just installed clean copy. Running Mullvad VPN, Mullvad Browser and Brave.
Any privacy, security configurations I should make to this configuration?
Thanks in advance.
What are you trying to use it for? What you’re asking really depends on the privacy set up you’re trying to go for based on your threat model. It’s a very broad question you need to narrow down with specificity for your needs.
We recommend Fedora for beginners on their privacy journey because of its faster update cycle, but I can still help you make a decent Ubuntu configuration to start!
By the way, I think you are off to a great start. A VPN and browser are important steps, but have you thought of a good password manager and multi-factor authentication app? What are you using for your email client?
1 Like
My goal is to move from Windows 11.
I mainly use Proton email. Proton Pass for password manager.
Email, banking, paying credit cards, reading news sites and of course Privacy guides.
Keeping up on spending using Quicken on Windows currently.
My concern is protection from viruses and “bad actors” infecting my Ubuntu PC.
Not much else, really boring stuff.
1 Like
What I like to do is removing permissions from apps.
You can do so by going to “Settings” > “Apps” and select the app you would like to limit permissions. Usually I remove network access. But if I give network access, then I remove files access “Access files to your home folder”. Any app can still have their own folders for files located in “/home/{user}/snap/{app}/common”). But if I give files access, then I remove “network” access. I don’t give them both (files and network) at the same time.
Personally I would check if firewall is enabled. Write “sudo ufw status” in the terminal, and if it is disabled, then write “sudo ufw enable”.
Also go to “Settings” > “Security & privacy” to review various choices and status of security features.
I would also enable disk encryption, but this is done during installation I think.
2 Likes
Its easier to do this with Flatseal provided you only install Flatpaks as much as possible.
Is it true? Flatseal is confusing overwhelming with options, while default Ubuntu snap permissions are simple: few checkboxes and that’s it. In the future, it will be even more simple and convenient: apps will specifically prompt user for access to specific folders (even better prompting than Android), they are developing this feature, maybe will be available in next LTS version (6 months from now).
2 Likes
Well, I don’t know if its easy for sure cause I never used or managed snaps as I don’t use Ubuntu. But I prefer Fedora and Flatpaks so that’s my go to way of going about it.
Not a huge fan of snaps personally. But if @dddd wants to use only Ubuntu, it can work for them surely.
Are you on the standard or LTS kernel? LTS is significantly behind in updates.
Proton recently officially published their apps for Ubuntu, maybe a great idea to install as you use their services:
For Proton Pass app specifically it says it is not official, but I know its official. Previously it was community apps, now they are transferred to Proton themselves. And Proton Mail and calendar app they already changed the description making app fully officially Proton’s.
My recommendation is on the contrary, is to use LTS (long term support), as it is stablest version, with least possible problems.
I am not exactly sure what “behind in updates” means exactly, but in unlikely case someone needs some new driver because using some kind of latest device (issue I personally never encountered), then one can enable “Hardware enablement (HWE) kernel” Ubuntu kernel lifecycle and enablement stack | Ubuntu , which “provides newer kernel and X11 display support for existing Ubuntu LTS releases“.
Thank you for this. The firewall was not enabled but is now. I will study the rest (access files/network access).
I did not enable disk encryption during installation being concerned that it might cause issues. I may have to reload Ubuntu and start over?
I believe I installed “Linux 6.17.0-6 generic”. I don’t see LTS anywhere in the System details.
I am just trying to move permanently to Linux based (vs Windows).
I looked up Fedora and see two versions: Fedora Workstation and Fedora KDE Plasma Desktop. The descriptions sound similar with KDE Plasma being more customizable after installation?
Which do would you recommend?
I like Workstation and the GNOME desktop environment. It is the same as Ubuntu if you like that.
But if you like Windows layout, I recommend the Cinnamon desktop environment instead. KDE may be too overwhelming if you’re new to desktop Linux and seems like you are.
I recommend Fedora as well, give that a try.
Adding encryption is possible now, but I think simpler is to start over.
Ubuntu has multiple encryption methods. One is old, another is fresh new.
The new one is experimental. Both should work fine without issues, but I would go with the old one for now.
Also with old encryption, you can move hard drive between computers and it will work just fine, you just need to remember the password 
But with new encryption, as I understand it, hard drive will be tied to specific computer and data won’t be easily accessible on other computers if you change the hard drive. While new one experimental encryption has some kind of extra security which makes things a little more complicated.
You installed fresh new Ubuntu 25.10 (released this month). These releases are to test new latest features, but it can have bugs. For example, this release already had significant bug: Rust Bug Broke Ubuntu 25.10 Automatic Update Checks - OMG! Ubuntu because of fresh new system utilities, which were rewritten in another more secure programming language.
https://www.omgubuntu.co.uk/ is a great blog to follow Ubuntu news if you decide to stick with ubuntu.
So, overwall, I would reinstall Ubuntu 24.04.3 LTS version with old encryption method. These LTS releases come every 2 years, so its also fresh. While these more frequent interim releases you installed comes every 6 months I would not recommend, too frequent upgrades, where they test new features, before they polish them for next LTS major release (which will be soon enough as well).
Default gnome is weird, quite different from Ubuntu. Unclear how to open apps even. I would choose KDE plasma rather than default gnome. I recently tested KDE plasma for the first time with SecureBlue, it looks pretty 
and I seen very good reviews on youtube.
This is how I currently view Linux Distributions. My top 3 picks:
- Ubuntu - good balance between security and usability for simple use (for simple use, because it has less apps by default in the app store compared to others).
- ZorinOS - fantastic distribution for new users. It has tons of apps, but not as secure as it should be in my opinion.
- SecureBlue [with KDE plasma environment] - for max security (because of this fantastic video from PrivacyGuides Secureblue: Is This the Most Secure Linux Distro? - Neat.Tube ), but I not tested enough yet what are the problems with this new operating system in practice.
I can’t tell anything about fedora, because I know nothing about it. Maybe a video could be made about it for what reasons it is recommended? Personally I prioritize simplicity & security. I guess these two criteria are most important for majority of regular users as well.
And when I compare ubuntu software and compare “flatpak” software (which every other linux use), then I like Ubuntu software, because it is both simpler and thus more secure (because of simple permission system and sane defaults).
1 Like
Like others have mentioned, Fedora (specifically with GNOME, but KDE is also good and will feel familiar to you as a Windows user) is likely the better choice for a desktop system because it has better security defaults. But I wouldn’t worry too much about it if you’ve already settled on Ubuntu.
Since your main concern is protection from viruses and “bad actors”, the main advice honestly is just to keep your system up-to-date, as well as your web browser. And steer clear of most browser extensions.
While the above advice is probably enough for what you’ve set out to achieve, here is what I personally do on my systems.
Make sure unattended security updates are enabled. (Which on Ubuntu Desktop I believe is the default)
Then I run an Ansible playbook from DevSec. Specifically the os_hardening and ssh_hardening roles. It’s primarily intended for servers but it works just as well on desktop.
And on desktop Linux I like using OpenSnitch as my firewall. It’s an application firewall, like LittleSnitch and LuLu on MacOS and simplewall on Windows so you will have granular control over which applications you allow network access to.
1 Like