Privacy focused users: what applications and what settings you use with your Fedora?

Continuing the discussion from F40 Change Request: Privacy-preserving Telemetry for Fedora Workstation (System-Wide):

Thank you very much for sharing what you use in your mobile phone.

Will it be OK for you to share what you install and/or what changes made to your Fedora?

Thank you.


I guess he already gave you an answer.

To use an alternative spin probably would be an idea. I used Mate and was quite happy before I decided to jump on mainstream Gnome 4.0. You can also install Librewolf on fedora. If you pretend to use Proton-mail keep in mind that the free mail account just has access over web. If you want to integrate it in your Mail client you have to take a paid plan. Check out the page of pricing to see what is included. Btw. protonvpn* you can install also on fedora.

But honestly if you want to have a sincere answer to this questions you made, you probably also have a look into other communities, where still not are that much in hands of cooperated sponsored enthusiasts.

About focus on privacy, you might also take in consideration not to use real-name and real-foto as avatar.

1 Like

I thought what listed in the 1st paragraph is all about on the mobile.

Thank you for pointing that out for me.

1 Like

Will it be OK for you to share what you install and/or what changes made to your Fedora?

I’m not sure what you mean by that. It will be way too many to list them up.

1 Like

I think they mean what changes do you make specifically to increase privacy.


ok, I got confused with the previous sentence ‘Thank you very much for sharing what you use in your mobile phone’.

My own rules of thumb are to check software metadata before installation and privacy settings (if GNOME, opt-in screen is displayed) after installation of Fedora Linux.

When I install graphical software (like OBS/Kdenlive), I check software metadata about permission granted. Other than that, I don’t know what post-installation work is necessary for workstation.

If I install server, I follow through this guide.

Post Installation Tasks

1 Like

Lineageos & f-droid

They do have a own discourse forum where you also can ask. As I mentioned already, keep anonymous (not use real name and foto) if you sign up, makes part of privacy protection.

1 Like

I am now sure my question is written very badly.

I actually wanted to know:

For privacy focused users, what applications you installed to your Fedora system and what kind of changes you are making (from default).

Thank you @hankuoffroad @ilikelinux @dalto your input let me know my post is not right.

1 Like

It will be way too many to count what SW I installed on top of the base system. I stick to ’ Reduce Your Attack Surface’.

Just to name a few of my favorites after I checked metadata and reviews before installation.

  • Graphical software: OBS, Kdenlive, Kate
  • System utilities: vagrant, Ansible
  • CODECS: GStreamer extra codecs
  • Privacy settings
    – Change Firefox privacy & security to ‘strict’
    – Default system settings in KDE Plasma
  • Server settings: depends on the scope of work and projects.

Because I spend most of my tinkering time in web browser, default text editor, ssh, Git and graphical software, I don’t run sudo dnf install often. 99% of my work is done with base system.

1 Like

Feel free to edit your post title here to clarify!

1 Like

If you use Firefox, I recommend setting up arkenfox.

There are also privacy focused browsers such as Librewolf.

You can use a VPN but you need to be careful as it is easy to decrease privacy using a VPN.

Encrypt your DNS traffic which is particularly helpful if your ISP is grabbing your data.

You can use Tor when appropriate.

Encrypt your drives to prevent data loss in the case of theft or improper destruction

Install an application firewall like opensnitch or similar.


I have a bit of an out-there one: I have a shell alias for sudo to pkexec. GNOME Shell prompts for the password for privilege escalation via PackageKit, and I figure it’s harder and slightly less portable to log the password from that prompt than it is to drop a dummy sudo program into my PATH.

I realise that is all sorts of ass-backwards, but that’s why I mention it: I think it’s kinda funny :slightly_smiling_face:

1 Like

A majority of my time is spent in a browser so i set them according to my personal preferences/usage. And my passwords is handled by browser extension.

So (un)fortunately nothing more exotic than this in my Fedora install. :grinning:

1 Like

I use Exiftool to clean up metadata of photos.

1 Like

There are a lot of things to do and to set up. Fedora does too many things under the hood and quite a few of them are sacrificing user privacy.

  1. Completely wipe the harddrive and bios before install.
    Be sure to set up your bios passwords.

  2. Use the large server DVD iso for the install.
    That is basically the only iso which does not require you to connect to Internet for installing Fedora. Then you can manually set up everything before Fedora send out your information thru ntp, location service, dnf updates and countme.

  3. Always start with offline minimal install. Use LUKS2 to encrypt your harddrive. Set up your own secure boot keys.
    By doing minimal, you effectively get rid of a few potential telemetry packages like ABRT (this is not a package developed for telemetry purpose, but it can well be regarded as one).

  4. Before first time connecting to the Internet, disable dnf.makecache-timer.
    This prevents Fedora from doing unauthorized internet access and downloading data without user consent. This also prevents Fedora from the opt-out user tracking/counting when you use dnf for the 1st time. Be aware that after disabling this, your dnf metadata cache will not be automatically refreshed, and you need to do --refresh to force a metadata refresh on your dnf upgrades.

  5. Go to yum.repo.d. Check every repo file and change all the countme from 1 to 0.
    The only available way to get a user out of the opt-out dnf countme user tracking/counting. Unfortunately there has not yet been any easy way to opt out from this like the proposal said.

  6. Connect to a trusted router and carefully check all the traffic for some time to make sure nothing going wrong (ideally for 1-7 days). You should see zero active traffic getting thru your router from Fedora at this stage.

  7. Set up TOR/VPN or both. Possibly do this by local rpm install rather than dnf. Route all the traffic thru them. Encrypt your DNS.

  8. Install your beloved DE thru a barebone install.
    If you use GNOME along with extensions (which is most likely the case), put them on the global path instead of your local user’s. The gnome extension manager will actively connect to redhat’s server every time you boot to check for extension updates if you put extensions under local user home directory. Also make sure that things like location services are not enabled.
    KDE is not suggested as it is very difficult to remove KUserFeedback. While this feature is opt-in, it will always collect your information and store them locally (while not sending them out).

  9. Install your beloved browser.
    Neither firefox nor chrome is suggested. Especially, firefox on Fedora has all the telemetry enabled by default.
    There is librewolf which is advertised as “privacy focused firefox”. It still has some features that you need to manually turn off.
    Also make sure all your browser data are routed thru your TOR/VPN.

There are actually a lot more to do if you are a privacy extremist. But if you are good with just some normal level of privacy, pick what you really need based on your own need.

1 Like

Thank you very much for the detailed reply.