background
Back to main page

Guide to "The Singularity"

last updated December 23, 2025
published October 17, 2025
Download as a text file here

Table of Contents

0 Legal Disclaimer

All of the technologies discussed in this guide are legal in the United States. I highly recommend that you read your local jurisdiction's laws before utilizing the software and techniques in this guide to ensure you're not breaking the law.

I highly discourage individuals from using these technologies to commit a crime, or to assist in the committing of other crimes. I am not advocating for the breach of law in the United States or worldwide; this document is meant to be for educational purposes only, and consists mainly of practical information on various legal software and protocols that can be used to uphold your privacy and freedoms.

I recommend that everybody, if they have the legal means to do so, use these technologies and methods to maintain their privacy and freedom.

1 Introduction and Purpose

"Whoever would overthrow the Liberty of a Nation, must begin by subduing the Freeness of Speech; a Thing terrible to [public traitors]."
-Benjamin Franklin

Many people across the world use the Internet to catch up with distant family, search for cooking recipes, complete college courses, and participate within hobbyist communities they would have otherwise never seen. By far, a computer and access to the World Wide Web is the most effective tool in the modern person's arsenal for accessing and distributing information.

The Internet has also helped create widespread access to a special form of communication. The anonymity of the web is widely practiced across many websites, and anybody wishing to operate under a pseudonym could choose to do so to simply be comfortable with speaking freely, avoid government persecution, or to draw focus to the topics they discuss and not their identity. This was further accelerated by the ease of use of the Internet; anybody with Internet access can register an account on a website and share information or opinions, within the scope of the website's community and staff. These communities were often self-moderated and were critical resources among the early Internet for information on a wide variety of both broad and niche topics.

This form of communication is especially helpful for those under the rule of dictators and authoritarians, where "wrongthink" can result in imprisonment or death. Despite those governments deploying advanced firewalls and legal consequences for the spread of information, the citizens of these countries can still access the wider Internet due to the use of freely available, decentralized tools. This is a game of cat and mouse, and when the mouse's objective is to seek truth, the cat can do nothing to the mice to make them "unlearn" the truth. The Internet, to them, is the most important tool for seeking truth.

Anonymity is not new; the American Founding Fathers would often use anonymous essays to discuss important political issues, such as within the Federalist Papers[1], to help focus the discussion on the materials themselves and not the authors. This aspect of the Internet is what I believe to be the key to the free flow of information.

Now, due to worldwide government overreach, corporate overreach, and misguided activists, our privacy on the web, and therefore its ability to maintain the freedom of information, is at serious risk. In the future, computing freedoms may be at the mercy of identification checks, arbitrary censorship, and many other artificial burdens specifically designed to encumber those wishing to stay private.

In other words, the ubiquity of the Internet may cease to be in the future.

This guide is meant to teach those with little to no knowledge in computing the basics of freely available tools and software that can help you protect your digital freedoms, regardless of your location in the world or the specifications of the devices you use. These are objectively not difficult to use, and as the burdens of keeping your privacy online increase, the time spent to learn these tools will far outweigh the privacy sacrifices you take to concede to deanonymization techniques.

1.1 What's with the title?

I'm not great with names.

Longer answer: "singularity" refers to a debated hypothetical scenario in which technological growth hits a singularity (point of no return) and exponentially spirals out of control, creating unforeseen changes to civilization. This is commonly in relation to artificial intelligence systems, where a proper AI that is capable of improving upon itself rapidly and unpredictably does so.

To extrapolate the definition a bit, the "singularity" in the title refers to the single point in which we rapidly and uncontrollably lose the ability to use the freedom of information the Internet provides, which would compound into consequences to other freedoms. With the passing of privacy-invasive laws across many countries in recent times, we could be close to this singularity now if it isn't already in progress.

1.2 Why should I care?

A bit of a personal anecdote: when I was younger, I would regularly be seated in front of the family computer and, at the expense of my parents wishing to make outgoing calls, would use the dial-up modem to connect to the Internet. While I wouldn't necessarily recommend small children being given unattended access to the web like I had, I believe that it played a significant role in my understanding of the wider world, and I would hate to see the freedom of information that I utilized be snuffed out by governments with legislators that can barely understand the implications of any tech-related legislation. Also, I'm an artist. The freedom of information across the web has allowed me access to a wide variety of influences that I feel I would have never known about without it.

Even throughout my adolescence to now, as an adult studying for a degree in computing, the web's diverse catalog of valuable information and creative discussions regularly demonstrated to me that knowledge is power. The web can be used to shine a light on nearly any topic, and the freedom to freely use it is regularly taken for granted due to its ubiquity across the world.

Soon, there may not be an opportunity to take the Internet for granted. Your right to privacy and free information is at risk right now, and the following tools can be a part of your arsenal for maintaining those rights.

I am not an expert. I have a passion for technology, for writing, and for teaching others, and my main purpose for writing this guide is to cultivate all these passions and use them to create a resource that the layman could understand.

I have done my best to do adequate research on these topics, and to also include references/footnotes for additional reading on certain areas of interest. However, I am not perfect, and the odds are good that I missed something. If any sections require correction or you think any information should be added, I encourage you to reach out to my email address and let me know.

2 Free/Libre Software Principles

While not necessarily "practical" information (you'll want to read the other sections for that), the decisions in what software and implementations are best is largely determined by the following principles. Although I don't intend for this guide to turn into an ideological soapbox, I believe that these principles are important in understanding modern software freedoms and privacy.

In summary, the practical choices of software for this guide is largely determined by the software's ability to maintain the user's computing freedoms, as well as its overall effectiveness in its application. Software that directly harms the user and restricts their freedom is prevalent now more than ever in computing, and I believe that highlighting the principles of libre software may help you to be educated on the sneaky ways software developers hurt you, and help you make computing choices based on the ways that they affect your freedom. Your privacy may be at risk by using software that doesn't follow free software principles, which can be disastrous in oppressive countries.

Much of the core philosophy and ethics of these sections will be paraphrased from the Free Software Foundation and GNU Project. Additional reading can be found at their websites: gnu.org and fsf.org.

The philosophy of free software (free as in freedom; for distinction I will refer to that as "libre") is that any computer program that is created should be distributed with a license that specifically protects the following four freedoms: the freedom to run the program however and whenever you wish, to study the way it was created and make changes to its operation, to share copies of the program, and to be able to share modified versions of the program[2].

Software on a computer is essentially created by writing human-readable code in a programming language. For a computer to "understand" this code and execute it, the code of the program must be translated into a language that the computer can understand, but humans cannot. This is a one-way process: once the code is "compiled", it is nearly impossible to perfectly reconstruct the original code that was used to create the software. To comply with the freedom to study and modify software, libre software can be freely acquired as both compiled programs and as original source code that can be compiled.

The libre software movement emphasizes the importance of the protection of these freedoms, deeming it as an ethical issue when these freedoms are violated. Software that does not respect these freedoms, dubbed "proprietary software", is often deemed immoral because it removes these inherent freedoms from its users. Therefore, out of philosophical and ethical considerations rather than practical ones, it is better that software that is proprietary is avoided or replaced by a libre alternative.

Proprietary software often contains malicious components (such as spying, intentional insecurity, and even self-sabotage when it is tampered with) that users are helpless to remove[3]. A proprietary program may also contain features that other developers or users may want to study, but due to proprietary software not respecting the freedom to study the program by not including the source code, they cannot. This stifles technological advancement, as well as social and communal advancement, in favor of concealment and obfuscation.

While the free sharing of software existed well before the surge in software development and home computing in the 1980s and 1990s, the libre software movement was largely conceived by Richard Stallman through the GNU Project (founded September 27, 1983[4]) and the Free Software Foundation (founded October 4, 1985[5]). The former seeks to create an entire operating system using only libre software, while the latter owns the copyrights to the GNU Project and employs developers to write libre software.

The GNU Project has created and distributed many libre tools that are in widespread use across many systems worldwide, such as GCC (the "compiler" used to create software in multiple programming languages), GNU Emacs (a powerful text editor), the GNU Core Utilities (which will be covered in Section 3), GPG (the encryption tool covered in Section 6.1), and the creation of the GNU General Public License that many libre developers choose to distribute their software under, ensuring that the four essential user freedoms are protected.

2.1 Common Questions/Misconceptions of Libre Software

But the programs I use on my computer don't harm me!

Many commonly used proprietary programs have been proven to actively implement features that are designed to be harmful to its users[6]. Video games, for example, utilize techniques to prevent unauthorized copying that ultimately harm its legitimate users[7][8] and directly conflict with the freedom to redistribute software. Regardless of whether they affect legitimate users or not, these techniques are designed to directly conflict with the essential software freedoms.

Also, many malicious techniques will not be overt to the user. Has your computer ever sent you a message saying that by using it, you're consenting to an invasion of your privacy for the purpose of selling data to advertisers? And, more importantly, could you really say with certainty that the programs you run aren't spying on you without the developers letting you examine the source code?


So what? Nobody uses these "libre" programs anyway.

Apache and Nginx, which are the web servers that account for about 60% of websites on the Internet, are both libre software[9]. In fact, a good majority of the server-side software that makes up the Internet are libre. A good majority of major software development tools for a variety of languages, such as C, C++, JavaScript, Python, are released libre. Many commonly used "general purpose" programs such as VLC Media Player, Mozilla Firefox[10], and Blender are libre. You couldn't throw a stone without hitting a libre project that serves as a backbone for part of the Internet or general computing.


Wouldn't revealing the code of a program expose security holes to hackers?

Many factors go into the security of a program, and the availability of its source code is often not a factor. In pragmatic terms, attackers are free to "reverse engineer" proprietary software and exploit them, which will take more time due to the opaque nature of the software. Not releasing the source code is a form of "security by obscurity", but that form of security is always broken over time.

Libre software has the advantage of being publicly reviewed by many developers, as opposed to being reviewed by a small group of developers in a corporation. Similar to how companies may hire independent parties to "check their work", libre software allows the community to scrutinize any changes and contribute fixes or new features, which can oftentimes result in libre programs being more secure than their proprietary counterparts.

Practically speaking, the publication of any changes or bug fixes that are made on a libre project is a net positive to the developing community, as other developers can learn from these practices for their own projects and maintains transparency between the users and developers. Again, proprietary software does not have the same pragmatic, as well as ethical benefits, that libre software provides. That being said, the key here is to emphasize that libre software is an ethical consideration, not a practical one.


Wouldn't businesses lose money by giving out their software for free?

Maintainers of libre software projects are often not one monolithic "business", and may not necessarily have "development costs" like a typical company would. The essential software freedoms actually include the ability to sell software as well—it would actually not be libre software if this freedom was not granted[11]. The key purpose of libre licensing is to allow people the freedom to do what they want with the software once they have it, not to just distribute the software at no charge. Prior to high-speed Internet, physical paid copies of libre software would often be distributed, and this would not break libre software licensing as there would still be other means to acquire the program and its source code (such as through sharing) at no charge.

The availability of the software's source code doesn't inherently remove every avenue of monetization for the developers. A few examples: Red Hat, Inc. provides the commercial "Red Hat Enterprise Linux" distribution. Despite the source code of the distribution being widely available at no charge, enterprises may choose to pay for a subscription for the additional benefits of live support and the abundance of lifecycle support offered directly to them. pfSense, a common enterprise-grade firewall and network routing software, offers similar premium services that do not conflict with the libre software licensing it's distributed under. Many libre projects may offer a "tip jar" as well, allowing grateful users to donate to the developer(s).

Video games are another example of libre software and monetization. The code behind id Software's "Doom" and "Quake" games were released under a libre license in 1999, and both games still have active communities that regularly play the games, often utilizing modernized versions of the games made using this libre code. However, this doesn't mean you can necessarily play either game today at no charge, as the graphical and "data" elements (such as levels and sounds) that make up both games are under copyright and are still sold commercially. These sets of data are required to play the game, but generally, they are not code, and thus there is no great ethical imperative to make them freely available.

However, anyone is free to make their own equivalent data set of levels, sounds, and graphics that function equivalently to the original copyrighted sets, just cosmetically different, for use in the games. As an example, libre versions of the Doom engine are often shipped with a data set (or a "WAD", in Doom's parlance) called Freedoom. This creates a fully libre distribution of the game. As the "software" component is libre software, this makes those games not only enjoyable experiences, but ones that respect the user's freedoms as well[12].


If anyone can contribute, what stops bad actors from contributing?

Checks and balances are often implemented in libre projects to prevent this from happening. In large projects, such as Linux for example, contributions are thoroughly documented, streamlined, and cross-checked by both public developers and the maintainers of the specific module of Linux you're contributing to. The odds of a "bad person slipping something in" is nearly zero there.

However, that doesn't mean it doesn't happen. In February of 2024, the "libzma" component of the "xz" libre program (which is present in a majority of Linux systems, and many other programs depend upon it) accepted a contribution from a malicious developer that implemented a backdoor into the program that would have allowed the attacker, upon inputting a "backdoor access" key, to arbitrarily execute any malicious code on the device running that infected software[13].

The xz incident was widely reported on after its discovery in late March of 2024. However, past the sensational "compromised" headlines, many factors were at play in this incident that mitigated its impact: the versions affected would have only had the malicious code within certain Linux distributions (as opposed to all of them), and due to how different distributions of Linux handle updating their programs, only a small subset of distributions that frequently update their software (like testing, or development versions) would have acquired the compromised version of the software.

That isn't meant to downplay the severity of the incident, though. That exploit could have been easily been missed and distributed to a wider amount of computers, which could have been disastrous. However, this highlights a key practical component of libre software: what if the code wasn't available to check? What if a backdoor was slipped in by the company developing the software? How would we, the users, even know something was wrong?

Libre software is not impervious to attack, much like proprietary software isn't. There is still trust involved when you run a libre program on your computer. However, instead of blind trust like proprietary software where you blindly trust that the company will respect you and your privacy without any solid evidence, the trust in libre software is decentralized amongst a team of developers that have the ability to cross-check each other and have the means to stop threat actors from contributing malicious code at all.

Libre software developers have the direct means to build the evidence for trust by displaying the software's code publicly and through developer cross-checking measures. The rationale for trusting libre software is far more evidential than that of proprietary software.

Proprietary software, by nature of limiting the user's freedom to study it, is free to include malicious or insecure code and be completely unnoticed. This has happened before to great effect—the NSA stockpiled exploits targeting computers using Windows, which was only disclosed and patched after those exploits were leaked publicly and utilized to attack computers[14]. Perhaps if Windows was libre software, these exploits would have been found far sooner and not stockpiled by the government.

If Microsoft didn't want to fix "libre Windows", then anybody else could by simply using their freedom to modify software. Therefore, there will always be the prevalent fear in the users of Windows that governments, or hackers, are stockpiling and utilizing these exploits, and their only recourse is to hope that Microsoft will find it and fix it before it gets used... unless, of course, they were the ones to intentionally implement the malicious code in the first place.

Therefore, the question shouldn't be "what stops malicious contributions to libre projects?", it should be "what stops malicious contributions to any projects?" The answer for libre software is far more comprehensive than proprietary software.


What you're describing sounds a lot like "open-source software".

Yes, it does. There is often a large overlap between the goals of open-source software and libre software, such as ensuring that the source code of programs is available. However, the open-source software movement often presents the argument that the source of software should be "open" for practical reasons, such as for ease of community development, rather than for philosophical or ethical reasons like the libre software movement does[15].

Due to the difference in core principles, some definitions may be slightly different between the two, and the resulting schisms may ultimately detract from the importance that software freedoms must be maintained, as it simply is the ethically superior option. The practical benefits are merely bonuses, and those same benefits are commonly seen in other fields that rely on community-focused efforts.


What if there aren't any libre programs to replace my proprietary ones?

The ultimate goal of the libre software movement is to educate users on the dangers of proprietary software, and to encourage the development of libre replacements to the point that proprietary software becomes unnecessary.

Unfortunately, as of today, the unavailability of libre equivalents for certain niche software and drivers may limit users from reaching that ultimate goal. We live in a world that is currently dominated by proprietary software. On top of this, young libre projects might not have the amount of time and money invested into its development as proprietary ones, making it less practical for regular usage[16]. However, at its core, you are still using software that respects your freedom, and you attain practical benefits that proprietary software does not have, like the ability for community code scrutiny or the protection against "forced updates".

Keep in mind, however, that the point of the libre software movement is to educate and start the adjustment, not to encourage people to cut proprietary software cold turkey. While this can be done (see Section 3.2), it's unrealistic to expect everybody to make that jump. I also understand that many people wish to keep up with friends using proprietary platforms for chat, or may require proprietary software as part of their job. Replacement in these situations may not be an immediate option, but educating others on the value of libre options is the first step in implementing freedom-respecting, privacy-respecting alternatives.

Just because you can't change all the programs you use today to libre ones doesn't mean that you can't make changes at all. Any opportunity you have to deny the use of proprietary software, no matter how small, denies the developers that create it positive reinforcement that it's okay to step on the freedoms of users[17]. A libre equivalent exists for a large majority of common productivity software (or already has libre software as the norm) and, if absolutely necessary, libre software exists to create methods on libre platforms to run various forms of proprietary software with varying degrees of success (see Section 3.31).


Where do websites fall in libre software?

Websites are actually one of the most common vectors of malicious proprietary code, with the average user unaware of the existence of this code. The foundation of a website's design lies in the HTML and CSS languages, and this has been the standard for websites since the early 90s. To address the limitation that these languages cannot facilitate interactive or dynamic elements on a website, the language JavaScript was implemented in 1995 by Netscape (the most popular browser available at that time)[18]. This standard allows websites to send JavaScript programs to the user upon connecting and automatically execute it within their browser. JavaScript today is used in nearly every website on the Internet to facilitate dynamic designs and user input forms.

To put it simply, the languages used to represent the design of a website (HTML, CSS, and JavaScript) are not "compiled" in the typical way that normal software is. This allows individuals wishing to study how websites are designed to easily do so, and this process can't necessarily be restricted by the site. Nothing is inherently wrong with the creation or use of JavaScript, but many sites regularly exploit JavaScript's ability to execute arbitrary proprietary programs in the user's brwoser upon entering a website (with no easy way to opt out) to step on the freedoms of users. Sites may also send JavaScript programs that are "obfuscated", which masks the ability for individuals to see what the program is doing.

The prevalence of always-online web services (Google Docs, Office 365, etc.) further entices users to give away their freedoms by delegating a task that can be easily done by libre software offline (such as writing documents) to an opaque server. Instead of running an equivalent program on your computer without restrictions and saving your files to your own private computer, you are now saving files on a company's server, who are capable of arbitrarily restricting your access to its services or to your files. Furthermore, the operator of the server is free to change any server-side code without the need to tell users[19].

Much like how not all software is proprietary, not every website on the Internet utilizes these harmful strategies. Websites that respect user freedoms will, much like normal software, release their JavaScript code under a libre license and not obfuscate it. A user is also free to disable JavaScript execution in their browser entirely[20] or use a browser extension (LibreJS) to only allow their browser to run libre JavaScript code.

2.2 Replacements for Common Proprietary Software

This is not meant to be a completely exhaustive list. This list is an "exercise" with the goal to give starting points for the average user to start researching and considering the possibilities of replacing their existing suite of software with equivalents that respect their freedom. Many other options exist outside of the scope of this list, with varying degrees of practicality.

Blender (modelling software), Krita (image editor), and OBS Studio (streaming/recording software) are all excellent examples of libre software that are already widely used in their respective fields in comparison to proprietary counterparts.

3 Intro to Linux

To practically differentiate between "Linux" the kernel and "Linux" the operating system, I will mostly be referring to the operating system and the related distributions of it as GNU/Linux.

Linux is a libre kernel (the program responsible for facilitating communication between your computer's software and hardware) that is the backbone of the GNU/Linux operating system, commonly referred to as "Linux". The Linux project was originally started in 1991 by developer Linus Torvalds in an attempt to create a libre equivalent to the kernel of Unix, which was the proprietary operating system widely used amongst universities and businesses for mainframe computers in the 1970s and 1980s.

The GNU project (which started in 1983) had already been creating libre equivalents of many Unix programs, and the ultimate goal of the GNU project (to create an operating system entirely of libre software) was held back by the slow development of its own kernel, GNU Hurd.

The simultaneous developments of both the libre Linux kernel and the libre software of the GNU project created the starting point for distributions of the GNU/Linux operating system. Nearly every modern distribution of Linux includes libre utilities under the "coreutils" GNU package[21], which consists of libre versions of software that was commonplace on Unix machines like "mv" for moving files and "cp" for copying files.

These common utilities are standardized and mandated in a standard called "POSIX", which most GNU/Linux systems and other Unix-like systems follow. In addition to this, every distribution of GNU/Linux includes a "package manager" for downloading and updating "packages" (software), and most also include a "desktop environment" as a form of graphical interface to interact with.

Distributions of GNU/Linux are differentiated between their choices of default installed packages, as well as their choice of package manager. For instance, the Debian GNU/Linux distribution utilizes "apt" for package management and the "GNOME" desktop environment by default, while "rpm" is the package manager for Fedora Linux and has the choice of either "GNOME" or "KDE" as its desktop environment.

Some distributions may initially start with minimal software, encouraging users to pick and install their own packages from a large list. The freedom of choice in these distributions far exceeds that of a proprietary system like Windows, where you install the whole monolithic "package" and have no say in what specific software (or spyware) is installed to the system by default.

True to Unix, Linux was originally created without a graphical user interface. A large emphasis, even in graphical environments, is placed on using the text-only command-line interface, commonly known as the "terminal" (this will be covered in-depth in Section 3.31). Many desktop environments will also come with graphical software that serve the same purpose as these terminal commands. However, unlike these graphical utilities, the command-line interface is universal across all distributions, and many advanced programs may outright not feature a graphical user interface and must be used through the terminal.

3.1 Why migrate?

For the majority of readers that may be currently using a proprietary operating system like Windows, a prevalent question is "why should I migrate to a different operating system?" I understand that a major change in workflow can be challenging, and I expect most people to be hesitant or unwilling to make a major change like this.

The answer to this question is multifaceted, and I will go through the reasonings below.

Firstly, I believe that this is the most significant change you can make to maintain your privacy and your freedom, and the migration process is already very seamless. Regardless of the distribution you choose to install, you are completely free to update it whenever it is appropriate for you. Freedom of choice is a major reason for migration, and no GNU/Linux distribution will force you to upgrade to a "successor" version at an arbitrary time. While users may be scared of the change, I believe it's preferable than to be scared of the opaque changes Windows regularly undergoes with forced updates that cannot be disabled.

I also believe that many people are under the impression that GNU/Linux is technically complicated to use, and its use case is only amongst computer experts. This is not true at all. Most desktop environments are specifically designed for ease of use for new users, and the learning curve of using the operating system for daily tasks (such as email, web browsing, etc.) is relatively low. In essence, learning how to use GNU/Linux is only as hard as you make it.

There are many resources online ranging from migrating your files, basic day-to-day tasks (which is covered in Section 3.3) to advanced tasks like automation. Most libre software will also include thorough documentation that is easily referenced offline (which will also be detailed in 3.31).

Microsoft has regularly stepped on the freedom and privacy of its users with regards to the Windows operating system. Here's a relatively short list of examples:

Although not directly related to Windows, Microsoft themselves stated in internal memos that Linux and libre software development in general pose significant threats to Microsoft's market share, that "open-source software" is creating a credible argument that their software is just as good if not better than proprietary software, and that the ability for those processes to "harness the collective IQ of thousands of individuals across the Internet is simply amazing."[30] As a result of the risk Linux puts on Microsoft's unethical business model, they regularly resort to using underhanded tactics in order to discredit libre software in favor of Microsoft products[31].

If you're personally fed up with the clear violations in freedom and privacy Microsoft and other proprietary operating system developers subject you to, then migrating to a GNU/Linux distribution will save you a lot of trouble and help you take back control of your computer.

3.2 Distributions

It would be time-consuming and unproductive to definitively list every single distribution of GNU/Linux, as there are hundreds of them. Instead, I'll give an overview for some of the most popular ones:

While all of the distributions above are massive improvements over entirely proprietary operating systems for a wide variety of reasons, all of them also include small amounts of proprietary code. This is done through "binary blobs", which are proprietary chunks of executable code distributed within the Linux kernel by companies wishing to include lower-level support for their hardware.

All hardware devices require a form of firmware to facilitate communication between the computer and the lower-level functions of the hardware. While all hardware requires firmware in some form, only some companies will distribute the source code for the associated drivers that communicate with the firmware. Therefore, the Linux kernel will come with these "blobs" for certain hardware support, such as for Wi-Fi (so if you don't use the proprietary blobs, you won't have Wi-Fi) and graphics cards. They are not loaded, however, if you do not have the hardware that requires their use.

While this is great for practical purposes, this is not desirable for the purposes of upholding libre software standards, as these blobs do not come with access to the source code. Therefore, there is no way to figure out how exactly the program is communicating with the hardware, or what information it's communicating. There is a special denomination of distributions that strictly uphold the libre standard and forbid any proprietary kernel blobs, as well as forbid the installation of proprietary software. While I don't suggest that typical users use these[34], I still wanted to mention them as examples of completely libre computing.

3.3 Migration Process and Basic Linux Usage

Firstly, and most importantly, those wishing to switch to a GNU/Linux distribution will need to know the method that is used to install it. This is commonly done through "live discs", which is a version of the operating system that is designed to run completely on removable media (flash drives and CDs/DVDs) without the need to modify the system. Any changes made to the system on a live disc are not saved, which is convenient for testing distributions without installing them to your system. I recommend that you test the distribution that best interests you before installing it, as any problems or hardware incompatibilities you may encounter with the operating system will usually manifest itself in the live disc environment.

The process to create a "live disc" and install a distribution is as follows:

If you're hesitant on replacing your proprietary operating system entirely, an option is to dual-boot operating systems. This means that upon starting your computer, you will have the choice to boot between two different operating systems, like Windows and a GNU/Linux distribution. Most distribution installers will have the capability to set this up for you, but there are some caveats: you will need to split your drive's storage between two operating systems into separate "partitions", which can be a problem on computers with smaller drives.

If dual booting, you will need to disable Fast Startup in Windows[36] and Secure Boot in your computer's BIOS[37]. In some specific circumstances, such as major updates of Windows or by manually requesting Windows to repair its bootloader, some dual-boot setups will be overwritten by Windows, which will break dual-boot and require manual fixing[38]. The process for fixing broken systems is generally helpful to know, and will be detailed in Section 3.33.

Another key consideration in migration is the transfer of important files over to a new operating system. There are a couple ways to do this, but the simple answer is that moving files to GNU/Linux is no different from moving files to another Windows computer. A short, distribution-agnostic list of methods is below by degree of complexity:

Once the migration process is finished and you're on your choice of distribution, you may find that the graphical interface is similar in many ways to Windows. Most desktop environments will come with a "file explorer" for browsing files on your device, an Internet browser, a "notepad" for writing text documents, and "Settings" for general hardware and desktop environment configuration. I would personally recommend exploring your choice of distribution and getting comfortable with the default applications, as these default applications are designed to be well-integrated with the desktop environment. Despite that, you are free to install any software to replace any default programs your distribution came with.

The main method of acquiring new software on GNU/Linux is through your distribution's package manager in the command line. For example, to install Wine (a compatibility tool for running Windows programs on GNU/Linux) on Ubuntu, I would run the following command:

sudo apt install wine

The sudo portion of the command means that I will be running the following command with elevated privileges (see Section 3.31), and the "apt" portion of the command invokes Ubuntu's package manager. If I wanted to check for updates to my installed software and download them, I can run the following:

sudo apt update

A list of the package managers in most distributions is below:

In some distributions, there may be an "app store" (not to be confused with the package manager) that allows for a quick and convenient way to install software using the graphical interface. Contrary to the usage of the word "store", these applications are all free of charge, and you are free to install both proprietary and libre software from within it. This may be helpful for new users before they get adjusted to the usage of the terminal.

The file directory structure is vastly different than that of Windows. By default, when a user opens a file manager, they will start in their user's home directory. The home directory is where, similar to Windows, general-purpose data like pictures, music, and videos are placed for that user. The "root" of your computer (which would be C: in Windows) is / in GNU/Linux. Your home directory does not contain your whole operating system; that is where other directories, such as /usr (utilities), /lib (system libraries), and /bin (important system-related software), come into play. While you don't necessarily need to know this to use the system, Section 3.31 and 3.32 go into further detail about this design and how it can be utilized by the user.

As mentioned above, there exists a compatibility tool named Wine that allows you to run Windows programs on GNU/Linux distributions. This will create a faux Windows "setup" (a "prefix" in Wine terminology) containing components like the Windows Registry and common Windows directories. It's better for the sake of practicality if you opt to simply find libre alternatives to your Windows programs. Despite this, Wine can be helpful if, for instance, you wish to run games on GNU/Linux. However, not all Windows programs will work correctly out-of-the-box with Wine, and the technical details for getting programs to work can get quite complicated for the average user and is not within the scope of this guide. For more information on this program, I would recommend reading Wine's own documentation.

3.31 Command-Line Utilities

While you can easily use GNU/Linux without using the terminal, the terminal is the most powerful tool you can utilize for both basic and advanced tasks across GNU/Linux systems, and is only as complicated as you make it. Your proficiency with the core concepts of the terminal will allow you to easily perform advanced tasks without the need to wrangle graphical interface programs, and will also allow you to run utilities that do not have graphical interfaces at all.

The Unix operating system was originally designed for mainframes and server. In this environment, multiple users could connect to the machine and do work at the same time. This connection would be facilitated through the use of a "computer terminal", most of which only displayed text. These users would log in with their own user account and password through the terminal, and would have their own directories and files that only they have access to. This Unix design is why "terminals" exist in GNU/Linux, and also is the reason why features like file/directory permissions and ownership exists (see Section 3.32). The Windows equivalent to this would be the "Command Prompt", which has a few similarities to that of the typical GNU/Linux terminal.

When I refer to the term "terminal", I am usually referring to a "terminal emulator", which is meant to simulate the text-only terminals that were used with Unix systems on a graphical interface like your GNU/Linux desktop. Every distribution will come with a default terminal emulator. The information you learn about the terminal is agnostic to distribution or terminal emulator; the core concepts and basic commands will stay the same across all GNU/Linux distributions.

When you open a terminal emulator, a "shell" is created. This is the program that is responsible for interpreting the commands you type into the terminal emulator. A terminal displays output to and accepts input from the user, while a shell is the program that runs inside of a terminal for interpreting user-typed commands. Despite the distinction, "shell" and "terminal" may sometimes be used interchangeably in documentation. As a general term, the area in which you type commands for the computer to execute is called the "command line". While it may be daunting and overwhelming to have an open-ended prompt, you should start with reading the first line that is displayed on the screen. This displays, in order: the current user, a separator (@), the name of the computer, a separator, the current working directory (~ - this is a synonym for your home directory), and a symbol to denote that the shell is ready to accept commands ($).

Similar to a file explorer window, your terminal's "working directory" is the directory that is currently in use by the terminal. This defaults to the user's home directory. Once a command is typed, pressing Enter will send the command and run any program that is included in the user's written command. To display files and directories in your working directory, you use the ls command. To move into one of those directories, use the cd [directoryname] command, replacing [directoryname] with the name of the directory you wish to traverse into.

Incorrect usage of a program or command will display an error, and will (generally) terminate the command. Most commonly, you will see a "command not found" error, which means you attempted to run a program in your command that does not exist by that name. Pressing Up and Down on the keyboard (or Ctrl-N and Ctrl-P) will allow you to traverse through the history of executed commands. Pressing the Tab key with an incomplete command will list potential completion options for that command. For instance, if I typed rmdi and then pressed Tab, it would autocomplete to rmdir (the command used for removing directories), as that is the only program on the computer that starts with rmdi.

Programs in the terminal will often require some form of input in the form of arguments. Arguments consist of anything you place after the command's name, which encompasses both options and parameters. Options and parameters are both ways in which a program can be told to behave differently. For example, the ls command can be executed without any arguments, and will display the current working directory. Options are optional switches that change how the program performs various actions. The -l option in ls -l displays the information in a "long view" spanning from the top to bottom of the terminal, and the ls command can also be invoked with a parameter consisting of the location of a directory besides the working directory. For instance, typing ls -l /usr/include will display, in long configuration, the contents of the /usr/include/ directory.

Most programs, when invoked with no arguments, will display a convenient explanation of the program's purpose, and any available options and their function, and any parameters that should be specified. More information about how a program works and its options can be found in the program's manual page, or "manpage", which can be displayed for any program by utilizing the man [command] command.

Some essential programs and their brief function are below. Optional parameters are in brackets, and mandatory parameters are not:

Some essential programs for "pipelines" (explained in Section 3.32) include:

The terminal will run commands one-by-one, so if the command you type is taking too long, you will either need to wait for it to finish or hit Ctrl-C. This will signal the program to quit, which is helpful if the program is stuck or if you made a mistake in your command. There are plenty of helpful shortcuts like this within the terminal that will allow you to manage terminals and commands more effectively, like Ctrl-L to clear the screen or Ctrl-R to search for commands you previously entered[41].

There exist a wide variety of resources online for learning the terminal. I'd recommend looking up ways online to complete your day-to-day tasks in the terminal, and studying the commands you run to complete those tasks, as well as what they do. After all, the only way to learn how to use it is to actually use it. A great resource I'd also recommend alongside the manpages of common software is the Arch Linux Wiki (wiki.archlinux.org), which serves as a comprehensive resource for a wide variety of software and GNU/Linux techniques that are not necessarily confined to just Arch Linux alone.

3.32 Advanced Linux Features

You may have noticed in the previous section the usage of the term "pipelines". This refers to a concept in Unix and GNU/Linux that allows for a standardized method of funneling input and output to programs. There exists three main "pipelines" for information to flow with relation to a program: standard input (stdin), standard output (stdout), and standard error (stderr). Standard input is the pipe "into" the program, standard output is the pipe "out" of the program, and standard error is separate but similar to standard output. The primary focus is on stdin and stdout; stderr is typically a way for programs to divert error messages directly to the terminal, as opposed to stdout where it may conflict with routing data.

For example, take the command cat file.txt. The standard input of cat receives the data from the specified file, and since no standard output was specifically denoted, the default is to the terminal screen. This, however, is behavior that can be modified through the use of special symbols. If you wanted to search for the word "dog" in that text file, you could redirect cat to grep (a pattern-searching tool) like so:

cat file.txt | grep "dog"

This | symbol is what directs the "cat" software to, instead of using the terminal as standard out, to instead "pipe" it into the standard input to grep. grep, as a result of using stdin when it is not executed with a file parameter, will search the stream of text and return any lines in the text file that contain "dog". Note that I use the word "stream". You're not simply giving grep the file name, you are actually physically piping the data from the file through use of the cat command.

The output or input of a command can be replaced by a file through the use of the > and < symbols. This is called redirection. As an example, the previous example of "piping" can also be achieved with

grep "dog" < file.txt

where < specifies to grep that stdin should be replaced with the contents of file.txt. The following command will run the search on file.txt, and write the results to log.txt:

grep "dog" file.txt > log.txt

Keep in mind while using this feature that the direction matters: < replaces standard input, and > replaces standard output. There will be no warning if you mix them up and accidentally overwrite files, so make sure you get it right!

While this may seem like a gimmick, the design philosophy behind Unix's software (make many small programs that achieve one specific goal) is what allows comprehensive scripting to be done across the command-line by chaining many commands together through the use of pipes. Any commands you create can be saved for later use in a "shell script", which is a simple script (similar to Window's ".bat" batch files) that has the ".sh" file extension and can be used to achieve a wide variety of tasks.

As previously mentioned, Unix was originally designed for the use case that multiple people could use the server or mainframe it's running on at the same time. This also includes having ownership of different files, meaning one user on the server may not be able to access the files that are owned by another user. This is also a feature in GNU/Linux, and you may have caught glimpses of it using the ls -l command that was previously mentioned. The information to the left of the files list is the "symbolic notation" of permissions on that file. While it looks complicated, it's very simple to read, and I'll give an example below: 

-rwxr-xr-x 1 user usergrp     2191 May 17  2024 output.file

From left to right, the following information can be read: the first - denotes that it's a file (if it was a directory it would be "d"). From there, the permissions are grouped into three groups: permissions for the owner of the file/directory, permissions for the group for the file/directory, and every other user. Permissions are denoted with single letters: "r" for read, "w" for write, and "x" for execute (for files, the ability to run it. for directories, the ability to "see into" the directory). In this example, the user "user" has read, write and execute permissions for output.file, the group "usergrp" has read and execute permissions, and others have read and execute permissions as well.

Permissions of files, as well as their ownership, can be changed through the use of the chmod, chown, and chgrp commands, respectively. chmod will probably be the most common one you use, and can be supplied permission types in a few different ways. For instance, if I wanted to remove the ability for others to read the above "output.file" example, I could use the chmod command in the following ways to achieve this:

chmod o-r output.file

chmod u=rwx,g=rx,o=x output.file

chmod 754 output.file

The first one specifies that from the "other" group, remove the "read" permission. The second specifies all specific permissions for user, group, and other. The third one denotes the permissions for every group under a different notation, which is called "octal", which can be calculated by adding up the permissions you want. Execute is 1, write is 2, and read is 4. Therefore, adding them all together gives 7, which is the maximum permissions for that group.

File permissions and ownership may not commonly show up in basic home computing tasks. However, if you're using the terminal, you may have noticed that executing certain commands may give you the "access denied" error. For example, running fdisk -l to list storage devices will give you an "access denied" error. This is because by default, the ownership of the files that represent your hardware devices is different than that of your own user's. These devices are owned by "root", which is the account with the highest level of access and has access to all files and directories. To temporarily run the command with permissions higher than your current user, you can use the "sudo" command. So, to execute the previous command, I would run

sudo fdisk -l

and then supply my user's password. Although not advisable, if I know the password to the "root" user (which may not be possible on some distributions), I can simply change to that user and run the command:

su root

fdisk -l

Another important feature in Unix (and by extension GNU/Linux) is that "everything is a file"[40]. This means that, in very simplified terms, files exist in your system that correspond to hardware devices and hardware info. These files are stored in the /dev/ directory, and can be utilized by programs through the use of pipelines. The previously mentioned commands for creating a live disc in GNU/Linux uses redirection to achieve this goal, where it will write the result of "cat" directly to the flash drive by using its associated /dev/ file. That command is as follows:

cat [path].iso > /dev/disk/by-id/usb-[usbname]

The "hardware" notation for disks, which will likely be the most common way you'll see this "design feature", is also a file. The first partition on the first hard disk, for example, is /dev/sda1. This naming scheme increments the number for the partition, and the last letter for disk: the second partition on the third disc is /dev/sdc2. The order in which disks are mounted may not be the same across all systems, so it's important to double-check when operating with disks in this manner to make sure you're targeting the correct disk/partition. Also, it's possible to target the entire disk and not a specific partition by not including the number denoting its partition, such as /dev/sda.

3.33 Fixing Your System (if it breaks)

Unfortunately, the situation may arise that your comfortable computing experience is interrupted with errors. I believe the avenues for fixing your system are much more effective than a proprietary system like Windows[42].

For starters, if you're (somehow) reading this section in a panic because your system is currently frozen, use Ctrl-Alt-F1 to F6. This is a shortcut that allows you to switch to a "virtual terminal" independent of your desktop environment (which is probably what's frozen and not your whole system). Once you enter another terminal, you will need to log into it and use the terminal to procure any potential fixes to your problem (such as killing stuck programs, or restarting your desktop environment). If all else fails, you can use the "reboot" command to safely restart your computer. To return to your desktop, use Ctrl-Alt-F7.

If certain programs are not working, you may need to look at log files to determine why they aren't working properly. In most distributions, you can view the status of a service (a program that is usually running in the background of your system, such as for networking) on your system by using the systemctl status [service] command, where [service] denotes the name of an application. If it's not running, or tried to start but fails, it will be displayed as well as some of the recent lines from the log file. The location of log files is usually specific to each program, but you will often find them in /var/log.

Although I can't list specifically every single package and every single way it can be misconfigured, if you're editing files and can't seem to fix your mistakes, it may be best to simply reinstall the package with fresh configuration files. To do this (in Linux Mint/Ubuntu), you would use the following commands:

sudo apt purge [package]

sudo apt install [package]

If your system refuses to boot at all, or is otherwise in a state that prevents you from using it normally, you will need to use the live disc for your respective distribution that you created previously to facilitate manual repairs. Sometimes, the installer to these distributions may recognize your computer isn't booting, and allow you to repair it using the installer. I'll use Linux Mint as an example here. If you are having problems with your Linux Mint installation, the live disc's installer will sometimes allow you an option to repair the installed operating system.

For manual repair, I'm going to assume you have basic proficiency with the command-line utilities. You can mount the damaged drive in the live disc environment using the mount command (make sure you check which partition(s) to mount using fdisk -l or similar).

There can be a wide variety of reasons for your computer not booting properly, but most often it is caused by either a broken bootloader (if you can't start your computer at all), settings in your motherboard's settings (such as placing another operating system's bootloader first in the boot order, causing the GNU/Linux one to be skipped), misconfigured packages, or in extreme cases, critical files are missing from your system. The latter would require a full system reinstallation, and, if you're keeping to the GNU/Linux paradigm of keeping your personal documents in your user's /home directory, a reinstallation should be fairly straight forward. Distributions like Linux Mint often come with helpful tools for backing up your files as well, which makes reinstallation fairly simple[43].

In this hypothetical scenario, let's assume that the program responsible for booting Linux Mint (the bootloader) is located on /dev/sda1, and is broken and needs to be reinstalled. I would personally also update all of my packages to ensure they're not causing issues with my system either. This may be a scenario you face if you update Windows on a dual-boot setup, as Windows is prone to overwriting your bootloader.

To do that, I can mount the drive and use "chroot", which is a program that allows you to, in effect, create a "fake" root directory. This will appear to the system and various programs as though I'm interacting with my regular system. To achieve this, I would start with the following:

sudo mount /dev/sda1 /mnt

After mounting, to allow the chroot directory to have proper access to certain dev devices, I would need to "bind" them. This will create a bridge between the chroot dev files (which wouldn't actually work otherwise) and the actual system's devices. Some distributions come with the script "arch-chroot" to handle this process for you and create the chroot, but if you don't have that, it is achieved with the following commands:

sudo mount --bind /dev /mnt/dev

sudo mount --bind /sys /mnt/sys

sudo mount --bind /proc /mnt/proc

sudo mount --bind /run /mnt/run

sudo mount --bind /sys/firmware/efi/efivars /mnt/sys/firmware/efi/efivars

To create and enter the chroot, I'd run the following:

sudo chroot /mnt

At this point, I would be executing commands in the "fake root" directory. First, I would update all my packages to ensure that everything is up-to-date and isn't causing issues with the system:

sudo apt update

From there, I would then reinstall GRUB (the GNU/Linux bootloader) and specify certain parameters to denote that I am using a UEFI system (if your system is older, you may want to forgo those parameters), and then use "update-grub" to create a new configuration file for the bootloader.

sudo grub-install /dev/sda --target=x86_64-efi --efi-directory=/boot/efi

sudo update-grub /dev/sda

The latter command should automatically detect that I have a Windows bootloader, and add it to the list of GRUB boot options. Finally, I would restart and verify that the bootloader has been properly fixed. Keep in mind that this is a hypothetical scenario, and, depending upon your disk configuration and other factors such as if your bootloader is installed on a different partition, you may need to change the commands slightly to achieve this goal.

4 Basics of Virtual Private Networks (VPN)

You may have heard the term "VPN" used by various social media influencers as part of their corporate sponsorships. A virtual private network (VPN) is a type of networking technology that, in its typical operation, funnels the user's encrypted networking traffic to a VPN server, which then forwards the traffic to its intended destination. The two most common implementations of this technology are to allow employees of a company to connect to and access their company's internal networks securely, and for home users to mask where their traffic is going from their internet service provider.

Simply speaking, your home network has a unique identifier called an "IP address", which is assigned to you by your internet service provider (ISP). When you communicate with other computers and websites, your IP address is what allows the party you're communicating with to have a "destination" for the traffic, and vice versa. If there were no IP addresses, there would be no way to identify which computer or server you're supposed to be sending data to.

Throughout this communication process, your ISP, by nature of facilitating these connections, will have the ability to log and determine what website or websites you were communicating with. By using the VPN server as a "funnel", your ISP will not be able to see the websites you've visited, just that you're connecting to a VPN server[44].

When you connect to a service using a VPN, instead of your device's IP address being seen by the service, your VPN server's IP address will be seen instead. This will also change your location, as the VPN's server will often be physically located in a country that is not your own. This can be helpful for accessing geoblocked resources, such as television shows and movies that are not distributed within your native country.

By using the VPN server as a "funnel", the performance of your connection will often be reduced, as the VPN server will serve as an intermediary for your connection and add travel time to your connection. This can make VPNs not ideal for certain low-latency activities, such as playing online video games. Using a VPN also comes with the added risk that you will have to trust the VPN server to not log your traffic, as they will be the intermediary that can both see your unmasked IP address, and the IP address of whatever service you requested.

You will need to be careful of the privacy guarantees when you choose a provider, as well as ensure that the source code to their client is available to ensure that they're not implementing malicious features or backdoors. Some providers (listed below) will occasionally be audited by external companies to ensure that they are in compliance of their data privacy standards.

You will also need to be careful of the security flaws within the VPNs themselves; a common example of one is "DNS leaking". DNS is the protocol that is used by DNS servers to translate website domain names to their respective IP addresses. In normal circumstances (without using a VPN), you would use your ISP's DNS server to transmit these requests. When using a VPN, this is usually routed through the VPN to maintain privacy. However, using some insecure VPN software, it's possible that these DNS requests can accidentally be forwarded to your ISP's DNS server, which will expose to the ISP what websites you are visiting. This can be mitigated by utilizing protocols that encrypt DNS traffic (DNS over HTTPS/TLS) or by using a VPN client that funnels DNS requests through the VPN.

This technology is often used in countries that implement extensive networking technology to control the flow of information arbitrarily. In China, for example, VPNs have allowed users to create a "bridge" between their Chinese internet, a VPN network serving as the "bridge", and connections to the outside world, bypassing most of the government's comprehensive systems (nicknamed "the Great Firewall of China") for rerouting or otherwise blocking traffic to banned websites or traffic containing banned topics[45]. Although illegal in China, this has been a proven demonstration of the effectiveness of VPN technology for privacy.

The average consumer VPN will often be a subscription-based service. Some allow access for free, but they often are slow, have a limit on the amount of data that can be sent through it, and may also put your privacy at risk by collecting your data while you use it. Free plans also exist for paid VPNs, which serve as an excellent way to test their services. The key to finding a good VPN is to make sure they do not keep logs on your activity (which can be hard to determine, as it's just a "promise" for most), and allow you to use a libre client to access it. Some paid ones I researched and may be of interest to you are listed below:

This is only a small subset of services on the VPN market, and I'm making these observations with the information I currently have as of the date of writing. It's entirely possible that one of the above could have a security incident in the future that may break trust among its users. It's up to you to research and decide which one best fits your use case, and it may involve one that is not listed on this list.

It is also possible to host your own VPN service (which is covered in detail in Section 4.1) and may be the best choice in privacy and freedom, as you will be absolutely certain that your self-hosted service does not keep logs and is secure. This is done using libre software and by paying a small monthly amount for a server hosted overseas.

4.1 Advanced VPN Techniques

Since a majority of VPNs are established on libre standards and programs, it's possible to create your own using a server in a geographic location of your choosing. This section is going to assume you're familiar with the GNU/Linux terminal and basic server management, such as connecting via SSH, and public/private key cryptography.

To begin with this process, you're going to need a server. There are hundreds of virtual private server (VPS) providers out there, and many of them have their own rules and standards and are hosted in a wide variety of geographical locations. It's best to find one that hosts servers in a location that is known for having strong privacy laws, such as Switzerland, Sweden, or Denmark.

You may also want to consider your chosen VPS provider's bandwidth and network configurations with whichever plan you choose to purchase. While a cheap VPS can cost a few dollars a month, it may not have the bandwidth to support fast speeds your Internet connection can handle unless you pay extra. Some VPS providers will also charge additional fees if you are using too much traffic per billing cycle.

While I don't see a service like a VPN being a problem for most VPS providers, be sure to triple-check their terms of service and make sure you're not breaking them. I'm not responsible for you purchasing a VPS and having your service terminated for breaking their rules, or by doing something illegal. I'm also not responsible for you getting in trouble because VPNs are banned in your jurisdiction.

Once you've acquired a VPS and have successfully remotely connected to it, you're going to need the following:

There are libre scripts online that will automate the install process for various protocols, which can be the easiest way for non-technical users to perform this process. I would really recommend using these, as opposed to the manual setups below. Keep in mind, however, that you should review any scripts before executing them, as executing unverified scripts could easily compromise your system. Here are some examples that I found:

If you don't trust these scripts, you can also manage the setup yourself. I don't think it would be productive to try and list how to install each protocol's server step-by-step, as their respective documentation will be much more effective at explaining it than I could. I'll give some helpful resources and pointers below:

Additional tips:

5 The Tor Network

The Tor network is a libre protocol that is an excellent tool for keeping traffic private. The Tor Browser is the widest implementation of it, and is freely available for Windows and GNU/Linux. The core concept behind the Tor network, known as "onion routing", was originally created in the 1990s by researchers at the United States Naval Research Laboratory (yes, this is a product of the United States government) as a method of secure communication across computer networks for U.S. intelligence operations[49].

A simple thought experiment: when routing traffic through a virtual private network (VPN), in very simplified terms, your traffic interacts with three destinations: first your computer, then the VPN server, and then to your intended destination. This increases your privacy, but in this configuration, the single point of failure for your privacy is the VPN server due to the access of both the source and destination of the traffic for routing. So, the solution would be to add more than one "server" to this configuration and to encrypt between each server. Your traffic, then, instead of going from server #1 to your destination, now goes to server #2, then server #3, until it reaches your destination.

The above thought experiment is basically the core concept of onion routing, which is used by the Tor network. When you send traffic on the Tor network, it's first encrypted multiple times and sent to an "entry node", which serves as the entry point for the Tor network. At this destination, it removes one layer of encryption (like an onion) and sends it to a "middle node" where another layer is decrypted, and then finally exits the Tor network through the "exit node" with no encryption and reaches its destination. When the requested site wants to send traffic back, it has to put the encryption on the same way it came, until it reaches your computer with traffic that's encrypted in the same way you sent it. The additional use of TLS/SSL encryption (the S in HTTPS) means that your traffic will exit the Tor network encrypted as well[50].

This method of "onion routing" traffic means that the nodes and the destination website will not be able to tell where the traffic is coming from, meaning that most websites that you visit using the Tor Browser will not be able to identify you unless you specifically do so (or through exploits). Your ISP will not be able to see where your traffic is going, and will only see that you communicated with the Tor network. With the use of a proxy, your ISP won't even see that you're using Tor at all.

All nodes in the Tor network are volunteer-based, meaning any server operator that wishes to run a Tor relay is free to do so. All relays and their respective IP addresses are public information published by the Tor Project, which can often cause it to be blocked by particularly censor-prone countries or service providers[51]. However, the "obfs4" proxy program included with Tor allows operators to create special "bridge" nodes that are kept secret from the relay list, and can help mitigate these blocks.

The Tor network also allows access to a special kind of website, denoted by a URL suffixed with ".onion", which are websites that are only accessible through the Tor network. Thanks to the significant encryption that is applied on traffic when it gets routed to these kinds of websites, this makes them very hard to track when compared to regular websites on the World Wide Web. Users will not be able to see where the "destination website" actually is since it is being routed through the Tor network.

These ".onion" websites are referred to as being in the "dark web", as special tools are required to connect to them. This term, and the associated URLs, are often used by media to refer to websites that serve illicit services that take advantage of the Tor network's anonymity. Therefore, most people assume that these sorts of links and the "dark web" in general will lead to illegal websites. In reality, Tor is regularly used for normal browsing and by people with particular needs for privacy and anonymity, such as journalists and military personnel, and only a small percentage of these ".onion" sites are actually advertising illicit services[52].

To utilize the Tor network, you need to download the Tor Browser (www.torproject.org/download/, or the tor package in GNU/Linux). Once it is installed, running the Tor Browser and following the on-screen prompt will allow you to connect to the Tor network. Once this is finished, you can use the Tor Browser like you would any other browser, and browse regular websites and onion-routed websites. Since there is a minimum of three "nodes" for your traffic to travel through that all need to handle encryption, it is generally much slower to fetch resources when compared to regular browsers.

When using the Tor Browser, you may want to look in the Settings and take note of the "Security Level" located near the bottom of the Privacy & Security tab. The "Safer" and "Safest" options will disable various aspects of the browser, such as the ability to play videos and execute JavaScript code, as these can potentially be used by malicious websites to break your anonymity. When connected to a website, you may also notice that there is blank space around the margins of the page. This is a technique used by the Tor Browser to standardize your screen resolution, which malicious websites could otherwise use to personally identify you.

While connected to the Tor network, you can see what nodes are being visited by clicking the purple/blue web icon next to the padlock to the left of the URL bar. If you wish to reset these and be routed somewhere else for the current site, you can hit the "New Tor circuit for this site" button, or the duster icon in the top right of the browser to completely reset your connection to the Tor network. Keep in mind that since the website you're connecting to no longer knows who you are, your geographical location will be seen by them as the location of the exit node. This may make some websites display in languages that aren't English. To change this, you may need to manually request the English version of these websites.

Although not directly related to Tor, there exist other forms of decentralized networks that are used to access the Internet that operate under similar principles of anonymity and censorship resistance, such as Hyphanet (hyphanet.org) and GNUnet (gnunet.org/en/)

6 Basics of Virtualization (VMs)

Virtualization is the technology that allows you to "run a computer within a computer". This is achieved through the use of a "hypervisor", which is a type of hardware or software that is responsible for managing the computer's resources and segregating it appropriately to the virtual machines. The physical computer or operating system hosting the virtual machine is referred to as the "host" computer or operating system, and the virtual machine and the operating system running inside of it are referred to as the "guest". There exists two kinds of hypervisors: a Type-1 hypervisor and a Type-2 hypervisor. Generally, hypervisors are implemented as software that runs on a general-purpose computer, and that is the kind that will be discussed here.

A Type-1 hypervisor, also called a "bare metal hypervisor", is a hypervisor that has direct access to the computer's hardware, and doles it out efficiently between one and potentially multiple virtual machines simultaneously[53]. A Type-1 hypervisor has full control over the hardware, and is generally the first software loaded upon booting the machine, and/or may be a component of a general-purpose operating system. Examples of Type-1 hypervisors include the Linux kernel's Kernel-based Virtual Machine (KVM), Microsoft's Hyper-V, and Xen.

A Type-2 hypervisor, also called a "hosted hypervisor", is a hypervisor that runs as an application inside of an operating system. The need to run inside the context of an operating system application means that rather than manage hardware resources directly, the hypervisor instead must work together with the operating system and ask it for resources. The additional layer of the operating system sitting between the hardware and the virtual machine means that the virtual machines themselves may not be as fast as ones running on a Type-1 hypervisor, and they are less flexible, as the operating system may simply say "no" to certain requests of the guest system, such as if the virtual machine lacks permission to access a hardware resource. However, Type-2 hypervisors might be simpler to use and maintain. Examples of Type-2 hypervisors include VirtualBox (which will be covered in the next section) and VMware Workstation.

The privacy benefits of using virtual machines (VMs) to run your software are pretty huge: it allows you to run any type of software within a segregated space and not have it affect your host system. Additionally, virtual machines are helpful in testing software on other operating systems. Virtualization in the enterprise market is also used to greatly reduce server costs, as the need for many servers running separate software can be reduced by using virtualization on a couple servers, with each virtualized container running the software that a standalone server would have.

When using a virtual machine, you will need to keep in mind that components that would exist on a real computer, such as hard drives and optical drives, will also be emulated. You will need to make sure you manage these as well, as you will need a hard disk and an optical disk in order to install an operating system. The virtual machine's disk storage is kept in a "virtual disk" file on the host operating system. If it's available to you, you may want to create this disk image on a solid state drive for better performance on the guest machine.

While VMs are great for privacy, it doesn't mean that there aren't downsides associated with them. For starters, older systems may not have the resources available to run virtual machines. In most cases, virtual machine software will opt to render using your computer's CPU instead of GPU, which is more compatible across various types of host hardware, but is far slower. This usually isn't a problem for most applications (browsing, text editing, etc.) but applications that require 3D graphics, such as video games, may not start at all or run with terrible performance inside of a VM.

Furthermore, VirtualBox (the software covered in the next section) does not by default allow virtual machines access to the host's GPU; this can be mitigated with the installation of "Guest Additions" on the virtual machine, which will delegate some but not all graphics-related operations to the host's GPU. Some VM software, like Quick Emulator (QEMU), can allow for the host operating system to relinquish control of the GPU so that the virtual machine can use it (called GPU passthrough) and achieve identical or almost-identical graphical performance in the guest as in the host, but this is difficult to configure for the average user, may require significant trial and error, and is usually unnecessary unless there is a significant need for graphics performance.

If you plan on running potentially malicious software in your VM, you must be careful to not share any directories (like through VirtualBox's "Shared Folders") or networking with your real machine, as they can be used by viruses as potential attack vectors to escape the virtual machine. Some rare types of viruses may also specifically target the virtualization software and escape from it using exploits, which is rare but not unheard of[54].

An operating system worth noting is Qubes OS, which is a special GNU/Linux distribution that uses virtualization as a key security feature. It allows the user to segment all applications running on it into separate "qubes", which are run in their own separate virtual machines[55]. When you look at a screenshot of Qubes OS, all of the running "applications" are not actually running on the host. They are all in separate virtual machines, each with their own GNU/Linux distribution installed. This makes it a very effective security-focused operating system, as the host "qube" is rarely ever running applications that can potentially be compromised.

6.1 Using VirtualBox

VirtualBox is libre virtualization software available on Windows and GNU/Linux that utilizes a Type-2 hypervisor to host virtual machines. This is the ideal virtualization software for most users, as the interface is easy to navigate and the overall ease-of-use allows you to quickly get a virtual machine with minimal trouble. For GNU/Linux hosts, however, you may want to consider using QEMU to take advantage of KVM (see Section 6.2).

Once you've installed VirtualBox and are on the main interface, to create a virtual machine, hit the "New" icon in the top. This will ask you to make a name for the virtual machine, a location to save the virtual disk file, and also prompt for an ".iso" image file. While not required for the initial setup, you are going to eventually need to install the operating system you wish to run on the machine using an ISO image. Much like on a real computer, you will need to find installation media online of the operating system you want to virtualize and boot into it in order to install it.

By default, VirtualBox will automatically detect the operating system you're trying to install from either the ISO you've selected or the name you give to the virtual machine. If the operating system supports it, VirtualBox will allow you to do "Unattended Setup", which will automatically install the operating system with a chosen username and password. If you don't want to do this and manually install the system, you can select "Skip Unattended Installation". VirtualBox will also prompt you to delegate system resources (RAM and processor cores) to the machine, which can be changed at any time in the virtual machine's settings. If you don't know how much to give, VirtualBox will set a sensible default for the chosen operating system[56].

The virtual machine creation process will also ask you to specify options for the virtual disk file, which will be created as a ".vdi" disk file. Like the resources from before, this will usually be set to a sensible default based on the operating system you're installing. By default, the virtual disk will only take up as much space as you use on the virtual machine, so you don't need to worry about having free space on the host for the amount that's prompted unless you plan on using all of it in the VM. You can change this by selecting "Pre-allocate Full Size", which will create a disk file immediately with the specified size.

Once the initial setup of the virtual machine is done, you may want to look in the Settings of the virtual machine to change certain variables. For instance, you may want to change the memory allocated to the virtual machine's GPU, which can be done in the Settings under Display.

In the "Expert" tab of the virtual machine's settings, you can change advanced variables, such as the method that is used to give your virtual machine Internet access. By default, it's set to "NAT" (Network Address Translation), which simply means that the virtual machine will share the same IP address as your host machine. This is usually the simplest way to give your VM Internet access, but this can be changed to various other modes, such as "Bridged", which will delegate a separate IP address on your local network for the virtual machine as if it were a real computer.

To start the virtual machine, you need to select it in the main VirtualBox interface, and hit "Start". From there, you will be within the virtual machine window. In most circumstances, upon moving your mouse into the virtual machine, it will take control of it unless you hit Right Ctrl to release it. This, among other quality-of-life features, can be changed if you install the "Guest Additions" for the virtual machine, which can be done by going to Devices, and selecting "Insert Guest Additions CD image". This will insert the image into the virtual machine, where the additions can then be installed.

The bottom right of the virtual machine window will display metrics for your virtual machine, such as if the virtual hard disk or networking adapter is in use, as well as if any shared directories are in use. The top toolbar will also have helpful features for managing the virtual machine, such as shutdown/reset (Machine > Reset/ACPI Shutdown), and management for inserting an ISO file into the virtual optical drive (Devices > Optical Drives). Remember that the virtual machine is emulating the hardware you would have on a real computer, such as a CD/DVD drive and Ethernet connection. The "Devices" section of the toolbar will allow you to manage these components, much like you would on a real machine.

6.2 Using QEMU

Quick Emulator (QEMU) is a libre virtualization software that is capable of utilizing Linux's KVM, a Type-1 hypervisor. It is also much more advanced and sophisticated than VirtualBox, allowing you complete control over the exact specifications of the virtual machine. This is the preferred virtualization software on GNU/Linux due to its ability to utilize KVM for performance. It is also available for Windows; however, the following is written under the assumption you are using it on GNU/Linux. There exist graphical interfaces, but this guide will cover running the command-line version in detail.

QEMU is a computer emulator, in that it can emulate dozens of different kinds of distinct computer architectures and hardware devices for those computers, regardless of the type of machine that the host system is running on. While this classifies it as an emulator, QEMU can be used with the Linux kernel's Kernel-based Virtual Machine (KVM) module, which is a subsystem in the Linux kernel that turns the kernel into a Type-1 hypervisor, allowing it to efficiently run virtual machines with direct access to the computer's hardware, even while being able to run your standard GNU/Linux host operating system simultaneously.

The name of the QEMU program to use will depend on the kind of computer you want to emulate. QEMU can emulate dozens of different kinds of machine types. In order to use KVM, your host and guest architecture must generally match, e.g., if you are running an x86 CPU on your host, you must run an operating system made for x86 computers on the guest. Most desktop and laptop computers from the past two decades are running the 64-bit version of Intel's x86 CPU architecture, so more than likely this is what you want, and this is what this section of the guide will cover.

To start a 64-bit x86 virtual machine, simply run qemu-system-x86_64 without any additional options. This should create a graphical window on your screen, and you should see the virtual machine starting up. You can enter and exit fullscreen by pressing Ctrl-Alt-F. You can also move your mouse cursor inside the window and click, at which point QEMU will "grab" your mouse input and take it exclusively for itself. In order to release control of the mouse back to your host operating system, you can press Ctrl-Alt-G.

When run with qemu-system-x86_64, QEMU will start with the standard BIOS boot firmware and attempt to locate the boot device. However, because the previous command didn't specify any boot device on the command line, the BIOS firmware has nothing to boot and there is nothing for us to do. At this point, you can terminate QEMU by killing the window or typing Ctrl-C in the terminal in which QEMU was started.

In order to make practical use of a virtual machine, you need to run an operating system inside of it. On a real computer, operating systems are ordinarily installed to a storage medium such as a hard disk or a flash drive, which are connected to the computer, and the operating system is then loaded off of the drive. In a virtual machine, the scheme is a bit different. Rather than booting an operating system off of a physical drive (although this is also possible), the operating system is typically installed to a file on your computer which acts like a "virtual" drive. This kind of file is called a "disk image".

To install an operating system in the virtual machine, a disk image must exist onto which to install it. The qemu-img utility handles the creation and editing of QEMU disk image files. To create a new disk image of 20 GiB in size, enter the following command:

qemu-img create -f qcow2 test.qcow2 20G

This will create a QEMU disk image in qcow2 format (the standard recommended format for QEMU disk images) of 20 GiB in size. You may create an image of a different size if you wish depending on your needs.

A disk image in qcow2 format, much like the VirtualBox vdi format, does not take up its full specified size on your disk right away; it only allocates new space and grows in size as data is added to the file inside of the virtual machine. Therefore, specifying a disk image size of 500G will only initially take up a fraction of one megabyte on your real drive. This total will grow as you utilize your virtual machine, and will only be filled when it hits the 500G limit you specified.

Command-Line Syntax

At this point, you can attach the disk image file to the virtual machine, so that QEMU sees it as one of its drives just as a real computer would see a hard drive plugged into it. To add a disk image file as a drive in the virtual machine, use the -drive option with QEMU like so:

qemu-system-x86_64 -drive file=test.qcow2

The -drive parameter will tell QEMU to add a new drive to the virtual guest system, and the next parameter file=test.qcow2 gives the argument to the -drive parameter telling it where to find the disk image file. In QEMU, parameters are given as a word or a character preceded by a dash, which often are followed by additional options or "arguments" which are given after a space character in order to specify more precise behavior.

In this case, the -drive parameter accepts an argument of file which tells QEMU where to find the disk image file that will act as a new virtual drive. After the file argument is specified, it is followed by an equal sign, and then followed by its intended value.

More than one argument can be specified for a single parameter, separated by commas. For instance, the -drive parameter also accepts a format argument for specifying the format of the disk image being provided, which for some formats, might be recommended.

To add both arguments together, it would look like this:

qemu-system-x86_64 -drive file=test.qcow2,format=qcow2

Here, the -drive parameter is taking two arguments, file=test.qcow2 and format=qcow2, separated by a comma. In QEMU, the parameter comes first, and is followed after a space by a comma-separated list of argument=value pairs. In this case however, it is not strictly necessary to add the format=qcow2 argument, as the qcow2 format is detected automatically by QEMU.

If we run the command now, we will have successfully added a disk image file as a new virtual guest drive into the virtual machine, but just as before, we still have nothing to boot; we have no operating system installed. So we must terminate QEMU once again and install an operating system onto our new disk image.

Installation Process

Much like a real computer, you will need an "ISO" image to install an operating system. To obtain an ISO file for your operating system, you can go to the operating system distributor's website, where they will offer a download in the form of an ISO file. You can choose whatever operating system you like. For this example, I will use the latest release of Debian GNU/Linux from the Debian website.

Once you have downloaded the ISO, it needs to be added to the QEMU command line as a new drive. To add an ISO file to the virtual machine, you can use the -cdrom option like so:

qemu-system-x86_64 -drive file=test.qcow2 -cdrom debian-12.11.0-amd64-netinst.iso

This makes QEMU see the ISO file as if it was a CD inserted into a CD-ROM drive in the guest system. If you run this command now, you will most likely be booted into the installer for the operating system. If not, you may need to add the -boot d parameter to explicitly boot from the virtual CD-ROM drive.

However, there are a few more parameters you probably want to add to the command line to prevent issues from occurring. The first issue is that the virtual machine may have too little memory available to it by default, and thus the installation may crash or refuse to begin in the first place. By default, QEMU gives 128 MiB of RAM to the virtual machine, which most likely is not enough for a modern operating system. Therefore, we want to specify how much of our computer's real host memory that we want to give to the virtual machine guest system to have for itself.

The amount of memory is specified by the -m parameter, and it takes a number as its option in megabytes, or alternatively the suffix "M" or "G" can be added to the number to specify a value in megabytes or gigabytes respectively. To give the virtual machine 2 gigabytes of memory, you can add the -m 2G parameter.

How much RAM to give the virtual machine depends on your requirements, and how much RAM you have available on the host to spare, but 2G should be sufficient for most operating systems to start with.

Another parameter you probably want to use is -smp, which accepts a number as its argument, and creates a virtual machine with multiple CPUs or "cores", which speeds up the system. The amount of CPUs to give the virtual machine depends on how many you have on your real system to spare. If you have a quad-core machine, specifying -smp 2 will give two of those four cores to the virtual machine.

Once your virtual machine is configured with the correct amount of memory and CPU cores, you may start QEMU and begin the installation of your operating system. This guide won't explain how to install an operating system; the exact procedure depends on your choice of operating system, and you should consult the appropriate manual from the developers of your operating system.

Post-install

Once you've reached the end of the install process, you will probably be instructed by the installer to reboot the system. You may terminate QEMU at this point. Upon terminating, you may run your newly-installed operating system by running the same QEMU command you have built up to install it, but you may remove -cdrom and -boot parameters and their arguments as they are no longer needed.

Running your operating system is now as simple as running the appropriate QEMU command to run QEMU with the proper parameters, which for example may look like this:

qemu-system-x86_64 -m 2G -smp 2 -drive file=test.qcow2

For some people, the steps performed so far may be sufficient enough to create a virtual machine capable enough for their use case. However, QEMU is a very powerful program, and is capable of a wide array of configurations and functionality.

Soon we will cover using KVM, but before we do, we will go over a couple quick subsections of additional functionality that you will probably want from your virtual machine.


Sound

To enable sound playback in the guest system, add the -audio option. This option takes a couple arguments: one specifying which audio system or "backend" to use on your host system to deliver audio to your speakers, and the other specifying which type of audio hardware to emulate in the guest system. You can use -audio help to get a list of supported audio backends by your version of QEMU. For this example I will use the ALSA backend, but you may require a different backend depending on your system. In addition, an emulated hardware model must be chosen for the guest. On a standard modern PC system, the Intel HD Audio standard should be supported.

To combine these together into the final parameter, you would add the following to the QEMU command line:

-audio alsa,model=hda

Other amenities

To automatically adjust your guest operating system's clock to match that of your host system, add the -rtc base=localtime parameter to the QEMU command line. This may be helpful if you're using networking, where incorrect date/time might interfere with your ability to access the Internet.

KVM

One of the biggest performance bottlenecks in running a virtual machine is emulating the CPU of the guest system. Emulating a CPU is a relatively slow operation, as every instruction executed by the emulated CPU requires potentially many more instructions on the real host CPU to complete its computation. This is not ideal if we want our virtual machines to run as smoothly and efficiently as possible.

A way to circumvent this issue is to avoid emulation entirely. Modern x86 CPUs by AMD and Intel, as well as 64-bit ARM CPUs, have special instructions built into them for the purpose of running virtual machines efficiently. These instructions allow a virtual machine to execute its guest CPU's instructions directly on the host CPU, avoiding the need for emulation and avoiding layers of indirection that slow down guest execution.

We can make use of these instructions in QEMU by running an "accelerator". An accelerator in QEMU is a way of making use of special software that exists in our host operating system and allows us to access these special virtualization instructions for our virtual guest systems. Each operating system will have its own way of "accelerating" virtual machines, and thus each will require its own unique accelerator in QEMU. For example, the Linux kernel supports a virtualization solution called KVM, Microsoft Windows has Hyper-V, macOS has HVF, and FreeBSD has bhyve. All of these solutions allow you to run hardware-accelerated virtual machines on top of an existing operating system or operating system kernel.

For this guide, we will be using the Kernel Virtual Machine (KVM) module on a Linux kernel. Enabling a virtualization framework like KVM allows us to turn the Linux kernel into a Type-1 hypervisor, giving our virtual machines direct access to our hardware resources, and allowing them to run nearly as efficiently as if we were running on bare metal.

Before attempting to use an accelerator with QEMU, you must make sure that virtualization support is enabled on your computer. This is typically found in the BIOS/UEFI settings menu of your computer. The setting to enable it may go by various names depending on your computer, but it often will go by names like "Intel VT" or "VT-x" if you have an Intel CPU, or "AMD-V" if you have an AMD CPU, or it may go by a generic name like "virtualization". Look around until you find the right setting, and make sure it is enabled.

On a Linux-based system, if hardware virtualization is enabled on your computer and KVM is enabled in your operating system, you should have a pseudo-file on your system at /dev/kvm. You can check by running ls /dev/kvm on the command line, and if it displays the file without error, you should be able to run KVM-accelerated virtual machines.

Enabling KVM acceleration in QEMU is quite trivial, only requiring the -enable-kvm parameter. If you run QEMU with -enable-kvm and you get an error about permissions, you will need to either run the virtual machine as root (not recommended), or add your user to the kvm group on your system. To do the latter, run

sudo usermod -a -G kvm [username]

You may be required to log out and log back in for the group changes to take effect.

If QEMU starts when given the -enable-kvm parameter, then you are now running a hardware-accelerated virtual machine! While this is very nice, we can still make it a little nicer.

QEMU can emulate hundreds of different real-life CPU models, and by default uses a QEMU "virtual CPU". You can get a list of all the supported emulatable CPUs by specifying help as the argument to the -cpu parameter. In fact, most parameters will accept a help argument to display a list of possible options.

By specifying -cpu host, we can make QEMU use the specifications of our host CPU so that guest operating systems will see our CPU almost exactly as our host operating system does. Remember to assign the desired amount of virtual CPU cores to the guest system with the -smp option. With efficient virtual CPU utilization under KVM, you may be able to get away with assigning more cores to the guest system than previously without worrying about your host operating system becoming unresponsive.

Enabling these parameters is a trivial way to get near-native CPU performance out of your virtual machines. There are still some further micro-optimizations that can be done using the CPU parameter to draw out more performance, but they are a bit more machine-specific, and are outside the scope of this guide. The simple options here are enough to get high performance for most use cases.

The next subsection covers VirtIO, a framework for efficent virtualized guest drivers, and its usage inside of QEMU.

VirtIO

VirtIO is a driver framework for enabling "paravirtualized" drivers for various hardware devices inside of a virtual guest operating system. The term "paravirtualization" refers to a kind of virtualization in which the guest driver is aware that it is running inside of a virtual machine, and is able to collaborate closely with the hypervisor (KVM in this case) to manage hardware resources more efficiently.

For example, a paravirtualized GPU driver in the guest operating system may collaborate with the hypervisor to split up a portion of the host computer's GPU resources and let the guest operating system access them directly, allowing the guest operating system to run 3D-accelerated graphics or perform other complex actions that may be impossible or inconvenient without a paravirtual driver.

VirtIO drivers cover a range of different virtual devices, from disk drives to network cards, GPUs, sound devices, PCI devices, and more.

As far as I know, VirtIO only works on Linux-based hosts.

The guest operating system needs to have guest drivers available for it. Most of the libre systems such as GNU/Linux, FreeBSD, and OpenBSD will have VirtIO drivers built into them. Other systems, like the proprietary Windows, will require acquiring a driver yourself. The latest stable version of the Windows driver can be acquired from the fedorapeople.org website here: https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso

The following subsections will cover a couple of the possible VirtIO devices available which can be used to improve the performance of the guest system.

VirtIO Disk

Using VirtIO drivers for the disk image can speed up access to the virtual disk by lowering overhead involved in reads and writes. To enable the VirtIO disk driver, append the if=virtio argument to the -drive parameter. For example, using our disk image from before, the QEMU command line would look like this:

qemu-system-x86_64 -drive file=test.qcow2,if=virtio

VirtIO Graphics

Using a VirtIO GPU device can greatly enhance smoothness and responsiveness in the guest operating system, and enable hardware-accelerated OpenGL graphics inside of the guest. To enable the VirtIO GPU device, add the following parameters to the QEMU command line:

-device virtio-vga-gl -display sdl,gl=on

The first parameter, -device virtio-vga-gl, adds a new virtual device to the virtual machine, a VirtIO GPU. The second parameter, -display sdl,gl=on, configures the mechanism for displaying the graphical window of the virtual machine on the screen.

SDL (Simple DirectMedia Layer) is a graphics library for cross-platform graphics handling, and the additional argument gl=on enables OpenGL rendering inside of that window. The combination of the two parameters creates a window that can be scaled to any size, and the VirtIO graphics drivers inside the guest will cause the guest operating system to dynamically change its display resolution accordingly.

This creates the most flexible and responsive guest-in-a-window configuration, by which the guest window can be resized and scaled freely and still result in a correct display of the guest operating system.


For more information on using QEMU, you may want to consult the manual: https://www.qemu.org/docs/master/system/qemu-manpage.html

7 Basics of Encryption

While you don't need to know how exactly encryption works to use it, it would probably be wise to understand how it works. The underlying math behind encryption is complex, and there are plenty of mathematicians that could better describe the specific algorithms behind encryption better than I could. Therefore, this section is meant to be a simplified summary on how encryption is used within the context of computers and digital information.

Encryption is the process of transforming data into a format such that only a recipient with the means to "decrypt" it can read it. The study of encryption/decryption tools and their implementation is known as "cryptography". Cryptography historically started as early as the Roman Empire, with the invention of ciphers like the Caesar cipher[57]. Much like the encryption itself, the techniques for cryptanalysis (studying encoded messages with the intent to break the system) have been developed over hundreds of years. Modern cryptography can be traced back to developments like the Enigma machine, which is (in)famously known for being the tool Nazi Germany used to encrypt their top-secret communications.

Today, encryption is widely used in a variety of ways and by using a wide variety of algorithms. When you connect to a website, the website will most likely have been encrypted before it was sent to you, and was then decrypted by your computer and displayed in your browser. This was done using "HTTPS", which is the protocol that combines the regular HTTP protocol for transmitting website information with a type of encryption known as TLS[58]. Any adversaries that intercepted your Internet traffic would be able to see any information you sent to a website using the original, unencrypted HTTP protocol; with HTTPS, however, they would not be able to read or modify the information, but they would know the location of the sender and the website.

Modern encryption is achieved through two kinds of algorithms: symmetric cryptography, and asymmetric cryptography. Symmetric encryption only involves one "key" that is used to both encrypt and decrypt the obfuscated information. This is much faster to compute than asymmetric encryption, but comes at the disadvantage of requiring a means to securely transfer the key. The most common way these symmetric keys are generated and transmitted is through the use of the asymmetric Diffie-Hellman key exchange, where both parties agree on public variables and, through the use of two different private mathematic equations on their side, use those public variables to generate the same singular symmetric key that will then be used to secure their communications[59].

Asymmetric cryptography, or public-key cryptography, involves the use of public and private keys for encrypting and decrypting information[60]. In this format, a party creates a public and private key combination. They are free to distribute the public key publicly (hence the name) but must not reveal their private key. Users wishing to send an encrypted message to that party can use their public key, which is used in a one-way process to encrypt the message. After the message is encrypted, only the party with the corresponding private key can decrypt the message. If both sides have public/private keys, this makes secure communication relatively trivial. This is a convenient way for most people to encrypt their messages, provided that they adequately protect their private key.

Modern implementations of encryption often utilize a mix of both methods to capitalize on the advantages of both techniques. The TLS method behind HTTPS, for example, uses the asymmetric Diffie-Hellman to establish a symmetric key between both parties, which is then used by both parties for encryption and decryption. This means that TLS can capitalize on the security and convenience of asymmetric encryption whilst also utilizing the speed of symmetric encryption for communication.

Examples of commonly used algorithms for encryption today are AES (used by TLS), RSA, ECC, and Twofish. Many other algorithms also exist, with varying degrees of complexity and security. The key (pun intended) to the security of these algorithms is not just the mathematical functions used for it, but also the key's length in bits. For example, the AES standard allows between 128-bit, 192-bit, and 256-bit keys to be generated. Some algorithms, like DES, have been discouraged from use due to its relatively short key length (56 bits) making it prone to brute-force attacks from specialized hardware that is not terribly expensive for attackers with enough funding (like governments or corporations)[61].

7.1 Using GNU Privacy Guard (GPG)

Libre software is available to easily generate public/private keys, as well as symmetric keys, to encrypt your own files and messages. The most common is GNU Privacy Guard, which was originally created as a libre replacement to the proprietary "Pretty Good Privacy" (PGP) encryption tool.

To begin using GPG, you'll need to install it. It's standard on most GNU/Linux distributions, and can readily be found for Windows as well. You can encrypt files using a passphrase by using gpg -c file.txt, where file.txt can be replaced with the name of the file you wish to encrypt. GPG will prompt you to write a passphrase for the file, which will be used for decryption as well. Once completed, it will create a file.txt.gpg file that is encrypted by default with AES-128. If you want to use a different method of encryption, you can specify so with --cipher-algo.

To use asymmetric encryption, you will need to make a private and public key combo by running gpg --full-generate-key. The default options are all practical and effective, so if you don't know what algorithms and options you want, it would be best to use the defaults. The wizard will prompt you to use a "real name", "email address" and "comment" to associate with the key. These are optional, and serve only for people to quickly identify a key. Supplying a passphrase to protect the key is also optional, but it is highly recommended to use one.

Throughout the process of creating the key, it will prompt you to do other actions with your computer while it is randomly generating bytes. Since computers are designed to be deterministic, true random number generation is difficult without the use of truly "random" events, such as you moving your mouse or interacting with your computer.

Once the key is created, it will also create a "revocation certificate" that will allow you to revoke the ability to use your key. This is typically used when you're submitting your key to a central key server, which when sent will notify people that your key is no longer valid for use. This is helpful for if you lose your private key (making your public key useless) or if it becomes compromised. Remember that you're free to share your public key with others, but make sure to never reveal your private key to anyone!

To display available public keys, you can use the gpg --show-keys command. This will display all keys that are on your "keyring". Using gpg --list-secret-keys will display all available private keys as well.

Once you've created a key, you will probably want to export the public key for others to use. Most commonly, PGP public keys are exported in ASCII format for easier transmission. To export it to that format, you can use the command gnu -o [filename] --armor --export [keyname]. You will need to replace the keyname with the ID of the key you wish to export (this can be found using the previously mentioned gpg -k command). This will export the selected key to the chosen filename in the same directory.

To encrypt a file with a public key, you'll need to import the recipient's public key onto your keyring, which can be done by using gpg --import [keyname]. Once you import this key, it's optionally recommended that you also check the key's "fingerprint" to verify that the public key that the sender gave you was not tampered with. To do that, you'll need the fingerprint from the sender (which should be done over a separate form of communication from where you got the public key, such as in-person) to check against. To display the fingerprint of the keys on your keyring, you can use gpg --list-keys --with-fingerprint. If the fingerprint for your key matches your recipient's fingerprint, then you have the correct key and you're free to encrypt your file safely.

To use the public key to encrypt a file named "test.txt", you can use the following command: gpg --output encryptedtest.gpg --encrypt --recipient [keyname] test.txt. The output parameter determines what the name of the encrypted file will be, and the encrypt parameter signals GPG that you wish to encrypt the file. The output file, test.txt.gpg, will now only be readable by the recipient's private key.

For additional security, you can sign encrypted documents. If the document was tampered with, the signature will no longer be valid. To do this, you should specify the --sign parameter while encrypting, like so: gpg --output encryptedwithsig.gpg --encrypt --sign --recipient [keyname] test.txt. The output file will contain the encrypted file, as well as its signature. Signing also has other uses. For instance, you can use your private key to create a "clearsign" signature by specifying --clearsign [filename]. This will allow you to sign a document that is not encrypted, so recipients can verify you were the one that sent it.

For the recipient to decrypt the above and output it to "decryptedtest.txt", they can use the following command: gpg --output decryptedtest.txt --decrypt test.txt.gpg. This will output the decrypted message to decryptedtest.txt, and will also display if a signature is valid or invalid if there was one included within the encrypted file.


For more information on using GPG, you may want to consult the manual: https://www.gnupg.org/gph/en/manual.html

8 Basics of Torrenting

"Torrenting" refers to a method of file-sharing that is regularly used to share files and information in a decentralized manner. Specifically, "torrenting" refers to the use of the BitTorrent protocol, which was created in 2001 by Bram Cohem with the original intent to speed up file downloads. The protocol is peer-to-peer, so anybody that also has the same version of the file is able to transmit small chunks of the file to people who are in the process of downloading it. This also comes at the advantage that the information is decentralized—anybody that has a copy of the information can upload it to others, as long as they also have the "torrent file" that contains metadata and cryptographic hashes for the files to be distributed.

The torrenting process starts with a person that wants to upload a file or group of files. They must first create a "torrent file", which includes the metadata for the files, cryptographic hashes (to ensure that when someone downloads the files, they're getting what they're supposed to be getting), and a list of "tracker servers" that help advertise the existence of peers that also have the torrent file. Anybody can torrent and create torrent files, as long as they have a torrenting client.

When the person uploads the torrent, they become the first peer to "seed" the torrent, which is when their computer automatically uploads segments of the completed files to other users that are also attempting to download the torrent. Since the torrenting process is done in small chunks, this means that anybody that has parts of the torrent and is actively seeding through their torrenting client can also assist others in downloading the file by transmitting small chunks of information to them.

By nature of being a peer-to-peer protocol, torrenting will reveal your IP address to your peers, as this is required to facilitate uploads and downloads. This may be a potential privacy concern, which can be mitigated by using a virtual private network (VPN) to mask your IP address. This will allow you to torrent files through the address of the VPN server, and not your home network's address.

The decentralization torrenting provides is particularly helpful for journalists; a great example is WikiLeaks, an organization that regularly utilizes torrents as a means of publishing particularly sensitive information from whistleblowers[62]. Since the torrent does not directly contain the sensitive information and merely only contains data about the information, this makes the torrent difficult to take down. For agencies to accomplish this, they would also need to pursue the seeders of the offending torrent, which can also include users outside of their legal jurisdiction.

Sites that offer large files, like ISO image files for GNU/Linux distributions, may include an option for torrenting the image file. This greatly increases download speeds, as downloading a file from a single server will often result in hitting a bottleneck (whether it be from your browser, the protocols used, or the server's speeds) that prevents you from using your Internet's full bandwidth. It also helps in maintaining data integrity, as a torrent can be paused at any time during the download process and "resumed" later on, as your client is keeping track of what segments of the download are completed.

A short list of recommended torrenting clients is below:

8.1 Isn't that illegal?

The term "torrent" is often used synonymously to refer to the practice of distributing copyrighted media, such as movies and TV shows, without the permission of the original copyright holders. This is commonly referred to as "piracy"[64], and is in breach of copyright law in a wide variety of jurisdictions. Despite the illegality, there exist forums (like on Reddit) to discuss this hotly contested topic.

You may have heard of the police raid against the Swedish website The Pirate Bay in 2006, or the subsequent criminal legal case against them in 2008-2009 that resulted in the guilty sentencing of all four founders of the website for facilitating the breach of copyright law[65]. You may also remember the litigation faced by the American company responsible for the LimeWire peer-to-peer file sharing service in 2010 in which the RIAA sought a ludicrous $15 trillion in damages, and ultimately found LimeWire guilty of inducing the breach of copyright law and mandated its closure[66].

However, at its core, both of these services were utilizing the BitTorrent protocols as simply a means to allow users to share files. This does not mean that torrenting itself is specifically designed for illegal uses. The users of these torrenting sites chose to download and distribute prohibited copies of media, and are the ones in breach of copyright law. The torrent files do not contain any copyrighted material and are legal to distribute.

The act of torrenting itself is not illegal. It is, however, illegal in some countries to download unlicensed copies of copyrighted media. While I have ethical issues with the existence of such laws, I do not recommend you break the law, and therefore highly discourage against breaching copyright law. I am solely demonstrating torrenting as an effective means of censorship-resistant information sharing.

9 Archiving Physical and Digital Media

I've personally experienced this issue first-hand, and you may have as well: songs that you enjoy may suddenly be removed from streaming services or replaced with alternative mixes that don't sound as good as the original. This is a common issue, and is one that perfectly highlights the issue with streaming services: you're giving up control of the freedom to listen to the music you want to listen to in exchange for convenience.

This can easily be mitigated by keeping a collection of your own music, and playing it back locally on your device. This section will demonstrate ways in which you can archive your physical media as well as any digital media, such as websites, PDFs, et cetera.

As I'm sure you're aware, prior to the widespread use of the Internet and streaming services, home media was often distributed in a variety of physical formats: VHS, vinyl records, CDs, DVDs, Blu-ray, and many more. I'm going to assume, however, that you're not going out of your way to find VHS tapes of your favorite movies (though you could, if you wanted) and are just sticking to disc formats. I would wager that you could find a majority of your favorite albums on CD for a relatively cheap price through various marketplaces, like Discogs or your local music shop. These formats are not outdated! Once you purchase a copy of your favorite album, it can never be arbitrarily taken from you.

Of course, like with all physical media, discs may get worn over time and may eventually become unreadable. You are legally entitled, under fair use law in the United States, to create copies of physical media solely for archival purposes[67]. This may be different in your jurisdiction, and I recommend that you check local laws so that you are not breaching copyright law.

The ripping of CDs/DVDs can be done with a wide variety of tools; media players like VLC often support the ability out-of-the-box to create backups on your computer out of your physical copies. This can be achieved in VLC through Media > Convert and Save. This supports CDs, DVDs, and Blu-ray discs.

Some DVDs will include restrictions on creating archival copies, which usually involves the "scrambling" of the information so that common tools won't be able to piece together a video file from your DVD. If you wanted to copy these kinds of DVDs, you would need a tool that is capable of breaking this encryption. These tools, and the circumvention of these DVD copy restrictions, is a breach of the Digital Millennium Copyright Act (DMCA) in the United States[68], and while I believe this law should be amended or appealed, I am not recommending here that you do this and break copyright law, and advise you to check with your local laws before considering this.

If you're in circumstances that would limit you from owning physical copies of media, there still exist other ways of archival. Most notably, Bandcamp is a site used by many bands, both big and small, to allow fans to purchase digital copies of their albums. These albums are at the same quality that a regular CD would be, and digital purchases forgo the requirement of ripping physical CDs for archival purposes.


In the case of websites and other purely digital media, there exist a variety of ways to archive this information locally. In most browsers, you can hit Ctrl-S to save the website directly to your computer, including all of the text and images. This will create a local copy that you can view by simply opening the ".html" file in your browser. This may be unwieldy for some uses, and it will often not include files the site fetches upon loading for visual purposes.

If you're concerned about the site's visual appearance or readability, you will probably want to use a tool that scans for these assets and downloads them as well. I recommend HTTrack (httrack.com) or wget (command-line utility). Additionally, you can use the "Print to PDF" feature available in most browsers to create a PDF file that retains the visual appearance of the page.

All of these methods for offline archival of websites are covered under fair use due to non-commercial archival purposes, and is part of the reason why companies such as the Internet Archive are able to download and maintain archives consisting of trillions of historical web pages.

There also exist websites that can archive websites for you. I don't necessarily recommend these in comparison to offline copies, but they are worth mentioning. Perhaps the most widely used and available is the Wayback Machine (archive.org), which has regularly maintained access to historical copies of many websites since 1996. Furthermore, they hold the largest digital archive for legal copies of digital books, music, movies, and much more. They are officially a "library"[69], and may potentially be the most valuable archive for digital resources.

Some websites may offer methods of downloading their archives. This is particularly common for online wikis, as these are meant to serve as resources of general information about a wide variety of topics. Wikipedia, for example, allows users to torrent the entire Wikipedia catalog of articles and read them offline through various libre readers, such as Kiwix (kiwix.org) and XOWA (xowa.org).

You may also want to consider tools that allow you to download and archive video on sites like YouTube. For that, I would highly recommend yt-dlp. It's a cross-platform downloader, and despite the name, works on a wide variety of websites. It's relatively straight forward to use: the basic format for starting a download is yt-dlp [url]. By default, it will download the highest quality version available, though this can be changed if required.

This tool does not give you the legal right to download and redistribute copyrighted videos. Much like torrenting, it's a tool, and the usage of this tool determines its legality. I still recommend consulting local copyright laws and ensuring that you have the legal right to download the videos you wish to download.

It's worth mentioning, however, that yt-dlp is simply doing what YouTube and other legitimate services are doing behind the scenes when you use them, which involves downloading the video and temporarily holding them on your computer in a "cache" to facilitate displaying them to you. The original software (youtube-dl) was taken down by a DMCA request; however, GitHub reinstated it after public backlash and a letter from the Electronic Frontier Foundation warning of the dangerous precedent the abusive claim could have on other software[70]. youtube-dl (and derivatives) does not break any encryption or circumvent any security measures, because there are no implemented measures for them to circumvent.

10 Use Your Voice

The most impactful way to stand for your right to privacy and right to free information is to use your voice and speak out against government injustice. This section is written, like every other section, from the perspective of someone living in the United States. I'm not well-versed on international laws, but I will do my best to show you legal ways in which you can make your voice heard to your representatives. I apologize that I wasn't able to make this section any more comprehensive.

Firstly, I would recommend you show your support to organizations that are dedicated to the cause of fighting for your digital freedom. This can involve becoming a member of these organizations, showing monetary support, or just simply spreading the word. These include the Free Software Foundation (fsf.org), the Electronic Frontier Foundation (eff.org), the Digital Freedom Fund (digitalfreedomfund.org), and the Reclaim the Net organization (reclaimthenet.org).

A brief summary of the ways you can make your opinions heard to your local government are below:

United States

Your representatives and senators are meant to represent you. An effective way of showing your disdain for intrusive laws is by contacting your local senators and representatives. To find out your representatives, you need to know what district you fall under. While you can contact any representative or senator regardless of where you live, you will have a much easier time getting a response from the ones that specifically represent you. To find out who they are and their contact information, you can go to congress.gov and click "Members" in the top right. You can choose to email them, call them, or to send them a physical letter in the mail.

Some bills that may be worth bringing up to your representatives regarding your digital freedoms (as of December 2025) are:

The phone number for the U.S. Capitol's switchboard is (as of writing) (202) 224-3121. This means that by calling this number, you will be put directly on a line with a switchboard operator that will allow you to easily reach your local senators and representatives through the phone.

Additionally, you have the right to protest and petition under the First Amendment. If you can organize a peaceful protest in support of your cause, go for it! Emphasis on "peaceful": violence and overall belligerence doesn't help your cause, and isn't protected under your right to protest.

It's also worth noting that your local legislation may also play a part in enacting laws and practices that invade your privacy. Automatic license plate recognition (ALPR) cameras are common across many major cities, and are often installed and maintained by the company Flock through a contract with local municipalities. These cameras create a method of warrantless and indiscriminate surveillance, and allows for local law enforcement to profile private individuals[81]. These cameras also (as of writing) have poor security that can lead to leaks of surveillance footage. If these are in your city, go to your local governments and campaign against them!

European Union

Citizens in the European Union have the right to protest, as per the European Convention of Human Rights. Additionally, you can petition the European Union as a whole, and support groups such as European Digital Rights (edri.org) and La Quadrature du Net (laquadrature.net/en) in being proactive about general regulations that would protect your data privacy and digital freedoms[73]. Primarily, there are talks of reworking the GDPR to further your data privacy[74] and fights against the Digital Services Act's implication of age verification[75].

Some laws that you may want to protest to maintain your privacy and freedoms will be passed on a country-by-country basis. Some examples that may be of interest include Germany's "Network Enforcement Act"[76] and talks to step on citizens with legalized government spyware[77], France's contested implementation of the EU's TERREG[78], and Ireland's current talks of potentially breaking encryption to monitor private chats[79].

United Kingdom

You have the ability to petition your parliament in the United Kingdom, as well as the right to peacefully assemble. There is an active petition against the recently passed Online Safety Act 2023, which has strictly enforced age verification checks in the U.K. and has been met with disastrous results and widespread censorship[80].petition.parliament.uk/petitions/722903

This should go without saying, but be respectful to whoever you reach out to. The people that will answer your phone calls and emails will likely be clerks and secretaries, and you will actively harm your cause if you become verbally aggressive over the phone with regards to your petitioning.

Finally, you can make choices in your day-to-day life that uphold your freedoms and privacy. If you feel that a corporation is abusing your freedoms, do not buy or use their products. A boycott is by far one of the most effective ways of making your voice heard against corporations, and is not only applicable to software companies but also to food processing companies, banking, et cetera. They want your money, and not giving it to them sends a very powerful message: that you won't stand for the desecration of your freedom, or the freedom of others.

Acknowledgements

Thank you to Shallex, who wrote a majority of the "Using QEMU" section, proofread the guide, and has been a great help in finding resources for libre software and libre software principles.

Thank you to my friends and family that have been supportive of my stand against censorship, and have done everything they could to show support and to assist me in educating others of their freedoms.

Footnotes/References

[1] ^ "Federalist Essays in Historic Newspapers: Introduction” Research Guides at Library of Congress https://guides.loc.gov/federalist-essays-in-historic-newspapers/introduction

[2] ^ “What Is Free Software?” https://www.gnu.org/philosophy/free-sw.html

[3] ^ Stallman, Richard. "Free Software Is Even More Important Now" https://www.gnu.org/philosophy/free-software-even-more-important.html

[4] ^ Stallman, Richard. “Initial Announcement” September 27, 1983. https://www.gnu.org/gnu/initial-announcement.html

[5] ^ "History of the Free Software Foundation" https://www.fsf.org/history/

[6] ^ "Proprietary Software Is Often Malware" https://www.gnu.org/proprietary/proprietary.html

[7] ^ https://80.lv/articles/testing-reveals-games-with-denuvo-launch-up-to-four-times-slower, https://boingboing.net/2024/10/24/drm-company-denuvo-admits-it-can-hurt-game-performance.html, https://www.extremetech.com/gaming/282924-denuvo-really-does-cripple-pc-gaming-performance (basically just look up "Denuvo DRM performance")

[8] ^ Examples of video games with "copy checking functionality" (DRM) that negatively affected paying customers include digital releases of Manhunt, Spore's "SecuROM", and basically any game that used "Games for Windows Live" (Grand Theft Auto IV, Dark Souls, Dead Rising 2, Batman: Arkham City)

[9] ^ Apache 25.7% and Nginx 33.8%, as per https://w3techs.com/technologies/overview/web_server (as of August 4, 2025)

[10] ^ While Firefox is licensed under MPL-2.0 and libre software, use of telemetry by default and controversial decisions by Mozilla Corporation regarding collecting data may suggest that Firefox isn't a "privacy-oriented" option for web browsing without extensive user-dependent hardening. For users concerned about this, the derivative "LibreWolf" is worth considering

[11] ^ https://www.gnu.org/philosophy/selling.html - also, various common libre licenses such as GPL (Section 4. Conveying Verbatim Copies) and MIT ("[...], and/or sell copies of the Software") specifically denote this freedom.

[12] ^ That is, if you play the games using the original code. Modern "source ports" for both Doom and Quake contain added support for scripting (ACS in Doom, and QuakeC for Quake) which allows modders the ability to execute non-libre, undocumented code through distributed game modifications. https://web.archive.org/web/20160213184808/https://onpon4.github.io/other/gaming-trap/#idsoftware

[13] ^ https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/ - look up "xz utils backdoor" for more information

[14] ^ ^ There were a handful, but the most widely used and reported was "EternalBlue", which was used by the 2017 WannaCry ransomware and 2017 NotPetya ransomware attacks: https://arstechnica.com/information-technology/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/, https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/

[15] ^ Stallman, Richard. "Why Open Source Software Misses the Point of Free Software". https://www.gnu.org/philosophy/open-source-misses-the-point.html

[16] ^ Hill, Benjamin Mako. "When Free Software Isn't (Practically) Superior". https://www.gnu.org/philosophy/when-free-software-isnt-practically-superior.html

[17] ^ Stallman, Richard. "Saying No to unjust computing even once is help". https://www.gnu.org/philosophy/saying-no-even-once.html

[18] ^ https://www.historytools.org/software/javascript-guide - look up "JavaScript history" for more information. the history of ECMAScript, which encompasses the scripting standards that JavaScript applies, may also be of note

[19] ^ Stallman, Richard. "Who Does That Server Really Serve?" https://www.gnu.org/philosophy/who-does-that-server-really-serve.html

[20] ^ Many of the largest sites (Google, YouTube, Facebook, etc.) will break due to proprietary code making up a good majority of the practical functions on the site, or simply refuse to work without JavaScript enabled at all and display a banner asking you to enable it. These are sites you probably shouldn't be on anyway for a wide variety of reasons not limited to the inability to disable JavaScript

[21] ^ I'm aware that Alpine Linux exists and contains no GNU tools by default, as well as coreutil alternatives like BusyBox. For the sake of keeping things simple, the GNU "coreutils" are what make up a majority of the core tools on most Linux distributions

[22] ^ https://www.pcgamer.com/gaming-industry/new-report-alleges-microsoft-recall-is-still-screenshotting-credit-card-numbers-and-passwords/, https://support.microsoft.com/en-us/windows/retrace-your-steps-with-recall-aa03f8a0-a78b-4b3e-b0a1-2eb8ac48701c from Microsoft's own website

[23] ^ https://www.pcworld.com/article/410418/annoying-get-windows-10-pop-up-app-removed-from-windows-7-and-81-pcs.html, https://www.makeuseof.com/microsoft-scare-tactic-windows-11-upgrades/, https://www.techradar.com/computing/windows/microsoft-gets-into-the-spam-game-by-again-emailing-windows-10-users-to-prod-them-to-upgrade-to-windows-11-is-the-nagging-going-too-far-now

[24] ^ https://www.pcgamer.com/stop-windows-11-forced-update/, https://learn.microsoft.com/en-us/answers/questions/1790801/why-did-my-pc-install-the-windows-11-update-withou, https://superuser.com/questions/1810417/how-to-cancel-ready-to-install-windows-11-update-in-windows-10-pro - I wasn't easily able to find concrete information that proved this. If you have any sources on this that are not anecdotal, please let me know. I'm also equally tempted to believe that some of these claims of "no user involvement" are caused by people clicking "Yes" to a deceptive prompt and not understanding what they agreed to, which has been clearly documented: https://betanews.com/2023/02/03/microsoft-is-pestering-windows-10-users-with-an-incredibly-deceptive-windows-11-upgrade-nag-screen/, https://superuser.com/questions/1809503/how-to-permanently-disable-windows-11-upgrade-nag-screen

[25] ^ https://www.pcgamer.com/windows-10-is-sneaking-onto-new-windows-7-and-8-installs-without-permission/

[26] ^ https://www.microsoft.com/en-us/securityengineering/gsp - in Microsoft's own words: "The GSP provides participants with the confidential security information and resources they need to trust Microsoft’s products and services [...] Participation enables controlled access to source code." What I think they mean by "controlled access" is that governments can't specifically write code into Microsoft projects. The alternative meaning (that governments can only see certain amounts of code) conflicts with their stated goal of "ensuring safety". The limitation on contributing doesn't really matter, though, if government agencies are free to analyze their code for exploits and utilize them for personal gain.

[27] ^ https://support.microsoft.com/en-us/windows/windows-11-system-requirements-86c11283-ea52-4782-9efd-7674389a7ba3 - "Internet Connectivity and Microsoft Accounts - Windows 11 Home require[s] internet connectivity and a Microsoft account during initial device setup."

[28] ^ https://www.theverge.com/2024/8/14/24220138/microsoft-bitlocker-device-encryption-windows-11-default, https://www.pcworld.com/article/394831/mandatory-microsoft-accounts-for-windows-11-home-might-be-a-good-thing.html (you'll have a Microsoft account and be happy)

[29] ^ https://www.cnet.com/tech/tech-industry/caldera-settlement-shows-a-new-side-of-microsoft/ - look up "AARD code" and "Caldera v. Microsoft" for more information

[30] ^ These statements were all paraphrased from the Halloween documents, which are a collection of leaked internal Microsoft memos dated between 1998 and 2004 that particularly discussed "open-source software" and Linux, and the risks it posed to Microsoft's business model. The statements I quoted are from the first document titled "Open Source Software: A (New?) Development Methodology" which is available here: https://www.gnu.org/software/fsfe/projects/ms-vs-eu/halloween1.html

[31] ^ There are two well-known tactics Microsoft uses to discredit competition. The first involves adopting open standards, adding proprietary features in their implementation, and taking advantage of those features to discourage users from using competing products. This, as Microsoft internally called it, is called "embrace, extend, and extinguish", and is a core tactic Microsoft attempts to use to diminish open standards. In the Halloween documents in particular, they mention the inability to use their second tactic against "open-source software", which is to spread "fear, uncertainty, and doubt" about the reliability of libre software. Weirdly enough, they still used FUD in a video they published criticizing OpenOffice, a libre project, in 2010 - https://youtube.com/watch?v=DoZv6Gb_mYo, https://arstechnica.com/information-technology/2010/10/microsoft-posts-video-of-customers-criticizing-openoffice/

[32] ^ It's hard to get exact statistics on this, but usually Ubuntu and Linux Mint are at the top of "Popular Distros" lists. They're the top distros in the July 2025 Steam Hardware Survey, only being overshadowed by Arch Linux (which I know for sure is not the most used distribution), though this information is from people who volunteer it through the Steam software, so clearly there will be some bias. https://store.steampowered.com/hwsurvey/

[33] ^ Canonical (the developers of Ubuntu) maintain a type of package system named "snaps". These are distributed by Canonical themselves through a system that uses proprietary server code. While this itself isn't a deal-breaker, Ubuntu chooses to replace packages you attempt to install through the package manager "apt" with the snap equivalent. This means that in order to download some software, you are forced to trust that Canonical's proprietary server code is not interfering with the snap, which can't be easily verified. Additionally, snap packages can have performance issues compared to their regular apt package counterparts.

[34] ^ Completely libre computing is very difficult if you don't get hardware that is specifically capable of that. Firstly, the proprietary kernel blobs that communicate with the firmware of hardware devices is essential for graphics, so anybody using Nvidia and AMD graphics cards will be significantly burdened without them. Also, the firmware for pretty much every motherboard is proprietary. Firmware replacements, such as "libreboot", only support a small amount of desktop and laptop motherboards, and (depending on the supported system) requires some advanced software or even hardware modifications to install. I would consider this outside of the scope of a good majority of computer users.

[35] ^ https://wiki.archlinux.org/title/USB_flash_installation_medium

[36] ^ "Fast Startup" is a Windows feature that changes the way your computer shuts down. Instead of "powering off" completely and reinitializing all services from scratch upon startup, it puts the computer in a "hibernation" state that writes the system's current state to a file that is loaded upon startup. This makes booting faster, but can break dual-booting due to the way it locks reading and writing to the hard disk after creating the hibernation file. https://fosspost.org/prepare-your-pc-for-linux-fast-secure-boot

[37] ^ Secure Boot is a standard feature in modern computers that uses digital signatures given by companies like Microsoft to motherboard manufacturers to ensure that their software was not tampered with before proceeding with the boot process. This is to protect against esoteric malware that infects the boot process to avoid detection and maintain presence, even after operating system reinstallation. While you can set up GNU/Linux to use this feature, it's not easy for beginners and is easier to just be disabled in your computer's BIOS settings. https://www.howtogeek.com/how-to-disable-secure-boot/

[38] ^ https://www.xda-developers.com/dual-booters-windows-update-mess/, https://unix.stackexchange.com/questions/68581/how-can-i-prevent-windows-from-overwriting-grub-when-using-a-dual-boot-machine

[39] ^ Windows has some restrictions on file and directory names that GNU/Linux does not have. That means that by mounting an NTFS drive in GNU/Linux, you have the capability of moving files from GNU/Linux to Windows that have illegal names, which can cause problems with various Windows programs. In the rare case that Windows file permissions need to be transferred to GNU/Linux, mapping the Windows users to GNU/Linux equivalent users is required, though for general-purpose data storage this is unnecessary https://wiki.archlinux.org/title/NTFS-3G#Linux_compatible_permissions, https://github.com/tuxera/ntfs-3g/wiki/File-Ownership-and-Permissions

[40] ^ https://www.howtogeek.com/117939/htg-explains-what-everything-is-a-file-means-on-linux/ I know it's kind of a generalization, but it's the easiest way to explain an abstract concept like that.

[41] ^ https://technastic.com/linux-keyboard-shortcuts-list-pdf/

[42] ^ As a sidenote, I don't think I've ever used a "Windows System Repair Disc". Most people just reinstall Windows using the installation disc if something breaks, which is a valid choice, but it's not particularly fixing whatever issue that caused it to break in the first place. That's pretty much like fixing the door on your shed by completely rebuilding the shed.

[43] ^ https://helpdeskgeek.com/how-to-reinstall-linux-mint-without-losing-your-data-settings/

[44] ^ The ISP "knows you're using a VPN" through a wide variety of methods. The easiest is simply by checking who "owns" the IP address you're communicating to, which in a VPN's case is often going to be the company that runs the VPN. VPN traffic by default is also incredibly easy to spot using packet analysis. Both of these problems are mitigated by creating your own VPN, which is covered in Section 4.1.

[45] ^ For those curious as to how China achieves this, they use a wide variety of networking methods to analyze and redirect traffic. It's a layered approach: they block traffic to specific IP addresses outside and inside China, trick your device to directing traffic to nowhere (DNS poisoning), and inspect your traffic to ensure it doesn't contain censored topics (such as Tiananmen Square). They also block the IPs to VPN services once they find them, so they often have to establish new IP addresses when they are caught by China's systems to maintain their functions. https://www.ticktechtold.com/bypass-china-firewall-using-vpn/, https://realchinaexperiences.com/2025/05/06/the-brutally-honest-guide-to-vpns-for-china-from-someone-whos-been-there/

[46] ^ https://mullvad.net/en/blog/2023/5/2/update-the-swedish-authorities-answered-our-protocol-request

[47] ^ https://www.zdnet.com/article/protonvpn-apps-handed-to-open-source-community-in-transparency-security-push/, https://drive.proton.me/urls/ED8G4GC5MG#pM52Y8RMXIKn

[48] ^ https://www.techzine.eu/news/security/63184/windscribe-admits-seized-servers-were-not-encrypted/

[49] ^ https://www.onion-router.net/

[50] ^ https://support.torproject.org/https/

[51] ^ https://metrics.torproject.org/rs.html

[52] ^ https://2019.www.torproject.org/about/torusers.html.en

[53] ^ https://trendsbunker.com/tech/type-1-vs-type-2-hypervisors-key-differences-explained/

[54] ^ this Wikipedia article has a nice list of most escape exploits https://en.wikipedia.org/wiki/Virtual_machine_escape

[55] ^ https://www.qubes-os.org/intro/

[56] ^ The last time I tried installing Ubuntu in VirtualBox, it defaulted to giving it 2G of RAM, which resulted in the installation program for Ubuntu hanging due to running out of system memory. Canonical recommends a minimum of 2G of RAM for virtualized installations, and 4G of RAM for "physical installs" in their documentation. However, this is the only time I can recall that VirtualBox defaulted to specifications that were incompatible with the guest operating system.

[57] ^ https://www.ibm.com/think/topics/cryptography-history

[58] ^ https://www.cloudflare.com/learning/ssl/what-is-https/

[59] ^ https://www.comparitech.com/blog/information-security/diffie-hellman-key-exchange/

[60] ^ https://csrc.nist.gov/glossary/term/asymmetric_cryptography

[61] ^ When DES was phased out in 2005, most machines were not powerful enough to feasibly brute-force DES keys, so specialized hardware was required to do so that was specifically made to brute-force keys. Today, there are paid services online that will allow you to use that same hardware to brute-force DES keys in a relatively short amount of time. https://www.nist.gov/news-events/news/2005/06/nist-withdraws-outdated-data-encryption-standard, https://en.wikipedia.org/wiki/EFF_DES_cracker, https://www.freeswan.org/freeswan_trees/freeswan-1.5/doc/DES.html

[62] ^ https://wikileaks.org/wiki/Main_Page Search through the WikiLeaks wiki and you'll find that many leaks will have torrent/magnet links. Also, a general summary of torrenting: https://uwaterloo.ca/arts-computing-newsletter/spring-2014/feature/bittorrent-what-you-probably-dont-know-about-torrents

[63] ^ https://www.pcworld.com/article/432297/utorrent-quietly-installs-a-cryptocurrency-miner-on-users-computers.html

[64] ^ While I believe that piracy is a smear word, it is the most common term used to apply to this exact action. The reasoning behind my belief is based around the GNU Project's reasoning: that publishers use the word "piracy" as a way of indirectly implying that copying they don't approve of has the same ethical considerations that real-world piracy has, which is clearly ridiculous. https://www.gnu.org/philosophy/words-to-avoid.en.html#Piracy, https://torrentfreak.com/mpaa-banned-from-using-piracy-and-theft-terms-in-hotfile-trial-131129/

[65] ^ https://www.theregister.com/2006/05/31/piratebay_raid/, https://arstechnica.com/tech-policy/2012/10/evasive-maneuvers-how-the-pirate-bay-founders-dodged-swedish-justice/

[66] ^ https://www.businessinsider.com/riaa-claims-limewire-owes-trillions-2012-5

[67] ^ 17 U.S. Code § 108 - "... it is not an infringement of copyright for a library or archives, or any of its employees acting within the scope of their employment, to reproduce no more than one copy or phonorecord of a work ..." https://www.law.cornell.edu/uscode/text/17/108

[68] ^ 17 U.S. Code § 1201 - "No person shall circumvent a technological measure that effectively controls access to a work protected under this title." The copying is not the problem, but instead the means used to break the restrictions that are put in place to prevent copying. https://www.law.cornell.edu/uscode/text/17/1201, https://legalclarity.org/is-it-illegal-to-rip-a-dvd-you-own-for-personal-use/

[69] ^ They were fairly recently (as of writing) officially designated in the United States as a "federal library". In practice, this means that they are allowed to archive and maintain U.S. government publications. https://www.pcmag.com/news/internet-archive-is-now-a-federal-library-will-offer-us-documents-online

[70] ^ https://www.eff.org/deeplinks/2020/11/github-reinstates-youtube-dl-after-riaas-abuse-dmca

[71] ^ https://www.eff.org/deeplinks/2025/05/kids-online-safety-act-will-make-internet-worse-everyone

[72] ^ https://torrentfreak.com/u-s-senators-introduce-new-pirate-site-blocking-bill-block-beard/, https://reclaimthenet.org/us-lawmakers-block-beard-bill-website-censorship-piracy

[73] ^ https://www.eff.org/deeplinks/2025/02/saving-internet-europe-defending-privacy-and-fighting-surveillance

[74] ^ https://www.eff.org/deeplinks/2021/06/gdpr-privacy-and-monopoly, https://edri.org/our-work/a-missed-opportunity-for-enforcement-what-the-final-gdpr-procedural-regulation-could-cost-us/, https://www.euronews.com/next/2025/04/18/eu-plans-to-reform-data-protection-rules-are-tangled-mess-privacy-advocates-warn

[75] ^ https://www.eff.org/deeplinks/2025/04/digital-identities-and-future-age-verification-europe

[76] ^ https://www.eff.org/deeplinks/2021/11/un-human-rights-committee-criticizes-germanys-netzdg-letting-social-media

[77] ^ https://reclaimthenet.org/germanys-mass-surveillance-plan

[78] ^ https://edri.org/our-work/french-administrative-supreme-court-illegitimately-buries-the-debate-over-internet-censorship-law/

[79] ^ https://www.wlrfm.com/news/gardai-to-gain-power-to-intercept-live-encrypted-chats-1204594, https://www.irishexaminer.com/news/arid-41438716.html

[80] ^ https://www.eff.org/deeplinks/2025/08/americans-be-warned-lessons-reddits-chaotic-uk-age-verification-rollout

[81] ^ https://www.aclu.org/news/privacy-technology/flock-roundup, https://www.eff.org/deeplinks/2025/06/flock-safetys-feature-updates-cannot-make-automated-license-plate-readers-safe