2026-04-25

Privacy on Linux: Guide to CachyOS

Security and privacy have been on my mind since switching to CachyOS and after doing some brief research, I’ve landed on three changes that cover most practical concerns.

1. Browser: Block Trackers

Install two Firefox extensions:

  • uBlock Origin — blocks ads and ad-serving domains
  • Privacy Badger — blocks invisible trackers and analytics pixels

2. DNS: Stop ISP Logging

The ISP sees every DNS query, even on HTTPS. Switch to Quad9.

Option A: nmtui (GUI)

nmtui

Navigate to Edit a connection → your WiFi/Ethernet → IPv4 Configuration → DNS servers. Replace ISP’s servers with 9.9.9.9 and 149.112.112.112.

Option B: edit the config directly

Edit /etc/systemd/resolved.conf and set:

DNS=9.9.9.9 149.112.112.112

Either way, restart systemd-resolved:

sudo systemctl restart systemd-resolved

Verify:

nslookup google.com

Quad9 also blocks known malware domains at the DNS level.

3. Firewall: Block Inbound Connections

sudo systemctl enable --now ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing

Allow exceptions as needed (e.g. Syncthing):

sudo ufw allow 22000/tcp
sudo ufw allow 22000/udp

Note: The home router likely already does this. UFW adds a second layer.

Other possible actions: VPN at home, Tor, disabling JavaScript, encrypted email, etc.