nonprism is a repository that aims to provide software built and patched to be secure from global data surveillance programs like PRISM, XKeyscore and Tempora with packages optimized for i686 and x86_64 CPUs. You can find an updated list of removed packages and eventual corresponding replacements at your-privacy blacklist.
1 Activation of nonprism repo
You can add the following lines to your /etc/pacman.conf:
[nonprism] SigLevel = PackageRequired Include = /etc/pacman.d/mirrorlist
Up-/downgrade installed packages from configured repositories:
# pacman -Syuu
Then install your-privacy package:
# pacman -S your-privacy
The your-privacy package will advise you if some blacklisted package are installed on your system and if any replacement is available. This blacklist bans nonprivacy respecting protocols, such as facebook chat and geoclue's geoip protocol, but does not include additional hardening.
If you would like to have additional security and privacy, at the expense of breaking a few features, you can install optional hardened scripts.
# pacman -S iceweasel-hardened-preferences # pacman -S icedove-hardened-preferences
These packages block additional protocols, including WebRTC, WebGL, and attempts to make browser fingerprinting much more difficult. DOM Storage is turned off, and a firejail chroot is used for extra protection.
To enable nonprism protection, start iceweasel and icedove using the below commands:
# iceweasel-hardened # icedove-hardened
Originally, this repo was only intended to block providers which were known to be involved in the PRISM global surveillance program. However, after a consensus in November 2016, it was decided to include hardened packages which remove lower level protocols that may cause privacy leaks, metadata/fingerprinting, and vulnerabilities.