Nonprism

From ParabolaWiki
Jump to: navigation, search

nonprism is a repository that aims to provide software built and patched to be secure from global data surveillance programs like PRISM, XKeyscore and Tempora with packages optimized for i686 and x86_64 CPUs. You can find an updated list of removed packages and eventual corresponding replacements at your-privacy blacklist.

1 Activation of nonprism repo

You can add the following lines to your /etc/pacman.conf:

/etc/pacman.conf
[nonprism]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
Note: nonprism repo should be above libre repo on /etc/pacman.conf to perform the package replacement after updating.

Up-/downgrade installed packages from configured repositories:

# pacman -Syuu

Then install your-privacy package:

# pacman -S your-privacy

The your-privacy package will advise you if some blacklisted package are installed on your system and if any replacement is available. This blacklist bans nonprivacy respecting protocols, such as facebook chat and geoclue's geoip protocol, but does not include additional hardening.

2 Hardening

If you would like to have additional security and privacy, at the expense of breaking a few features, you can install optional hardened scripts.

# pacman -S iceweasel-hardened-preferences
# pacman -S icedove-hardened-preferences

These packages block additional protocols, including WebRTC, WebGL, and attempts to make browser fingerprinting much more difficult. DOM Storage is turned off, and a firejail chroot is used for extra protection.

Once installed, you will still be able to use Iceweasel and Icedove, but not at the same time as the *-hardened packages are running.

To enable nonprism protection, start iceweasel and icedove using the below commands:

# iceweasel-hardened
# icedove-hardened
Note: Many Web 2.0 websites require anti-features to work. If you must have these, they can re-enabled in ~/.mozilla/firefox/{profile}/user.js persistently across updates.
Note: Users interested in privacy and security should also consider running the linux-libre-hardened or linux-libre-xtreme kernel for additional protection.

3 History

Originally, this repo was only intended to block providers which were known to be involved in the PRISM global surveillance program. However, after a consensus in November 2016, it was decided to include hardened packages which remove lower level protocols that may cause privacy leaks, metadata/fingerprinting, and vulnerabilities.

4 Help and contributions

If you need help or if you want to contribute to this project you can join #parabola channel on the Freenode network.

5 See also