new post

Matt Yang · Matt Yang · commit ae60d9847bb1 · 2026-04-25T11:15:49.000-05:00
diff --git a/src/content/writing/2026-04-25.md b/src/content/writing/2026-04-25.md
@@ -0,0 +1,66 @@
+---
+title: "Privacy on Linux: Guide to CachyOS"
+date: "2026-04-08"
+description: "Basic privacy settings on CachyOS"
+---
+
+# Privacy on CachyOS
+
+Three changes cover most practical privacy concerns on CachyOS.
+
+## 1. Browser: Block Trackers
+
+Install two Firefox extensions:
+- **uBlock Origin** — blocks ads and ad-serving domains
+- **Privacy Badger** — blocks invisible trackers and analytics pixels
+
+## 2. DNS: Stop ISP Logging
+
+Your ISP sees every DNS query you make, even on HTTPS. Switch to Quad9.
+
+**Option A: nmtui (GUI)**
+```bash
+nmtui
+```
+Navigate to Edit a connection → your WiFi/Ethernet → IPv4 Configuration → DNS servers. Replace your ISP's servers with `9.9.9.9` and `149.112.112.112`.
+
+**Option B: edit the config directly**
+
+Edit `/etc/systemd/resolved.conf` and set:
+```
+DNS=9.9.9.9 149.112.112.112
+```
+
+Either way, restart systemd-resolved:
+```bash
+sudo systemctl restart systemd-resolved
+```
+
+Verify:
+```bash
+nslookup google.com
+```
+
+Quad9 also blocks known malware domains at the DNS level.
+
+## 3. Firewall: Block Inbound Connections
+
+```bash
+sudo systemctl enable --now ufw
+sudo ufw default deny incoming
+sudo ufw default allow outgoing
+```
+
+Allow exceptions as needed (e.g. Syncthing):
+```bash
+sudo ufw allow 22000/tcp
+sudo ufw allow 22000/udp
+```
+
+Note: your home router likely already does this. UFW adds a second layer.
+
+---
+
+That's it. Browser extensions take 2 minutes, DNS takes 5. These three changes stop most behavioral tracking and hide your browsing from your ISP without breaking anything.
+
+**What's probably overkill:** VPN at home, Tor, disabling JavaScript, encrypted email (unless you have specific threat actors).
