One of my biggest security concerns is my data being stolen from my system. As a tech writer, I constantly install different apps and tools on my PC, and I would hate it if one of them had some malicious inclinations and decided to phone home sensitive data from my system.

To protect myself from these types of mishaps, I use Portmaster by Safing. It’s a free and open-source (FOSS) network activity monitor and application firewall. I can use it to check which apps are currently accessing the internet, what servers they are connecting to, as well as how much data they are uploading and downloading. I can also use it to block an app from accessing the internet altogether.

On Ubuntu and Ubuntu-based distros, you’ll have to download Portmaster as a DEB file and then install.

For example, take a simple calculator app I might have downloaded. Portmaster can tell me if it’s connecting to the internet, which is strange! But at the same time, it can also tell me if it’s uploading data—which is concerning, versus downloading data—which is understandable, especially for currency conversion tasks! So, while a calculator app accessing the internet is worrisome, Portmaster helps me understand what it’s doing, and make an informed decision instead of being paranoid.

Of course, you could simply use the terminal to get network-level control over your apps, but Portmaster makes it easier through an elegant and modern graphical interface.

Now, apart from Portmaster, I also use taskbar widgets to keep an eye on overall network traffic all the time. I personally use the KDE Plasma desktop environment and the Network Monitor widget. But if you’re on GNOME, you can use the Vitals GNOME extension and get the same functionality.

The idea here is to get a quick view of the current network traffic. I generally have an idea of what normal network activity looks like—download spikes during browsing, upload spikes during, well, uploading stuff. If I notice significant network activity when I’m idle or just typing in a text editor, I instantly know something’s amiss and that it’s time to visit Portmaster to find out what’s wrong.

While a network monitor can help you check if apps are stealing data from your system, it can’t protect you from installing a malicious app in the first place. This is why I prioritize downloading apps from my distro’s official repository (repo). These packages are vetted by the distro’s maintainers and then made available to the you. As such, if you trust your distro, there’s no reason to question the apps it’s distributing.

That said, not all apps are always available in the official repos. This is when I look into containerized options like Flatpak. These apps run in a sandbox, making them generally safe to use, but don’t trust them blindly. Some apps request broad system access, which can pose security risks. Therefore, always check the permissions of an app before installing, see if those are actually necessary for it, and then press the Install button. For Flatpaks, you can generally check the Flathub website to see its security rating.

Sometimes I also need to download stuff from third-party repos like PPAs (Personal Package Archives) and the AUR (Arch User Repository). Here I follow a simple rule of thumb: popularity equals scrutiny. If thousands of users install an app from the AUR, there’s a lot of eyes on it to check for potential malicious code. That said, if you don’t know about the popularity of the app, you can simply search for it on Reddit, or your distro’s official forum and check what others have to say.

The tricky part is when you need to install some random script or tool, e.g., desktop widgets or custom themes from GitHub. This is where I check how many people are watching the project and how many stars it has. Usually something in the thousands or upper hundreds is enough to give me confidence, as most of these people are developers looking into the code and not regular users.

If it’s a small script with a couple of hundred lines of code, you can potentially do a security audit yourself. You can use Gemini 2.5 Pro (known to be good at coding) to audit the app for you. Simply open the GitHub page for the script, and in the URL, change github to uithub. This will show you the full repository structure and code context which you can now copy and paste into Gemini 2.5 Pro and ask it for an audit.

While some attacks aim to steal your data, others want to destroy it or hold it hostage through ransomware. Your best defense against the latter is a solid backup strategy. I maintain an automated backup system that regularly copies my essential files to the cloud. If you don’t want to save it in the cloud, you can also save it to an external drive or a Network Attached Storage (NAS).

Ransomware is devastating, expensive, and on the rise. A key point is not to keep the backup of your system on the system itself. This ensures that if my main system is compromised, my backups remain safe. I’ve seen too many people keep their backups on the same system they’re backing up. This completely misses the point—if your system is compromised or crashes, those backups go down with it.