Source code and details: https://github.com/nikolas-trey/LANGhost
Description
LANGhost is a Linux anonymity hardening layer for systems managed by NetworkManager. It minimizes identity leakage across multiple network surfaces during connection setup, enforces privacy-focused connection configurations, and implements a fail‑closed mechanism that terminates or isolates connectivity when runtime checks detect unsafe conditions.
What it does
- Randomizes MAC policy before activation.
- Assigns a randomized DHCP hostname before activation.
- Applies a per-activation identity seed for NetworkManager-derived identifiers.
- Hardens DHCP identity behavior.
- Enables stronger IPv6 privacy behavior and stable-privacy address generation.
- Disables local discovery features that can expose system identity on managed links.
- Quarantines interfaces with tc drop filters during setup.
- Verifies runtime state after activation and triggers a kill switch on failure.
deleted by creator
Thanks for clarifying. I use tailscale and set up my home LAN as exit node. So this would harden the steps before the wireguard connection buildup (within tailscale VPN), when connecting to a public network, right? Now lets assume I have an other VPN provider, do you think it’s better to use it directly (choose between tailscale and the other VPN) or chained after the tailscale exit node? Sorry if being a bit off topic.
deleted by creator