Yes, I am one of those people, literally all the time. This is the point of laptops.

And I use default Ubuntu Desktop config, kept up to date of course.

If that makes me and OP sitting targets, then maybe we should address this concern to the people who make distros rather than to a random anxious newbie.

Just to clarify this comment for other "total newbies": yes, the UFW default config is fine and "you don't need to mess with it".

But by default UFW itself is not even enabled on any desktop OS. And you also don't need to mess with that. It's because the firewall is on the router.

OP said clearly that this "is just my personal computer" and here we all are spreading unintentional FUD about firewall configs as if it's for a public-facing server.

This pisses me off a bit because I remember having exactly the same anxiety as OP, to the point of thinking Linux must be incredibly insecure - how does this firewall work? dammit it's not even turned on!! And then I learned a bit more about networking.

This discussion should have begun with the basics, not the minutiae.

Yes, fair point.

As I understand it, the main risk of an untrusted local network is with DNS. The best precaution being to set it manually (to 1.1.1.1 for example or ideally something less centralized). Actually I used to do that myself, running a stub DNS server on localhost. This kind of option really should be in every OS by default.

Would be interested to know the consensus on better locking down a roving laptop.

Well, screwed I will be, then. I'm not going to waste my life babysitting a bespoke firewall on my Ubuntu Desktop.

And it seems like a bad idea to be telling beginners on Ubuntu or Mint whatever that their "security philosophy is flawed" and they must imperatively run these 10 lines of mysterious code or else bad things will happen.

This whole discussion looks like a misunderstanding. OP is not a sysadmin on public-facing server. They are a beginner on a laptop at home.

This is the correct answer!

OP says they are talking "just my personal computer" and yet people here are responding as if is a sysadmin running a website.

You don't need a firewall on a typical desktop computer. You only need them on routers and servers.

That is because your personal computer is not actually on the internet. It is on a local network (LAN) and it talks only to your router. The router is the computer connected to the internet, and it has a firewall.

The question highlights a classic misunderstanding about networking that IMO should be better addressed. I was like OP once, and panicking about this pointlessly.

Addendum: You're all replying to OP as if they're a sysadmin managing a public-facing server. But OP says clearly that they're just a beginner on a PC - which will almost certainly be firewalled by their router. We should be encouraging and educating people like this, not terrorizing them about all the risks they're taking.

You don't need a firewall on a typical desktop computer. You only need them on routers and servers.

That is because your personal computer is not actually on the internet. It is on a local network (LAN) and it talks only to your router. The router is the computer connected to the internet, and it has a firewall.

The question highlights a classic knowledge gap about networking that IMO should be better addressed. I was like OP once, and panicking about it pointlessly.

Your individualism. Of course I'm aware of the huge downsides, but my understanding is that personal freedom has been a vanishing rare thing in human history. As I see it, some very odd circumstances (puritans and the frontier) generated the USA, which morphed into something even weirder still: a libertarian superpower. Which then, in extremis, saved the rest of us from authoritarianism of both right and left. Probably temporarily. I predict that after it all collapses, and with better hindsight, we'll appreciate the USA more than we do today.

Ugh! That word again.

Guessing you're American. Over here in soft Europe, even to ask that question would get you ostracized as a psychopath.

Of course, most of us are complete hypocrites given our diets.

BRB.

sudo apt purge cups

Done. This should not even be part of baseline Ubuntu desktop. Speaking for myself but I have not had a printer for about 15 years. The paperless office really did become reality.

The counter-argument is that communes are populated by an unusual variety of human being, hence their rarity, and that most people are motivated by less disciplined human goals such as status and material accumulation.

Same. I checked on my Debian VPS the other day after many months of negligence and, sure enough, everything was up to date and secure thanks to unattended-upgrades with the reboot option enabled.

It also has YAST which is the best GUI based managment system on Linux

Semi-offtopic. Suse was my first distro 20 years ago and in those few months I had such a nightmarish experience with dependency hell in YAST and Yum, and such a contrastingly good experience with APT after I finally moved to Debian, that I have only ever used Debian and Ubuntu since then and I am still traumatized by the mere sight of the name YAST.

Silly but alas true! Of course I didn't understand anything back then and I'm sure YAST is much better these days.

Almost thought you'd done one yourself there with this "even then"! But I was thinking of even still (from even so). Which BTW is probably in my top 3 most hated malaphors or catachreses or whatever they are.

Not exactly what you're looking for but Waydroid on Ubuntu, for example, is pretty easy get up and running. I tried it and it works. In full-screen mode you really are sitting inside a landscape-format Android installation. Pretty weird.

catachresis

Ha! Here you are answering the actual question but nobody cares!

Amazing. I had never seen this word before.

Current pet peeve: "to step foot on". Facepalm! Just coz somebody misheard "set" doesn't make "step foot" grammatical. And yet here we are.

That's why I emphasized the word "server"

E2EE with a server web interface is a technical impossibility. The ends are the clients. By definition the server is only there to pass encrypted data from client to client. Presumably you can make this work with a web client using the browser's local storage, but at that point you're not actually looking at a web site and you might as well just use the official app. This is one reason why Telegram doesn't do encryption by default: group chats are particularly hard to do with EE2E.