Your FreedomTech crypto computer has arrived. Getting your crypto computer setup right from day one means you can focus on trading and investing, not troubleshooting. The good news: most of the hard work is already done. Every crypto computer setup leaves our hands fully configured — the operating system is hardened, the browsers are installed and locked down, the firewall is running, and your desktop shortcuts are ready to go. You do not need an IT background to use this machine safely.
What you do need is a clear picture of how it works and why each part of the setup matters. This guide walks you through everything — from first boot to daily habits — in plain English. If you’ve ever wondered why we use two browsers, what KeePassXC is actually for, or when to use your encrypted USB, this is the place to start.
For a deeper look at why a dedicated crypto computer matters in the first place, see our Linux laptop for crypto security overview.
When you power on your FreedomTech machine for the first time, you’ll log in using your provided username with passord. The desktop looks familiar — there’s a taskbar at the bottom, a start menu, and a set of clearly labelled shortcuts. FreedomTech wallpaper is set by default.
On your desktop you’ll find shortcuts for five applications:
Brave – Email & Downloads | LibreWolf – Crypto Wallets Only | Signal – Encrypted Messaging | Mullvad – VPN | KeePassXC – Password Manager
You’ll also see a START_HERE folder on the desktop. Open this first. It contains a copy of this guide and your browser hardening reference — useful to keep handy while you get settled in.
Two Timeshift restore snapshots are already saved on the machine: one taken at factory build, one after final verification. Think of these as your safety net. If you ever make a change that breaks something, you can roll back to a known working state without losing your data.
**Bear in mind, timeshift will only restore your computer back to a working state, and will not re-install lost information**
This is the foundation of your crypto computer setup, and it is non-negotiable.
Every FreedomTech machine uses two browsers with completely separate roles. Mixing them up defeats the purpose of the setup.
Open Brave for email, research, general browsing, file downloads, and exchange portals. Brave is your everyday browser. It comes pre-configured with shields set to Aggressive, fingerprinting protection set to Strict, cookies cleared automatically when you close it, and all tracking features — Leo AI, Brave Rewards, Sync — disabled.
Brave is used by tens of millions of people worldwide, which means your browser looks like everyone else using Brave. That’s a meaningful privacy advantage — you blend into the crowd rather than standing out as a modified or unusual setup.
What Brave is not for: crypto wallets, exchanges requiring wallet connection, or any Web3 interaction. That’s LibreWolf’s job.
Open LibreWolf only when you’re interacting with a crypto wallet, a decentralised exchange, or any Web3 application. Nothing else. No email. No research. No general browsing.
LibreWolf is pre-configured with fingerprinting resistance enabled, WebRTC disabled (which prevents your real IP leaking through browser calls), DNS over HTTPS enforced, and cache cleared on exit. Each wallet you use gets its own containerised browser profile, which means your Bitcoin activity and your Ethereum activity are isolated from each other even on the same machine.
The reason this separation matters is simple. Most malware that targets crypto users spreads through general browsing — fake extensions, compromised downloads, phishing sites. If LibreWolf never touches general browsing, it never encounters those infection vectors. The separation is the protection.
Security researchers recently identified an infostealer called Torg Grabber that targets 728 cryptocurrency wallet browser extensions — covering virtually every major wallet in active use today. It was being updated with new attack infrastructure every single week. The two-browser model exists specifically to cut off the attack surface these tools depend on.
The rule to remember: Brave for life, LibreWolf for crypto. Keep these roles strict and your setup stays clean.
Mullvad VPN is pre-installed on your machine but not pre-activated. Activation requires your own Mullvad account, which keeps your subscription completely separate from FreedomTech. This is deliberate — your VPN account should belong to you alone.
To get started, visit mullvad.net on Brave, create an account using just an account number (no email address required — this is one of Mullvad’s best features), and add time to your account. Then open Mullvad from your desktop shortcut, enter your account number, and connect.
Once connected, Mullvad encrypts your internet traffic and routes it through servers that log nothing. Your internet service provider can no longer see which sites you’re visiting. This matters more than most people realise — without a VPN, your ISP has a complete record of every domain you visit, regardless of whether the connection itself is encrypted.
One important note: your FreedomTech machine is configured with DNS-over-TLS system-wide. Leave the secure DNS option inside Brave and LibreWolf turned OFF. The system-level setting handles this already — turning it on inside the browser as well creates a conflict. This is already set correctly on your machine; just leave it alone.
KeePassXC is an offline password manager — it stores all your passwords in an encrypted database that lives on your machine, not in someone else’s cloud server. It comes pre-installed on every FreedomTech crypto computer setup.
On first use, you’ll create a new database. Open KeePassXC from your desktop shortcut, go to File → New Database, choose a name and a save location, and set a strong master passphrase. This is one of the two passwords you’ll need to remember — the other is your encrypted USB passphrase. Every other password can be randomly generated and stored in KeePassXC.
For each exchange account, wallet login, and email address associated with your crypto activity, use KeePassXC’s built-in generator to create a long, random password. The guide recommends a minimum of 20 to 32 characters. Unique passwords for every account mean that if one service is ever breached, the damage stops there.
KeePassXC also supports TOTP two-factor authentication codes. If you set up 2FA on an exchange using a TOTP authenticator app, you can store those codes inside KeePassXC as well — go to New Entry → clock icon → paste your TOTP secret. KeePassXC will generate live one-time codes directly, removing the need for a separate authenticator app.
Set KeePassXC to auto-lock after a short period of inactivity, and set the clipboard clear timer to 10 to 30 seconds. This means any password you copy will be wiped from your clipboard automatically, which reduces the window for clipboard monitoring tools to intercept it.
Back up your KeePassXC database regularly. The easiest place to store the backup is your encrypted USB — more on that below.
If your crypto computer setup from FreedomTech included a LUKS-encrypted USB drive with the order, this section is important. The encrypted USB is your offline backup — a place to store your KeePassXC database, wallet documentation, and any sensitive files you want kept off the internet entirely.
The USB ships with a passphrase that is included in your FreedomTech documentation. You must change it before storing anything sensitive. Unlock the USB by inserting it and clicking it in the file manager, then open Terminal and run:
lsblk -o NAME,SIZE,TYPE,TRAN
Identify your USB partition (look for TYPE=part and TRAN=usb), then run:
sudo cryptsetup luksChangeKey /dev/sdX1
Replace sdX1 with your actual partition name from the previous command. Enter the old passphrase when prompted, then set a new one. Choose something strong that you’ll remember — there is no recovery option if you forget it.
Inside the unlocked USB you’ll find two folders: KeePass/ for your password database backups, and Documents/ for PDFs, wallet exports, and any other sensitive files. Store your wallet seed phrase documentation inside KeePassXC rather than as a plain text file — even on an encrypted USB, it’s better practice.
Always close the USB using the Lock_Backup_USB.sh script on your Desktop — not by simply ejecting from the file manager. Right-click the script, choose Run in Terminal, and wait for the confirmation message before unplugging. This ensures the encrypted volume is properly locked before the drive is removed.
Keep a second encrypted USB as an offsite backup if you can. Two copies in two locations is the standard approach for anything irreplaceable.
Your crypto computer setup handles most of the heavy lifting — but a few daily habits on your end complete the picture.
Always verify the full wallet address after pasting it into a transaction field. Don’t just check the first and last few characters — clipboard malware specifically targets users who spot-check. Read the whole address. For large transactions, paste the address, close the transaction, re-open it, and verify again before confirming.
Keep Mullvad connected whenever you’re using the machine. It takes seconds to connect and runs quietly in the background. There’s no good reason to browse or interact with wallets without it active.
Download wallets and updates only from official sources. Never install a wallet or trading tool from a link in an email, a social media post, or a search result ad. Go directly to the official website, check the URL carefully, and download from there.
Keep your seed phrases off the machine entirely. Your FreedomTech computer is well-hardened, but the gold standard for seed phrase storage is offline and physical — written on paper or stamped on metal, stored somewhere secure. Never photograph a seed phrase or type it into any online service.
When you’re done for the day, lock KeePassXC, disconnect Mullvad, and if you used the encrypted USB, lock it using the desktop script before unplugging.
Your machine came with a Rescue USB (built on Ventoy). Keep this somewhere safe — ideally not in the same bag as your laptop.
If you need to restore the machine to a clean state, Timeshift handles it. Open the Timeshift application from the start menu, choose a restore point (the factory baseline or the post-setup verified snapshot), and follow the prompts. The machine will reboot into a known clean state.
If the operating system itself needs to be rebuilt from scratch, the Rescue USB contains two setup scripts. Stage 1 (1_SYSTEM.sh) rebuilds the secure system base. Stage 2 (2_USER.sh) reinstalls your applications and desktop configuration. The START_HERE folder on the Rescue USB walks you through both steps. If you get stuck, contact FreedomTech before trying anything else.
For support, email [email protected] or join the community on Telegram.
Very little. The machine is fully configured before it leaves FreedomTech. The main first steps are: log in using the username cpc, read through the START_HERE folder on your desktop, activate Mullvad with your own account, create your KeePassXC database, and change the passphrase on your encrypted USB if you received one. Everything else is already done.
It depends on what you're doing. If you're logging into an exchange to check prices, read news, or manage account settings without connecting a wallet, use Brave. If you're connecting a software wallet to an exchange or interacting with a dApp, use LibreWolf. When in doubt, keep wallets in LibreWolf and everything else in Brave.
Yes, but be selective. Only install software from trusted, official sources. Avoid browser extensions unless you have a specific, verified need for them — every extension is a potential attack surface.
Stop using it immediately for any crypto activity. Disconnect from the internet. Contact FreedomTech via email at [email protected] and describe what you observed. Do not attempt to clean the machine yourself — preferably use the Rescue USB to rebuild from scratch if necessary.
Not on this machine, and not anywhere digital. The safest approach is offline and physical — written on paper and stored securely, or stamped into metal for durability. Never photograph a seed phrase, never type it into a website or app, and never store it in cloud storage. Your encrypted USB is a better option than cloud storage, but even then, storing seed phrases inside your KeePassXC database (rather than as a plain text file) is the preferred approach.
The Mullvad desktop shortcut opens the client, which shows your connection status clearly. When connected, it displays the server location and confirms your traffic is protected. You can also verify your IP address has changed by visiting ipleak.net in Brave while Mullvad is active — your real IP should not appear.
