22
submitted 1 year ago by chockblock@lemmy.world to c/linux@lemmy.ml

For my phone, I use Graphene OS. What would be the best desktop Linux option to match the level of security and privacy that GOS provides?

top 50 comments
sorted by: hot top controversial new old
[-] interdimensionalmeme@lemmy.ml 18 points 1 year ago

Tails in proxmox in tails running on pure ramdrive system with no longterm storage, cpu, bios, mac serials overwritten with FFFFFFF, TPM chip desoldered or lasered off CPU, connected to TOR viato mullvad paid with crypto, through VPN running left behind sanitized device hidden in a library, through second sanitized vpn device connected to private insecure wifi in poor residential area with no cameras, after abolishing the state

[-] T0RB1T@lemmy.ca 2 points 1 year ago

Truly a person of refined taste.

[-] coderade@lemmygrad.ml 2 points 1 year ago

Only two layers of sanitizers? Gosh might as well just put your social security number out there

[-] interdimensionalmeme@lemmy.ml 3 points 1 year ago

Read my instructions to the end, always abolish the state before you start. This makes social security numbers powerless, look, 663 342 934. Nothing happened.

[-] lengsel@latte.isnot.coffee 0 points 1 year ago

The's a good one! 😊 It's funny

[-] marmalade@sh.itjust.works 6 points 1 year ago* (last edited 1 year ago)

Depends on what you mean for security/privacy. You can use Tails or whatever and have everything encrypted and then just be logging into your Facebook account on Chrome without an ad blocker.

Most Linux distros are secure enough for the average person who isn’t being targeted by some crazy state level actor. If you’re particularly concerned stick with a distro that has a security team like Debian. As for privacy that has more to do with the sites you browse and have accounts with but obviously avoid Google (I just use Firefox instead of Chrome) use an adblocker like ublock origin, along with maybe something like decentraleyes.

[-] Synthead@lemmy.world 2 points 1 year ago

Chrome phones home a lot. It's not a good idea to use it if you care about privacy. Firefox even has metrics enabled by default, although you can turn them off.

[-] HughJanus@lemmy.ml 6 points 1 year ago

Tails, Qubes, or Whonix

[-] authed@lemmy.ml 4 points 1 year ago

Qubes on Whonix

[-] radioactiveradio@lemm.ee 3 points 1 year ago

Try Tails, you don't even gotta install it. Keep it on a flash drive and just plug it into your computer whenever you wanna use it.

[-] mojo@lemm.ee 3 points 1 year ago

Pretty much any distro that isn't Ubuntu. Are you asking for privacy or security? Those are very different.

For security, I'd stick to more complete distros like Fedora instead of more diy distros like NixOS or Arch. They're great to learn and tinker with, but distros like Fedora have security experts adding mitigations and security stuff in the distro by default, whereas most users of Arch or something would have to manually look up those things and keep up to date on the latest security. So basically, none of them lol.

Using more hardcore security distros like QubesOS is not very realistic as a daily driver. You'll see Linux nerds name drop it and claim they know what they're talking about, but none of them will actually dailt drive it because it's a very painful experience. Just stick with flatpaks as much as you can for pretty solid security.

[-] gobbling871@lemmy.world 1 points 1 year ago

What security stuff/mitigations are added on Fedora that are not on Ubuntu?

[-] I_like_cats@lemmy.one 3 points 1 year ago

Ubuntu is bad privacy-wise because it has opt-out telemetry. The telemetry is not very invasive though and I wouldn't really call it a privacy risk. There are other reasons to prefer other distros over Ubuntu though

[-] gobbling871@lemmy.world 4 points 1 year ago

Not making a case for Ubuntu but even Fedora has opt-out telemetry.

[-] I_like_cats@lemmy.one 3 points 1 year ago

You're right. This only counts users though whereas Ubuntu collects information about your system

[-] RecursiveDescent@discuss.tchncs.de 1 points 1 year ago* (last edited 1 year ago)

Looks like they do add quite a bit security features. Having SELinux installed and working out of the box being the biggest. https://fedoraproject.org/wiki/Security_Features

load more comments (5 replies)
[-] Shareni@programming.dev 0 points 1 year ago

I think they meant privacy. Windonical doesn't have a good track record on that front...

[-] gobbling871@lemmy.world -1 points 1 year ago

Nope. GP explicitly mentioned security experts that Fedora employs and other security stuff that Fedora apparently has an advantage on over other distros. I wonder if they knew in particular what these advantages are because that got me curious.

[-] Shareni@programming.dev 0 points 1 year ago

Read their comment again. The first paragraph is about privacy and Ubuntu is only mentioned at that point. Fedora's default security is only compared to nix and arch.

[-] gobbling871@lemmy.world -1 points 1 year ago

I used Ubuntu as an example for argument's sake not as a defence for Ubuntu's privacy/security features.

[-] Hizeh@hizeh.com 2 points 1 year ago

How does Void Linux rate on the security and privacy front compared to the top recommendations in this thread?

[-] Titou@feddit.de 2 points 1 year ago
[-] ManyRoads@lemmy.sdf.org 2 points 1 year ago

If you look through this thread, you may notice that almost everything is biased towards personal preference(s). I recommend you research for those aspects of security AND privacy that interest you and select the tools, distros that you prefer. The beauty of Linux lies in its variety. Use what pleases you and serves your needs.

[-] unceme@lemmy.one 1 points 1 year ago

Everyone is recommending Tails but I feel like that's a lot more intense security and privacy wise than GrapheneOS, since Tails runs in a live environment only.

[-] chockblock@lemmy.world 1 points 1 year ago

Yea I am looking for something a little more general purpose

[-] milo128@lemm.ee 1 points 1 year ago

my impression is that grapheneos is only private and secure compared to regular android. likewise, any linux distro is going to be secure and private when compared to windows.

[-] chockblock@lemmy.world 1 points 1 year ago

Sure, but graphene OS just has some really thoughtful privacy focused features, and I'm looking for a Linux distro that would have similar features if there is such a thing.

One thing I love about graphene is by default, the MAC address is randomized for every single connection. Also, the Bluetooth can be set to time out and turn off after a certain period of not being used.

[-] StimulatedYorkie@lemmy.ml 0 points 1 year ago

Nix OS, Guix or Vanilla OS for sandboxing I guess. But basically everything but Ubuntu is pretty good for privacy, it’s a big part of free software philosophy.

[-] Aman9das@rammy.site -1 points 1 year ago

Anything that's not made in china

Ubuntu Mint Fedora are all good to go

[-] CjkOvPDwQW@lemmy.pt 1 points 1 year ago

Anything thats not made in America.

What kind of point is that ? Are there any problem with chinese distro ?

[-] Shareni@programming.dev 2 points 1 year ago

Chinese distros have backdoors for the Chinese government, intel and amd processors have backdoors for the US government

[-] 0therbit5@lemmy.ml 0 points 1 year ago

Really? About Intel and AMD, how? I'm just curious about that.

[-] Shareni@programming.dev 0 points 1 year ago

Read up on the intel management engine. It's an extra chip that was included in pretty much every intel CPU since 2008. It's got pretty scary potential, but no alphabet agency has yet declassified their info on it (think CIA denying any involvement in shipping and selling heroin, but then declassifying documents that proved they shipped heroin in coffins and bodies of dead soldiers).

[-] mojo@lemm.ee 0 points 1 year ago

You're pretty deep in the tinfoil hat zone now. CPU proprietary black box does not mean the NSA are trying to infiltrate your broken arch setup so they can let their FBI lizard agents steal ur hentai.

[-] Shareni@programming.dev 1 points 1 year ago

Oh for sure, but I'd be really surprised if the super secret black box that can't be completely expunged from your machine doesn't have anything to do with some alphabet agency.

After all, we know that NSA approached Linus to put in a backdoor (Linus's father, Linus), and that NSA linked groups have used Linux backdoor malware in the past.

That might be proof against IME being a backdoor, but it could also be a smoke screen and insurance.

[-] CjkOvPDwQW@lemmy.pt 0 points 1 year ago

Are there any proof of that ? (Chinese distros having backdoors).

[-] the666dude@mastodon.social 3 points 1 year ago

@CjkOvPDwQW @Shareni
I would not trust a CIA backed Linux distro either, proof or not.

[-] Shareni@programming.dev 0 points 1 year ago* (last edited 1 year ago)

I don't know of any specific proof, but just look at Deepin's EULA. You need to accept that pretty much all data that could be gathered will be gathered, even data like daily log in times. Stuff like that makes me believe stories that the CCP is forcing companies to add backdoors. Especially when you consider that Chinese hackers are analyzing and publishing findings on NSA Linux backdoors, and releasing new backdoor malware every few months.

[-] CjkOvPDwQW@lemmy.pt 1 points 1 year ago

So just a conspiracy theory then

[-] Shareni@programming.dev -1 points 1 year ago

Sure buddy. In the meanwhile i think i answered your question:

What kind of point is that ? Are there any problem with chinese distro ?

[-] CjkOvPDwQW@lemmy.pt 0 points 1 year ago

Yeah, but from having an eula to having a backdoor goes a long way

[-] Shareni@programming.dev -1 points 1 year ago

The absence of evidence is not the evidence of absence, and so on. But yeah, I agree it's just a conspiracy theory for now

load more comments (1 replies)
load more comments
view more: next ›
this post was submitted on 04 Jul 2023
22 points (100.0% liked)

Linux

48048 readers
774 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS