Searching for a Linux distro
I believe I may have live booted it once (when I needed to perform an action that live booting with Ubuntu couldn't do), and I really enjoyed the look and feel of it for the short time I used it.
Or it was a different one, but let's just assume it was Alpine ;)
If I would have to distill your philosophy, it would be something like “be protected from attacks targeted towards low(er) hanging fruit”. Would that be fair?
It may help for me to elaborate a bit. My number one enemy (like most) is Google. I have been completely Google free for 1-2 years now (with the exception of YouTube on iOS, as the alternatives ultimately require a Mac to install, which I don't have), but I haven't used Google as a search engine in over 4 years. Besides trying to give as little information as possible (I am currently experimenting with setting up a hard firewall block against their IP addresses, if you have any recommendations on how that could be automated, potentially in Python, please let me know), I also try to give as little information to other companies (Microsoft, etc.) as I can. Now, certain authorities have the permission to request data from companies, not just privacy disrespecting ones. That means that part of my threat model entails certain defenses against such agencies, to make it hard enough to correlate that data with my person. I don't go overboard, in case anyone is worried. I've seen the bondage between paranoia and privacy, and I've set myself clear boundaries I won't cross. So, my main goal is to protect against companies trying to collect my data (bleh, how cliche), but it doesn't hurt to put in place some decent practices in case the world turns for the worst. I am protecting against attacks from the government towards low hanging fruit, but when it comes to large corporations, I don't play nice.
If you want an overview of my setup, here it is:
- Tails occasionally (because it's fun)
- SecureBlue (Soon!)
- Tor Browser when using personal accounts (email, Lemmy, etc.)
- ProtonVPN on all devices 24/7 except when using Tor (for speed) or large downloads/torrents (may look into Mullvad VPN)
- Mullvad browser as a default browser
- Librewolf for functionality Mullvad Browser doesn't have (Yubikeys, etc.)
- Firefox for streaming some videos that require a specific DNS configuration (Soon looking into how to put an extreme sandbox on it)
- uBlock Origin for all browsers
- GrapheneOS (Soon, finances be blessed)
- ProtonMail + Anonaddy, use disposable emails for accounts that "don't matter"
- Very, very strong and unique passwords + 2FA/FIDO for everything applicable
- As much FOSS software as I can
- Signal as my main messenger (to help bridge the gap for my friends) until GrapheneOS, then SimpleX (Please take a look at https://privacyspreadsheet.com/messaging-apps !)
- SearXNG as my main search engine (with Google turned on, because my threat model does not go against them collecting data not correlated with me)
- Bitwarden as my password manager until GrapheneOS, then KeePass
- NextDNS as my DNS resolver (which gets overridden by the VPN's DNS on iOS)
I've come a long way since I first (unknowingly) started my journey in 2019(!)
I'll definitely see what the hype around Atomic distros is! Most likely, I'll be trying SecureBlue first. Thanks for your feedback!
I've looked into Whonix in the past, as Qubes OS is one of the host operating systems for it. I plan to try Whonix when they release their own independent ISO that is under works right now. Thank you for your suggestion!
I have an unpublished blog post about my experience using Fedora Atomic that I’m more than happy to post here if you’d like.
Sure! I would love to read it!
Great questions! I'll try to answer as best I can.
Is Qubes OS not ready yet for your intended workflow/usage? Or are you not ready to make the complete switch (yet)?
Qubes OS has a very steep learning curve due to its difficult usability, so the answer would be "both". I am willing to tackle and overcome, but I'm not ready to put in that work yet, if at all.
Unfortunately, in almost all cases, increased security/privacy is achieved through the loss of convenience. Therefore, you should ask yourself what the minimum level of security/privacy is that you absolutely require/need. How’s your threat model defined (if at all)?
I have a really funny story regarding threat models. When I first got into privacy 2-3 years ago, I had the goal of getting as deep as I could (the "strictest threat model possible") and work backwards to find out what I was willing to allow. I succeeded, but because I had gone too deep before I learned what a threat model was, I never made a clear threat model. I have a "subconscious" threat model. I have, over the past week, started working on answering the classic questions. I am trying to protect against "evil" corporations, and such, I must also protect myself against some low level government threats. My threat model "philosophy" is: I will not use a piece of software if it actively goes against me in terms of privacy. Windows, for example, is a pain to try to use while maintaining privacy.
You are the third person to recommend SecureBlue (I've been keeping track), and since it is a "Fedora Atomic spin" (Fedora Atomic as well as Atomic distros in general were also recommended three times each), I believe I will switch to it to see how it is. By the way, I love the mention of GrapheneOS, since that will eventually (finances be blessed) be my main mobile OS for the rest of my life. I wish there was a true "Linux alternative to GrapheneOS".
I will, thank you so much!
Noted, thank you!
I could make a list of all the things I would want in a distro as far as privacy, but a lot of them aren't as important as sandboxing and (obviously) a system that doesn't actively make your privacy life hell. Other features would be better clipboard management (Tails and Qubes do a great job with that), no obvious gaps in security/privacy, a system that you don't have to build yourself, etc.
I think I've used Fedora more than I have Mint, but I have been completely Windows free for years now!
I looked into flatseal, and I am incredibly happy with it, it instantly made me feel much better about my digital hygiene. As for GNOME flatpak settings, there are some toggles, but only minimal (notifications, background, etc.)
@loganb@lemmy.world, that has to be one of the most helpful suggestions for an app I've received since I first used Linux. Truly, thank you!
There is something almost identical in the settings app, is it different from that? Also, is there a way I can check which apps are/aren't sandboxed? Thank you!
If Tails wasn't amnesiac and implemented strong sandboxing, it would be perfect for me. Whonix has been (very, VERY) slowly developing their own independent ISO, which I will be quick to try when (after an eternity) it releases to the public.
Thank you! How are Atomic distros different from "regular" ones?
"deleted by creator" is the most poetic phrase I have ever heard. /s
Thank you for some clarification! Will it set me up to better understand Qubes OS later on?
Those are all great suggestions, thank you! Have you encountered any obvious issues or pitfalls that I should avoid?
No telemetry and good sandboxing by default are the main two things I am looking for in terms of privacy. As GravitySpoiled has mentioned, Arch isn't an "install and forget about it" distro, which is another thing I would look for if it were to be my main OS. If you have any suggestions based on that, please let me know!
Done, thank you! :)
It's been on my to-do list for a while to try. Thank you!
Edit: I think it may be applicable to mention that I have reinstalled Kali 3 times. The first time it broke after an update. The second time is when I learned what a desktop environment was. The third time was when I discovered why seperating /home, /etc, and so on into different partitions is bad if you don't know what you're doing. The installer for the third time was repeatedly broken (apps wouldn't open!), but the netinstaller resolved the issue.
Oddly enough, at the time only having installed a few Linux distros in my life, Qubes OS was very easy to install and ran just fine on my medium-grade hardware. Lots of people mention having problems with it, but I got really lucky it seems. Thanks for your suggestion!