For my phone, I use Graphene OS. What would be the best desktop Linux option to match the level of security and privacy that GOS provides?
deleted by creator
Tails, Qubes, or Whonix
Tails in proxmox in tails running on pure ramdrive system with no longterm storage, cpu, bios, mac serials overwritten with FFFFFFF, TPM chip desoldered or lasered off CPU, connected to TOR viato mullvad paid with crypto, through VPN running left behind sanitized device hidden in a library, through second sanitized vpn device connected to private insecure wifi in poor residential area with no cameras, after abolishing the state
The’s a good one! 😊 It’s funny
Qubes on Whonix
my impression is that grapheneos is only private and secure compared to regular android. likewise, any linux distro is going to be secure and private when compared to windows.
Sure, but graphene OS just has some really thoughtful privacy focused features, and I’m looking for a Linux distro that would have similar features if there is such a thing.
One thing I love about graphene is by default, the MAC address is randomized for every single connection. Also, the Bluetooth can be set to time out and turn off after a certain period of not being used.
Everyone is recommending Tails but I feel like that’s a lot more intense security and privacy wise than GrapheneOS, since Tails runs in a live environment only.
Yea I am looking for something a little more general purpose
Pretty much any distro that isn’t Ubuntu. Are you asking for privacy or security? Those are very different.
For security, I’d stick to more complete distros like Fedora instead of more diy distros like NixOS or Arch. They’re great to learn and tinker with, but distros like Fedora have security experts adding mitigations and security stuff in the distro by default, whereas most users of Arch or something would have to manually look up those things and keep up to date on the latest security. So basically, none of them lol.
Using more hardcore security distros like QubesOS is not very realistic as a daily driver. You’ll see Linux nerds name drop it and claim they know what they’re talking about, but none of them will actually dailt drive it because it’s a very painful experience. Just stick with flatpaks as much as you can for pretty solid security.
What security stuff/mitigations are added on Fedora that are not on Ubuntu?
Looks like they do add quite a bit security features. Having SELinux installed and working out of the box being the biggest. https://fedoraproject.org/wiki/Security_Features
My question is simple: Which of these security features are not enabled/present in Ubuntu that give Fedora an advantage?
SELinux has a functional equivalent called Apparmor that is also enabled out of the box in most distros.
Selinux is more secure then app armor, but more difficult to use. Ubuntu is also pretty secure, I’m just not as familiar with it. I mentioned it for the privacy but, since it used to have some Amazon bloat crapped bundled and telemetry built in.
I have nothing against your personal preferences. But maybe compare today’s Ubuntu vs Fedora. It would be a much more fair comparison.
I think they meant privacy. Windonical doesn’t have a good track record on that front…
Nope. GP explicitly mentioned security experts that Fedora employs and other security stuff that Fedora apparently has an advantage on over other distros. I wonder if they knew in particular what these advantages are because that got me curious.
Read their comment again. The first paragraph is about privacy and Ubuntu is only mentioned at that point. Fedora’s default security is only compared to nix and arch.
I used Ubuntu as an example for argument’s sake not as a defence for Ubuntu’s privacy/security features.
Ubuntu is bad privacy-wise because it has opt-out telemetry. The telemetry is not very invasive though and I wouldn’t really call it a privacy risk. There are other reasons to prefer other distros over Ubuntu though
Not making a case for Ubuntu but even Fedora has opt-out telemetry.
