For my phone, I use Graphene OS. What would be the best desktop Linux option to match the level of security and privacy that GOS provides?

  • interdimensionalmeme@lemmy.ml
    link
    fedilink
    arrow-up
    17
    arrow-down
    1
    ·
    1 year ago

    Tails in proxmox in tails running on pure ramdrive system with no longterm storage, cpu, bios, mac serials overwritten with FFFFFFF, TPM chip desoldered or lasered off CPU, connected to TOR viato mullvad paid with crypto, through VPN running left behind sanitized device hidden in a library, through second sanitized vpn device connected to private insecure wifi in poor residential area with no cameras, after abolishing the state

  • 👁️👄👁️@lemm.ee
    link
    fedilink
    arrow-up
    12
    ·
    1 year ago

    Pretty much any distro that isn’t Ubuntu. Are you asking for privacy or security? Those are very different.

    For security, I’d stick to more complete distros like Fedora instead of more diy distros like NixOS or Arch. They’re great to learn and tinker with, but distros like Fedora have security experts adding mitigations and security stuff in the distro by default, whereas most users of Arch or something would have to manually look up those things and keep up to date on the latest security. So basically, none of them lol.

    Using more hardcore security distros like QubesOS is not very realistic as a daily driver. You’ll see Linux nerds name drop it and claim they know what they’re talking about, but none of them will actually dailt drive it because it’s a very painful experience. Just stick with flatpaks as much as you can for pretty solid security.

      • I_like_cats@lemmy.one
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        Ubuntu is bad privacy-wise because it has opt-out telemetry. The telemetry is not very invasive though and I wouldn’t really call it a privacy risk. There are other reasons to prefer other distros over Ubuntu though

        • gobbling871@lemmy.world
          link
          fedilink
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          My question is simple: Which of these security features are not enabled/present in Ubuntu that give Fedora an advantage?

          SELinux has a functional equivalent called Apparmor that is also enabled out of the box in most distros.

          • 👁️👄👁️@lemm.ee
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            1 year ago

            Selinux is more secure then app armor, but more difficult to use. Ubuntu is also pretty secure, I’m just not as familiar with it. I mentioned it for the privacy but, since it used to have some Amazon bloat crapped bundled and telemetry built in.

        • gobbling871@lemmy.world
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          Nope. GP explicitly mentioned security experts that Fedora employs and other security stuff that Fedora apparently has an advantage on over other distros. I wonder if they knew in particular what these advantages are because that got me curious.

          • Shareni@programming.dev
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            Read their comment again. The first paragraph is about privacy and Ubuntu is only mentioned at that point. Fedora’s default security is only compared to nix and arch.

            • gobbling871@lemmy.world
              link
              fedilink
              arrow-up
              1
              arrow-down
              1
              ·
              1 year ago

              I used Ubuntu as an example for argument’s sake not as a defence for Ubuntu’s privacy/security features.

  • ManyRoads@lemmy.sdf.org
    link
    fedilink
    arrow-up
    5
    arrow-down
    1
    ·
    1 year ago

    If you look through this thread, you may notice that almost everything is biased towards personal preference(s). I recommend you research for those aspects of security AND privacy that interest you and select the tools, distros that you prefer. The beauty of Linux lies in its variety. Use what pleases you and serves your needs.

  • marmalade@sh.itjust.works
    link
    fedilink
    arrow-up
    5
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Depends on what you mean for security/privacy. You can use Tails or whatever and have everything encrypted and then just be logging into your Facebook account on Chrome without an ad blocker.

    Most Linux distros are secure enough for the average person who isn’t being targeted by some crazy state level actor. If you’re particularly concerned stick with a distro that has a security team like Debian. As for privacy that has more to do with the sites you browse and have accounts with but obviously avoid Google (I just use Firefox instead of Chrome) use an adblocker like ublock origin, along with maybe something like decentraleyes.

    • Synthead@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Chrome phones home a lot. It’s not a good idea to use it if you care about privacy. Firefox even has metrics enabled by default, although you can turn them off.

  • Choctaw@lemmy.radio
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    Depends on your use case, but there is Tails OS if you’re a whistleblower or reporter and afraid of state actors, and Parrot Security OS has a lot of security, privacy features as well being a pentest distro. I ran Parrot OS for a while and it was pretty good. Good things for privacy, use a VPN to mask your IP as well as using privacy proxy search engines. I tend to not trust many of the VPN companies that were being gobbled up with one linked to Israeli intelligence, so I run my own Wireguard server, Pi-Hole/Unbound DNS servers on everything with lots of block lists, and my own Searxng and Whoogle search proxies. And some things I do behind Tor. A state actor can pin me down with my own VPN server which lacks a lot of users, but that’s not my worry and I use it to just mask my home IP and protect me from ISP snooping for normal internet use.

  • Radioactive Radio@lemm.ee
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    Try Tails, you don’t even gotta install it. Keep it on a flash drive and just plug it into your computer whenever you wanna use it.

  • StimulatedYorkie@lemmy.ml
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    1 year ago

    Nix OS, Guix or Vanilla OS for sandboxing I guess. But basically everything but Ubuntu is pretty good for privacy, it’s a big part of free software philosophy.

  • Hizeh@hizeh.com
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    How does Void Linux rate on the security and privacy front compared to the top recommendations in this thread?

  • unceme@lemmy.one
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Everyone is recommending Tails but I feel like that’s a lot more intense security and privacy wise than GrapheneOS, since Tails runs in a live environment only.

  • milo128@lemm.ee
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    my impression is that grapheneos is only private and secure compared to regular android. likewise, any linux distro is going to be secure and private when compared to windows.

    • chockblock@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Sure, but graphene OS just has some really thoughtful privacy focused features, and I’m looking for a Linux distro that would have similar features if there is such a thing.

      One thing I love about graphene is by default, the MAC address is randomized for every single connection. Also, the Bluetooth can be set to time out and turn off after a certain period of not being used.