For my phone, I use Graphene OS. What would be the best desktop Linux option to match the level of security and privacy that GOS provides?
deleted by creator
Pretty much any distro that isn’t Ubuntu. Are you asking for privacy or security? Those are very different.
For security, I’d stick to more complete distros like Fedora instead of more diy distros like NixOS or Arch. They’re great to learn and tinker with, but distros like Fedora have security experts adding mitigations and security stuff in the distro by default, whereas most users of Arch or something would have to manually look up those things and keep up to date on the latest security. So basically, none of them lol.
Using more hardcore security distros like QubesOS is not very realistic as a daily driver. You’ll see Linux nerds name drop it and claim they know what they’re talking about, but none of them will actually dailt drive it because it’s a very painful experience. Just stick with flatpaks as much as you can for pretty solid security.
What security stuff/mitigations are added on Fedora that are not on Ubuntu?
Ubuntu is bad privacy-wise because it has opt-out telemetry. The telemetry is not very invasive though and I wouldn’t really call it a privacy risk. There are other reasons to prefer other distros over Ubuntu though
Not making a case for Ubuntu but even Fedora has opt-out telemetry.
You’re right. This only counts users though whereas Ubuntu collects information about your system
Looks like they do add quite a bit security features. Having SELinux installed and working out of the box being the biggest. https://fedoraproject.org/wiki/Security_Features
My question is simple: Which of these security features are not enabled/present in Ubuntu that give Fedora an advantage?
SELinux has a functional equivalent called Apparmor that is also enabled out of the box in most distros.
Selinux is more secure then app armor, but more difficult to use. Ubuntu is also pretty secure, I’m just not as familiar with it. I mentioned it for the privacy but, since it used to have some Amazon bloat crapped bundled and telemetry built in.
I have nothing against your personal preferences. But maybe compare today’s Ubuntu vs Fedora. It would be a much more fair comparison.
I see zero reason to use Ubuntu over Fedora
What a fantastic internet argument.
I think they meant privacy. Windonical doesn’t have a good track record on that front…
Nope. GP explicitly mentioned security experts that Fedora employs and other security stuff that Fedora apparently has an advantage on over other distros. I wonder if they knew in particular what these advantages are because that got me curious.
Read their comment again. The first paragraph is about privacy and Ubuntu is only mentioned at that point. Fedora’s default security is only compared to nix and arch.
I used Ubuntu as an example for argument’s sake not as a defence for Ubuntu’s privacy/security features.
What’s wrong with Ubuntu?
Tails in proxmox in tails running on pure ramdrive system with no longterm storage, cpu, bios, mac serials overwritten with FFFFFFF, TPM chip desoldered or lasered off CPU, connected to TOR viato mullvad paid with crypto, through VPN running left behind sanitized device hidden in a library, through second sanitized vpn device connected to private insecure wifi in poor residential area with no cameras, after abolishing the state
Truly a person of refined taste.
The’s a good one! 😊 It’s funny
Nix OS, Guix or Vanilla OS for sandboxing I guess. But basically everything but Ubuntu is pretty good for privacy, it’s a big part of free software philosophy.
deleted by creator
@PrivateOnions @StimulatedYorkie you should switch to Fedora then. No more daily random reboots
If you look through this thread, you may notice that almost everything is biased towards personal preference(s). I recommend you research for those aspects of security AND privacy that interest you and select the tools, distros that you prefer. The beauty of Linux lies in its variety. Use what pleases you and serves your needs.
deleted by creator
Depends on your use case, but there is Tails OS if you’re a whistleblower or reporter and afraid of state actors, and Parrot Security OS has a lot of security, privacy features as well being a pentest distro. I ran Parrot OS for a while and it was pretty good. Good things for privacy, use a VPN to mask your IP as well as using privacy proxy search engines. I tend to not trust many of the VPN companies that were being gobbled up with one linked to Israeli intelligence, so I run my own Wireguard server, Pi-Hole/Unbound DNS servers on everything with lots of block lists, and my own Searxng and Whoogle search proxies. And some things I do behind Tor. A state actor can pin me down with my own VPN server which lacks a lot of users, but that’s not my worry and I use it to just mask my home IP and protect me from ISP snooping for normal internet use.
The best for privacy are: Tails, that runs on live-cd; Whonix, which you run in vms; Qubes, which is an os that runs all your user programs inside vms (running whonix inside qubes is the most powerful privacy setup).
Anything that’s not made in china
Ubuntu Mint Fedora are all good to go
Anything thats not made in America.
What kind of point is that ? Are there any problem with chinese distro ?
Chinese distros have backdoors for the Chinese government, intel and amd processors have backdoors for the US government
Are there any proof of that ? (Chinese distros having backdoors).
I don’t know of any specific proof, but just look at Deepin’s EULA. You need to accept that pretty much all data that could be gathered will be gathered, even data like daily log in times. Stuff like that makes me believe stories that the CCP is forcing companies to add backdoors. Especially when you consider that Chinese hackers are analyzing and publishing findings on NSA Linux backdoors, and releasing new backdoor malware every few months.
So just a conspiracy theory then
Sure buddy. In the meanwhile i think i answered your question:
What kind of point is that ? Are there any problem with chinese distro ?
Yeah, but from having an eula to having a backdoor goes a long way
Really? About Intel and AMD, how? I’m just curious about that.
Read up on the intel management engine. It’s an extra chip that was included in pretty much every intel CPU since 2008. It’s got pretty scary potential, but no alphabet agency has yet declassified their info on it (think CIA denying any involvement in shipping and selling heroin, but then declassifying documents that proved they shipped heroin in coffins and bodies of dead soldiers).
You’re pretty deep in the tinfoil hat zone now. CPU proprietary black box does not mean the NSA are trying to infiltrate your broken arch setup so they can let their FBI lizard agents steal ur hentai.
Oh for sure, but I’d be really surprised if the super secret black box that can’t be completely expunged from your machine doesn’t have anything to do with some alphabet agency.
After all, we know that NSA approached Linus to put in a backdoor (Linus’s father, Linus), and that NSA linked groups have used Linux backdoor malware in the past.
That might be proof against IME being a backdoor, but it could also be a smoke screen and insurance.