Most distros are somewhat equal when it comes to privacy, anonymity and security; with the likes of Fedora and openSUSE known for taking it more seriously out of the box than the other ‘big bois’, while some smaller distros like Kicksecure are known for their best-in-class^[1] hardening that they offer by default.

As for NixOS, it’s really its own thing (together with Guix), and thus very different from any other distros. If you conquer it, you would be delightfully met by a system that enables you to do things unheard of in other distros. However, the learning curve is very steep. And perhaps even hardening it to the level that Fedora or openSUSE provide by default might not be trivial.

1. Qubes OS is technically not a Linux distro. But it’s worth mentioning as one generally tends to run Linux within a qube (read: VM), and in regards to security and privacy; Qubes OS is simply unmatched, period.

Not much to say regarding their first paragraph.

As for their second paragraph, perhaps they are rightfully sceptical regarding Privacy Guides. The body of topics they try to cover is substantial, though. And if TheAnonymouseJoker or whosoever disagrees with them, then they’re free to challenge their views.

Privacy Guides isn’t any kind of Gospel or whatsoever that you’d have to agree with in its entirety. I do believe, however, that they’ve done a tremendous job at offering a one-stop shop for those that are conscious regarding their security and privacy. Everyone is free to choose and pick whatever they like from there or not.

I would love to hear about other resources that do a similarly great job at providing at least decent information when it comes to security and privacy; FWIW thenewoil.org exists, however I don’t recall any VPN overview/guide/recommendations from them.

It’s the same folk, basically. TheAnonymouseJoker or whosoever is free to have their own opinions. Fact is that Privacy Guides is an open community that allows the discussion of these topics. If anyone doesn’t like their takes, they can either head to their Github page or to their own platform for a dialogue on the matter.

https://consentomatic.au.dk/

Link to r/VPNTorrents’ recommendations.

TL;DR: Only AirVPN and ProtonVPN are recommended. While, IVPN and Mullvad used to be until they discontinued port-forwarding; which makes them unviable for torrenting.

Link that provides Privacy Guides’ opinion on AirVPN. It’s basically rejected because there have been no audits.

a few commenters pointed out that the highest rated VPN providers in this table just happen to be the ones that advertise most aggressively and are well-known for buying positive reviews from tech blogs, which are pretty clearly designed to be misleading

Exactly. This is unfortunately common practice, so this breakdown can be dismissed as they’re obviously biased due to monetary motivations.

Consider to read Privacy Guides’ take on the matter instead.

(Perhaps personal) TL;DR would be that Mullvad VPN in combination with Mullvad Browser offers the most private internet browsing experience for people who don’t desire to connect to the Tor Network. Furthermore, Proton offers a suite of privacy-friendly services for mail, drive, password manager etc. Therefore, for the sake of trusting the least amount of parties for these services (at the cost of putting all eggs in one basket), one might consider Proton VPN instead; additionally it includes a free tier and some support to port forwarding (read: allows the use of torrent applications).

I don’t know if it even works, but have you considered relying on their Stealth protocol? While its absence on Linux _{(and Windows)} means that you might not even be able to make use of it in the first place, I’m still interested to know if it makes any difference.

Thank you for reporting back! Much appreciated!

So it turns out, I cannot use my NVIDIA card using distrobox. I guess it only works with AMD?

Interesting. Unfortunately, I don’t own an Nvidia device. Therefore, I can’t tackle it myself. Distrobox should allow the use of Nvidia, but I’m unaware if this applies to the bazzite-arch container as well. The picture you shared and the link to its FAQ-page (found below) do suggest otherwise, unfortunately…

I was wondering if distrobox would somehow allow better performance

FWIW, I’ve always experienced better performance inside the bazzite-arch distrobox container, at least compared to Flatpak*.

I see that this image is used a lot on Steam Deck, which I also don’t understand why (as opposed to having everything native).

Because the distro image it’s used in conjunction with, Bazzite, is Fedora-based, while Steam OS is based on Arch. Bazzite is Fedora-based in the first place, because Arch doesn’t officially have any plans for ‘immutable’ distros yet. As for the remaining distros, only Fedora and NixOS (see Jovian-NixOS) have a sufficiently mature and suitable platform at this point in time.

maybe I am missing some graphical dependencies

This happens way more often than you might expect. Even the so-called ‘toolbox’ containers from Distrobox miss a lot of packages required to support software graphically. Consider running it inside a terminal and pay attention to error codes etc; those might/should help you resolve the issue. Sometimes it helps to explicitly use the -v or --verbose option to ensure that the program actually communicates what’s happening.

In terms of privacy, I believe Windows collects a ton of data even if all telemetry is disabled; granted this is an older article, so it might have changed since*.

Your best option is probably running Windows inside a qube in Qubes OS and ensuring that the qube doesn’t have direct access to internet. But, at that point, why not consider switching to Linux instead? Because, you’d have to run at least another qube (with either Linux or *BSD on it) to grab the files off the internet from in the first place.

EDIT: lol, I just noticed it said “window” in the post and not “Windows”. I thought the mentions of “blackout curtains” and “storm shutters” was OP either making a joke or some reference I didn’t get. LMFAO, I didn’t even notice the “Thank me in advance”. Guess I should probably go to sleep after this. Good shit-post OP!

Am I wrong to assume that this doesn’t add anything beyond what uBlock on medium mode does already? Except (perhaps) ease-of-use and the blocking of first-party trackers; if those even exist*.

Don’t get me wrong; I love EFF’s work and their commitment to digital privacy. I just want to understand if I, personally, would need it.

I cannot wait to get home and try it out!

Please consider reporting back after you’ve tried it; I’d love to read your experiences.

Wouldn’t it be fun to have “a ready-to-game Arch Linux based OCI designed for use exclusively in distrobox”?

deleted by creator

deleted by creator

Not sure if it counts as a blog, but I really value the articles found on privsec.dev. With (perhaps) its most exceptional feat being that it’s somehow continuously kept up-to-date to provide accurate information at all times.

The simple virtue of being able to genuinely express these words; “I don’t know”, “Sorry” and “Thank you” (or any derivative of these*).

It’s in privsec.dev’s recommendations, so it’s safe to assume it’s at least a decent choice for privacy. I’d argue it’s best for ‘normies’ together with Fedora.

One of its unique qualities would be the excellent support for Btrfs+Snapper out of the box and the fact that it’s the only distro I’m aware of that has configs for both AppArmor and SELinux. Furthermore, its stable rolling release model is perhaps its killer-feature.

Its primary con is probably how it’s not Arch(-based) and thus doesn’t have access to the vast supplies of packages found in the AUR. Thankfully, this is easily solvable through Distrobox.

What do you think of Arkenfox’ following statements regarding Privacy Badger?

• Ghostery, Disconnect, Privacy Badger, etc

  • Redundant with Total Cookie Protection (dFPI)

  • Note: Privacy Badger no longer uses heuristics by default, and enabling it makes you easily detected

Which can be found here.

I have multiple LibreWolf profiles with different uses and therefore different extensions tied to each one of them. For example, I’ve got one in which I exclusively watch the Youtube content I’m interested; through Invidious of course*. Therefore, extensions like SponsorBlock and Video DownloadHelper are only found on that profile to improve the experience thereof without negatively affecting the other profiles. This is mostly done to protect the profile I use for regular browsing, which is somewhat alluded to by the team behind Arkenfox with “We recommend keeping extensions to a minimum: they have privileged access within your browser, require you to trust the developer, can make you stand out, and weaken site isolation.”.

As for the extensions I have on my profile that I use for regular/random browsing; those would only consist of uBlock Origin, Redirector and Skip Redirect. All of which are -to some degree- endorsed by the Arkenfox-team. Though, from time to time, I am guilty of using Dark Reader as well; it’s just too good to miss out on at times.

and saw the repo of hackliberty, they say to use alpine linux

On the same page you should have noticed links to excellent articles found on privsec.dev and madaidans-insecurities.github.io; both of which advocate other distros (as well) with the former not even mentioning Alpine. As for hackliberty’s usage of Alpine; I believe they stated it as their backend of choice for running their online services. So not necessarily recommended as their OS of choice on a desktop device. Though I’d love to be corrected if that’s not the case.

I was also looking to stuff like openBSD

If you can deal with it, go for it. Unfortunately I couldn’t give up my workflow to that degree. One has to be mindful, though, that however powerful openBSD is, one can elevate it further by using it in conjunction with Qubes OS; this guide might help you with that. Furthermore, this also makes it possible to not forego your entire workflow for the sake of openBSD.

just hardening the arch build I use rn

Also a decent choice, it might need constant tinkering and a lot of know-how to keep it splendid at all times. Though, it’s definitely doable as long as you’re committed and eager to improve yourself. And once again, this work doesn’t have to be for naught; once more this knowledge can be used to perhaps further harden an Arch-qube.

what do you think about that?

It’s always best to first define your threat model. After which it becomes clear to what degree you need further protection and what would be the best course of action to achieve that. For some, just moving from Windows/macOS to Linux is already a giant leap and might be enough for their threat model. While for others, this might not be enough as they have to be a lot more cautious to such a degree that even openBSD on a regular laptop might not be sufficient. If you just want maximum protection, then Qubes OS is surely your best bet IF you learn how to use it properly on a well-supported device; kudos if you can get your hands on one that support Heads as well. If you don’t mind a mobile device, then something with GrapheneOS should suffice as well.

IMO, you seem to be very new to all of this. Being overzealous might make you a lot more susceptible to burnout. Which is something you absolutely don’t want, as this is not a sprint but rather a marathon; keeping it up and going on is therefore of utmost importance and incremental change can help with that.