alt

joined 1 year ago
[–] [email protected] 14 points 11 months ago* (last edited 11 months ago) (6 children)

Most distros are somewhat equal when it comes to privacy, anonymity and security; with the likes of Fedora and openSUSE known for taking it more seriously out of the box than the other 'big bois', while some smaller distros like Kicksecure are known for their best-in-class^[1]^ hardening that they offer by default.

As for NixOS, it's really its own thing (together with Guix), and thus very different from any other distros. If you conquer it, you would be delightfully met by a system that enables you to do things unheard of in other distros. However, the learning curve is very steep. And perhaps even hardening it to the level that Fedora or openSUSE provide by default might not be trivial.


  1. Qubes OS is technically not a Linux distro. But it's worth mentioning as one generally tends to run Linux within a qube (read: VM), and in regards to security and privacy; Qubes OS is simply unmatched, period.
[–] [email protected] 1 points 11 months ago
[–] [email protected] 3 points 11 months ago

Not much to say regarding their first paragraph.

As for their second paragraph, perhaps they are rightfully sceptical regarding Privacy Guides. The body of topics they try to cover is substantial, though. And if TheAnonymouseJoker or whosoever disagrees with them, then they're free to challenge their views.

Privacy Guides isn't any kind of Gospel or whatsoever that you'd have to agree with in its entirety. I do believe, however, that they've done a tremendous job at offering a one-stop shop for those that are conscious regarding their security and privacy. Everyone is free to choose and pick whatever they like from there or not.

I would love to hear about other resources that do a similarly great job at providing at least decent information when it comes to security and privacy; FWIW thenewoil.org exists, however I don't recall any VPN overview/guide/recommendations from them.

[–] [email protected] 4 points 11 months ago

It's the same folk, basically. TheAnonymouseJoker or whosoever is free to have their own opinions. Fact is that Privacy Guides is an open community that allows the discussion of these topics. If anyone doesn't like their takes, they can either head to their Github page or to their own platform for a dialogue on the matter.

[–] [email protected] 5 points 11 months ago* (last edited 11 months ago) (2 children)

Link to r/VPNTorrents' recommendations.

TL;DR: Only AirVPN and ProtonVPN are recommended. While, IVPN and Mullvad used to be until they discontinued port-forwarding; which makes them unviable for torrenting.

Link that provides Privacy Guides' opinion on AirVPN. It's basically rejected because there have been no audits.

[–] [email protected] 25 points 11 months ago (1 children)

Pop!_OS is definitely worth considering as it's one of the few distros that goes as far as providing a recovery partition and offers one of the best experiences for those with Nvidia GPUs. Furthermore, Pop!_OS' maintainers (read: System76) are actually financially incentivized to make their distro very polished and newbie-friendly as their distro is used on the hardware they sell.

On the flip side, Pop!_OS is currently in a major overhaul to replace GNOME with COSMIC; their own homebuilt Desktop Environment. As the Desktop Environment is arguably the most important contributor to how one experiences their Linux system, the eventual change might disrupt your workflow and you might even be too accustomed to GNOME to consider COSMIC at that point. The ongoing work on COSMIC has even meant that Pop!_OS has missed three major releases and are still clinging on their release from April 2022; thankfully it's based on Ubuntu's LTS (read: Long Term Support) release, so they aren't particularly in rush to get a new release out and can rely on Ubuntu for security updates.

Regardless, COSMIC's unsure future does leave a lot to be desired and does pose the question if perhaps other options should be considered more seriously instead.

Therefore, my personal recommendation would be either one of the following:

  • If you just really like what you see from Pop!_OS, then just install its 22.04 release and you should be good until April 2027. As time goes on, you might be deprived from new developments and features; but at least updates etc will not be able to (potentially) corrupt/break your system in the meantime.
  • Wait until April next year; when they're supposed to release a new version. If you like what you see and the update and the changes are well-received by the community, then consider installing that one instead. It should be supported for 5 years, which is plenty to not worry about your system in the mean time.
  • Go look elsewhere. There are hundreds of actively maintained distros out there. While not all of them are worth considering, there are at least a dozen of them that are worthy contenders. In case you're interested to get the community's help in finding a distro, consider answering the following questions:
    • Do you use an Nvidia GPU?
    • How would you rate your tech savviness on other operating systems?
    • How eager are you to learn and/or invest time to use your Linux system?
    • Do you prefer to have up-to-date software at all times even if that means daily/weekly updates that might potentially break some functionality?
    • Security or convenience?
    • Opinionated or blank slate?

A shortlist of distros worth considering for a beginner (from easiest to hardest): Linux Mint, Ubuntu, Debian/Fedora/openSUSE and Arch.

[–] [email protected] 1 points 11 months ago (1 children)

Do you get like an error or something?

[–] [email protected] 3 points 11 months ago (1 children)

installing Chromium

This wouldn't sit well with most privacy conscious folk out there. Though, I can understand it from a security point of view. Especially, when one notices that Chromium isn't installed from Fedora's repos, but instead the RPM is built to offer a more up-to-date version that should provide improved security compared to the stable version.

removing Flatpak

Probs for the sake of disabling unprivileged user namespaces; as you might have correctly alluded to.

even software stores

I imagine for the sake of minimizing attack surface.

So how am I gonna install software now, layering?

The Nix package manager is installable on Fedora's atomic distros, so perhaps that route is worth exploring.

to my knowledge flatpaks are more secure than RPMs

To my knowledge, Flatpak's sandbox indeed isn't achievable by default with RPMs; unless one knows how to properly utilize SELinux to that effect.

[–] [email protected] 27 points 11 months ago* (last edited 11 months ago) (3 children)

a few commenters pointed out that the highest rated VPN providers in this table just happen to be the ones that advertise most aggressively and are well-known for buying positive reviews from tech blogs, which are pretty clearly designed to be misleading

Exactly. This is unfortunately common practice, so this breakdown can be dismissed as they're obviously biased due to monetary motivations.

Consider to read Privacy Guides' take on the matter instead.

(Perhaps personal) TL;DR would be that Mullvad VPN in combination with Mullvad Browser offers the most private internet browsing experience for people who don't desire to connect to the Tor Network. Furthermore, Proton offers a suite of privacy-friendly services for mail, drive, password manager etc. Therefore, for the sake of trusting the least amount of parties for these services (at the cost of putting all eggs in one basket), one might consider Proton VPN instead; additionally it includes a free tier and some support to port forwarding (read: allows the use of torrent applications).

[–] [email protected] 7 points 11 months ago* (last edited 11 months ago) (8 children)

Very interesting indeed! And thank you for raising awareness!

There's another similar project that's still WIP and that hasn't received a lot of development recently. Though, its maintainer does provide hardening scripts for Fedora's Atomic distros that are worth looking into. Hopefully, we might even expect a collaboration of sorts between these projects early next year 🤞.

[–] [email protected] 1 points 11 months ago (1 children)

I don't own any devices with an Nvidia GPU. Therefore, I can't share my own experiences but only the ones from the community. If my memory serves me right, it should work. However, as usual, expect some strange behavior at times. Thankfully, getting back to a working system shouldn't cause you any troubles on Jovian-NixOS. Nonetheless, it's something to keep in mind.

 

I'm especially concerned about it being somehow broken, unwieldy, insecure or privacy-invasive.

Case in point; at times I have to rely on a Chromium-based browser if a website decides to misbehave on a Firefox-based browser. Out of the available options I gravitate towards Brave as it seems like the least bad out of the bunch.

Unfortunately, their RPM-package leaves a lot to be desired and has multiple times just been awful to deal with. So much so that I have been using another Chromium-based browser instead that's available directly from my distro's repos. But..., I would still switch to Brave in an instant if Brave was found in my distro's repos. A quick search on repology.org reveals that an up-to-date Brave is packaged in the AUR (unsurprisingly), Manjaro and Homebrew. I don't feel like changing distros for the sake of a single program, but adding Homebrew to my arsenal of universal package managers doesn't sound that bad. But, not all universal package managers are created equal, therefore I was interested to know how Homebrew fares compared to the others and if it handles the packaging of the browser without blemishing the capabilities of the browser's sandbox.


P.S. I expect people to recommend me Distrobox instead. Don't worry, I have been a staunch user of Distrobox for quite a while now. I have also run Brave through an Arch-distrobox in the past. But due to some concerns I've had, I chose to discontinue this. Btw, its Flatpak package ain't bad either. But unfortunately it's not official, so I choose to not make use of it for that reason.

view more: next ›