I first used Linux about 5 years ago (Ubuntu). Since then, I have tried quite a few distros:

Kali Linux (Use as a secondary)

Linux Mint (Used for a while)

Arch Linux (Could not install)

Tails (Use this often)

Qubes OS (Tried it twice, not ready yet)

Fedora (Current main)

For me, it has been incredibly difficult to find a properly privacy oriented Linux distro that also has ease of use. I really enjoy the GNOME desktop environment, and I am most familiar with Debian. My issue with Fedora is the lack of proper sandboxing, and it seems as though Qubes is the only one that really takes care in sandboxing apps.

Apologies if this is the wrong community for this question, I would be happy to move this post somewhere else. I’ve been anonymously viewing this community after the Rexodus, but this is my first time actually creating a post. Thank you!

UPDATE:

Thank you all so much for your feedback! The top recommended distro by far was SecureBlue, an atomic distro, so I will be trying that one. If that doesn’t work, I may try other atomic distros such as Fedora Atomic or Fedora Silverblue (I may have made an error in my understanding of those two, please correct my if I did!). EndeavourOS was also highly recommended, so if I’m not a fan of atomic distros I will be using that. To @leraje@lemmy.blahaj.zone, your suggestion for Linux Mint Debian Edition with GNOME sounds like a dream, so I may use it as a secondary for my laptop. Thank you all again for your help and support, and I hope this helps someone else too!

If you would experimentate can try Alpine linux is a security-oriented, lightweight Linux distribution based on musl libc and busybox.

At least that says about itself.

However, I have never installed it

not as much of a security distro as u would assume. but its the closest thing in linux.

The 8232 Project
creator
link
fedilink
210M

I believe I may have live booted it once (when I needed to perform an action that live booting with Ubuntu couldn’t do), and I really enjoyed the look and feel of it for the short time I used it.

Or it was a different one, but let’s just assume it was Alpine ;)

NixOS

If the distro supports apparmor, then firejail + apparmor offer together sandboxing for quite a set of applications (apparmor includes few profiles by itself, but firejal has quite a few, and one can enable apparmor on all, or the ones wnated). Arch has pretty good wikies about firejail + apparmor.

Have you looked into atomic/Immutable distros?

The 8232 Project
creator
link
fedilink
310M

I will keep looking into it, thanks!

You’re welcome!

Guix would check privacy and usablility

Possibly linux
link
fedilink
210M

Use Fedora with distrobox and gnome boxes

@Pantherina@feddit.de
link
fedilink
14
edit-2
10M

Look at this

Fedora is fine, you may want to use secureblue or just plain Fedora Atomic/ ublue as Base.

But generally using as many flatpaks as possible and least system packages, and managing filesystem permissions like the guy on Fedora Discuss, this should totally fit your needs.

QubesOS is cool but it tries to solve the problem of insecure software through extreme compartimentalization which is hard to use and extreme on the hardware.

The 8232 Project
creator
link
fedilink
210M

Oddly enough, at the time only having installed a few Linux distros in my life, Qubes OS was very easy to install and ran just fine on my medium-grade hardware. Lots of people mention having problems with it, but I got really lucky it seems. Thanks for your suggestion!

Did not know fedora silverblue had a hardend fork! Thanks for sharing

I would call it a variant, as its 99% fedora with some different packages (hardened malloc, pam authramp, etc.) and continuously deployed changes.

What features do you specifically want? You mentioned sandboxing. Anything else?

I’d say just keep it simple. If you’re comfortable with Debian then stick with that, study up and learn how to harden it. Kali, ParrotOS, Mint, Ubuntu…they’re all just based on Debian with different preinstalled apps and desktop environments. Fedora and Arch are kinda weird and unique, I’m not sure if I’d recommend those for anyone, unless you KNOW that’s what you need. Qubes seems interesting, I’m not familiar with that.

But I’ll point out that ALL of these distros are miles ahead of Windows in terms of privacy. So just by using Mint for a while, you were already ahead of the curve.

The 8232 Project
creator
link
fedilink
210M

I could make a list of all the things I would want in a distro as far as privacy, but a lot of them aren’t as important as sandboxing and (obviously) a system that doesn’t actively make your privacy life hell. Other features would be better clipboard management (Tails and Qubes do a great job with that), no obvious gaps in security/privacy, a system that you don’t have to build yourself, etc.

I think I’ve used Fedora more than I have Mint, but I have been completely Windows free for years now!

Rustmilian
link
fedilink
410M

As an alternative to Kali Linux, there’s ParrotOS.

The 8232 Project
creator
link
fedilink
2
edit-2
10M

It’s been on my to-do list for a while to try. Thank you!

Edit: I think it may be applicable to mention that I have reinstalled Kali 3 times. The first time it broke after an update. The second time is when I learned what a desktop environment was. The third time was when I discovered why seperating /home, /etc, and so on into different partitions is bad if you don’t know what you’re doing. The installer for the third time was repeatedly broken (apps wouldn’t open!), but the netinstaller resolved the issue.

Rustmilian
link
fedilink
5
edit-2
10M

I discovered why seperating /home, /etc, and so on into different partitions is bad if you don’t know what you’re doing.

You should really only be separating /home from / , there’s not much benefit to separating anything else onto a separate partition.
You separate /home onto a separate partition to protect your user data in cases of the system crapping out on you, or if you’re to migrate to a different distro.

Fwiw, put /tmp on its own partition and mount it with noexec

Rustmilian
link
fedilink
310M

Imo, tmpfs is perfectly fine as is.

The 8232 Project
creator
link
fedilink
110M

Noted, thank you!

Found one you have, I would say, mmmm?

What proper sandboying in fedora are you missing? Fedora is very advanced in that regard compared to most other distros.

Traditional Fedora and especially atomic distros are very good for this, see other comments as well recommending ublue.

The 8232 Project
creator
link
fedilink
110M

I had installed an app (flatpak) that required the use of my microphone. I knew I had disabled microphone permissions globally in settings, so I went into settings and turned microphone access on. The app successfully used my microphone, but the issue is it doesn’t show up as an app that requested microphone permissions in settings. Further reading showed that sandboxed apps are forced to request microphone access, but unsandboxed apps can freely use the microphone. This led me to believe that the flatpaks I had been installing were not sandboxed. I could be wrong, so some insight would be much appreciated!

Rustmilian
link
fedilink
4
edit-2
10M

Flatpack makes use of Bubblewrap under the hood for sandboxing. You probably got confused by XDG Desktop Portal.

To add on to this, if you are using flatpak apps and want granular permission control, check out flatseal. Fedora (IMO) has one of the best flatpak integrations out of the box. Other “sandboxing” or containerized app deployments are snaps (made by Canonical), and appimage (I’m not entirely sure this qualifies as an app container).

From my experience, flatpaks is currently leading in adoption when compared to the other two.

Rustmilian
link
fedilink
4
edit-2
10M

There’s also Flat-Manager & Flatpak-KCM(KDE Plasma).

Thanks! Flatpak-KCM is perfect as I’m thinking I’ll move to fedora KDE in a couple days when f40 drops. I’m hoping that the Wayland experience on NVIDIA GPUs will be smoother there than on GNOME.

The 8232 Project
creator
link
fedilink
010M

There is something almost identical in the settings app, is it different from that? Also, is there a way I can check which apps are/aren’t sandboxed? Thank you!

Rustmilian
link
fedilink
2
edit-2
10M

Unfortunately the gnome flatpack settings is a lie. You can only view them, you can’t actively modify them. Unless it’s changed recently?

The 8232 Project
creator
link
fedilink
210M

I looked into flatseal, and I am incredibly happy with it, it instantly made me feel much better about my digital hygiene. As for GNOME flatpak settings, there are some toggles, but only minimal (notifications, background, etc.)

@loganb@lemmy.world, that has to be one of the most helpful suggestions for an app I’ve received since I first used Linux. Truly, thank you!

Rustmilian
link
fedilink
1
edit-2
10M

Gnome really needs to start getting on this stuff; I’ve been disappointed in the way Gnome handles implementing new things and their tendency of going the “#QuirkyGirl” route instead of getting the shit implemented in a cross-distro way like everyone else.
For example the XDG-Desktop-Portal accent color protocol where Gnome devs were actively against it and required a lot of push back from the community.

@Kory@lemmy.ml
link
fedilink
210M

Yay for the first post!

I cannot comment on the topic but I’m wondering if you would get more insights from the folks in the !linux@lemmy.ml community. Maybe wanna crosspost?

The 8232 Project
creator
link
fedilink
210M

Done, thank you! :)

@catloaf@lemm.ee
link
fedilink
4
edit-2
10M

removed by mod

The 8232 Project
creator
link
fedilink
2
edit-2
10M

No telemetry and good sandboxing by default are the main two things I am looking for in terms of privacy. As GravitySpoiled has mentioned, Arch isn’t an “install and forget about it” distro, which is another thing I would look for if it were to be my main OS. If you have any suggestions based on that, please let me know!

Cyborganism
link
fedilink
110M

I recently tried a bunch of distros. I’ve been using Linux since 2001 and I’ve been using Ubuntu mostly (or KDE, xfce, mate flavors). I, too, am concerned with privacy and am looking for something simple which allows me to pay PC games with steam.

I tried Endeavour OS, which is a slightly more user friendly, game oriented Arch distro with tools for installing gaming software and drivers, POP! OS which is an Ubuntu based gaming oriented distro as well with a Gnome desktop by default, and Elementary OS, based on Ubuntu, which has a kind of Gnome, MacOS looking interface, but not specifically for gaming.

All of them address the privacy issue by not including the telemetry packages.

The best out of the three in my opinion was Elementary OS. It’s absolutely gorgeous, easy to use and allows you to focus on what you need to do without any hassle. You can install most of your apps through flatpaks if that’s what you’re looking for. And there are no snaps, but you have the option of installing it if you want.

The 8232 Project
creator
link
fedilink
210M

Those are all great suggestions, thank you! Have you encountered any obvious issues or pitfalls that I should avoid?

Cyborganism
link
fedilink
210M

Unless you’ve used Arch before or that you’re a Linux power user (meaning you’re not afraid of using a terminal and messing around with config files using a text editor), I would probably stay away from Endeavour OS. But if you don’t mind messing around a bit and having to configure your stuff through the terminal, then I think it’s a great option, especially for gaming. Endeavour isn’t as bleeding edge in its software packages as the OG Arch so it’s going to be more stable and less prone to bugs and hickups. Plus I found having the tools to set up stuff like NVidia graphics drivers and Steam and other game launcher alternatives pretty damn awesome. Plus, during the installation, if you select to get the online repos to install, you can pick which desktop environment to use, including Gnome.

POP! is so god damn simple. And upon first boot you get a bunch of dialogues to help you with setting up your gaming stuff including drivers. The app store has all the gaming stuff like Steam and other launchers right at the top. The default desktop is Gnome with a custom panel at the bottom. And it’s all based on Ubuntu LTS, so it’s stable, but it might lag behind in software versions. Everything just worked out of the box. I don’t think you’d face any pitfalls here. And the Debian packaging system, as you probably know, is very similar to Fedora’s.

Elementary OS had some hiccups on first boot. The default web browser is Gnome Web (AKA Epiphany) installed as a flatpak. For some reason on my VM, page renders were all blank white pages. I had to install the Flatseal flatpak to fix some graphical option with the Gnome Web flatpak permissions. But you can also get Firefox from the app store instead. There was another benign issue, but I can’t remember what it was. The web browser problem was the main one. Then for installing graphical drivers, if you have an ATI card I think you’re already pretty golden. With NVidia, you’ll need to download and install the driver using NVidia’s provided installer or add some PPA package repository. You can probably follow a tutorial like this one. As for steam, you can probably download and install it like any other package. I’d install Synaptic package manager to easily manage package installation, removal, etc. Yeah, this one is a bit more of a hassle, but the desktop experience LARGELY makes up for it. I really fell in love with this one.

The 8232 Project
creator
link
fedilink
110M

Thank you very much for your detailed response! I’m comfortable pushing the boundaries of a normal operating system (I kind of have to, I’m a programmer, after all!) but I wouldn’t consider myself a power user.

From what I understand, wayland is better than x11 for privacy bc of the use of portals (the way apps communicate with the system), and flatpak over distro packages for sandboxing (you can also change the permissions yourself with flatseal).

Rustmilian
link
fedilink
5
edit-2
10M

Wayland is more secure/private because it isolates windows/applications from each other preventing things like keyloggers.
Portals is a permission based way to allow those applications to interact with each other.

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 3.13K Posts
  • 78.3K Comments
  • Modlog