• 0 Posts
  • 5 Comments
Joined 1 year ago
cake
Cake day: June 13th, 2023

help-circle


  • Ok, in your Post you say you want Privacy, but go on to describe Distros for Security.

    Before you do anything, you should make a threat-model:

    • Who do you want your data to be safe from
    • What applications/programs do you use
    • Who do you want to be protected against security wise.
    • Are there any institutions/irganizations you trust (Tor, i2p, BitWarden, Linuxkernel, *BSD, Firefox, Chromium, Xmpp, Matrix, LLVM)

    If you can answer the questions above, you can make more informed decisions, and if you want you can tell them to me either publicly or over multi@conversations.im (xmpp)

    Here a short summary of a few operating systems to choose from:

    Fedora Silverblue: Pros:

    • Encryption of personal data possible
    • Immutable
    • Mandatory Access Control framework (SELinux)
    • Everything is set up for you already, by people that know their stuff
    • Big company with lots of resources, and fast security updates Cons:
    • Big company you have to trust
    • Less control over the operating system. Both for you or an attacker
    • Immutability still very new, may cause problems

    Alpine: Pros:

    • very minimal -> small attack surface
    • encryption optional, and made easy Cons:
    • no MAC my default
    • a lot of configuring you have to do yourself. Mistakes are a big concern

    OpenBSD: Pros:

    • audited into oblivion
    • incredibly minimal Cons:
    • incredibly minimal: No mac framework (!!)
    • Disk encryotion might be tricky on your first try
    • software support
    • Wayland support still experimental

    In my conclusion: If you trust Redhat more to build a safe os than yourself: go Silverblue

    If you know what you are doing Alpine is a more minimal approach than Arch, and may be a fantastic choice if you know how to set up mac, fdi and a secure desktop

    If you have a server or reverse proxy, OpenBSD will be a incredibly tough nut to crack for even government agencies, but due to the missing mac usecases as desktop simply don’t make sense to me.

    I hope that helped