multicorn

joined 1 year ago
[–] [email protected] 4 points 11 months ago

I would add: turning off telemetry, especially windows and other ms products

[–] [email protected] 4 points 11 months ago (1 children)

If you like customizing your shell, there are really cool things one can do with zsh.

I have mine set up with suggestions to complete the name of the program, or even command line options for it.

[–] [email protected] 6 points 1 year ago

Ok, in your Post you say you want Privacy, but go on to describe Distros for Security.

Before you do anything, you should make a threat-model:

  • Who do you want your data to be safe from
  • What applications/programs do you use
  • Who do you want to be protected against security wise.
  • Are there any institutions/irganizations you trust (Tor, i2p, BitWarden, Linuxkernel, *BSD, Firefox, Chromium, Xmpp, Matrix, LLVM)

If you can answer the questions above, you can make more informed decisions, and if you want you can tell them to me either publicly or over [email protected] (xmpp)

Here a short summary of a few operating systems to choose from:

Fedora Silverblue: Pros:

  • Encryption of personal data possible
  • Immutable
  • Mandatory Access Control framework (SELinux)
  • Everything is set up for you already, by people that know their stuff
  • Big company with lots of resources, and fast security updates Cons:
  • Big company you have to trust
  • Less control over the operating system. Both for you or an attacker
  • Immutability still very new, may cause problems

Alpine: Pros:

  • very minimal -> small attack surface
  • encryption optional, and made easy Cons:
  • no MAC my default
  • a lot of configuring you have to do yourself. Mistakes are a big concern

OpenBSD: Pros:

  • audited into oblivion
  • incredibly minimal Cons:
  • incredibly minimal: No mac framework (!!)
  • Disk encryotion might be tricky on your first try
  • software support
  • Wayland support still experimental

In my conclusion: If you trust Redhat more to build a safe os than yourself: go Silverblue

If you know what you are doing Alpine is a more minimal approach than Arch, and may be a fantastic choice if you know how to set up mac, fdi and a secure desktop

If you have a server or reverse proxy, OpenBSD will be a incredibly tough nut to crack for even government agencies, but due to the missing mac usecases as desktop simply don't make sense to me.

I hope that helped