I first used Linux about 5 years ago (Ubuntu). Since then, I have tried quite a few distros:
Kali Linux (Use as a secondary)
Linux Mint (Used for a while)
Arch Linux (Could not install)
Tails (Use this often)
Qubes OS (Tried it twice, not ready yet)
Fedora (Current main)
For me, it has been incredibly difficult to find a properly privacy oriented Linux distro that also has ease of use. I really enjoy the GNOME desktop environment, and I am most familiar with Debian. My issue with Fedora is the lack of proper sandboxing, and it seems as though Qubes is the only one that really takes care in sandboxing apps.
Apologies if this is the wrong community for this question, I would be happy to move this post somewhere else. I’ve been anonymously viewing this community after the Rexodus, but this is my first time actually creating a post. Thank you!
UPDATE:
Thank you all so much for your feedback! The top recommended distro by far was SecureBlue, an atomic distro, so I will be trying that one. If that doesn’t work, I may try other atomic distros such as Fedora Atomic or Fedora Silverblue (I may have made an error in my understanding of those two, please correct my if I did!). EndeavourOS was also highly recommended, so if I’m not a fan of atomic distros I will be using that. To @leraje@lemmy.blahaj.zone, your suggestion for Linux Mint Debian Edition with GNOME sounds like a dream, so I may use it as a secondary for my laptop. Thank you all again for your help and support, and I hope this helps someone else too!
What proper sandboying in fedora are you missing? Fedora is very advanced in that regard compared to most other distros.
Traditional Fedora and especially atomic distros are very good for this, see other comments as well recommending ublue.
I had installed an app (flatpak) that required the use of my microphone. I knew I had disabled microphone permissions globally in settings, so I went into settings and turned microphone access on. The app successfully used my microphone, but the issue is it doesn’t show up as an app that requested microphone permissions in settings. Further reading showed that sandboxed apps are forced to request microphone access, but unsandboxed apps can freely use the microphone. This led me to believe that the flatpaks I had been installing were not sandboxed. I could be wrong, so some insight would be much appreciated!
Flatpack makes use of Bubblewrap under the hood for sandboxing. You probably got confused by XDG Desktop Portal.
To add on to this, if you are using flatpak apps and want granular permission control, check out flatseal. Fedora (IMO) has one of the best flatpak integrations out of the box. Other “sandboxing” or containerized app deployments are snaps (made by Canonical), and appimage (I’m not entirely sure this qualifies as an app container).
From my experience, flatpaks is currently leading in adoption when compared to the other two.