I first used Linux about 5 years ago (Ubuntu). Since then, I have tried quite a few distros:
Kali Linux (Use as a secondary)
Linux Mint (Used for a while)
Arch Linux (Could not install)
Tails (Use this often)
Qubes OS (Tried it twice, not ready yet)
Fedora (Current main)
For me, it has been incredibly difficult to find a properly privacy oriented Linux distro that also has ease of use. I really enjoy the GNOME desktop environment, and I am most familiar with Debian. My issue with Fedora is the lack of proper sandboxing, and it seems as though Qubes is the only one that really takes care in sandboxing apps.
Apologies if this is the wrong community for this question, I would be happy to move this post somewhere else. I’ve been anonymously viewing this community after the Rexodus, but this is my first time actually creating a post. Thank you!
UPDATE:
Thank you all so much for your feedback! The top recommended distro by far was SecureBlue, an atomic distro, so I will be trying that one. If that doesn’t work, I may try other atomic distros such as Fedora Atomic or Fedora Silverblue (I may have made an error in my understanding of those two, please correct my if I did!). EndeavourOS was also highly recommended, so if I’m not a fan of atomic distros I will be using that. To @leraje@lemmy.blahaj.zone, your suggestion for Linux Mint Debian Edition with GNOME sounds like a dream, so I may use it as a secondary for my laptop. Thank you all again for your help and support, and I hope this helps someone else too!
Arch Linux (Could not install)
That is a very useful tool I overlooked! Thank you!
How does Arch Linux fair as far as privacy and security? It’s private in that it is minimalistic, but that may also mean it lacks in preinstalled security features.
I wouldn’t recommend unless you’re planning to do it yourself. ArchWiki Security
I recommend endeavouros as an intro to arch. It is arch with an installer and sane defaults.
Yet if you are looking for a set it and forget it install arch isn’t for you. Arch is for the tinkerer, for the advanced, for the person who spends a lot of time with the computer and wants to read about everything.
This was Arch a decade ago, it’s just not the case anymore. It’s a stable distro that doesn’t require much tinkering and doesn’t break on its own. It’s right next to Fedora, openSUSE, Ubuntu and everyone wise who is stable, but not Debian stable.
There’s SecureBlue
(From the repo):
"The following are not in scope for this project:
Anything related to increasing "privacy", especially when at odds with improving security"
It’s a bit of a vague claim, since privacy encompasses many things (e.g. encryption could be considered a privacy tool). I may look into it though!
As far as privacy goes, it’s nothing you can’t change up later, they just don’t focus specifically on privacy, that’s why they use chromium instead of a privacy oriented Chromium/FireFox fork or something like Tor. It’s already quiet private as is; more so than most distros; just not so much as privacy specialized tools like TailsOS.
But for security it implements some things that are pretty difficult and time consuming to do yourself.
It’s a really good base to start with, and only take a few small steps to lock down the privacy aspect.
It’s a really good option if you’re not ready for a QubesOS workflow, and still want the most security you can out of a somewhat* traditional workflow.
Thank you for some clarification! Will it set me up to better understand Qubes OS later on?
Depends on what level of privacy you want. I’m using Linux Mint Debian Edition with GNOME installed on it and it hits the sweet spot between privacy respecting and Mint’s ease of use.
Have you encountered any issues with your setup? I appreciate your suggestion!
Fedora Silverblue uses flatpaks for most apps by default. The exception is Firefox because the codes haven’t been sandboxed yet, but they are working on it. If you don’t need to play videos in Firefox, there is a flatpak available.
I realize Firefox is probably the biggest thing that really should be sandboxed, its why I haven’t switched to Silverblue yet.
I recently switched to Mullvad Browser from Librewolf (both are Firefox based), do those still fall under the same conditions?
None of these fall under those conditions, idk where he got that info from. I’ve been using the LibreWolf Flatpak for months now and everything works just fine, including playing videos.
It’s in the Silverblue FAQ: https://docs.fedoraproject.org/en-US/fedora-silverblue/faq/#_how_can_i_play_more_videos_in_firefox_like_youtube
Admittedly, it does say you can use the flathub version.
You can use BubbleJail or FireJail for sandboxing FireFox.
The Firefox official flatpak on flathub plays videos fine. It can even use vaapi if you install that.
Interesting, I wonder why Silverblue hasn’t switched yet. Or maybe the documentation is out of date.
From what I understand, wayland is better than x11 for privacy bc of the use of portals (the way apps communicate with the system), and flatpak over distro packages for sandboxing (you can also change the permissions yourself with flatseal).