this post was submitted on 25 Feb 2024
31 points (83.0% liked)

Linux

48220 readers
540 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

cross-posted from: https://lemmy.ml/post/12400033 (Thank you https://lemmy.ml/u/Kory !)

I first used Linux about 5 years ago (Ubuntu). Since then, I have tried quite a few distros:

Kali Linux (Use as a secondary)

Linux Mint (Used for a while)

Arch Linux (Could not install)

Tails (Use this often)

Qubes OS (Tried it twice, not ready yet)

Fedora (Current main)

For me, it has been incredibly difficult to find a properly privacy oriented Linux distro that also has ease of use. I really enjoy the GNOME desktop environment, and I am most familiar with Debian. My issue with Fedora is the lack of proper sandboxing, and it seems as though Qubes is the only one that really takes care in sandboxing apps.

Apologies if this is the wrong community for this question, I would be happy to move this post somewhere else. I've been anonymously viewing this community after the Rexodus, but this is my first time actually creating a post. Thank you!

UPDATE:

Thank you all so much for your feedback! The top recommended distro by far was SecureBlue, an atomic distro, so I will be trying that one. If that doesn't work, I may try other atomic distros such as Fedora Atomic or Fedora Silverblue (I may have made an error in my understanding of those two, please correct my if I did!). EndeavourOS was also highly recommended, so if I'm not a fan of atomic distros I will be using that. To @leraje@lemmy.blahaj.zone, your suggestion for Linux Mint Debian Edition with GNOME sounds like a dream, so I may use it as a secondary for my laptop. Thank you all again for your help and support, and I hope this helps someone else too!

top 50 comments
sorted by: hot top controversial new old
[–] UmbraTemporis@lemmy.dbzer0.com 16 points 8 months ago (1 children)

You could look into Atomic distros if you value sandboxing, such as Fedora Atomic or Vanilla OS. I don't know much about the debian space as Arch was my first distro so I kinda ran before I crawled.

[–] Charger8232@lemmy.ml 4 points 8 months ago (2 children)

Thank you! How are Atomic distros different from "regular" ones?

[–] UmbraTemporis@lemmy.dbzer0.com 11 points 8 months ago (1 children)

Pretty much that to be honest, so all of your apps are flatpaks. The base system is also kinda sandboxed, it's access is prohibited and instead you employ "layering".

I use Fedora Atomic on my desktop and laptop so I'll explain that one here. Atomic distros function off of Atomic transactions, which are a process form that can only successfully complete. If an Atomic transaction did fail, the entire transaction would be undone and reverted. This practically makes Atomic distros unbreakable. If an update fails, what update? Who said there was an update? No trace.

Obviously you can change the base system, as flatpak isn't suitable for all apps. This is where that layering comes in I mentioned earlier. I use XFCE-Terminal, obviously not a great candidate for a flatpak. So to install a package normally (as if through DNF) you need to use a packge manager that deals in Atomic. Fedora Atomic ships with their tool called rpm-ostree. I don't know quite how it works but I'm pretty sure it creates a branch of the current system (like Git) and installs the package there, then upon next boot you'll use the new branch and the old one discarded. Doing this means that if the package failed to install, your system is unchanged.

Atomic distros are super cool and I can't imagine not using one. They do so much that should've been done a loooong time ago. I highly recommend them. I have an unpublished blog post about my experience using Fedora Atomic that I'm more than happy to post here if you'd like.

[–] Charger8232@lemmy.ml 3 points 8 months ago (1 children)

I have an unpublished blog post about my experience using Fedora Atomic that I’m more than happy to post here if you’d like.

Sure! I would love to read it!

[–] UmbraTemporis@lemmy.dbzer0.com 4 points 8 months ago* (last edited 8 months ago)
[–] Pantherina@feddit.de 3 points 8 months ago

No not sandboxing. They use something like Git or OS images for the OS updates. You could install only native packages and have a regular fedora setup but with full transparency. The normal workflow is "keep your system clean, install flafpaks for GUI stuff and do random software dev, build environments, compiling etc in a Toolbox/Distrobox using a Podman container underneath".

Its very easy to use and such a blessing. You NEVER need to reinstall a distro again

[–] MentalEdge@sopuli.xyz 7 points 8 months ago (1 children)

I was going to bring up Kinoite, but others already brought up Fedoras atomic flavours in general. And since you like Gnome, you'll want Silverblue, not Kinoite.

I would add that Endeavour makes setting arch up much, much easier, and it became my personal main after I ditched Manjaro.

[–] Codilingus@sh.itjust.works 2 points 8 months ago (1 children)

I second both your recommendations. I JUST installed Bazzite, which is a tweaked Silverblue for gaming, yesterday. I can already tell atomic style distros are going to be the future.

[–] Charger8232@lemmy.ml 2 points 8 months ago

I'll definitely see what the hype around Atomic distros is! Most likely, I'll be trying SecureBlue first. Thanks for your feedback!

[–] Throwaway1234@sh.itjust.works 4 points 8 months ago (1 children)

So I would like to ask a couple of questions:

Qubes OS (Tried it twice, not ready yet)

Is Qubes OS not ready yet for your intended workflow/usage? Or are you not ready to make the complete switch (yet)?

For me, it has been incredibly difficult to find a properly privacy oriented Linux distro that also has ease of use.

Unfortunately, in almost all cases, increased security/privacy is achieved through the loss of convenience. Therefore, you should ask yourself what the minimum level of security/privacy is that you absolutely require/need. How's your threat model defined (if at all)?

My issue with Fedora is the lack of proper sandboxing, and it seems as though Qubes is the only one that really takes care in sandboxing apps.

I agree that there's still a long road ahead until we have on Linux whatever is found on GrapheneOS or Qubes OS. I'm aware that you can technically utilize VMs on any distro, but the experience will not be as streamlined (nor as secure) as you may find on Qubes OS. But, Flatpak does offer some sandboxing. And while it may not be as powerful as you may want, and some apps may not utilize portals as they should. Still, it's definitely worthwhile and perhaps the best we've got currently. Furthermore, bubblejail allows you to (relatively easily) utilize (some of) the technology that's used to sandbox Flatpak apps for all your non-Flatpak apps. It can be found on Copr if you choose to stick to Fedora.

On that note, the maintainers of the aforementioned Copr package have built an interesting project for those that seek security-focused (or simply hardened) images of Fedora Atomic; (aptly named) secureblue. It's still a relatively young project, but their innovations have definitely been noteworthy and it seems to have a bright future ahead.

While we're in the vicinity of 'hardened-for-you'-distros, we should mention Kicksecure. By contrast, this is a well-established distro by the people that also develop Whonix.

Without hearing your answers to my questions, I think these two are the primary candidates. Though sticking to Fedora ain't a bad choice either.

[–] Charger8232@lemmy.ml 2 points 8 months ago (1 children)

Great questions! I'll try to answer as best I can.

Is Qubes OS not ready yet for your intended workflow/usage? Or are you not ready to make the complete switch (yet)?

Qubes OS has a very steep learning curve due to its difficult usability, so the answer would be "both". I am willing to tackle and overcome, but I'm not ready to put in that work yet, if at all.

Unfortunately, in almost all cases, increased security/privacy is achieved through the loss of convenience. Therefore, you should ask yourself what the minimum level of security/privacy is that you absolutely require/need. How’s your threat model defined (if at all)?

I have a really funny story regarding threat models. When I first got into privacy 2-3 years ago, I had the goal of getting as deep as I could (the "strictest threat model possible") and work backwards to find out what I was willing to allow. I succeeded, but because I had gone too deep before I learned what a threat model was, I never made a clear threat model. I have a "subconscious" threat model. I have, over the past week, started working on answering the classic questions. I am trying to protect against "evil" corporations, and such, I must also protect myself against some low level government threats. My threat model "philosophy" is: I will not use a piece of software if it actively goes against me in terms of privacy. Windows, for example, is a pain to try to use while maintaining privacy.

You are the third person to recommend SecureBlue (I've been keeping track), and since it is a "Fedora Atomic spin" (Fedora Atomic as well as Atomic distros in general were also recommended three times each), I believe I will switch to it to see how it is. By the way, I love the mention of GrapheneOS, since that will eventually (finances be blessed) be my main mobile OS for the rest of my life. I wish there was a true "Linux alternative to GrapheneOS".

[–] Throwaway1234@sh.itjust.works 3 points 8 months ago (2 children)

Thank you for your elaborate answers!

Qubes OS has a very steep learning curve due to its difficult usability, so the answer would be “both”. I am willing to tackle and overcome, but I’m not ready to put in that work yet, if at all.

Qubes OS is definitely more involved than the average distro, so I can understand why you feel that way.

I have a really funny story regarding threat models. When I first got into privacy 2-3 years ago, I had the goal of getting as deep as I could (the “strictest threat model possible”) and work backwards to find out what I was willing to allow.

Hahaha 🤣, very relatable; I almost wanted to learn SELinux for hardening purposes. Thankfully, Qubes OS exists as my endgame, which deterred (most of) the motivation (and need) to comprehend SELinux in the first place.

I have a “subconscious” threat model. I have, over the past week, started working on answering the classic questions. I am trying to protect against “evil” corporations, and such, I must also protect myself against some low level government threats. My threat model “philosophy” is: I will not use a piece of software if it actively goes against me in terms of privacy. Windows, for example, is a pain to try to use while maintaining privacy.

We can work with that, though I kindly implore you to further work out your threat model. It will(/should) give you some peace of mind (or at least a security/privacy roadmap on which you can (slowly but steadily) work towards). If I would have to distill your philosophy, it would be something like "be protected from attacks targeted towards low(er) hanging fruit". Would that be fair?

You are the third person to recommend SecureBlue (I’ve been keeping track), and since it is a “Fedora Atomic spin” (Fedora Atomic as well as Atomic distros in general were also recommended three times each), I believe I will switch to it to see how it is.

Great choice! FWIW, I've also been on it for a couple of weeks now and I've really been enjoying it. Before, I had my own custom image that was built using the (legacy-)template from uBlue. I tried to harden it myself 😅, and I would argue I did and achieved some cool stuff with it. But, it's very clear that my technical knowledge doesn't even come close to that of secureblue's maintainers. I just wish I had rebased earlier 😅.

By the way, I love the mention of GrapheneOS, since that will eventually (finances be blessed) be my main mobile OS

I definitely agree with that sentiment. Btw, FWIW, I know for a fact that at least one individual that's associated with GrapheneOS has 'contributed' to secureblue.

I wish there was a true “Linux alternative to GrapheneOS”.

Hehe, without going into what that actually means and would entail, I agree 😜.

[–] Charger8232@lemmy.ml 2 points 8 months ago (1 children)

If I would have to distill your philosophy, it would be something like “be protected from attacks targeted towards low(er) hanging fruit”. Would that be fair?

It may help for me to elaborate a bit. My number one enemy (like most) is Google. I have been completely Google free for 1-2 years now (with the exception of YouTube on iOS, as the alternatives ultimately require a Mac to install, which I don't have), but I haven't used Google as a search engine in over 4 years. Besides trying to give as little information as possible (I am currently experimenting with setting up a hard firewall block against their IP addresses, if you have any recommendations on how that could be automated, potentially in Python, please let me know), I also try to give as little information to other companies (Microsoft, etc.) as I can. Now, certain authorities have the permission to request data from companies, not just privacy disrespecting ones. That means that part of my threat model entails certain defenses against such agencies, to make it hard enough to correlate that data with my person. I don't go overboard, in case anyone is worried. I've seen the bondage between paranoia and privacy, and I've set myself clear boundaries I won't cross. So, my main goal is to protect against companies trying to collect my data (bleh, how cliche), but it doesn't hurt to put in place some decent practices in case the world turns for the worst. I am protecting against attacks from the government towards low hanging fruit, but when it comes to large corporations, I don't play nice.

If you want an overview of my setup, here it is:

  • Tails occasionally (because it's fun)

  • SecureBlue (Soon!)

  • Tor Browser when using personal accounts (email, Lemmy, etc.)

  • ProtonVPN on all devices 24/7 except when using Tor (for speed) or large downloads/torrents (may look into Mullvad VPN)

  • Mullvad browser as a default browser

  • Librewolf for functionality Mullvad Browser doesn't have (Yubikeys, etc.)

  • Firefox for streaming some videos that require a specific DNS configuration (Soon looking into how to put an extreme sandbox on it)

  • uBlock Origin for all browsers

  • GrapheneOS (Soon, finances be blessed)

  • ProtonMail + Anonaddy, use disposable emails for accounts that "don't matter"

  • Very, very strong and unique passwords + 2FA/FIDO for everything applicable

  • As much FOSS software as I can

  • Signal as my main messenger (to help bridge the gap for my friends) until GrapheneOS, then SimpleX (Please take a look at https://privacyspreadsheet.com/messaging-apps !)

  • SearXNG as my main search engine (with Google turned on, because my threat model does not go against them collecting data not correlated with me)

  • Bitwarden as my password manager until GrapheneOS, then KeePass

  • NextDNS as my DNS resolver (which gets overridden by the VPN's DNS on iOS)

I've come a long way since I first (unknowingly) started my journey in 2019(!)

[–] Throwaway1234@sh.itjust.works 2 points 8 months ago (1 children)

My number one enemy (like most) is Google. I have been completely Google free for 1-2 years now (with the exception of YouTube on iOS, as the alternatives ultimately require a Mac to install, which I don’t have), but I haven’t used Google as a search engine in over 4 years. Besides trying to give as little information as possible

...

I also try to give as little information to other companies (Microsoft, etc.) as I can. Now, certain authorities have the permission to request data from companies, not just privacy disrespecting ones. That means that part of my threat model entails certain defenses against such agencies, to make it hard enough to correlate that data with my person. I don’t go overboard, in case anyone is worried. I’ve seen the bondage between paranoia and privacy, and I’ve set myself clear boundaries I won’t cross. So, my main goal is to protect against companies trying to collect my data (bleh, how cliche), but it doesn’t hurt to put in place some decent practices in case the world turns for the worst. I am protecting against attacks from the government towards low hanging fruit, but when it comes to large corporations, I don’t play nice.

Thank you for the elaborate clarification! But, perhaps I have to clarify as well; with "be protected from attacks targeted towards low(er) hanging fruit”, I actually meant any mass-surveillance, data collection and plain attacks from governments, corporations and adversaries that don't qualify as a (more sophisticated) targeted attack.

SecureBlue (Soon!)

Great pick! 🤣

ProtonVPN on all devices 24/7 except when using Tor (for speed)

I don't know the complete specifics of your threat model, but if you haven't yet, then perhaps it's worth reviewing what Privacy Guides has to say on this. Note, I don't necessarily view them as the de facto authority, but more often than not, their views hold more truth than falsehood.

or large downloads/torrents

Vaild reason to (momentarily) not use Tor, but please consider to review Proton VPN on port forwarding in hopes of alleviating the issue of speed without foregoing the VPN connection.

(may look into Mullvad VPN)

Unfortunately, at least for torrents, you're no longer able to rely on Mullvad VPN.

Firefox for streaming some videos that require a specific DNS configuration (Soon looking into how to put an extreme sandbox on it)

Easiest (and also one of the best options) is probably the use of a VM 😅.

ProtonMail + Anonaddy, use disposable emails for accounts that “don’t matter”

FWIW, since SimpleLogin has been acquired by Proton, there is merit in forsaking Anonaddy for SimpleLogin if decreasing the amount of trusted parties is desired. However, this comes at the cost at moving more into the the direction of putting all your eggs in one basket. So, ultimately, it's your choice to make.

Very, very strong and unique passwords + 2FA/FIDO for everything applicable

I hope an offline password manager is involved to some capacity. FWIW, if you're not doing it yet, you can always uniquely 'salt' every password.

Signal as my main messenger (to help bridge the gap for my friends) until GrapheneOS, then SimpleX (Please take a look at https://privacyspreadsheet.com/messaging-apps !)

I like that SimpleX is less platform-dependent. But it has been hard to let go of Briar. Do you happen to know how they currently fare against each other in security/privacy features (beyond what's found on the linked spreadsheet)? FWIW, IT security expert Mike Kuketz' review of SimpleX wasn't quite raving. Which is in clear contrast to his review on Briar. Of course, substantial time has passed since, but his 'non-approval' is something what's bothering me.

Bitwarden as my password manager until GrapheneOS, then KeePass

Ah, we've found the password manager, KeePass (be it DX/XC) is indeed excellent.

[–] Charger8232@lemmy.ml 2 points 8 months ago* (last edited 8 months ago) (11 children)

it’s worth reviewing what Privacy Guides has to say on this.

Interesting! Considering my threat model includes my ISP as an enemy, it would make sense for me to use a VPN behind Tor: However my threat model doesn't care if my ISP knows I am using Tor, as it would only be collecting data uncorrelated with my activities. Although it could cause legal trouble if a presidential threat (for example) over Tor happened at the same time as my usage of Tor. The change I will make is this: I will resume my current usage until I am able to use a paid VPN plan to speed it up.

but please consider to review Proton VPN on port forwarding

See above, no paid plan yet ;)

Unfortunately, at least for torrents, you’re no longer able to rely on Mullvad VPN.

Bleh, and I was really beginning to like them for allowing cash payments!

Easiest (and also one of the best options) is probably the use of a VM 😅.

Fair, although didn't GNOME Boxes have some sandboxing issues?

there is merit in forsaking Anonaddy for SimpleLogin if decreasing the amount of trusted parties is desired. However, this comes at the cost at moving more into the the direction of putting all your eggs in one basket.

I am using Anonaddy for that reason specifically, plus the severe lack of features in SimpleLogin's free version.

I hope an offline password manager is involved to some capacity.

As mentioned, I will switch to KeePass soon. Some of my passwords are stored completely offline, however. Pen and paper never fails, I even dedicated a specific pen for it! On a related note, take a look at this

Do you happen to know how they currently fare against each other in security/privacy features (beyond what’s found on the linked spreadsheet)?

Once I get an Android phone, I will try out Briar (because I am obsessed with the idea). I personally reached out to SimpleX regarding the spreadsheet, and the response I received back outlined that SimpleX pads the encrypted messages both during transit and in cold storage, which they said a lot of other messengers don't do. A comment on the original post for the spreadsheet mentions that the spreadsheet doesn't outline which services route through Tor (which Briar does, of course). The spreadsheet is very thorough, and SimpleX is still a relatively young project, so I don't have much I can say. I've tried using it on iOS, and my friend and I both agree it's terrible to use sometimes due to lag and choppiness. I currently testflight the app, but still no change. Either way, if you want, you can use SimpleX's built-in support chat if you want to reach out to the team yourself. They are very friendly and don't talk like a CEO, but there can be delayed response.

Ah, we’ve found the password manager, KeePass (be it DX/XC) is indeed excellent.

Yep! One related note, KeePass on Tails is outdated for some reason. Have any idea why?

I also planned to add this to my original message: I have never once had a cellular provider, which to me has been the biggest privacy boost since burning Windows at the stake.

load more comments (11 replies)
[–] Pantherina@feddit.de 2 points 8 months ago* (last edited 8 months ago) (1 children)

I just wish I had rebased earlier 😅.

No you dont haha. I used it in a VM, then on a seperate SSD. In the beginning it was a total mess with random packages removed and we needed to find out ways to disable stuff like printing, so they can be added back.

Btw if you find a reliable way to 100% disable kde-connect, that would be awesome as it could be added back.

override removed packages on these images can neither be added back nor resetted, an rpm-ostree bug/issue.

Firefox from Fedora now supports using hardened_malloc instead of their jemalloc, so a custom image just adding back Firefox would already work.

After rebasing my ublue kinoite to secureblue I found that Firefox no longer started, lol. Learned how to compile it myself and dug into mozconfigs, really interesting stuff (short: if you optimize too much you break their build for some reason). Now because of weird mercurial stuff it doesnt compile anymore at all, so I use Chromium which sucks a lot.

Also had my system not boot twice, because of shitty Lenovo firmware and then because of the iwlwifi firmware bug.

Aaaand more. At the beginning there was no flatpak support, then only with bubblewrap-suid which is controversial and podman is broken, luckily there are userns images now.

The hack to use hardened_malloc on Flatpaks is also very nonstandard and electron apps do completely random things it seems (dont use electron, but its everywhere! Nextcloud, mullvadVPN, Signal, Element, ...)

[–] Throwaway1234@sh.itjust.works 1 points 8 months ago (1 children)

override removed packages on these images can neither be added back nor resetted, an rpm-ostree bug/issue.

Isn't that supposed to work with BlueBuild (or any custom image tooling)?

so I use Chromium which sucks a lot.

You're strong! I've been weak and have (instead) resorted to Librewolf. Initially, I had chosen to stick to Chromium. But, at least for now, I have to use Thunderbird anyways. So, might as well continue the use of Librewolf in the mean time.

Also had my system not boot twice, because of shitty Lenovo firmware and then because of the iwlwifi firmware bug.

I've also experienced some issues recently with boot times taking a lot more time than previously. But I've since changed some kernel arguments and it has been better since.

At the beginning there was no flatpak support, then only with bubblewrap-suid which is controversial and podman is broken, luckily there are userns images now.

This is indeed big; I wouldn't have been able to make the switch without the userns images.

The hack to use hardened_malloc on Flatpaks is also very nonstandard and electron apps do completely random things it seems (dont use electron, but its everywhere! Nextcloud, mullvadVPN, Signal, Element, …)

Thank you for your continued contributions and efforts that go into ever-improving secureblue!

[–] Pantherina@feddit.de 2 points 8 months ago* (last edited 8 months ago) (1 children)

Does Librewolf (RPM) work?

I only know that Chromium browsers use userns or setuid namespaces to isolate tabs. This is not allowed by the flatpak seccomp filter (applied for all apps) which is why bubblejail is a thing. But bubblejail is veeeeery alpha, portals, theming, running random binaries etc all broken or difficult.

Flatpak Chromium browsers use zypak instead, which will have a weaker seccomp filter than the tab sandbox in Chromium (because flatpak apps do more than browser tabs and there is only a single filter for them all).

No idea about firefox, they just support the flatpak without any mention if the sandboxing is better, worse, unaffected etc.

Librewolf builds firefox themselves, if they just add allow-replace-malloc or how its called in their mozconfig it works with hardened_malloc. And I think that is the easiest solution. If they dont add that it should probably not launch. Flatpak works for some reason, probably because somehow it doesnt use hardened_malloc.

  • different name
  • already privacy optimized (only problematic if you need a vanilla profile)

Tbh I want to compile firefox and the kernel with -O4 as I have a x86_64-v4 CPU. They will not do that as people run old hardware.

Thunderbird is the same, btw everything is built on the same codebase. My dream would be to build Firefox, Thunderbird and Torbrowser on COPR (or Github so the Fedora people dont kill me) with hardened configs.

I've also experienced some issues recently with boot times taking a lot more time than previously.

Longer than on vanilla fedora, or longer than before on secureblue? They distrust the hardware and generate random values as far as I understood, also use kernel lockdown mode. Those are important and increase boot times but not performance. Btw also if your CPU is affected by spectre/meltdown attacks it will automatically disable hyperthreading. Very cool karg that should totally be the default.

Yeah secureblue is nice and very needed. Wanted to do something similar (as did a lot of other people) and found qoijjjs awesome ground work. He invests hours in that project, look at the "secureblue Chromium vs Vanadium" table its crazy.

[–] Throwaway1234@sh.itjust.works 1 points 8 months ago (1 children)

Does Librewolf (RPM) work?

Have not tested it. I rely on the flatpak.

I only know that Chromium browsers use userns or setuid namespaces to isolate tabs. This is not allowed by the flatpak seccomp filter (applied for all apps) which is why bubblejail is a thing. But bubblejail is veeeeery alpha, portals, theming, running random binaries etc all broken or difficult.

Isn't bubblejail mostly a frontend to bubblewrap? Therefore, is it perhaps possible that, if well-understood, reliance on bubblewrap instead should translate to a less buggy (but indeed harder) experience?

Flatpak Chromium browsers use zypak instead, which will have a weaker seccomp filter than the tab sandbox in Chromium (because flatpak apps do more than browser tabs and there is only a single filter for them all).

I've often heard that the flatpak Chromium browsers are (somehow) less secure, but never heard why that's the case. Thank you for offering a very concise explanation on the matter!

My dream would be to build Firefox, Thunderbird and Torbrowser on COPR (or Github so the Fedora people dont kill me) with hardened configs.

WOW, that would be awesome! You've already found yourself a 'client'/'customer' :P . And I'm sure that a lot of others would be interested as well.

Longer than on vanilla fedora, or longer than before on secureblue?

Yes. To be clear, it's both longer than on vanilla Fedora Atomic and also longer than before on secureblue.

as did a lot of other people

Reminds me of this project, I wanted to wait until it stabilized..., but it never got that far 😅. But I hope its maintainer will join team secureblue, if they haven't yet*.

He invests hours in that project, look at the “secureblue Chromium vs Vanadium” table its crazy.

For reference; WOW, we definitely can't deny their commitment. I feel indebted. Perhaps I should support them 😅. Do you happen to know if there are any other channels besides Github to support them (and the project)?

[–] Pantherina@feddit.de 2 points 8 months ago* (last edited 8 months ago) (3 children)

Bubblejail allows to create different seccomp filters per app. This means you can allow the browsers to create namespaces, which fixes that problem. There are tons of problems though.

Yup needed some time to understand that zypak thing too. I think it boils down to that issue, they will be okay but less secure than possible, so... why not use something else?

Yeah there are a ton of hardening arguments. Currently I cant build that damn stuff anymore because somehow I have missing build deps that I have installed and added to my path 100%.

In this repo I collect my mozconfig, and if everything goes well I will use github builder to make RPMs. That would be lit, because I would have all of them hardened, but for v3 and v4 optimized. Put in a directory, do some rpm repo magic and I have my own repo.

Feel free to help me figure that stuff out. Librewolf has a nice build pipeline, I created a PR to just support replacing the malloc, that would be the easiest and best solution.

Then fedora firefox and librewolf would allow that, only flathub firefox missing really. Replacing the malloc is a very unsupported case for flatpak though, as the apps should be OS-unspecific.

[–] Throwaway1234@sh.itjust.works 1 points 8 months ago* (last edited 8 months ago) (1 children)

Librewolf has a nice build pipeline, I created a PR to just support replacing the malloc, that would be the easiest and best solution.

That's very neat! Hopefully it comes through!

Then fedora firefox and librewolf would allow that, only flathub firefox missing really. Replacing the malloc is a very unsupported case for flatpak though, as the apps should be OS-unspecific.

But even with the ability to replace malloc, isn't Firefox still vastly inferior compared to Chromium if security is desired? Or are they actually operating in close proximity of each other in terms of security features?

[–] Pantherina@feddit.de 2 points 8 months ago (3 children)

Arguable. Chromium is just horrible to use. No sync, that would require something NOT Brave or Vivaldi to step up. Floccus is overcomplicated, xbrowsersync unmaintained.

Firefox had core components rewritten in rust too.

[–] Throwaway1234@sh.itjust.works 1 points 8 months ago (1 children)

Chromium is just horrible to use.

Hard agree, except for PWAs; those at least work on Chromium-based browsers.

But honestly, it's just very unfortunate that the closest we have to an ungoogled, secure, private and anonymous web browser is particularly platform-locked; I'm indeed referring to Vanadium.

On the desktop side of things, it's just a mess; at least in my opinion*. I guess our best bet would be like running Tor Browser or Mullvad Browser in a disposable qube on Qubes OS 🤣. Furthermore, it would have to be connected through their respective network of choice; be it Tor network (and/)or VPN. And, ideally, without additional configuration changes to blend in as much as possible. Which comes down to foregoing your favorite extensions and even not maximizing the app window.

*sigh*, such a drag...

[–] Pantherina@feddit.de 2 points 8 months ago (1 children)

I guess our best bet would be like running Tor Browser or Mullvad Browser

Those are just Firefox. Using some other routing doesnt improve security.

Vanadium might be degoogled and not send critical platform data, but it is not fingerprint resistant afaik.

On mobile, browsers cant really be that though. On Desktop there only is ungoogled Chromium which is a beginning. But especially secureblue doesnt use it for some reason.

[–] Throwaway1234@sh.itjust.works 1 points 8 months ago (1 children)

Those are just Firefox. Using some other routing doesnt improve security.

Never said or implied they were. Security is achieved through

Tor Browser or Mullvad Browser in a disposable qube on Qubes OS

Tor and Mullvad are only for preferred for the sake of anonymity as every user runs the exact same config on the same type of network.

Vanadium might be degoogled and not send critical platform data, but it is not fingerprint resistant afaik.

Hmm, you might be right. TIL. Thank you! Somehow, I was having high expectations for it... *sigh*

On mobile, browsers cant really be that though.

Do you happen to know why that's the case?

On Desktop there only is ungoogled Chromium which is a beginning. But especially secureblue doesnt use it for some reason.

If I recall correctly, ungoogled-chromium has (at least in the past) been slacking on security. Don't know if that's still a thing though.

[–] Pantherina@feddit.de 2 points 8 months ago (1 children)

QubesOS is interesting, I think overcomplex but needed until better systems are in place. Bubblejail would be an alternative that runs on normal hardware.

I dont know how resistant Vanadium is, it for sure doesnt send critical data, but screen size, hardware specs etc cant be not send without having no GPU acceleration and a letterboxed screen.

mobile browsers have limited screens size and every SOC has a different GPU basically. So if you avoid hardware rendering, you would still need to pretend to be the smallest phone comparable, and pixel density etc. may still be different.

Ungoogled Chromium is a set of patches. These should totally be applied to Secureblue chromium, but currently it is saving effords by just using Fedora chromium and a few policies.

[–] Throwaway1234@sh.itjust.works 1 points 8 months ago (1 children)

First of all, apologies for the late response. I had written a response, but something happened before I sent it and the cache of my phone wasn't able to recollect my writing. I got so discouraged by this that I didn't bother with it right away.

QubesOS is interesting, I think overcomplex but needed until better systems are in place.

Well said!

Bubblejail would be an alternative that runs on normal hardware.

I hope Bubblejail will indeed reach the level of sandboxing solutions we find on e.g. mobile devices. Though, a lot of work has to be put into portals (and others) before a feat as such is achieved.

I dont know how resistant Vanadium is, it for sure doesnt send critical data, but screen size, hardware specs etc cant be not send without having no GPU acceleration and a letterboxed screen.

Would you be so kind to elaborate upon the bolded part? I'm simply unaware of the link between GPU acceleration and protection against fingerprinting.

Furthermore, just to be clear. I would like to retract my earlier statements that I've made regarding Vanadium and that were negative in nature. While there's definitely truth in the fact that it does not provide fingerprinting protection (or spoofing) like what we find on Firefox (or Brave), but they have spoken out their ambitions and intentions to improve that. It's simply that they haven't put a lot of resources yet to the cause. And this is not for saving efforts or whatsoever, but rather because they intend to offer a more robust solution (eventually). We should also not disregard that, as is, GrapheneOS does offer some level of anonymity (in combination with best practices; i.e. VPN etc) merely by the virtue of only a select number of devices being supported by GrapheneOS and thus if two users are in relatively close proximity to one another and have their VPNs enabled and use the same device with GrapheneOS, then it might be hard for others to distinguish them from one another. Finally, at least regarding this topic, I don't see them implementing letterboxing as we find on Firefox (as screen sizes are small anyways and only select number of screen sizes exist anyways, because only few devices are supported). Thus, as screen dimensions are not obfuscated, there's less need to obfuscate the GPU in the first place.

mobile browsers have limited screens size and every SOC has a different GPU basically. So if you avoid hardware rendering, you would still need to pretend to be the smallest phone comparable, and pixel density etc. may still be different.

You may find some of my thoughts in the previous paragraph.

Ungoogled Chromium is a set of patches. These should totally be applied to Secureblue chromium, but currently it is saving effords by just using Fedora chromium and a few policies

Is it strictly beneficial for security? IIRC, privacy is (unfortunately) not regarded as a design goal for secureblue.

Btw, apologies if my sentences were more convoluted and confusing than they are otherwise. Thank you for your attention and consideration!

[–] Pantherina@feddit.de 2 points 8 months ago (1 children)

Yeah know that deleting post fun. Jerboah is very good at recovering them.

Bubblejail just got an update that should fix DNS on Fedora! Just has to arrive in Secureblue (rusty-snakes fedora-extras, qoijjjs fork, COPR)

If you use your GPU that model is fingerprintable through WebGL stuff. There is a firefox addon that spoofs random values though. Same for screen size.

Yes, secure projects are nice, if they do something then right.

Yes a Pixel is less trackable than some random phone. But still, trackable. Letterboxing and software rendering could be needed by people.

Secureblue does not implement privacy over security, but if patches make a browser stay just as securely I think that would be fine.

The thing is, for example we had some arguments about manifest v2 extensions (which can download stuff they then use, i.e. no control by Google and thus "less secure"). If Chromium does things like Connect to Google for security stuff like Safe Browsing, this will totally not be removed.

Also you can install any browser you like, just not Firefox (as that is override-removed). I have a PR open to make Librewolf work with hardened-malloc, hope they react soon...

Secureblue is not GrapheneOS too. It is just a (huge) compilation of patches and patched images. Basically every Desktop with Wayland support, currently 86 (!!!!) images.

Doing something like hardened degoogled Chromium with sync capabilities would happen outside of the project.

[–] Throwaway1234@sh.itjust.works 1 points 8 months ago (1 children)

Yeah know that deleting post fun. Jerboah is very good at recovering them.

TIL about Jerboa. Thank you!

If you use your GPU that model is fingerprintable through WebGL stuff. There is a firefox addon that spoofs random values though. Same for screen size.

IIRC, so-called 'naive scripts' will indeed be spoofed. However, it has been shown at great length that JavaScript is not even required to to acquire screen size in the first place. Furthermore, methods that rely on badness enumeration are deemed inferior.

Secureblue does not implement privacy over security, but if patches make a browser stay just as securely I think that would be fine.

That would require someone to put effort into showing that ungoogled-chromium is at least as secure as Chromium. Is that even established in the first place?

The thing is, for example we had some arguments about manifest v2 extensions (which can download stuff they then use, i.e. no control by Google and thus “less secure”). If Chromium does things like Connect to Google for security stuff like Safe Browsing, this will totally not be removed.

Perhaps the desire to minimize attack surface is what's been decisive.

Secureblue is not GrapheneOS too. It is just a (huge) compilation of patches and patched images. Basically every Desktop with Wayland support, currently 86 (!!!) images.

Surely, it would take a lot more effort to get it to GrapheneOS levels. However, I don't find any fault with the desire to be inspired from GrapheneOS' methods and implementations.

[–] Pantherina@feddit.de 2 points 8 months ago (1 children)

Yeah for sure the not-badness-enumeration approach would be to not use the GPU and set a defined screen size and pixel density.

ungoogled chromium is likely less secure, no 1 is to have regular updates. With CI/CD those patches should be applied automatically. Would be a cool project but not for me, I prefer Firefox.

[–] Throwaway1234@sh.itjust.works 1 points 8 months ago

Thanks for the conversation! 😊

Yeah for sure the not-badness-enumeration approach would be to not use the GPU and set a defined screen size and pixel density.

Hopefully one day.

ungoogled chromium is likely less secure, no 1 is to have regular updates.

Agreed.

With CI/CD those patches should be applied automatically. Would be a cool project but not for me, I prefer Firefox.

Hehe, fair.

load more comments (2 replies)
load more comments (2 replies)
[–] Guenther_Amanita@feddit.de 4 points 8 months ago* (last edited 8 months ago) (1 children)

Since you have already used some distros, and aren't the "normal" case, I can't send you a link to my "Distros for noobs"-post I normally send to those questions.

I think you would benefit from image based distros, especially Fedora Atomic. Here's a link to my post explaining immutable distros: https://feddit.de/post/8234416

What comes to my mind in your case is Secureblue.
It's a Fedora Atomic spin that's focused on security and privacy, which has many hardening-tweaks applied, e.g. better sandboxing, memory allocator and an hardened kernel. It also offers Gnome as DE and still allows you to enjoy most freedoms other distros have.

Definitely check that out!

[–] Charger8232@lemmy.ml 1 points 8 months ago

I will, thank you so much!

[–] wonderfulvoltaire@lemmy.world 3 points 8 months ago

Qubes and opensuse are great for any VM needs. Not sure what the issue with privacy is exactly you can pretty much reconfigure any distro to be oriented the way you want it.

[–] Pantherina@feddit.de 2 points 8 months ago (1 children)

Be aware that secureblue is very secure!

Some kernel arguments may break boot (already have in the past) because of weird firmware and fedora not testing their kernel with those kargs.

Strange things may happen with Electron apps (for me its fine) and you might miss Firefox lol.

[–] Charger8232@lemmy.ml 1 points 8 months ago

Noted, thank you!

[–] piefedderatedd@piefed.social 1 points 8 months ago (1 children)

If you like the idea of Qubes OS and Tails, maybe Whonix has something similar to offer : https://www.whonix.org/wiki/Features

[–] Charger8232@lemmy.ml 2 points 8 months ago

I've looked into Whonix in the past, as Qubes OS is one of the host operating systems for it. I plan to try Whonix when they release their own independent ISO that is under works right now. Thank you for your suggestion!

[–] Roderik@lemmy.world 1 points 8 months ago

For me, it has been incredibly difficult to find a properly privacy oriented Linux distro that also has ease of use.

First of all, most distros already offer adequate privacy. It'll always beat Windows or MacOS—that's for sure.

Second, ease of use and privacy don't go hand in hand. The more privacy you want the harder it gets to use. The reason I emphasised privacy is because it's more anonymity at that point.

What is it you want? If it's privacy you're after you can't go wrong with most distros and using FOSS. If it's anonimity be prepared to make a ton of sacrifices. Have fun putting your laptop in a Faraday bag, routing all your traffic through Tor, visiting eepsites, disconnecting your webcam and microphone, only wiring money with Monero, and so forth.

My point is, there is no best of both worlds.

load more comments
view more: next ›