privacyguides/privacyguides.org
1
1
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2026-06-28 04:24:42 +00:00
Code Issues Activity

refactor: Follow Hugo leaf vs branch conventions

Browse Source
This commit is contained in:
Jonah Aragon
2026-05-13 01:14:25 -05:00
parent 757a274ac3
commit 88f1894219
99 changed files with 552 additions and 552 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/tools/os/desktop/_index.md → content/tools/os/desktop/index.md
+16 -16
View File
@@ -3,11 +3,11 @@ title: "Desktop/PC"
description: Linux distributions are commonly recommended for privacy protection and software freedom.
---
<small>Protects against the following threat(s):</small>
[{{< badge content="Surveillance Capitalism" color="purple" >}}](../../../wiki/basics/common-threats/_index.md#surveillance-as-a-business-model)
[{{< badge content="Surveillance Capitalism" color="purple" >}}](../../../wiki/basics/common-threats/index.md#surveillance-as-a-business-model)
Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions.
- [General Linux Overview](../../../wiki/os/linux/_index.md)
- [General Linux Overview](../../../wiki/os/linux/index.md)
<div class="pg-card-logos">
{{< cards >}}
@@ -63,13 +63,13 @@ Tumbleweed follows a rolling release model where each update is released as a sn
Arch Linux has a rolling release cycle. There is no fixed release schedule and packages are updated very frequently.
Being a DIY distribution, you are [expected to set up and maintain](../../../wiki/os/linux/_index.md#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
Being a DIY distribution, you are [expected to set up and maintain](../../../wiki/os/linux/index.md#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
A large portion of [Arch Linuxs packages](https://reproducible.archlinux.org) are [reproducible](https://reproducible-builds.org)[^1].
## Atomic Distributions
**Atomic distributions** (sometimes also referred to as **immutable distributions**) are operating systems which handle package installation and updates by layering changes atop your core system image, rather than by directly modifying the system. Advantages of atomic distros include increased stability and the ability to easily roll back updates. See [*Traditional vs. Atomic Updates*](../../../wiki/os/linux/_index.md#traditional-vs-atomic-updates) for more info.
**Atomic distributions** (sometimes also referred to as **immutable distributions**) are operating systems which handle package installation and updates by layering changes atop your core system image, rather than by directly modifying the system. Advantages of atomic distros include increased stability and the ability to easily roll back updates. See [*Traditional vs. Atomic Updates*](../../../wiki/os/linux/index.md#traditional-vs-atomic-updates) for more info.
### Fedora Atomic Desktops
@@ -113,7 +113,7 @@ Nix is a source-based package manager; if theres no pre-built available in th
### Whonix
**Whonix** is based on [Kicksecure](#kicksecure), a security-focused fork of Debian. It aims to provide privacy, security, and [anonymity](../../../wiki/basics/common-threats/_index.md#anonymity-vs-privacy) on the internet. Whonix is best used in conjunction with [Qubes OS](#qubes-os).
**Whonix** is based on [Kicksecure](#kicksecure), a security-focused fork of Debian. It aims to provide privacy, security, and [anonymity](../../../wiki/basics/common-threats/index.md#anonymity-vs-privacy) on the internet. Whonix is best used in conjunction with [Qubes OS](#qubes-os).
{{< cards >}}
{{< card link="https://whonix.org" title="Homepage" icon="home" >}}
@@ -124,11 +124,11 @@ Whonix is meant to run as two virtual machines: a “Workstation” and a Tor
Some of its features include Tor Stream Isolation, [keystroke anonymization](https://whonix.org/wiki/Keystroke_Deanonymization#Kloak), [encrypted swap](https://github.com/Whonix/swap-file-creator), and a hardened memory allocator. Future versions of Whonix will likely include [full system AppArmor policies](https://github.com/roddhjav/apparmor.d) and a [sandboxed app launcher](https://whonix.org/wiki/Sandbox-app-launcher) to fully confine all processes on the system.
Whonix is best used [in conjunction with Qubes](https://whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers). We have a [recommended guide](../../../wiki/os/qubes/_index.md#connecting-to-tor-via-a-vpn) on configuring Whonix in conjunction with a VPN ProxyVM in Qubes to hide your Tor activities from your ISP.
Whonix is best used [in conjunction with Qubes](https://whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers). We have a [recommended guide](../../../wiki/os/qubes/index.md#connecting-to-tor-via-a-vpn) on configuring Whonix in conjunction with a VPN ProxyVM in Qubes to hide your Tor activities from your ISP.
### Tails
**Tails** is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses [Tor](../../software/tor/_index.md) to preserve privacy and [anonymity](../../../wiki/basics/common-threats/_index.md#anonymity-vs-privacy) while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off.
**Tails** is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses [Tor](../../software/tor/index.md) to preserve privacy and [anonymity](../../../wiki/basics/common-threats/index.md#anonymity-vs-privacy) while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off.
{{< cards >}}
{{< card link="https://tails.net" title="Homepage" icon="home" >}}
@@ -141,14 +141,14 @@ Whonix is best used [in conjunction with Qubes](https://whonix.org/wiki/Qubes/Wh
Tails is great for counter forensics due to amnesia (meaning nothing is written to the disk); however, it is not a hardened distribution like Whonix. It lacks many anonymity and security features that Whonix has and gets updated much less often (only once every six weeks). A Tails system that is compromised by malware may potentially bypass the transparent proxy, allowing for the user to be deanonymized.
Tails includes [uBlock Origin](../../software/browser-extensions/_index.md#ublock-origin) in Tor Browser by default, which may potentially make it easier for adversaries to fingerprint Tails users. [Whonix](#whonix) virtual machines may be more leak-proof, however they are not amnesic, meaning data may be recovered from your storage device.
Tails includes [uBlock Origin](../../software/browser-extensions/index.md#ublock-origin) in Tor Browser by default, which may potentially make it easier for adversaries to fingerprint Tails users. [Whonix](#whonix) virtual machines may be more leak-proof, however they are not amnesic, meaning data may be recovered from your storage device.
By design, Tails is meant to completely reset itself after each reboot. Encrypted [persistent storage](https://tails.net/doc/persistent_storage/index.en.html) can be configured to store some data between reboots.
## Security-focused Distributions
<small>Protects against the following threat(s):</small>
[{{< badge content="Passive Attacks" color="amber" >}}](../../../wiki/basics/common-threats/_index.md#security-and-privacy)
[{{< badge content="Passive Attacks" color="amber" >}}](../../../wiki/basics/common-threats/index.md#security-and-privacy)
### Qubes OS
@@ -159,9 +159,9 @@ By design, Tails is meant to completely reset itself after each reboot. Encrypte
{{< card link="https://qubes-os.org/privacy" title="Privacy Policy" icon="eye" >}}
{{< /cards >}}
Qubes OS secures the computer by isolating subsystems (e.g., networking, USB, etc.) and applications in separate *qubes*. Should one part of the system be compromised via an exploit in a [targeted attack](../../../wiki/basics/common-threats/_index.md#attacks-against-specific-individuals), the extra isolation is likely to protect the rest of the *qubes* and the core system.
Qubes OS secures the computer by isolating subsystems (e.g., networking, USB, etc.) and applications in separate *qubes*. Should one part of the system be compromised via an exploit in a [targeted attack](../../../wiki/basics/common-threats/index.md#attacks-against-specific-individuals), the extra isolation is likely to protect the rest of the *qubes* and the core system.
For further information about how Qubes works, read our full [Qubes OS overview](../../../wiki/os/qubes/_index.md) page.
For further information about how Qubes works, read our full [Qubes OS overview](../../../wiki/os/qubes/index.md) page.
### Secureblue
@@ -172,13 +172,13 @@ For further information about how Qubes works, read our full [Qubes OS overview]
{{< card link="https://secureblue.dev/install" title="Documentation" icon="document-text" >}}
{{< /cards >}}
**Trivalent** is Secureblue's hardened Chromium for desktop Linux inspired by [GrapheneOS](../android/distributions.md#grapheneos)'s Vanadium browser.
**Trivalent** is Secureblue's hardened Chromium for desktop Linux inspired by [GrapheneOS](../android/distributions/index.md#grapheneos)'s Vanadium browser.
Secureblue also provides GrapheneOS's [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc) and enables it globally (including for Flatpaks).
### Kicksecure
While we [recommend against](../../../wiki/os/linux/_index.md#release-cycle) "perpetually outdated" distributions like Debian for desktop use in most cases, Kicksecure is a Debian-based operating system which has been hardened to be much more than a typical Linux install.
While we [recommend against](../../../wiki/os/linux/index.md#release-cycle) "perpetually outdated" distributions like Debian for desktop use in most cases, Kicksecure is a Debian-based operating system which has been hardened to be much more than a typical Linux install.
**Kicksecure**—in oversimplified terms—is a set of scripts, configurations, and packages that substantially reduce the attack surface of Debian. It covers a lot of privacy and hardening recommendations by default. It also serves as the base OS for [Whonix](#whonix).
@@ -189,7 +189,7 @@ While we [recommend against](../../../wiki/os/linux/_index.md#release-cycle) "pe
## Criteria
Choosing a Linux distro that is right for you will come down to a huge variety of personal preferences, and this page is **not** meant to be an exhaustive list of every viable distribution. Our Linux overview page has some advice on [choosing a distro](../../../wiki/os/linux/_index.md#choosing-your-distribution) in more detail. The distros on *this* page do all generally follow the guidelines we covered there, and all meet these standards:
Choosing a Linux distro that is right for you will come down to a huge variety of personal preferences, and this page is **not** meant to be an exhaustive list of every viable distribution. Our Linux overview page has some advice on [choosing a distro](../../../wiki/os/linux/index.md#choosing-your-distribution) in more detail. The distros on *this* page do all generally follow the guidelines we covered there, and all meet these standards:
- Free and open source.
- Receives regular software and kernel updates.
@@ -197,11 +197,11 @@ Choosing a Linux distro that is right for you will come down to a huge variety o
- The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other.
- Supports full-disk encryption during installation.
- Doesn't freeze regular releases for more than 1 year.
- We [recommend against](../../../wiki/os/linux/_index.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage.
- We [recommend against](../../../wiki/os/linux/index.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage.
- Supports a wide variety of hardware.
- Preference towards larger projects.
- Maintaining an operating system is a major challenge, and smaller projects have a tendency to make more avoidable mistakes, or delay critical updates (or worse, disappear entirely). We lean towards projects which will likely be around 10 years from now (whether that's due to corporate backing or very significant community support), and away from projects which are hand-built or have a small number of maintainers.
In addition, [our standard criteria](../../../about/criteria.md) for recommended projects still applies. **Please note we are not affiliated with any of the projects we recommend.**
[^1]: Reproducibility entails the ability to verify that packages and binaries made available to the end user match the source code, which can be useful against potential [:material-package-variant-closed-remove: Supply Chain Attacks](../../../wiki/basics/common-threats/_index.md#attacks-against-certain-organizations){ .pg-viridian }.
[^1]: Reproducibility entails the ability to verify that packages and binaries made available to the end user match the source code, which can be useful against potential [:material-package-variant-closed-remove: Supply Chain Attacks](../../../wiki/basics/common-threats/index.md#attacks-against-certain-organizations){ .pg-viridian }.