privacytools / privacytools.io

🛡🛠 You are being watched. Protect your privacy against global mass surveillance.
https://www.privacyguides.org
Creative Commons Zero v1.0 Universal
3.12k stars 384 forks source link

Review PC Operating Systems #449

Closed c0rdis closed 5 years ago

c0rdis commented 6 years ago

Let's review the section and make sure we all agree on the top-3 recommended options. It's not clear to me why Debian (?) and Trisquel are there, and Whonix / MOFO are not.

https://itsfoss.com/mofo-linux-censorship/

Shall we replace them?

Atavic commented 6 years ago

Debian is the most important linux distro, with many others based upon it. Trisquel GNU/Linux doesn't include proprietary software. Qubes is a privacy/securityt distro, maybe with high hardware requirements when compared to Whonix.

c0rdis commented 6 years ago

Well, Debian maybe the most important Linux distro with many others based upon it but I cannot see why it is necessarily the best for user's privacy. I mean, Tails is based on Debian, and we're rightly recommending it in the following section.

Whonix is also based on Debian but it's very purpose is "to provide privacy, security and anonymity on the internet". MOFO has plenty of tools bundled from the box, most of which we're recommending on the page.

Also, gNewSense/Dragora do not include proprietary software either, and it's unclear for me why it's specifically Trisquel in top-3.

ghost commented 6 years ago

Before I made some changes to the section it already included Debian, so I have no idea why and how it got there, but I kept it there. Now there are many operating systems focused on security. Some are worse than others, Qubes is obviously superior. Subgraph has/had some flaws, but it's better than recommending Debian, which might lead users to think that Debian actually has some extra security features and decide to go with it as it's easier to install than Qubes.

We should remake the section. Qubes is the starting point, the rest should be figured out based on current available operating systems.

Trisquel was there along with Debian iirc.

angela-d commented 6 years ago

Why the hate on for Debian? Debian social contract

Omitting the nonfree repositories (which is what PureOS does & is based on Debian) is as close to you can get to a free/private operating system of proprietary blobs.

ghost commented 6 years ago

Debian is not specifically focused on security. A secure OS looks like Qubes, not like Debian.

Atavic commented 6 years ago

Debian should stay because many other distros are based on it. While debian closes the gaps in the OS, ubuntu, mint and other forks just follow.

angela-d commented 6 years ago

OS' that are 'focused' on security might be overkill for new users who just want a more private OS (that doesn't spy on them or lock them into walled gardens) and want something moderately simple that works out of the box without having to learn how to use compartmentalization or environments that refresh every time the OS powers down.

ghost commented 6 years ago

Debian should stay because many other distros are based on it.

So what? How is that relevant? If you create a secure OS and base it on another OS, that doesn't make the another OS security-focused.

ghost commented 6 years ago

@angela-d Indeed, that is a good point, but neither should we deceive people into thinking that Debian is super-secure. We should recommend actually secure operating systems and put easy-to-use Linux distributions below, stating that they're better than Windows but worse than the systems above.

Atavic commented 6 years ago

For hardening Debian there's an online manual.

Hillside502 commented 6 years ago

Securing Debian Manual https://www.debian.org/doc/manuals/securing-debian-howto/

Hardening - Debian Wiki https://wiki.debian.org/Hardening

dnguyen01 commented 6 years ago

I'll try to hit on a couple of points without rambling:

1) Mofo Linux, introduced in 2014 and based on Ubuntu anyways. Looking on their website, for a security focused disto, they're still using MD1 & SHA1 for hashing as well as no GPG keys for verification of authenticity. So big security distro, nah, the big boys Debian, Tails, and even Ubuntu have all of these for people to verify to make sure that what they download is what is intended.

2) Mofo Linux seems to be just an Ubuntu distro with some software attached to it. You can see from their download page of their "changelogs" and "versioning" (https://mofolinux.com/downloads.html) that all that is added is more software already pre-loaded. Looking at their Github "source", it looks like all it is a script run on top of a distro and configurations for those software are just copied over (https://github.com/brightflash64/MOFO-Linux/blob/master/getnewsoftware.sh). I also didn't realize that updates were hardcoded (https://github.com/brightflash64/MOFO-Linux/blob/master/mofo-updater.sh).

3) Let's go through the true privacy & security gains from this. So this distro is just a bunch of applications and configurations just put together conveniently but the author never takes the time to securely hash it or lock it down with their GPG (yes, sure some people don't do this), but if the values are hardcoded into the script, what's preventing people from just changing it for malicious purposes and then passing it off to the unsuspecting users? How do we verify that the software on there is not tampered with? Remember they didn't properly secure it so there's no way to know. If there are other configurations in the OS (to lock down memory leakage, etc), we are not seeing it or he's not explaining it. Again, so we're just blindly trusting this author that this distro is secured, when in fact, we have no idea if it's secured properly or that it's even tampered with.

4) Debian on the surface doesn't seem to focus on security but they have all the security mechanisms in place. It is FOSS only repositories when you download software, unless you manually specify not to use FOSS. Using repositories, you can even specify to use Tor to grab your updates as well as use only GPG keys (which I think is already default, I could be wrong). Their ISOs are locked down with lots of author GPG keys, hashes, and extra measures to keep it secure. Debian has a history of doing security good - releasing security patches quickly when the CVE's hit, detail every security information and exploits they patched (https://www.debian.org/security/) and even have regular security audits to make sure very thing is up-to-par(https://www.debian.org/security/audit/), which most software on this page don't even do. I mean, remember, they are supplying their code and repositories to how many Debian-based distros out there (https://upload.wikimedia.org/wikipedia/commons/1/1b/Linux_Distribution_Timeline.svg)?

5) To even continue a bit further, Debian policy details virtually every aspect of building a package, from where libraries, log files, and help should be placed in the file hierarchy, to the types of scripts that can be included in a package and how to add a package to desktop menus (https://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security and https://www.debian.org/doc/debian-policy/). Everything is very strict, which creates consistency needed for basic security and trust.

6) Sure, nothing is secure out of the box but you can harden any OS as long as you take the necessary time and processes to do it. The links from the poster above can be a starting point. I would even argue Kali Linux is somewhat better, but that is not meant for new people and requires everything to be turned on as needed.

7) So question is, when we are recommending OS, what's the focus? Stable and secure OS that have been time-tested, just like how we talk about don't roll your own crypto, or are we just putting any OS with "security" on it. My pick is the first one - Qubes, Debian, Whonix, Tails, and Trisquel should stay.

cyberflamingo commented 6 years ago

In addition to what @dnguyen01 said, Debian is not a security/privacy oriented distribution per se but its way of handling packages and releases makes it look like it.

If you want your package (application or software) to reach Debian stable ー which is probably the release you should use if you care about security/privacy ー, they need to pass unstable and testing (see FAQ 6.5).

In addition, the unmodified Debian stable only include packages which respect the Debian Free Software Guidelines.

Anyway, let's go back to the original issue: Review PC Operating Systems

This repo's README.md clearly states:

Software Criteria Open Source Cross-platform Easy to use Privacy respecting

Note that it doesn't say "security". Although those two concepts are very related, I think we need to recenter the discussion around the main topic: privacy.

As far as privacy goes, you can't beat Live CD OS. I haven't tested the all four recommended but I vouch for Tails to stay. There are others (Kodachi etc.) but they look not well maintained or bogus.

If you need a day to day OS, the next best thing on the list is probably Qubes OS (security) + Whonix (privacy/anonymity) which conveniently work very well together. But let's be honest, this is overkill for most people and we clearly already buried the third criteria (easy to use). Just installing is out of reach for most people.

In my opinion, Qubes OS/Whonix should stay for the tech-savy folks and those who want the best security, but we should also provide alternatives for the layman that wants a more private OS, as @angela-d said.

To be honest, just switching to GNU/Linux is already a big step forward ; in my opinion the following question we should ask ourselves is, what distro flavor do we recommend: Debianish? Fedora-ish? Arch? Alpine?

I personally like Debian and it's a time-tested, often recommended security-wise (and by extension privacy-wise) distro but if my mama comes and asks me "hey Alex I wanna be more privacy-minded and wish to ditch Windows, what do?", I don't know if I would recommend Debian (I fear she would just go back to Windows).

The goal is not to scare people, in my opinion, but what do you all think?

As for Trisquel, I have no idea why it's there. If you want to keep at least one FSF endorsed GNU/Linux distros in the top three, my vote goes to PureOS which is privacy focused.

FrostKnight commented 5 years ago

I have a better idea for a FSF endorsed distro, its called, Hyperbola.

Hyperbola.info

https://wiki.hyperbola.info/doku.php?id=en:main:social_contract

https://wiki.hyperbola.info/doku.php?id=en:main:faq I was the author of this thread:

Operating systems worth mentioning request, #517

It is my favorite, and it uses debian packages for stability and security, it is currently my favorite distro but that being said, I am very much biased and think you should try it out to see what you think. :)

PS, I appreciate you guys making this list, for me and others. It is very helpful.

:)

ggg27 commented 5 years ago

Well, Debian maybe the most important Linux distro with many others based upon it but I cannot see why it is necessarily the best for user's privacy. I mean, Tails is based on Debian, and we're rightly recommending it in the following section.

Whonix is also based on Debian but it's very purpose is "to provide privacy, security and anonymity on the internet". MOFO has plenty of tools bundled from the box, most of which we're recommending on the page.

Also, gNewSense/Dragora do not include proprietary software either, and it's unclear for me why it's specifically Trisquel in top-3.

Debian has strong policies for privacy.