I'm currently embracing the way of privacy and anonimity and saw the repo of hackliberty, they say to use alpine linux but I was also looking to stuff like openBSD or just hardening the arch build I use rn, what do you think about that? openBSD could be a good choice as daily drive or I should follow the community and try alpine, sorry if the question is dumb but I'm still learning.

  • multicorn@programming.dev
    ·
    1 year ago

    Ok, in your Post you say you want Privacy, but go on to describe Distros for Security.

    Before you do anything, you should make a threat-model:

    • Who do you want your data to be safe from
    • What applications/programs do you use
    • Who do you want to be protected against security wise.
    • Are there any institutions/irganizations you trust (Tor, i2p, BitWarden, Linuxkernel, *BSD, Firefox, Chromium, Xmpp, Matrix, LLVM)

    If you can answer the questions above, you can make more informed decisions, and if you want you can tell them to me either publicly or over multi@conversations.im (xmpp)

    Here a short summary of a few operating systems to choose from:

    Fedora Silverblue: Pros:

    • Encryption of personal data possible
    • Immutable
    • Mandatory Access Control framework (SELinux)
    • Everything is set up for you already, by people that know their stuff
    • Big company with lots of resources, and fast security updates Cons:
    • Big company you have to trust
    • Less control over the operating system. Both for you or an attacker
    • Immutability still very new, may cause problems

    Alpine: Pros:

    • very minimal -> small attack surface
    • encryption optional, and made easy Cons:
    • no MAC my default
    • a lot of configuring you have to do yourself. Mistakes are a big concern

    OpenBSD: Pros:

    • audited into oblivion
    • incredibly minimal Cons:
    • incredibly minimal: No mac framework (!!)
    • Disk encryotion might be tricky on your first try
    • software support
    • Wayland support still experimental

    In my conclusion: If you trust Redhat more to build a safe os than yourself: go Silverblue

    If you know what you are doing Alpine is a more minimal approach than Arch, and may be a fantastic choice if you know how to set up mac, fdi and a secure desktop

    If you have a server or reverse proxy, OpenBSD will be a incredibly tough nut to crack for even government agencies, but due to the missing mac usecases as desktop simply don't make sense to me.

    I hope that helped