Most distros are somewhat equal when it comes to privacy, anonymity and security; with the likes of Fedora and openSUSE known for taking it more seriously out of the box than the other 'big bois', while some smaller distros like Kicksecure are known for their best-in-class^[1] hardening that they offer by default.

As for NixOS, it's really its own thing (together with Guix), and thus very different from any other distros. If you conquer it, you would be delightfully met by a system that enables you to do things unheard of in other distros. However, the learning curve is very steep. And perhaps even hardening it to the level that Fedora or openSUSE provide by default might not be trivial.

1. Qubes OS is technically not a Linux distro. But it's worth mentioning as one generally tends to run Linux within a qube (read: VM), and in regards to security and privacy Qubes OS is simply unmatched, period.

Not much to say regarding their first paragraph.

As for their second paragraph, perhaps they are rightfully sceptical regarding Privacy Guides. The body of topics they try to cover is substantial, though. And if TheAnonymouseJoker or whosoever disagrees with them, then they're free to challenge their views.

Privacy Guides isn't any kind of Gospel or whatsoever that you'd have to agree with in its entirety. I do believe, however, that they've done a tremendous job at offering a one-stop shop for those that are conscious regarding their security and privacy. Everyone is free to choose and pick whatever they like from there or not.

I would love to hear about other resources that do a similarly great job at providing at least decent information when it comes to security and privacy; FWIW thenewoil.org exists, however I don't recall any VPN overview/guide/recommendations from them.

a few commenters pointed out that the highest rated VPN providers in this table just happen to be the ones that advertise most aggressively and are well-known for buying positive reviews from tech blogs, which are pretty clearly designed to be misleading

Exactly. This is unfortunately common practice, so this breakdown can be dismissed as they're obviously biased due to monetary motivations.

Consider to read Privacy Guides' take on the matter instead.

(Perhaps personal) TL;DR would be that Mullvad VPN in combination with Mullvad Browser offers the most private internet browsing experience for people who don't desire to connect to the Tor Network. Furthermore, Proton offers a suite of privacy-friendly services for mail, drive, password manager etc. Therefore, for the sake of trusting the least amount of parties for these services (at the cost of putting all eggs in one basket), one might consider Proton VPN instead; additionally it includes a free tier and some support to port forwarding (read: allows the use of torrent applications).

Understandable! Please consider coming back to this at some point (also possible in private) as I'm genuinely curious to hear from you.

I disagree with most of the benefits you list

I'm curious to hear your objections.

chief among them “increased security”

Do you deny that specific protection to some attacks is provided through the chosen model of 'immutability' on at least one of the atomic distros?

not to mention half of them are already supported by traditional package managers

Hmm...,:

• atomicity; nope
• reproducibility =/= reproducible builds for some packages (if that's what you meant)
• declarative system configuration; ansible (and any other solution that I've witnessed being mentioned in such discussions) succeed (at best) at convergent system management, while e.g. NixOS does congruent system management by default. Consider taking a look at this page if you're interested in what these are and how they're different. (Spoiler alert) congruent is better and therefore more desirable.
• increased security; security is not limited to chosen model for 'immutability' if at all; as Qubes OS (read: most secure and private desktop OS) doesn't rely on it for its security. So I can understand where you're coming from, but I have yet to see any non-security focused distro that provides the elevated protection against particular attacks that some atomic distros offer by default.
• built-in rollback functionality; sure, this is not exclusive to atomic distros. Perhaps I should have done a better job at making clear that it isn't a feature provided necessarily by atomicity. But, the fact that I listed it at the very end, alludes that it isn't as exclusive and consequential as atomicity is. At this point, however, it has become almost synonymous with atomic distros, while the same can't be said about traditional distros.
• regarding the consequences; I'm unaware of any distro that does those out of the box (barring Pop!_OS with their factory reset). Though, I'd love to be educated on this.

I was genuinely curious so thanks for the rationale.

It has been my pleasure ☺️! I'm also genuinely curious to read your reply to this comment😉.

Not OP. But for me, atomic updates, reproducibility, (to some degree) declarative system configuration, increased security, built-in rollback functionality and their consequences; rock solid system even with relatively up to date packages, possibility to enable automatic updates in background without fearing breakage, (quasi) factory reset feature, setting up a new system in just a fraction of the time required otherwise are the primary reasons why I absolutely adore atomic^[1] distros.

1. I prefer referring to the so-called 'immutable' distros as atomic distros instead. It's more descriptive, because the distros aren't actually 'immutable' but instead they're atomic.

Distrobox is directly inspired from Toolbx and was created because of limitations of Toolbx and how Toolbx' maintainers didn't want to implement some features at that moment in time.

Currently, Distrobox is almost a superset of Toolbx. Though, I've come to the understanding that Toolbx does better at some tasks.

If you would like to stick to just one of them, then Distrobox is probably still the better one and should be preferred. However, if its added functionality doesn't do it for you, then please feel free to continue using Toolbx.

Why is toolbox preinstalled and not distrobox?

Because Toolbx predates Distrobox and is developed by developers that are associated with Fedora and even specifically designed in hopes of solving some issues pertaining to Fedora's Atomic distros.

Thanks a lot for this excellent write-up! I believe it has successfully fulfilled its purpose.

To make myself absolutely clear: I believe that we agree on our general sentiment towards systemd; I don't like how it has almost ostracized other inits, nor do I like how ever-impactful it has become across the board so much so that even the most established DE (read: GNOME) has had hard dependencies to systemd in the past^[1].

And this is where i think you’ve contradicted yourself. IMO, the only reason opponents use it is not because it’s so great but because it’s so entrenched in whichever distro they’re using.

Got it! I see now why you might have perceived that as a contradiction. And honestly, you might be correct! I assumed that systemd is used for how it might enable the full system AppArmor policy^[2] and other features that Kicksecure has become known for. Honestly, I'm not an expert on Kicksecure myself. I just like the project and even try to import some of their systemd-related features and/or configs on my daily driver.

Based on past readings, the idea that systemd was (ironically) still preferred on Kicksecure for security-related features stuck with me. But, honestly, it could have been my misunderstanding and instead they might have chosen to make the best out of it as not using systemd would have increased the maintenance burden tremendously.

This conversation has opened the possibility to me that Kicksecure's maintainers might have stuck to systemd for non-security reasons. Ultimately, your contribution by addressing that point has been immense. Thank you so much for the insight and for being patient with me 😊!

1. I believe this has since been resolved.
2. Based on the following statement: "AppArmor can do this by loading a profile for systemd in the initramfs." found here

Thanks for the answer! I got some pointers 😉.

the best os-design there is: the unix-like system.

Couple of questions:

1. Is there even any scientific basis to this statement?
   • If yes, would you be so kind to cite sources as I got trouble finding peer-reviewed articles on the matter.
   • If not, would you be able to make a logically sound argument on why that is the case?
2. Why Unix-like and not Unix? Wouldn't Unix be the actual "original vision"?

In case you're bored enough to read my ramblings and/or interested in what I understood and how, then consider reading the spoiler below.

If not 😜; did I understand you correctly in that the mere existence of Devuan is the supposed contradiction?

How so? I literally don't see it. My apologies if I come across as obnoxious, but I simply don't understand how I might have contradicted myself. I never explicitly mentioned Debian anyways, so why did you feel the need to mention that as somehow being related to a supposed contradiction.

is there any reason why I should even care about the freedom of init system?

Freedom of choice! It's troublesome if distros and/or DEs rely so heavily on systemd to do their bidding. So much so, that some combinations of distro + DE don't allow any differentiation in init or make it very cumbersome and unwieldy at best. I'm not interested in making systemd a necessary part of Linux. Therefore other inits not only have to exist, but should be 'competitive' as well. Which, to be frank, is currently not the case.

Another concern is that systemd is by no means a minimalist approach. Which beyond bloat, also has security implications. More information can be found in this (infamous) guide by Madaidan; security researcher on multiple distros known for taking security and privacy very seriously like e.g. Kicksecure and Whonix. Interestingly, while Madaidan discourages the use of systemd in that guide, it's still heavily relied on in Kicksecure; one of the distros he works on. I think this is a perfect illustration of how systemd has become so good that even opponents can't deny its merits and continue to make use of it for the time being out of necessity.

Thanks everyone for your replies, I’m really interested in KDE Plasma now.

I agree that KDE Plasma should satiate your desire for customizing the look and feel of your system. But, note that KDE Plasma isn't properly supported on Linux Mint. Therefore, consider switching to a Distro in which it is; e.g. the KDE Flavors/Spins of Fedora, openSUSE or Ubuntu.

Regarding 4; I suppose you're looking for the ArcMenu extension if you wish to continue using GNOME as your Desktop Environment (will be abbreviated to DE from here on). Though GNOME's workflow is considerably different to Windows'. Therefore, you might be interested into looking elsewhere unless you're actually interested to continue GNOME. FWIW, GNOME is one of the most popular and most polished DEs out there, but it's very opinionated; which rub some folk the wrong way. I personally like it, but others might differ on this. Lastly, GNOME is NOT particularly known to be light. Therefore, if you're not happy with how it runs; e.g. frame skips with animations or just high RAM usage overall, then perhaps consider Xfce or Lxqt. If you're not discontent about the performance on GNOME, then you could also consider KDE or Cinnamon as those might 'feel' more 'modern' than the aforementioned Xfce and Lxqt.

Regarding 5; Ubuntu gets a lot of hate due to:

• how they're forcing Snaps (their in-house universal package manager; therefore a direct competitor to Flatpak) onto its users. So much so that even attempting to install some packages through apt will result in the Snap being installed instead; which is basically unprecedented within the Linux landscape.
• some mishaps in the past resulted in very bad PR; especially to those that are privacy-conscious and/or F(L)OSS-advocates.

You'd have to get to your own conclusions though. It's probably still the most used distro and therefore you might expect some QoL-features are only found within. If you're inconclusive, just try it out and consider reporting back to us on how it went. Regarding old hardware; the DE is the most important factor anyways.

I looked into distrobox and checks all the boxes but there is the issue of my lack of storage space(currently only 130 GB left out of 240)

It can definitely fill up space if you're not careful. Just ensure that only the minimal amount of containers and their respective images are on the system.

I would assume one container each for Ubuntu and Arch should suffice for most people. Sure; this will likely take up to 10 GB of extra storage in total (eventually), but foregoing this solution means that you'd likely have to settle for Arch (because of the AUR) or something like Gentoo (because no other distro does compiling and building from source like Gentoo does).

If you feel particularly adventurous, you could also consider Nix and/or NixOS; though you'd have to ensure that said packages are available as a nixpkg. Nix can also be installed on Fedora; consider Determinate Systems' installer for that*.

Thank you for responding!

I need a distro which is package-agnostic since i use a lot of old ooen source academic software and they alternate between being only supported on RHEL or Ubuntu

Perhaps you should look into container solutions like e.g. Distrobox. You can basically install/run any package; just ensure usage of the correct container environment.

Fedora 39 is great except when i need to build the above mentioned software from source and i spend 2 hrs failing to match the dependencies from Ubuntu

If you're otherwise content with Fedora, then perhaps consider installing the aforementioned Distrobox; which happens to be found within Fedora's repos and thus one sudo dnf install distrobox away from being installed on your machine.

Also want to improvey laptop’s battery life, but i think i can’t get it much better than in Fedora

I'd argue that Fedora is not best for battery life, though. Minimalist distros tend to be a lot better at this. Installing auto-cpufreq in Fedora Silverblue on my AMD-powered laptop did come with significant improvements, so perhaps you could prolong your battery life by utilizing it or similar programs; think of TLP, thermald etc to name a few.

Manjaro’s advertising as compatible with mainline AUR

I've honestly never used Manjaro nor do I ever intend to, however this page suggests otherwise. Would you be so kind to point me out where I can find said advertising?

I'm saddened by how the once great Elementary OS has fallen from grace. I hope they will be able to bounce back to former glory and beyond, but I'm skeptical at best...

Thank you for reporting back! Much appreciated!

So it turns out, I cannot use my NVIDIA card using distrobox. I guess it only works with AMD?

Interesting. Unfortunately, I don't own an Nvidia device. Therefore, I can't tackle it myself. Distrobox should allow the use of Nvidia, but I'm unaware if this applies to the bazzite-arch container as well. The picture you shared and the link to its FAQ-page (found below) do suggest otherwise, unfortunately...

I was wondering if distrobox would somehow allow better performance

FWIW, I've always experienced better performance inside the bazzite-arch distrobox container, at least compared to Flatpak*.

I see that this image is used a lot on Steam Deck, which I also don’t understand why (as opposed to having everything native).

Because the distro image it's used in conjunction with, Bazzite, is Fedora-based, while Steam OS is based on Arch. Bazzite is Fedora-based in the first place, because Arch doesn't officially have any plans for 'immutable' distros yet. As for the remaining distros, only Fedora and NixOS (see Jovian-NixOS) have a sufficiently mature and suitable platform at this point in time.

maybe I am missing some graphical dependencies

This happens way more often than you might expect. Even the so-called 'toolbox' containers from Distrobox miss a lot of packages required to support software graphically. Consider running it inside a terminal and pay attention to error codes etc; those might/should help you resolve the issue. Sometimes it helps to explicitly use the -v or --verbose option to ensure that the program actually communicates what's happening.