I’m making this post to share some interesting less talked about things about privacy, security, and other related topics. This post has no direct goal, it’s just an interesting thing to read. Anyways, here we go:
I made a post about secureblue, which is a Linux distro* (I’ll talk about the technicality later) designed to be as secure as possible without compromising too much usability. I really like the developers, they’re one of the nicest, most responsible developers I’ve seen. I make a lot of bug reports on a wide variety of projects, so they deserve the recognition.
Anyways, secureblue is a lesser known distro* with a growing community. It’s a good contrast to the more well known alternative** Qubes OS, which is not very user friendly at all.
* Neither secureblue, nor Qubes OS are “distros” in the classical sense. secureblue modifies and hardens various Fedora Atomic images. Qubes OS is not a distro either, as they state themselves. It’s based on the Xen Hypervisor, and virtualizes different Linux distros on their own.
** Qubes OS and secureblue aren’t exactly comparable. They have different goals and deal with security in different ways, just as no threat model can be compared as “better” than any other one. This all is without mentioning secureblue can be run inside of Qubes OS, which is a whole other ballpark.
secureblue has the goal of being the most secure option “for those whose first priority is using Linux, and second priority is security.” secureblue “does not claim to be the most secure option available on the desktop.” (See here) Many people in my post were confused about that sentence and wondered what the most secure option for desktop is. Qubes OS is one option, however the secureblue team likely had a different option in mind when they wrote that sentence: Android.
secureblue quotes Madaiden’s Insecurities on some places of their website. Madaiden’s Insecurities holds the view that Linux is fundamentally insecure and praises Android as a much better option. It’s a hard pill to swallow, but Madaiden’s Insecurities does make valid criticisms about Linux.
However, Madaiden’s Insecurities makes no mention of secureblue. Why is that? As it turns out, Madaiden’s Insecurities has not been updated in over 3 years. It is still a credible source for some occasions, but some recommendations are outdated.
Many people are strictly anti-Google because of Google’s extreme history of privacy violations, however those people end up harming a lot of places of security in the process. The reality is, while Google is terrible with privacy, Google is fantastic with security. As such, many projects such as GrapheneOS use Google-made devices for the operating system. GrapheneOS explains their choice, and makes an important note that it would be willing to support other devices as long as it met their security standards. Currently only Google Pixels do.
For those unfamiliar, GrapheneOS is an open source privacy and security focused custom Android distribution. The Android Open Source Project (AOSP) is an open source project developed by Google. Like the Linux kernel, it provides an open source base for Android, which allows developers to make their own custom distributions of it. GrapheneOS is one such distribution, which “DeGoogles” the device, removing the invasive Google elements of the operating system.
Some Google elements, such as Google Play Services can be optionally installed onto the device in a non-privileged way (see here and here). People may be concerned that Google Pixels can still spy on them at a hardware level even with GrapheneOS installed, but that isn’t the case.
With that introduction of secure Android out of the way, let’s talk about desktop Android. Android has had a hidden option for Desktop Mode for years now. It’s gotten much better since it was first introduced, and with the recent release of Android 15 QPR2, Android has been given a native terminal application that virtualizes Linux distros on the device. GrapheneOS is making vast improvements to the terminal app, and there are many improvements to come.
GrapheneOS will also try to support an upcoming Pixel Laptop from Google, which will run full Android on the desktop. All of these combined means that Android is one of, if not the, most secure option for desktop. Although less usable than some more matured desktop operating systems, it is becoming more and more integrated.
By the way, if you didn’t know, Android is based on Linux. It uses the Linux kernel as a base, and builds on top of it. Calling Qubes OS a distro would be like calling Android and Chrome OS distros as well. Just an interesting fact.
So, if Android (or more specifically GrapheneOS) is the most secure option for desktop, what does that mean in the future? If the terminal app is able to virtualize Linux distros, secureblue could be run inside of GrapheneOS. GrapheneOS may start to become a better version of Qubes OS, in some respects, especially with the upcoming App Communication Scopes feature, which further sandboxes apps.
However, there is one bump in the road, which is the potential for Google to be broken up. If that happens, it might put GrapheneOS and a lot of security into a weird place. There might be consequences such as Pixels not being as secure or not supporting alternative Android distributions. Android may suffer some slowdowns or halts in development, possibly putting more work on custom Android distribution maintainers. However, some good may come from it as well. Android may become more open source and less Google invasive. It’s going to be interesting to see what happens.
Speaking of Google being broken up, what will happen to Chrome? I largely don’t care about what happens to Chrome, but instead what happens to Chromium. Like AOSP, Chromium is an open source browser base developed by Google. Many browsers are based on Chromium, including Brave Browser and Vanadium.
Vanadium is a hardened version of Chromium developed by GrapheneOS. Like what GrapheneOS does to Android, Vanadium removes invasive Google elements from the browser and adds some privacy and security fixes. Many users who run browser fingerprinting tests on Vanadium report it having a nearly unique fingerprint. Vanadium does actually include fingerprint protections (see here and here), but not enough users use it for it to be as noticeable as the Tor Browser. “Vanadium will appear the same as any other Vanadium on the same device model, and we don’t support a lot of device models.” (see here)
There’s currently a battle in the browser space between a few different groups, so mentioning any browser is sure to get you involved in a slap fight. The fights usually arise between these groups:
- The group that is strictly anti-Google and uses Firefox-based browsers
- The security focused group that recognizes that Firefox is insecure and opts for privacy enhanced versions of Chromium
- The political group that only care about the politics behind an organization rather than the code itself (examples: Firefox Terms of Use update, Brave Browser including a crypto wallet)
For that last one, I would like to mention that Firefox rewrote the terms after backlash, and users have the ability to disable bloatware in Brave. Since Brave is open source, it is entirely possible for someone to make a fork of it that removes unwanted elements by default, since Brave is another recommended browser by the GrapheneOS team for security reasons.
Another interesting Chromium-based browser to look at is secureblue’s Trivalent, which was inspired by Vanadium. It’s a good option for users that use Linux instead of Android as a desktop.
Also, about crypto, why is there a negativity around it? The reason is largely due to its use in crime, use in scams, and use in investing. However, not all cryptocurrencies are automatically bad. The original purpose behind cryptocurrency was to solve a very interesting problem.
There are some cryptocurrencies with legitimate uses, such as Monero, which is a cryptocurrency designed to be completely anonymous. Whether or not you invest in it is your own business, and unrelated to the topics of this post. Bitcoin themselves even admit that Bitcoin is not anonymous, so there is a need for Monero if you want fully decentralized, anonymous digital transactions.
On the topic of fully decentralized and anonymous things, what about secure messaging apps? Most people, even GrapheneOS and CISA, are quick to recommend Signal as the gold standard. However, another messenger comes up in discussion (and my personal favorite), which is SimpleX Chat.
SimpleX Chat is recommended by GrapheneOS occasionally, as well as other credible places. This spreadsheet is my all time favorite one comparing different messengers, and SimpleX Chat is the only one that gets full marks. Signal is a close second, but it isn’t decentralized and it requires a phone number.
Anyways, if you do use Signal on Android, be sure to check out Molly, which is a client (fork) of Signal for Android with lots of hardening and improvements. It is also available to install from Accrescent.
Accrescent is an open source app store for Android focused on privacy and security. It is one of the default app stores available to install directly on GrapheneOS. It plans to be an alternative to the Google Play Store, which means it will support installing proprietary apps. Accrescent is currently in early stages of development, so there are only a handful of apps on there, but once a few issues are fixed you will find that a lot of familiar apps will support it quickly.
Many people have high hopes for Accrescent, and for good reason. Other app stores like F-Droid are insecure, which pose risks such as supply chain attacks. Accrescent is hoped to be (and currently is) one of the most secure app stores for Android.
The only other secure app store recommended by GrapheneOS is the Google Play Store. However, using it can harm user privacy, as it is a Google service like any other. You also need an account to use it.
Users of GrapheneOS recommend making an anonymous Google account by creating it using fake information from a non-suspicious (i.e. not a VPN or Tor) IP address such as a coffee shop, and always use a VPN afterwards. A lot of people aren’t satisfied with that response, since the account is still a unique identifier for your device. This leads to another slap fight about Aurora Store, which allows you to (less securely) install Play Store apps using a randomly given Google account.
The difference between the Play Store approach and the Aurora Store approach is that Aurora Store’s approach is k-anonymous, rather than… “normal” anonymity. The preference largely comes down to threat models, but if you value security then Aurora Store is not a good option.
Another criticism of the Play Store is that it is proprietary. The view of security between open source software and proprietary software has shifted significantly. It used to be that people viewed open source software as less secure because the source code is openly available. While technically it’s easier to craft an attack for a known exploit if the source code is available, that doesn’t make the software itself any less secure.
The view was then shifted to open source software being more secure, because anyone can audit the code and spot vulnerabilities. Sometimes this can help, and many vulnerabilities have been spotted and fixed faster due to the software being open source, but it isn’t always the case. Rarely do you see general people looking over every line of code for vulnerabilities.
The reality is that, just because something is open source, doesn’t mean it is automatically more or less secure than if it were proprietary. Being open source simply provides integrity in the project (since the developers make it as easy as possible to spot misconduct), and full accountability towards the developers when something goes wrong. Being open source is obviously better than being proprietary, that’s why many projects choose to be open source, but it doesn’t have to be that way for it to still be secure.
Plus, the workings of proprietary code can technically be viewed, since some code can be decompiled, reverse engineered, or simply read as assembly instructions, but all of those are difficult, time consuming, and might get you sued, so it’s rare to see it happen.
I’m not advocating for the use of proprietary software, but I am advocating for less hate regarding proprietary software. Among other things, proprietary software has some security benefits in things like drivers, which is why projects like linux-libre and Libreboot are worse for security than their counterparts (see coreboot).
Those projects still have uses, especially if you value software freedom over security, but for security alone they aren’t as recommended.
Disclaimer before this next section: I don’t know the difference in terminology between “Atomic”, “Immutable”, and “Rolling Release”, so forgive me for that.
Also, on the topic of software freedom, stop using Debian. Debian is outdated and insecure, and I would argue less stable too. Having used a distro with an Atomic release cycle, I have experienced far less issues than when I used Debian. Not to mention, if you mess anything up on an Atomic distro, you can just rollback to the previous boot like nothing happened, and still keep all your data. That saved me when I almost bricked my computer motifying /etc/fstab/ by hand.
Since fixes are pushed out every day, and all software is kept as up to date as possible, Atomic distros I argue give more stability than having an outdated “tried and tested” system. This is more an opinion rather than factually measured.
Once I realized the stable version of Debian uses Linux kernel 6.1, (which is 3 years old and has had actively exploited vulnerabilities), and the latest stable version of the kernel is 6.13, I switched pretty quick for that reason among others.
Now, many old kernel versions are still maintained, and the latest stable version of Android uses kernels 6.1 and 6.6 (which are still maintained), but it’s still not great to use older kernel versions regardless. It isn’t the only insecurity about Debian.
I really have nothing more to say. I know I touched on a lot of extremely controversial topics, but I’m sick of privacy being at odds with security, as well as other groups being at odds with each other. This post is sort of a collection of a lot of interesting privacy and security knowledge I’ve accrued throughout my life, and I wanted to share my perspective. I don’t expect everybody to agree with me, but I’m sharing this in case it ever becomes useful to someone else.
Thanks for taking the time to read this whole thing, if you did. I spent hours writing it, so I’m sure it’s gotten very long by now.
Happy Pi Day everyone!
Honestly I’m just not sure about Debian being insecure take that being said I run Windows on my devices and never used Linux before (I need coporate CAM/CAD software I should try dual booting but I’m too lazy😅) so maybe you’re right I just don’t know
Besides Linux being fundamentally insecure (as I mentioned early on in my post), Debian focuses on stability by providing a set of software that is thoroughly tested but does not change for years. While they do provide security fixes for a lot of software, the reality is that using outdated software in any capacity is a security risk of its own, and is bound to provide bugs that harm stability. Comparing Debian to bleeding-edge distros like Fedora, which focuses on security, it’s clear the differences in security between them.
I think you’re right maybe debian is suited to some applications which really prioritizes stability over everything. which distro do you suggest dual boot on a three year old Windows laptop (I have two separate ssd drives on it so it’s safe for dual booting). I did a little research on it and seems like everyone suggests fedora or mint but you use secure blue. Which one should I go with?
For a beginner distro, definitely don’t use secureblue. While it is user friendly to use, it’s pretty difficult to install properly and requires a bit of knowledge about Linux to do so.
The ideal roadmap I would give to people trying out Linux for the first time would be this:
If you use MacOS: Buy a new laptop and install Ubuntu
If you use Windows 11: Install Kubuntu. Get used to using Linux using that, and, when you’re ready, transition to Ubuntu
If you use Windows 10: Install Linux Mint. Get used to using Linux using that, and, when you’re ready, install Kubuntu. Get used to using that, then, when you’re ready again, transition to Ubuntu.
After you’ve gotten used to Ubuntu and feel ready, install Fedora Workstation.
Once you are used to a Fedora-based distro, you can try out Fedora Silverblue.
After learning Fedora Atomic, you can rebase to secureblue without issue.
(Windows 10 -> ) Linux Mint -> (Windows 11 -> ) Kubuntu -> (MacOS -> ) Ubuntu -> Fedora Workstation -> Fedora Silverblue -> secureblue
It should give you a well rounded knowledge of Linux and an easy, slow transition to more secure distros. Really the important thing when starting with Linux is using a desktop environment that is most familiar to what you already are used to. Desktop environments are the “looks” of Linux.
Each transition in the roadmap teaches you something new about Linux to get used to.
Good luck!
Hey! Thanks for this. I’ve worked with Ubuntu and Debian but mostly work on Mac. I’m interested in going deeper into Linux distros and am completely fine with working from terminal. I’m just curious what exactly makes the Fedora and secureblue distros more difficult to understand how far I am from running a secure distro.
Bleeding edge distros (especially Fedora Atomic distros and especially especially secureblue) tend to have less documentation and less people available to help. secureblue is currently so obscure that the best way to get help is by using their Discord or contacting the developers directly. This makes it difficult for users using Linux for the first time to fix basic issues that arise simply from never using Linux before.
As I mentioned in my post, Linux is fundamentally insecure. secureblue is almost as secure as Linux gets, but it’s only a couple steps away from desktop Android, so I would just opt for that if you can. Fedora and (especially) Fedora Atomic are bleeding edge, meaning they adopt newer, more secure software sooner, making them more modern, up to date, and secure than other distros.
I oversimplified things a bit here, so let me know if you have any other questions!
Wow I didn’t expect such elaborate explanation thanks you’re awesome Then mint is where my journey begins
Just as a tip, set up and use a spare machine if you have one to make the transition easier. I’ve been running Mint now for a few months.
I have a test machine that I am learning and getting familiar with, setting up a virtual machine to learn that (I have some windows apps I will not escape from so running in a VM is my solution), etc… And all of this is with the freedom that if I break something I can wipe it and not care. I have since set up a media center and a gaming machine as well.
That experience is getting me feeling better about he whole thing. Honestly learning little idiosyncrasies like folder permissions not being inherited (I say as I set up my media center) are the things you juat need to learn through practice. Just my two cents as I am only a step ahead of you in a similar journey.
Good point Thanks I’m will test mint in a VM for a while then dual boot mint beside Windows
I’m getting flashbacks… If you feel like living on the dangerous side, don’t be afraid to bork all your security and
chmod -R 777 /!(This is a joke. Don’t actually run that)
Mint seems to be where alot of journeys start and stay for good reason. It’s polished, simple, ease of use is phenomenal, and apps you can understand the names and uses.
I bounced back to Mint a few times before. I didn’t like Cinnamon at the time, especially because you could accidentally end up making your system look like Windows 7, but Cinnamon had a redesign months back, so (even though I haven’t tried the redesign) I’m confident that Mint is a good suggestion for beginners.