Not much to say regarding their first paragraph.
As for their second paragraph, perhaps they are rightfully sceptical regarding Privacy Guides. The body of topics they try to cover is substantial, though. And if TheAnonymouseJoker or whosoever disagrees with them, then they’re free to challenge their views.
Privacy Guides isn’t any kind of Gospel or whatsoever that you’d have to agree with in its entirety. I do believe, however, that they’ve done a tremendous job at offering a one-stop shop for those that are conscious regarding their security and privacy. Everyone is free to choose and pick whatever they like from there or not.
I would love to hear about other resources that do a similarly great job at providing at least decent information when it comes to security and privacy; FWIW thenewoil.org exists, however I don’t recall any VPN overview/guide/recommendations from them.
It’s the same folk, basically. TheAnonymouseJoker or whosoever is free to have their own opinions. Fact is that Privacy Guides is an open community that allows the discussion of these topics. If anyone doesn’t like their takes, they can either head to their Github page or to their own platform for a dialogue on the matter.
Link to r/VPNTorrents’ recommendations.
TL;DR: Only AirVPN and ProtonVPN are recommended. While, IVPN and Mullvad used to be until they discontinued port-forwarding; which makes them unviable for torrenting.
Link that provides Privacy Guides’ opinion on AirVPN. It’s basically rejected because there have been no audits.
Pop!_OS is definitely worth considering as it’s one of the few distros that goes as far as providing a recovery partition and offers one of the best experiences for those with Nvidia GPUs. Furthermore, Pop!_OS’ maintainers (read: System76) are actually financially incentivized to make their distro very polished and newbie-friendly as their distro is used on the hardware they sell.
On the flip side, Pop!_OS is currently in a major overhaul to replace GNOME with COSMIC; their own homebuilt Desktop Environment. As the Desktop Environment is arguably the most important contributor to how one experiences their Linux system, the eventual change might disrupt your workflow and you might even be too accustomed to GNOME to consider COSMIC at that point. The ongoing work on COSMIC has even meant that Pop!_OS has missed three major releases and are still clinging on their release from April 2022; thankfully it’s based on Ubuntu’s LTS (read: Long Term Support) release, so they aren’t particularly in rush to get a new release out and can rely on Ubuntu for security updates.
Regardless, COSMIC’s unsure future does leave a lot to be desired and does pose the question if perhaps other options should be considered more seriously instead.
Therefore, my personal recommendation would be either one of the following:
A shortlist of distros worth considering for a beginner (from easiest to hardest): Linux Mint, Ubuntu, Debian/Fedora/openSUSE and Arch.
installing Chromium
This wouldn’t sit well with most privacy conscious folk out there. Though, I can understand it from a security point of view. Especially, when one notices that Chromium isn’t installed from Fedora’s repos, but instead the RPM is built to offer a more up-to-date version that should provide improved security compared to the stable version.
removing Flatpak
Probs for the sake of disabling unprivileged user namespaces; as you might have correctly alluded to.
even software stores
I imagine for the sake of minimizing attack surface.
So how am I gonna install software now, layering?
The Nix package manager is installable on Fedora’s atomic distros, so perhaps that route is worth exploring.
to my knowledge flatpaks are more secure than RPMs
To my knowledge, Flatpak’s sandbox indeed isn’t achievable by default with RPMs; unless one knows how to properly utilize SELinux to that effect.
a few commenters pointed out that the highest rated VPN providers in this table just happen to be the ones that advertise most aggressively and are well-known for buying positive reviews from tech blogs, which are pretty clearly designed to be misleading
Exactly. This is unfortunately common practice, so this breakdown can be dismissed as they’re obviously biased due to monetary motivations.
Consider to read Privacy Guides’ take on the matter instead.
(Perhaps personal) TL;DR would be that Mullvad VPN in combination with Mullvad Browser offers the most private internet browsing experience for people who don’t desire to connect to the Tor Network. Furthermore, Proton offers a suite of privacy-friendly services for mail, drive, password manager etc. Therefore, for the sake of trusting the least amount of parties for these services (at the cost of putting all eggs in one basket), one might consider Proton VPN instead; additionally it includes a free tier and some support to port forwarding (read: allows the use of torrent applications).
Very interesting indeed! And thank you for raising awareness!
There’s another similar project that’s still WIP and that hasn’t received a lot of development recently. Though, its maintainer does provide hardening scripts for Fedora’s Atomic distros that are worth looking into. Hopefully, we might even expect a collaboration of sorts between these projects early next year 🤞.
to use as a media centre and multiplayer gaming system in my living room
Based on this, you’re basically looking for the ‘game console experience on your couch’. If that’s the case, honestly you shouldn’t look beyond[1] Bazzite.
If, instead, you actually wanted to play retro games primarily, then please let us know.
Ow wow, that’s a lot! Unsure to what degree you’ve used them; but if you feel confident talking about (at least some of) them, would you be so kind to offer us a rundown of what you liked and didn’t like? Thanks in advance!
Basically, you want to not disable kernel.unprivileged_userns_clone
.
For a temporary solution that has to be redone after reboot, there is sysctl kernel.unprivileged_userns_clone=1
.
For a lasting solution, consider echo kernel.unprivileged_userns_clone=1 | sudo tee /etc/sysctl.d/99-enable-unpriv-userns.conf
.
In either case you’re foregoing security for the sake of convenience/functionality, so I understand why you would rather not act upon either of them.
I don’t know what the solution is that would be analogous to installing bubblewrap-suid
. Perhaps, it’s worth exploring the projects found within the github page of Awesome Fedora Security for some pointers.
I don’t know by heart if it’s able to do your bidding, but perhaps it’s worth checking out penguins-eggs. I guess the following would be its elevator pitch:
"penguins-eggs is a console tool, under continuous development, that allows you to remaster your system and redistribute it as live images on usb sticks or via PXE.
The default behavior is total removal of the system’s data and users, but it is also possible to remaster the system including the data and accounts of present users, using flag --clone. It is also possible to keep the users and files present under an encrypted LUKS file within the same resulting iso file, flag --cryptedclone.
You can easily install the resulting live system with the calamares installer or the internal TUI krill installer."
Well I guess I’m a Linux user now.
One of us! Welcome!
Gnome apparently doesn’t let you create desktop shortcuts unless you resort to command line.
GNOME is indeed very opinionated. Consider taking a look at any of the “Desktop Icons”-extensions on extensions.gnome.org. This enables one to engage with desktop shortcuts without opening a terminal.
Linux is NOT dumbed down enough for the average user yet.
Depends. I can’t imagine how something like Endless OS could cause troubles to someone that only requires simple functionality (like e.g. their favorite web browser working etc) from their OS.
As a final note some Linux users push harder than crack dealers I’ve met.
Yes. We can be very enthusiastic at times 😅.
I do think that engaging with different desktop environments at this stage of your Linux journey might be very beneficial in the long run, but I can totally understand it if you’d like to settle down for (at least) a moment.
The link for uBlue didn’t work for me. For those interested: uBlue
Understandable! Please consider coming back to this at some point (also possible in private) as I’m genuinely curious to hear from you.
Again an association is made between butt plugs and Arch users. I wonder if moving forward showing a collection of butt plugs will become the next “I use Arch, btw”.
I disagree with most of the benefits you list
I’m curious to hear your objections.
chief among them “increased security”
Do you deny that specific protection to some attacks is provided through the chosen model of ‘immutability’ on at least one of the atomic distros?
not to mention half of them are already supported by traditional package managers
Hmm…,:
I was genuinely curious so thanks for the rationale.
It has been my pleasure ☺️! I’m also genuinely curious to read your reply to this comment😉.
Not OP. But for me, atomic updates, reproducibility, (to some degree) declarative system configuration, increased security, built-in rollback functionality and their consequences; rock solid system even with relatively up to date packages, possibility to enable automatic updates in background without fearing breakage, (quasi) factory reset feature, setting up a new system in just a fraction of the time required otherwise are the primary reasons why I absolutely adore atomic[1] distros.
Most distros are somewhat equal when it comes to privacy, anonymity and security; with the likes of Fedora and openSUSE known for taking it more seriously out of the box than the other ‘big bois’, while some smaller distros like Kicksecure are known for their best-in-class[1] hardening that they offer by default.
As for NixOS, it’s really its own thing (together with Guix), and thus very different from any other distros. If you conquer it, you would be delightfully met by a system that enables you to do things unheard of in other distros. However, the learning curve is very steep. And perhaps even hardening it to the level that Fedora or openSUSE provide by default might not be trivial.