Best Secure and Anonymous Linux Distros

If you have been following the news carefully, you’ll probably be aware of the San Bernardino incident that has rekindled a very old debate. Should personal security and freedom be absolute, or should there be limitations on it, just for the sake of safeguarding ourselves collectively from foreboding threats. In such a world, if security and privacy on connected platforms are of immense importance for you, then you should consider using Linux as an Operating System. That’s in addition to using an encrypted VPN.

Following the model of free and open source software, this fresh OS follows a rigorous model of security. Considered to be more secure than Microsoft in many ways, a ‘distro’ or the ‘live’ distribution version has been specifically designed to assure maximum security. With that said, some distros have been built with security and anonymous browsing as the focal point, such as Kali, or Tails.

All these Operating Systems can be run direct from a Live CD, or a USB stick; and thus, the permanent installation isn’t a necessity. Thus, they enjoy a very obvious advantage over others – and that is portability. Such installation-free software is booted from a read-only medium, and any user data that needs to be retained in between two consecutive sessions has to be written to another such storage device. The article that follows assesses the anonymity and security that is promised by such ‘distros.’

Most Secure and Anonymous Linux Distributions

TAILS: The Amnesiac Incognito Live System

Debian-based Linux distro TAILS, is popularly referred to as ‘anonymity OS’, and places immense importance on security. All its outgoing connections are forced through Tor, which filters the connections that aren’t anonymous and allows the others to pass, ensuring better privacy when browsing

TailsAll the data is stored exclusively in RAM, and this was used by Edward Snowden to carry out his operations. Here’s what its official website had to say about it:

“Using Tails on a computer doesn’t alter or depend on the operating system installed on it. So you can use it in the same way on your computer, a friend’s computer, or one at your local library. After shutting down Tails, the computer will start again with its usual operating system. Tails are configured with special care not to use the computer’s hard-disks, even if there is some swap space on them. The only storage space used by Tails is in RAM, which is automatically erased when the computer shuts down. So you won’t leave any trace on the computer either of the Tails system itself or what you used it for. That’s why we call Tails “amnesic.””

Features to look out for:

  1. Using Tor promises online anonymity, and you don’t need to worry about the hassle of censorship.
  2. You get to use I2P, which protects the anonymity of online dialogue from “dragnet surveillance and monitoring by third parties.”
  3. Mac Address spoofing.
  4. Has strong encryption tools like LUKS and HTTPS.

    UPR – Ubuntu Privacy Remix

It is an extremely user-friendly ‘desktop replacement’ version of Linux, where all user data is stored on removable media and protected through tough encryption tools. Designed as an ‘isolated working environment, where sensitive data can be dealt with safely’, it renders the OS immune to malicious external infections and thus protects it from other manipulations. UPR works in atypical Ubuntu environment, but the connections aren’t passed through Tor.Ubuntu Privacy Remix

Here are a few words from the official website itself:

Ubuntu Privacy Remix is a tool to protect your data against unsolicited access. The risk of theft of such private data arises not only from “conventional” criminals, trojans. rootkits, keyloggers, etc. At least since Edward Snowden, it’s a matter of common knowledge that also measures are taken by governments and intelligence agencies aiming at spying and monitoring its citizens.”

JonDo Live-DVD

Much like Tor, this commercial anonymous proxy service runs the internet connection through a series of filters. This passes it through constant checks and encryptions at each check point. Also, referred to as JonDonym, it is based on the Debian GNU-Linux and offers a secure environment in two plans. There’s a free version and a premium one where you can have access to all the features.JonDonym

The secure Debian GNU/Linux environment that also includes TorBrowser is great for security. Moreover, there is a gamut of centrsl privacy tools which aid in the effort. However, despite these major advantages, it is important to note that JonDo Live-DVD is not well equipped to serve as a desktop replacement.

IprediaOS

Earlier in the article, we came across the term ‘I2P’.

Well, before proceeding on what IprediaOS actually is, let;s talk about the Invisible Internet Project. It is a decentralized anonymizing network, or a ‘network within a network’ as it is called, which is made using Java. It is a perfect tool for many who need to keep themselves anonymous, including journalists and whistle-blowers.IpREDIA

The Ipredia OS is a Fedora-based Linux OS, and it routes all its connections through the above-outlined I2P. That’s the only difference between it and TAILS. With this Linux distribution system, one can wrap one’s identity under layers of encryption and continue his or her activities peacefully.

However, Ipredia is a little basic for securing a desktop and does not have much documentation and support.

Whonix

A free and open OS, this one is a little different from the ones listed so far. The reason is its designed to work with a VirtualBox or Virtual Machine to prevent DNS leaks from happening. For those wondering what that is, VirtualBox is an open source hypervisor, and is owned by the Oracle Corporation. It serves several important functions.

Other than its most well-known purpose of hiding the IP address of the user, Whonix prevents the ISP from spying on you and protects you from the surrounding malware. With an invisible identity, websites won’t be able to identify you. This helps you overcome the hassles of online censorship which vary with one’s geolocation.Whonix

As the official website suggests:

Whonix is an operating system focused on anonymity, privacy and security. It’s based on the Tor anonymity network, Debian, and security by isolation. Whonix consists of two parts: One solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible. With Whonix, you can use applications and run servers anonymously over the internet. DNS leaks are impossible, and not even malware with root privileges can find out the user’s real IP.”

It too works in a Debian GNU/Linux environment, with the sole aim of protecting anonymity online through Tor and through the principle of ‘security by isolation’. Although setting up Whonix is an extremely complicated process, it can be assuredly said that this is one of the most secure Linux distros with a fully featured desktop environment.

Kali Linux

Kali was developed by a well-known information security training company, Offensive Security, and specifically designed to serve the purpose of digital forensics and security auditing. In other words, it is a hacking and vulnerability testing distro. It is equipped with hundreds of penetration testing tools to test the security of various types of networks.

It is not for the every day user, or someone wanting to use a privacy focused Linux package.

kali-linux

Instead, Kali is geared towards network security professionals looking to run penetration tests on networks. They do that to determine how secure they are in order find and patch existing exploitable weaknesses. The documentation does not include tutorials on how to use the tools, and assumes the user is a trained professional already familiar with penetration testing. This is done in order to minimize the amount of malicious use from black hat hackers for example.

Qubes OS

An interesting option is Qubes OS, which aims to implement security through isolation.

Developed by ‘Invisible Things Lab’, it creates a virtual machine environment of Microsoft Windows, Fedora, Whonix, Debian, and more. By creating this virtual machine, it already isolates a lot, but it goes way beyond just being a VM operating system. Although it is not a Linux distro, it was worth mentioning since it can be used with certain versions of of it, but it does need certain hardware compatibility requirements to be met.

qubes-os

The idea is that there is no bullet-proof operating system free of bugs, including all Linux distributions. Therefore, it cannot be fully trusted. Instead it completely isolates most components and environments of your computer.

It also gives you control of hardware components such as the camera and microphone. That means they can’t be compromised unless you have activated them. Qubes pretty much gives you control to turn on stuff only when you need it, making it is as good as non-existent.

In Conclusion

Tails and Whonix seem to be the best choices when focusing on online anonymity. On the other hand, Qubes and Kali take the lead in aggressive security features. Tails is an extremely secure environment that works primarily through the Tor filter. However, if you choose to proceed with I2P or JonDonym over Tor, then you can go for the other options.

Privacy is an important concept to look into. It is thought provoking and serious consideration. Therefore before jumping to a conclusion, it is imperative to weigh all the options that are available. Through this article, the best possible options have been presented in front of you. Now it’s your turn to consider them properly and then arrive at a conclusive decision.