Ask a security trainer: What’s the best version of Linux for privacy?

Welcome to “Ask a security trainer,” the column where the digital security training team at Freedom of the Press Foundation (FPF) answers your burning questions at the intersection of journalism and security. Submit yours here! Let’s jump right into this week’s question.

Dear DST,

What is the best Linux distribution for privacy and security?

It would be great to have a comparison of different operating systems, specifically Linux distributions (Kali, Qubes OS, Tails) and their trade-offs. Are the majority of people/apps/services ready to use any of these distros as a daily system?

Signed,
Not your keys, not your privacy

–

Dear Not,

For most people, the idea of their computer’s operating system as a separate and replaceable application that can be removed and replaced is a new concept. Most PCs ship with Windows, and most Macs ship with macOS. As you may know, however, Windows or macOS can be replaced with another operating system, such as one based on Linux.

There are more reasons than ever to switch to Linux.

Microsoft’s Windows operating system has become increasingly integrated with pervasive AI surveillance, chronically afflicted with critical vulnerabilities that require constant vigilance on system updates, and a hefty price tag for upgrading to a version of Windows that offers full-disk encryption, a feature all other major operating systems offer for free.

Although macOS offers an abundance of security and privacy features, it requires some technical configuration, and ultimately is only designed to work well in concert with other Apple products, all of which are expensive.

There are literally hundreds of actively maintained Linux distributions, or distros, each with different combinations of features and user experiences. The question of which distro is best is highly individualized, and never a one-size-fits-all answer.

The long answer to your question, comparing a myriad of Linux distros with an infinite array of security and privacy features, would be too much for an advice column. But we can offer the short version.

If the applications you work with have a website or Linux version available and all you want is an operating system that feels similar to Windows or macOS without their aforementioned pitfalls, distros like elementary and Pop!_OS fit the bill. If you want to give them a spin before permanently installing either, each offers a “demo mode” before committing to a full install.

In a similar vein, there are Linux distros specifically designed to only run ephemerally from a USB drive. For specialized privacy and security concerns, such as a computer for analyzing metadata on sensitive or potentially dangerous files, Tails offers the ability to make your connection to the internet anonymous by connecting everything happening inside of Tails to the Tor network, and randomizing your Wi-Fi MAC address to anonymize your computer from the local Wi-Fi network, to some degree.

Although it’s possible to configure other Linux distros — including the Debian distribution that Tails is built on top of — having these features available by default makes Tails the best distribution for maximal privacy, in my opinion.

Aside from privacy concerns, security features available in Linux are so plentiful and overlapping that they can be overwhelming. However, many are designed for the security concerns of the environment that Linux is typically used for: a server in a data center, not a desktop computer.

If you want to dabble in the security tools used by cybersecurity pros anyway, then Kali Linux offers exactly that. Like Tails, it can be installed permanently or run ephemerally from a USB drive.

Hope this helps!

DST