If privacy and security are important to you, then you really should ditch Windows and OSX, as not only are they both closed systems (so who knows what malicious code is hidden away out of sight?), but both Microsoft and Apple have been heavily implicated in cooperating with the NSA, and their Operating Systems are widely believed to be backdoored by the US government.
Linux, on the other hand, is a free and open source Operating System, which makes it much less likely that it has been tampered with by the NSA or its kin (which isn’t to say the NSA hasn’t tried!), as the source code can be independently audited for backdoors and other malicious code..
Although even the most consumer friendly (‘Windows replacement’) Linux distributions (such as Ubuntu and Mint) are generally considered much more secure than Windows or OSX, some ‘distros’ have been specifically designed to provide maximum security and anonymity.
All these Operating Systems can be booted and run directly from a Live CD/ DVD, and / or a LiveUSB stick, and this is the most secure way to access the internet using them. Permanent installation is not recommended, as these distros are designed to run in an isolated environment that leaves the computer they are running on untouched after they have been booted out of.
Less secure (but still pretty damn secure), and much more convenient for users who need to work alongside Windows / OSX / desktop replacement Linux distros, is the ability to run Linux in a virtual machine (watch out for an upcoming guide to installing Linux in Oracle VM VirtualBox).
Most of these versions of Linux are not suitable as desktop replacements, so most users will probably also need to use a ‘regular’ operating system for day-to-day use, in which case be sure to perform sensitive tasks only within the secure Linux environment. Remember, security is not just about the tools, it is a system (i.e. how you use the tools).
Secure Linux distros
TAILS: The Amnesiac Incognito Live System
Probably the most well-known ‘anonymity OS’, TAILS was the tool of choice for NSA whistleblower Edward Snowden. All connections are routed through the Tor Anonymity network, and by default all data is stored solely in RAM, and is erased when Tails is exited.
- Based on the Gnu / Debian fork of Linux, which has been heavily audited for malicious code
- Routes all internet connections through Tor
- Comes with a range of well-respected open source programs that emphasise privacy, providing most of the necessary tools that journalists, whistleblowers, and suchlike will need to perform their task without being tracked or identified
- MAC address spoofing
- ‘Windows camouflage’ option to make use inconspicuous
- Tails looks somewhat outdated (it uses a very old version of GNOME desktop), and provides a very stripped down user experience
- No native way to save files etc.
Tails is an excellent tool for getting a job done when security and anonymity are a very high priority, and is therefore perfect for the Edward Snowden’s of this world. Most users will find it far too ugly and restrictive for day-to-day casual use however, so it is no desktop replacement. This is as it should be however, and the Tails website takes pains to explain that for maximum security a brand new session should be run for each task performed.
Ubuntu Privacy Remix (UPR)
Ubuntu is the most popular ‘desktop replacement’ version of Linux, and UPD is a hardened version of it, designed to run in an ‘isolated working environment where sensitive data can be dealt with safely’, and ‘all user data reside exclusively on encrypted removable media.’
- Very user friendly – can be used as a full desktop replacement
- Based on Debian
- All user data stored only on encrypted removable media
- Non-manipulable operating system – makes OS immune to infection by malicious software
- Custom GnuPG front end for private email, with improvements over default Ubuntu Seahorse front end
- TrueCrypt pre-installed (until TrueCrypt has been fully audited, this feature should probably be avoided)
- Not designed for anonymous internet use (although Tor or VPN can installed)
- No network connection (but on the flipside, this makes it immune to network attacks)
UPR provides a hardened Ubuntu environment, and therefore works well as fully featured desktop OS, as long as network connections are not required. Most of the extra security tools available on Tails can be installed, but connections are not automatically routed through Tor. Basically, UPR is a great desktop OS for day to day use, but the super-paranoid should still consider Tails for highly sensitive use.
Ubuntu Privacy Remix is available here.
JonDonym is a commercial anonymous proxy service that works much like Tor, routing your internet connection though a series of ‘mixer’ servers, encrypting it each time. JonDonym claims to be much faster than Tor (we plan to do a full review of the service in the near future), but while a restricted free service is available, a premium account is required to get the most out of it. The JonDo Live-DVD is a secure environment based on Debian GNU/Linux, and which is preconfigured to use the JonDonym network.
- Secure Debian GNU/Linux environment
- Preconfigured for JonDonym network
- Also includes TorBrowser
- Includes a good assortment of privacy-centric tools, plus some useful general purpose apps
- Good documentation and support
- Not really fully featured enough to act as a desktop replacement
- No native way to save files etc.
Sort of like a Tails for JonDonym users, JonDo Live-DVD provides most things whistelblowers, journalists etc. are likely to need, in a highly secure environment. It is too stripped down to act as a full desktop replacement however.
JonDo Live-DVD can be downloaded here.
The Invisible Internet Project (I2P) is a decentralised anonymising network built using Java on similar principles to Tor, but which was designed from the ground up as a self-contained darknet. We discuss I2P (and darknets in general) at some length in a two-part series beginning here. IprediaOS is a Fedora (we think) based Linux OS, which routes all connections through I2P.
- Routes all connections through I2P darknet (can visit .i2P sites, and open-web connections are automatically proxied)
- Provides useful privacy and general purpose tools
- Available in both GNOME-based, and LXDE-based Linux desktop versions
- Fairly basic so, again, not a suitable desktop replacement
- No native way to save files etc.
- Not much documentation or support, although there is plenty of (quite jargon-heavy) support for I2P
IprediaOS is similar to Tails, except that it routes connections through I2P. It is available to download here.
Whonix takes a somewhat different approach to the other Operating Systems listed here. It is designed to works inside a VirtualBox Virual Machine (VM), ensuring that DNS leaks are not possible, and that ‘not even malware with root privileges can find out the user’s real IP’. It consists of two parts, the first of which acts as a Tor gateway (known as Whonix Gateway), while the second (known as a Whonix Workstation) is on a completely isolated network which routes all its connections through the Tor gateway.
This isolation of the workstation away from the internet connection (and all isolated from the host OS inside a VM), makes Whonix highly secure (not as secure as booting from a Live-CD/DVD/USB, but more secure than simply running a secure Linux distro inside a VM).
- Works inside a VM, isolated from a Tor gateway, and all isolated from host OS, so ‘IP and DNS leaks are impossible’. For best security, the gateway and workstation should be on different computers
- Debian GNU/Linux environment (KDE desktop)
- Can be used as a full general purpose desktop OS
- Plenty of documentation and support through user-forums. Paid-for professional support is also available
- Complex to configure and setup
Setting up Whonix is not for the technically faint of heart, but it is almost certainly the most secure VM solution available, and it provides a fully featured desktop environment that can run side-by-side with your usual OS. Expect to see a more detailed review of Whonix in the near future.
You can download Whonix from here.
Lightweight Portable Security (LPS)
LPS is an award winning thin (282MB) Linux based OS designed to boot from CD or USB stick. It resides entirely within RAM when run (so no persistent user data is saved), but can write to USB sticks and portable hard drives. On the downside, the Firefox browser comes with Java and Flash support, which is useful, but is a security risk, and we don’t trust the fact that was developed by the US Air Force Research Laboratory.
You can download Lightweight Portable Security here.
Privatix Live System
Very similar to Tails by design, Tails also credits Privatix as an inspiration. The two are so similar however (except that Privatix lacks funky features such as MAC spoofing and ‘‘Windows camouflage’ ), that we fail to see the point of Privatix.
Privatix is available here.
Freepto routes all connections through Tor, and data is always automatically saved on the encrypted USB stick, which means that little of the convenience of a traditional operating system is lost. We were unable to download an uncorrupted copy of the .img file, however, and documentation is mostly in Italian.
Freepto can be downloaded from here.
Update 23 September 2014: As we noted, we were unable to test Freepto (and cannot read most of the documentation). We thank our reader Boyska for providing the following clarrifications,
‘freepto will NOT route everything through tor. It is NOT an anonymity-oriented live distribution, even if it provides some anonimization tools. Its goal is to provide a simple, usable, encrypted linux system, providing a simple way to switch from the typical unsecure, proprietary, bloated with thousands useless applications operating system to a secure one without even installing it.’
So which OS should I use?
It’s horses for courses really, and depends on both what you are trying to do, and what your threat model is. Tails is probably the most secure system we have looked at here, but it is very much designed for performing high-risk activities (and should be restarted for each new task performed), and is not suitable for general use. If I2P or JonDonym are your thing rather than Tor, then IprediaOS and JonDO Live-CD provide similar functionality to Tails.
If, on the other hand, you after a more general purpose Operating System, Ubuntu Privacy Remix is easy to use, and is much more secure than most versions of Linux. Whonix also works well as a complete desktop replacement, is very secure, and is designed to work alongside your usual OS. It is however a real pain to set up, and requires a high degree of technical literacy to get working properly (and securely).