I live in an oppressive society in which my laptop could end up being inspected at any time. Linux is not banned, but I may be required to give up passwords.
I have a new laptop. I mostly use cloud-based services and am primarily concerned about eliminating difficult to detect rootkits. I want to use a live distro, but not to torrify everything (so do not need tails). MY LAPTOP IS NOT QUBES COMPATIBLE.
I am primarily considering Kicksecure or Debian Live. It is important to me that absolutely nothing is saved. I plan on burning the live iso directly onto the drive.
It is important to me that everything is open-source.
It would be great if the operating system came with built in tools that are privacy friendly.
Tails is much too suspicious and I am trying to avoid being physically hurt.
The problem with live disks is that they are preconfigured, they are basically a copy of a working computer from someone you don’t know, and of which you can’t verify the integrity of the content. The SHASUM hash is useless, it only verifies that the possible manipulated disk and source match, but live environments, unless build yourself, I wouldn’t go that way. In our area: Tor is broken, the Firefox that it came with was just that, a browser all defaulted and barely hardened. Tails is Debian, and Debian has too many dependencies that are not maintained.
My path is to create a lab/clean room, isolated from the grid, completely RFI/EMI shielded
And start by building from the modem. PfSense/OpnSense hardware with TPM/coreboot and an enterprise layout of networking and than and only then it’s possible to obtain, inspect, build the OS that obeys you rather than sells you out.
First, I’m really sorry about your situation. I hope you live to see better days. If it happens that you get in trouble please remember that there is always tomorrow.
From your short query and report, I’d probably avoid online activity, Tor when necessary and try something like Tails that you are avoiding. It is difficult to assess your needs. You sounded a bit in desperation and I don’t want to treat this light and careless. If you have a chance maybe a little bit more details about what you are trying to do may put us in a better position to support you.
If that is your main concern, don’t forget about the security of your host machine.
Secure Boot can help prevent rootkits and other bootloader-based attacks. Make sure that your host machine has Secure Boot enabled and has the latest firmware updates.
Ideally, you would have a dedicated computer that you can plug your live Debian OS in. Ironically, Windows does a better job of protecting against these attacks (the state of Secure Boot on Linux is not perfect but reasonable for most threat models). I say, do whatever you feel is best for you as long as you apply updates to that machine regularly,