Linux is frequently recommended for privacy, but how degoogled is it?
Obviously all Linux distros, desktop environments, etc. are different.
So, to make this question as easy as possible to ask: does a default install of Debian with its default GNOME desktop environment make any connections to Google without the user explicitly asking for it (such as by adding a Google Account in the GNOME Online Accounts settings)?
No. Debian doesn’t ship with a default DNS server, makes unasked connections or even requires the internet to function after an installation.
systemd-resolvd uses your Router’s default DNS, which could undermine this
Linux distros don’t ship any google software by default, which makes them 100% degoogled. It could be used as, “privacy friendly” marketing, but shouldn’t be taken on face value.
For any linux distro to be private and secure, including Debian, there is a lot that can be done to get it fairly secure and private, which I wish some of this was done out of the box on all distros.
Few things I can think of right now that can make any linux distro private and secure.
- Install with full disk encryption by default.
- Enabling and use secure boot. (I understand Microsoft’s issues these keys, I still think secure boot is better than no secure boot.)
- Use a hardened kernel.
- Install and configure firewall like ufw or firewalld (often is not enabled by default in some distros)
- Install and configure clamav to scan downloaded files for malware.
- Use NTS instead of NTP for time/date updates.
- Use a secure DNS, rather than ISP provided.
- Enable Mac randomizing in NetworkManager.
- Use Flatpak or snaps to containerize user installed applications.
I don’t recall ever encountering any google product or service shipped with any Linux distro I’ve ever used and I’ve used probably a couple dozen distros over about 10 years.
Probably some / most default browsers will have an implementation of safe browsing but this is done in a privacy preserving and proxied manner, and isn’t a decision of the distro, but the browser.
I could imagine some might use Google’s DNS servers for DNS or connectivity checks or something, but this isn’t something I’ve actually seen first hand.
I think 126.96.36.199 (Google DNS) used to be the default fallback DNS server in systemd. But I think they removed this?
The systemd source code doesn’t seem to have any server defined now if I’m reading it correctly.
Arch Linux defines fallback DNS servers in this order: Cloudflare 188.8.131.52, Quad9 184.108.40.206 and then Google 220.127.116.11 (source)
So I guess by default Linux is 100% degoogled.
Most distros have Firefox as the default browser and the default search is Google. So… not really deGoogled?
That’s not really what I meant though.
I was referring, like on Android, to system services and stuff.