Immutable distributions clarification


On the OS recommendations there are a number of Linux distributions separated in categories. It’s pretty clear what “Security-focused” and “Anonymity-focused” are supposed to be good at, in the context of privacy, however I’m not too sure most people would really understand the relevance of “Immutable Distributions”.

I think it would be beneficial to have a description at the very top of that category (currently it jumps right into the first recommendation) that highlights the main differences from “Traditional distributions” and how they are relevant in the same context of privacy and security as the other two categories.


I agree, the advantages of immutable distros should be documented. I think that would fit better in the knowledge base, though.

1 Like

Probably a good idea. We did discuss changing that category and highlighting its benefits more prominently previously, but didn’t really reach a consensus on how we should discuss them, with some arguments that they don’t really provide a huge benefit over traditional distributions in the first place… I don’t know how we feel about them yet.


Personally I don’t find this category very useful in the context of privacy. For one, there are better distributions available and already mentioned. And even the “traditional” distributions are good enough for what most people need (certainly it’s a welcome upgrade from Windows/MacOS).
Then there are the headaches with permissions because of sandbox programs installed through something like Flatpak, most users can find that very annoying to setup even when using Flatseal. More experienced users can choose to use Snaps or AppImages instead… but at that point there are very little reasons left to recommend anything of the sort.

This section will probably make more sense if it was labeled as an advanced topic, and if guides/tutorials are provided. In the future there could be even reproducible builds for things like NixOS that people can use as baseline similar to how the Arkenfox.js project works for Firefox. But, of course, this is a lot more work and highlighy subjective and prone to change so…


The thing is immutable distros should be the regular ones, because people not knowing what they are should probably use them. I myself am not totally stupid but broke regular distros often. If you dont want to maintain your own Distro, its just best to have one premade, apply your small set of changes to it and keep it like that. Nearly all Apps nowadays are available as flatpaks, and even if they arent, you can layer packages anyways.

So educating about these Distros should be more natural. Android, iOS and all the others are immutable since forever, and nobody cares, its just normal.


Flatpak apps always have the permissions they need in my experience. And that way they are mostly more secure than the regular system installed apps.

They are build from instructions, fetching resources from official codebases and their dependencies, so they are the official apps most of the time.

Using Flatseal or the KDE Flatpak permission settings is only needed if you want more privacy, and they are easy to use. The alternative is to not have permissions at all.

Flatpaks are for example very easy to just block internet, if you dont want Opensnitch slowing down your system.

Appimages and Snaps have no GUI ways to restrict permissions.

I’m inclined to agree with this. I think it’s no coincidence there are many immutable distributions coming along as there are some great objective advantages. What I don’t necessarily agree with is the idea that they should be recommended to everyone.

I often have to fix issues for inexperienced users and I can tell you that the issues that result in most frustration are the silliest ones. Flatpaks are still in a place where they have this sort of odd behaviors sometimes when compared to the native package.
What I’m trying to say is that even if we assume that immutable distributions are the way to go, the “traditional” ones are still pretty good option, perhaps even the best option to most people when it comes to balance privacy, security and convenience.

I don’t get all these different linux distro recommendations. When it comes to privacy (and that’s what main goal is), any distribution (yes, even Ubuntu) is way better than mostly used MS/Apple/Google systems (Windows 10/11, OS X, ChromeOS). So in my opinion, there is no need to recommend specific distro for this reason. When it comes to security or anonymity, then there are differences, and users should wisely choose among hundreds of distributions

Current Linux recommendation and overview pages are good, and people can find needed info. Though I would always advise new users to start with some *buntu (LTS) distro (Mint included), even if it’s not according to PG criteria

But I think in (near) future immutable distros (and flatpaks) will become more user friendly and probably the best choice for people new to Linux


Well, we would not, because they follow poor release schedules and cause new users to learn weird Ubuntu/Canonical quirks (like snaps, AppArmor, Unity, and upstart) instead of more open projects (like Flatpaks, SELinux, GNOME, and systemd) other distros like Fedora focus on or pioneer :upside_down_face:

It seems like a classic Canonical move to duplicate a bunch of effort just to later abandon their own project and adopt whatever RedHat is supporting, might as well use a distro that uses technology that will stick around right off the bat.


If security is the main reason to not recommend distributions such as Ubuntu or Mint, remember that the greatest threat to the user’s privacy and security is the user himself. I’m not really sure that picking up a few “bad habits” is really worth excluding easy to use distributions such as Ubuntu, Mint or PopOS.

But in any case this is getting a little off-topic. It seems that most of us here agree that immutable distributions are the way forward for future recommendations in terms of privacy and security. It would be nice to come up with a nice summary of the pros/cons to add that to the recommendations pages.


That’s not quite fair. According to Wikipedia at least, all of these Canonical projects are older than their Red Hat equivalents:

  • AppArmor in 1998 vs SELinux in 2000
  • Snap in 2014 vs Flatpak in 2015
  • Unity in 2010 vs GNOME3 in 2011
  • Upstart in 2006 vs systemd in 2010

In fact, Upstart was originally used by Fedora as well, and AppArmor is not an Ubuntu “quirk” but also used in Debian and openSUSE amongst others.


Not only is it faster but also more secure, OpenSnitch is easily bypassed even without root and the claims they make about it blocking malware on their github page are irksome just like any other 3rd party antivirus/firewall. This is especially troublesome by giving a false sense of security which can make inexperienced users less cautious and waste lots of time configuring something for little to no gain.

Snaps actually have a pretty good GUI for this directly in the snap store app.

Also I don’t think Appimages come with sandboxing?

1 Like

I can’t speak to most of those examples, but the beef with snap is not its age, but its hard centralization. Snap only allows a single software source, Canonical. I suppose one could fork snap and make a more open version that supports choice of software source, but afaik it hasn’t happened yet and there’s no substantial interest in such an endeavour.
Also, snap’s mandatory (or default – I don’t know the exact details) app compression delivers a devastating performance hit to some apps. Firefox and thunderbird had their performance problems mitigated last I checked, but Libreoffice was still painfully slow compared to non snap formats.
So yeah, as far as the broader desktop linux community is concerned, snap is definitely weird.


every distro that makes people stay is good for privacy


Oh I didnt know that was possible. Probably it is not embedded with the system enough.

Didnt use the Snap store, I though there had to be an extra app. But needing a snap-only-Store also means this is very restricting. Not great, but thats how it should be, not hidden away somewhere (KDE) or not existing at all (GNOME)

You can use firejail always, but I have no experience with that.

I respect your opinions (and how you reach them) generally speaking, and on most things we tend to agree. But in this case, I think that the foundation of your opinion on this rests on some misconceptions/inaccurate information.

  • “Snaps instead of Flatpak”
    • (I agree on this point, Flatpak looks to be on its way to be the cross distro standard)
  • “Apparmor instead of SeLinux”
    • It is not fair or accurate to call this a “Canonical quirk” Apparmor is used by many distros (Debian, OpenSUSE, and Solus are 3 examples plus of course Ubuntu and its derivatives, Arch is agnostic). Canonical currently develops/maintains Apparmor, but before they did SUSE did, and before SUSE did another company did. Furthermore, for me as a mere mortal, Apparmor is a lot easier to interact with.
  • “Unity and Upstart (instead of Gnome, SystemD)”
    • Upstart hasn’t been the default in 9 years and Unity hasn’t been the default in 5 years. So I don’t see how either could possibly “cause new users to learn weird Ubuntu quirks”

This statement as well rests on some flawed foundations.

  • Upstart & Systemd
    • Upstart began some years before Systemd, you can’t fault Canonical for not using an alternative that didn’t yet exist. Furthermore, Fedora, Red hat, and others also used Upstart for a time before Systemd was released. Canonical and Red Hat both used upstart for a time before moving to Systemd. If anything this is a positive example of flexibility and cooperation, not a negative.
  • Snap & Flatpak
    • Snap came out before Flatpak, and beyond this Snap and Flatpak began as very different projects with very different goals. Flatpak is designed for desktop use only, and not intended for servers/embedded systems/etc, Snap was designed specifically with embedded/iot and cloud/server applications in mind, desktop came later.
  • Unity came at a time that the direction Gnome was moving in was quite controversial. Cinnamon, Mate, Pantheon, and Unity all got their start in that period, but Canoncial/Unity seem to be the only one’s who get criticized for developing a new DE at that time.

Regardless of whether you personally like Ubuntu or not, or want to recommend it or not, I would urge you to reflect on some of the assumptions that your opinions of the distro and the company behind it rest upon. There is a lot of misinformation that is stated as fact so many times that we don’t think to actually fact check for ourselves, but if you do, you’ll see a lot of the narrative surrounding Canonical is based on revisionist history/bias more than fact.

Just so you have some idea of my biases, I say this as someone who very happily uses Fedora and has used it for some years before its current popularity/moment in the sun, it gets more things right out of the box than any other distro I have used (apart from OpenSUSE) I have also use Ubuntu happily in the past. I don’t feel any particular allegiance to a certain distro family, but I do feel inclined to defend Ubuntu when I see criticisms based off inaccurate info, or see what appears to me to be unconscious double standards with respect to Ubuntu/Canonical.


Very well said.

I don’t think having more people using Ubuntu would be a bad thing. If not an official recommendation, I think at least an honorable mention of some sort would be extremely beneficial. People reading this site already show some degree of interest in privacy and are likely to take things further down the line, anyway, towards “better” distributions.

I agree. I think the easiest distributions for a complete beginner coming from Windows are (in that order): Linux Mint, Kubuntu, Ubuntu. They just work out of the box without needing to bother with Nvidia drivers or codecs or the terminal.

And I say that as someone who’s using openSUSE and Fedora personally.

Missing A Really Good (and Immutable if Desired) Distro

Definitely not something any newbie to Linux should get anywhere near, as it intimidates and frustrates even long time Linux users but I am surprised to see that NixOS is not listed given that it alone hits all the buttons you are looking for at least for those willing to configure it using the Nix language and parsing together sparse documentation tea leaves. It is immutable, if you add in the impermance flake and allows for a consistent, reproducible system built from code that one can easily analyze for vulnerabilities later. Plus the package management makes it reliable and for those that like FlatPak or Snap is no more obtuse or bloated than those options are. Its a pain in the ass, that learning curve is like going from sea level to Everest base camp even before touching building your own packages, but it is a great option still for those willing to deal with the hike.

Thomas Leon Highbaugh

but Thomas, it is listed. Desktop/PC - Privacy Guides (edited to add link to nix section)