On “immutable” distros, this means adding a layer with the software on top of the immutable base image. On securueblue this happens via rpm-ostree install command.
You need to read this up for yourself. Too much to explain. It is basically a very lightweight form of virtualization on Linux, which does not have the same security guarantees as “normal” VMs.
Check out the Secureblue homepage, especially the FAQ
Yes, but I think it is an acceptable risk. Unprivileged user namespaces increase the risk of privilege escalation. But on a single user system, you are screwed anyway, if malware runs as your user in an unsandboxed way and most sandboxes deny access to unprivileged user namespaces nevertheless. As @Securefan said, using a Whonix VM instead would be the most secure option, but it is also much more inconvenient and resource hungry.
Well, most of that isn’t really beginner-friendly either
So just to confirm: I should be downloading the Tor.tar.xz-file and what would be the correct command the for rpm-ostree?
Second question: I also tried to set up a Wireguard tunnel, I did exactly as described on the Secureblue website by importing the .config-file, and while it looks like it is working (the connections enabled and no error messages), I cannot open any website, so it obviously is not working. Are there any other things that need to be changed/added when using Wireguard?
If you use a commercial VPN they might offer a command line program which can be installed using Homebrew. WireGuard isn’t begginer software. Are you trying to access the web or another network? WireGuard tunnels aren’t for general internet connections unless you are evading censorship. It’s for connecting one computer to another, or one computer to a network as if it was local, not browsing Wikipedia.
There can be a billion reasons why people is using Tor. You don’t need to be a internet-wizard to use Tor. Tor is for everyone and is beginner-friendly.
I think Tor is most people first real introduction to digital privacy and anonymity or I know it was when I was growing up.
I think a better question is why would a beginner use Secureblue when Secureblue isn’t beginner-friendly or meant to be a beginner-friendly.
You really should learn the basics about the different ways of installing software on immutable Fedora distros. That’s something you can do for yourself. In this case its rpm-ostree install torbrowser-launcher
Simply in order to use my home network from other places. It is very easy to set up a Wireguard config, the router already has a setting for it.
Yes, I agree, but I have experience with beginner-friendly distros such as Mint or regular FEdora. Unfortunately these have security issues and that is why I am trying to learn about Secureblue. But if there aren’t any tutorials for beginners or support, that is exactly why beginners turn back to Windows. Everything was/is working there, all browsers, Wireguard etc. No issues whatsoever. Even on Mint and Fedora most of it was working/possible. But again - it seems like the standard user who is not a tech nerd only has the choice between bad privacy = Windows or bad security = standard Linux.
I am confused. Why would you use Flatpak for Tor? I was under the impression NOT to use Flatpak for any browsers, even on the regular distros (not atomic) I have always installed it with the tar-file.
I have already explained that sucureblue is not yet ready for general use. It is still in an early development stage. Use Fedora or a more established atomic variant if you need good tutorials.
Windows users shouldn’t start with obscure beta distros less than a year old.
There are numerous threads on PG about the insecurity of Linux desktops.
I understand rpm-ostree is not Flatpak, but torbrowser-launcher is Flatpak…on Tor’s website you only get the tar-file and whenever I installed Tor in a regular/non-atomic distro I followed Tor’s guide. There is no mentioning of torbrowser-launcher…
I just reinstalled secure blue and very quickly realized why I ditched it in the first place.
This time around it must have been updates because my vpn app quit working.
Just installing what I would consider basic I would get warnings about disabling security features being disabled and the app would not work anyways.
I am not blaming Secure blue, it’s my own lack of knowledge. I use the phone for most everything anyways and just went back to a Ubuntu flavor, may try fedora. Secure blue is just too complex for me.
I do have a set up like a docking station that I use for graphene os as a desktop to an external monitor, keyboard, mouse and ports to hook up any flash drives I may need.
I use secureblue and yeah, it’s complex. I can’t get Mullvad wireguard to work. The way I use VPN on secureblue is by using ProtonVPN extension for now.
