OpSec Question: Which operating system is better? Tails? Whonix? Qubes? Kicksecure? Which one is better? (Read before asking)

Note before reading: This one is copied and pasted from my own reddit account in the r/computerprivacy and I want to see on how this will turn out, I know most of it is just unrelated but I want to see on how this will work out for me, especially in Reddit. I want to see on how you guys will recommend me with different Linux Distros that are related or nonrelated to privacy, security, and/or anonymity related Distros but popular and known or simply better distros that I can use for my daliy usage. I might have to edit this out in case I may violate the rules of the guidelines (I am not sure what to spot one in this post since I am new and read the FAQ page), of course, “Rules make you violate the rules” because of something that is something in our hands of situations, this one applies. If you spot one, let me know!

Begin: Basically, I can’t seem to find any sub-reddit that is even better and doesn’t seem to filter any of my own words that is related to my question. Rules are strict and I can’t find any sub-reddit that allows me to say something related, which I am afraid that my free speech on things are limited. So, here is the question:

Which operating is privacy, security, and/or anonymity focused operating system?

I’ve been getting mixed signals lately and I am not sure what to choose anymore, I’ve tried Tails OS on my USB, it was nice but not much to specify, other then just something that was interesting was that it leaves no traces, but then I realized is that it was a waste of my resources due to me having only one USB drive. There are various things to note these operating systems:

  1. Tails: Popular, known, and it has various things that you would expect for Tails to have. Although it doesn’t have a clearnet traffic prevention as it isn’t designed in a way it should be. According to dread on the Darknet, it is possible that say that whonix is most likely better off this one. Based on Debian.

  2. Whonix: Popular, but mostly known, it has two known distros or systems: The Whonix Gateway and Whonix Workstation, Gateway protects the internet traffic from The Workstation, while you can do anything in the Workstation, but I am not sure if you can do anything in the Gateway. Compared to Tails, its not specifically designed with the internet traffic, so whonix has a better place to be recommended and surpassed. Its also based on Kicksecure OS. Based on Debian.

  3. KickSecure OS: Its not really popular and known, but its based on Debian. Its focus on Security and Anonymity, prevents all types of malware to be infected within the computer and its OS, it is one of the most secure operating systems out there, especially the use of Qubes OS. The operating system is light weight and its actually the best OS for people who want a simpler alternative to Qubes OS.

  4. Qubes OS: Known and popular, based on Fedora. which is the only privacy and security linux distro that focuses on Fedora (Three of them focus on Debian, expect one). It focuses on compartmentalization and virtualization, so when the virtual machine gets infected, you can simply just close it and get a new one by clicking on on a new application or something. It complicated for a beginner to understand it so good luck figuring it out.

But, this is not the case, however, most of the time, there are a lot of content creators saying that you should get tails, you should get qubes os, you should get whonix and bla bla bla. I am sick and tired of these videos, especially the old ones, and I don’t know which one should I use, the only thing that I can is the objectivity, meaning that I would have to use Whonix for a different purpose and reason while also the same for Tails. But I can’t seem to put my finger on it: It’s like there are a lot of things going on and I just can’t seem to find anything fit.

For all I have, I have both Whonix and Kicksecure in my Virtual Box, both of those are verified and imported as .OVA files, I have two clones for Whonix: Gateway and Workstation, because it says it in the opsec manual in the guides section.

For my current threat model: “Corporate Data” but that might change to “State/Data Surveillance” due to the fact that these two situations are happening:

  1. Is because the EU is impose the laws/sanctions against Encrypted communications app due to the “CSAM” which I highly doubt that’s even the case. Or just simply put:

  2. Because of Chinese made products are being sold to EU such as Lenovo and Redmi/Xiomai, but Lenovo is owned by a Chinese state owned business by the government (Specifically the Chinese Communist Party or CCP), while Redmi/Xiomai is not since they are cooperating with the government. But, I am afraid that one day, there will be a discovery that there is a spyware chip inside of those Chinese made products, and that kinda leaves me with no chance of buying those products, instead I have to rely on something in European based like Germany for example.

I am not sure what to expect, since I have heard of stories of alleged Chinese threat actors implementing a backdoor to those open-source linux distributions and software packages, but has been addressed long time ago.

What are you thoughts on this, and what are the recommendations and advice you got for me?

If a hardware is compromised, it doesn’t matter whether you use an anonymity or security focused operating system. There’s no “best” operating system. Only tools for the right purpose and for the right threat model. Don’t jump in on countermeasures-first approach, know your threat model. Follow the threat modeling guide from the official Privacy Guides website.

4 Likes

I might have to look into that. Thanks!

It’s just the people themselves recommending this kind of stuff on the internet, I’ve seen that on YouTube before (Old videos which I have seen a lot), and maybe now on other platforms before? I believe? I am not really sure what to think of this. But thanks for the advice!

They’re four completely different tools for different purposes.

  • Tails is a live OS for performing specific extremely sensitive actions under complete anonymity, where no trace of its use can be allowed to exist.
  • Whonix is a VM that communicates solely through the Tor network and by nature of being an OS rather than an application, can provide stronger anonymity protections than just Tor browser.
  • KickSecure is a modified version of Debian that is more secure, at low cost to compatibility (besides the fact you’re using Linux, of course).
  • Qubes is a highly secure long-term desktop OS.
3 Likes

I think Kicksecure also routes your trafic through Tor by default. Maybe I’m wrong?

I see. But there are more then just that. Since, a lot of times, they can be beneficial at times. For example: Tails is a portable USB based operating system (Based on Debian or just Vanilla) that (Like you described) performs specific extremely sensitive actions under complete anonymity, while also leaving no traces left behind. But sometimes if you don’t have an extra USB for that specific case then I am pretty sure that will become a downside to it. However, all your points correct but, I would like to see more helpful information that can benefit from using it. Or maybe not, as there are other ways that I can see fit. I’ve seen way better information on the Darknet so I may need some context to it. But anyway, its great. But put some extra information that may may be seen as fitting or beneficial for its usage.

Well, as far as I have tested it out, it does rout your traffic via Tor, while also connected to your Wifi. As far as I know? Check their official documentation via www.kicksecure.com for now.

Original comment

I don’t think so (but I could also be wrong, I’ve used Whonix but not Kicksecure)

Kicksecure is (began as) a building block for Whonix I believe. I think Whonix and Kicksecure share a lot of the the same hardening, but my impressions was that Kicksecure didn’t have the anonymity focus of Whonix.

[edit after testing and a bit further research]:

Kicksecure has much of the same hardening as Whonix, but without the system-wide routing through the Tor Network (or the strong isolation/separation of networking in a separate vm. It appears apt operations are proxied through Tor, but web browsing (and presumably other activities are not).

TL;DR from Whonix and Kicksecure’s lead developer:

Whonix for anonymity.
Kicksecure for security-only.

Kicksecure started off being based on Debian, while Whonix is based on Kicksecure (which means also Debian). So, there might be some information about this, but please. Check their websites, both at www.whonix.org and www.kicksecure.com for now, check their official documentation before asking. More specifically if you don’t know if you are wrong. Please check them out. For now.

I saw that page:

The introduction specifically says:

Documentation on how to use Kicksecure without Tor

If we think about it, we might conclude that Kicksecure uses Tor by default, but that it’s possible to do the opposite. Also, it’s important to note that this documentation page is incomplete:

Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.

The only way to find out is to test, but I don’t have my PC with me right now to do that.

I did test it out, I suppose its supposed to hide your IP? I know that their page is incomplete but you know, who wants to get notified by the official releases of their page, but it can be somewhat outdated so, if there is a new information out there, they can just update it, even the contributors can, so, who am I to judge over here?

1 Like

Well, Tor is supposed to do that (among other things of course)

I see. Quite the interest.

I think I’ll do that (been meaning to test out kicksecure anyway) and @doctrine was right I (we) shouldn’t be speculating without verifying.

Edit: actually this post on the Whonix forum (by the founder and lead develoepr of both Whonix and Kicksecure) sounds pretty conclusive:

Kicksecure is security-focused operating system.
Whonix is an anonymous operating system and based on, hardened by Kicksecure.
In result, Whonix and Kicksecure have the same security features.
[…]
Whonix for anonymity.
Kicksecure for security-only.

Further speculation because I'm at a cafe with slow wifi and I'm getting impatient waiting for the iso to download

I think that wiki page @rollsicecream pointed to may just be phrased weirdly/misleadingly (I know that Kicksecure system updates do (or can) run through Tor, but I haven’t seen any other specific mentions of Tor in the Kicksecure docs. (and it would be quite unusual for an OS with system-wide Tor to not advertise that fact. Whonix also describes Kicksecure as “A security hardened Non-Anonymous Linux distro”)

Kicksecure started off being based on Debian, while Whonix is based on Kicksecure (which means also Debian).

I think technically Whonix existed long before Kicksecure, my recollection is Kicksecure was split off from Whonix at some point, and went from Debian → Whonix, to Debian → KickSecure → Whonix. But yeah more or less we are saying the same thing in different ways.

1 Like

I see, but there is there like a source to it or is that something you come up with?

Not sure what part of my comment you are referring to.

Edit: got the VM setup. Can now confirm based on initial testing, that at least for general web browsing in the default browser, Tor is not active/enabled

What I am reffering to is the sentence:

think technically Whonix existed long before Kicksecure, my recollection is Kicksecure was split off from Whonix at some point, and went from Debian → Whonix, to Debian → KickSecure → Whonix. But yeah more or less we are saying the same thing in different ways.

Is this some sort of new information? Is that something you believe? Is that something that you heard of somebody saying that? Has anybody told you this before? As far as I am aware by your post.

Also, from my understanding, in Whonix is enabled in the Whonix Gateway and Workstation, while Kicksecure is not? Could at least configure it with a different IP address and a different port. Since I am pretty that’s how it’s supposed to work?

No. Not new info.

Whonix has existed since ~early 2010s, Kicksecure came many years later (~2020ish?), the idea for Kicksecure was proposed/announced by Whonix’s lead developer in 2018/19

Is that something you believe? Is that something that you heard of somebody saying?

Yes and yes. (I’ve seen it mentioned a handful of times in various places over the past few years)

lso, from my understanding, in Whonix is enabled in the Whonix Gateway and Workstation

Yes this is probably the biggest design innovation of Whonix. Networking/Tor, and your desktop/workstation are separate and compartmentalized.

Could at least configure it with a different IP address and a different port. Since I am pretty that’s how it’s supposed to work?

Not sure what you are trying to say here, could you clarify?

I don’t know which one should I use, the only thing that I can is the objectivity, meaning that I would have to use Whonix for a different purpose and reason while also the same for Tails. But I can’t seem to put my finger on it: It’s like there are a lot of things going on and I just can’t seem to find anything fit.

I’d agree with what @Amusable5830 said:

Don’t jump in on countermeasures-first approach without knowing your threat model. Follow the threat modeling guide from the official Privacy Guides website.

You should approach by first defining your threat model once that is appropriately defined, it will narrow and focus your choice of distro. Its pretty likely that none of the distros you mentioned, are appropriate for you as a daily driver with the possible exception of possibly Kicksecure. Any of the torified distros are geared towards anonymity which overlaps with but is conceptually and practically different than privacy and security.

1 Like