Which OS for private secure internet browsing PC?

Hi All,

I’ve bought a new mini PC that I’m going to use specifically for internet browsing. I’m looking for a simple hardened OS that will provide good security and privacy by default. I will only be using a browser to “browse” and save files while connected to VPN. Nothing else. Looking for something that is easy to use and requires little or no configuration. I don’t need anything as extreme as tails, qubesOS etc.

Would something like SecureBlue be a good choice? or do you have any other recommendations that may fit the bill?

Many Thanks

https://aeondesktop.github.io/

What does Aeon do better or worse compared to Fedora Silverblue? How good is KDE support as of now?

Maybe using something like ChromeOS Flex ?

I understand it’s Google. But it just works the way you want only problem Google and mandatory Google account sign in.

Currently I use Tails in Boxes… Would Whonix be a better bet in Secureblue?

Also watcha mean by layering Whonix? Wouldnt you shove it in VirtualBox or Boxes/Virt?

Please check Privacy Guides reccomendation.

You can use Arch and do manually install so you only have what’s strictly needed for you.

But you can’t have an easy to use/ no setup AND hardened setup.

I haven’t properly tried Silverblue in quite some time.

One of the pros of Aeon is that it only supports and focuses on GNOME, but if you use KDE, then this is a con.

There is also openSUSE Kalpa, but it’s very far behind Aeon, and the reason why is KDE.

Thanks for everyone’s input so far.

To clarify I don’t need total anonymity and want fast uploads/downloads so I’m discounting anything using Tor.

I’m decided on going with either Secureblue or Kicksecure.

Which of the two choices would be better for installing directly to SSD, and using out of the box (other than configuring VPN)?

Could you explain what you mean by frictions in KS ?

Basically I’m a linux noob so there’s no point in using anything where it requires knowledge and know-how to make secure, because I wouldn’t know where to start!

Here are some quotes from the founder of Aeon:

Technically ostree is a burden that slows a system down more you pile atop it… and a very painful proposition for infrastructure, mirrors, et al

I don’t think any popular distro can afford to embrace ostree the way SB has

I do not think we share one line of common code in all that makes SB different from Fedora or Aeon different from TW

So suggesting there is any technical similarities at all is downright silly

We don’t even have our own flatpaks like Fedora does (which is probably why people keep citing broken flatpaks on Fedora… flathub has better ones)

Philosophically - Silverblue falls into the same trap as KDE and many other FOSS projects fall into - thinking that “customising everthing” is a valid usecase

Aeon prioritises getting things right and getting out of the way, rather than focusing on letting people tinker instead of using their system

For us, immutability is a route to ensuring your system keeps working

For SB it’s an excuse to try different ways of breaking your system/trying out new toys

Wildly different mindsets

This is why features like rebasing and composability/determinism are mostly irrelevant to Aeon

It aims to be an OS you shouldn’t need to heavily play with, just one to use… you can’t say that about Silverblue, NixOS, Tumbleweed and many other distros out there

Those distros use immutability as part of a story about customisation

I think heavy customisation is already better done in traditional distros built for it - the community who wants that is well served by Tumbleweed

Aeon doesn’t want to be messing around with rebasing and stuff like Silverblue or spinning up hundreds of different flavours like Universal Blue

We want to get it right and use our immutability to keep it right, working and self healing

Installing anything via transactional-update should be a last resort done sparingly for edge cases and quirks we can’t handle for everyone together

Comparing Aeon to Silverblue is a bit like comparing a family car to a Battle Tank

Sure they’re both vehicles, and have wheels, and drive

But there really isn’t any commonality, no technical relationship, and there’s no intention by Aeon to walk in Silverblues footsteps

We’re walking our own path and do almost everything differently, from our update stack to flatpaks being user installed not system wide

Why haven’t you simply referred to the recommendations on PG?

PG does not recommend Secureblue - it recommends Fedora Workstation, which is the OG Fedora and the easiest to use as someone new to Linux. Don’t go for Silverblue or any other Fedora variant.

Have you even tried Aeon or secureblue?

Have you read the thread on secureblue and why PG voted to not recommend it?

OP is brand new to Linux and you want to recommend an atomic distro?

I may be missing something here, but they have an Atomic Distributions section of which the first listing is Fedora Atomic Desktops, and I thought Silverblue is one of those, so does that mean that PG recommends Silverblue?

And my understanding is that Secureblue is adding some hardening. I could just use Silverblue ootb which seems valid because I don’t really understand what Secureblue really does and what benefits it brings me. Also it doesn’t seem widely adopted at present, and to me numbers of users / number of stars on github etc count as a good gauge of how good something is.

Out of interest, how are those issues different on Secureblue. i.e why does SB not require maintenance and command line? You mean opinionated choices like certain browsers, password managers etc are installed by default whereas SB comes with no preinstalled apps? If it’s locked down, could that be good for me if all I want to do is use a browser and not fiddle about with it?

Tbh I really just need to make a choice and get on with it, as for a noob like me, most of the the debate / info goes over my head anyway

Yes.

If you’ve never used Linux before, don’t go with any hardened OS, you’re shooting yourself in the foot and will probably quit in a week.

Go with something like Linux mint. Super easy and never break randomly on you. And learn how Linux works first.

Just a question out of pure curiousity: Why not just use Brace, created by the DivestOS developer, with Fedora Workstation?

Aside from that, especially if you don’t like the GNOME DE, I’m not sure what to recommend which offers what you’re looking for.

Because immutable distributions are the future of Linux desktop.

Silverblue > Workstation

Aeon > Tumbleweed

Is there an expected release date and why don’t SUSE use SELinux than AppArmor ?

Just curious.