Operating Systems

Even your own computer could be compromising your privacy. Discover our recommended OS choices for all the devices you use.

PC Operating Systems

Qubes OS Xen

Qubes OS Qubes is an open-source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, the X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. contrib


Fedora Workstation GNU/Linux

Fedora Workstation Fedora is a Linux distribution developed by the Fedora Project and sponsored by Red Hat. Fedora Workstation is a secure, reliable, and user-friendly edition developed for desktops and laptops, using GNOME as the default desktop environment. contrib


Debian GNU/Linux

Debian Debian is a Unix-like computer operating system and a Linux distribution that is composed entirely of free and open-source software, most of which is under the GNU General Public License, and packaged by a group of individuals known as the Debian project.


Warning

Remember to check CPU vulnerability mitigations

This also affects Windows 10, but it doesn't expose this information or mitigation instructions as easily. MacOS users check How to enable full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities on Apple Support.

When running a enough recent kernel, you can check the CPU vulnerabilities it detects by tail -n +1 /sys/devices/system/cpu/vulnerabilities/*. By using tail -n +1 instead of cat, the file names are also visible.

In case you have an Intel CPU, you may notice "SMT vulnerable" display after running the tail command. To mitigate this, disable hyper-threading from the UEFI/BIOS. You can also take the following mitigation steps below if your system/distribution uses GRUB and supports /etc/default/grub.d/:

  1. sudo mkdir /etc/default/grub.d/ to create a directory for additional grub configuration
  2. echo GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT mds=full,nosmt" | sudo tee /etc/default/grub.d/mds.conf to create a new grub config file source with the echoed content
  3. sudo grub-mkconfig -o /boot/grub/grub.cfg to generate a new grub config file including this new kernel boot flag
  4. sudo reboot to reboot
  5. after the reboot, check tail -n +1 /sys/devices/system/cpu/vulnerabilities/* again to see that MDS now says "SMT disabled."
Further reading

Worth Mentioning

Live CD Operating Systems

Tails GNU/Linux

Tails Tails is a live operating system, that starts on almost any computer from a DVD, USB stick, or SD card. It aims at preserving privacy and anonymity, and helps to: Use the Internet anonymously and circumvent censorship; Internet connections go through the Tor network; leave no trace on the computer; use state-of-the-art cryptographic tools to encrypt files, emails and instant messaging. contrib


KNOPPIX GNU/Linux

KNOPPIX Knoppix is an operating system based on Debian designed to be run directly from a CD / DVD (Live CD) or a USB flash drive (Live USB), one of the first of its kind for any operating system. When starting a program, it is loaded from the removable medium and decompressed into a RAM drive. The decompression is transparent and on-the-fly. contrib


Puppy Linux GNU/Linux

Puppy Linux Puppy Linux operating system is a lightweight Linux distribution that focuses on ease of use and minimal memory footprint. The entire system can be run from RAM with current versions generally taking up about 210 MB, allowing the boot medium to be removed after the operating system has started. contrib


Worth Mentioning

Mobile Operating Systems

GrapheneOS AOSP

GrapheneOS GrapheneOS (formerly known as CopperheadOS) is a free and open-source security and privacy focused mobile operating system built on top of the Android Open Source Project. It currently specifically targets devices offering strong hardware security. contrib


LineageOS AOSP

LineageOS LineageOS is a free and open-source operating system for smartphones and tablets, based on the official releases of the Android Open Source Project. It is the continuation of the CyanogenMod project. contrib


Ubuntu Touch GNU/Linux

Ubuntu Touch Ubuntu Touch is a free and open-source operating system for smartphones and tablets. It's an alternative to the current popular mobile operating systems on the market. Only a few devices are supported. contrib


Worth Mentioning

Android Privacy Add-ons

Blokada

Block ads with Blokada

Blokada works across all of your apps, not only the browser. It doesn't require root, supports both wifi and mobile networks, and is perfectly safe and simple to use. Just turn it on, and it will do the job silently!

NetGuard

Control your traffic with NetGuard

NetGuard provides simple and advanced ways to block certain apps' access to the internet without the help of root privileges. Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection, allowing you to control which apps are able to call home or not.

Orbot

Tor for Android with Orbot

Orbot is a free proxy app that empowers other apps to use the internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world. Root Mode: Orbot can be configured to transparently proxy all of your Internet traffic through Tor. You can also choose which specific apps you want to use through Tor.

Open Source Router Firmware

OpenWrt Linux

OpenWrt OpenWrt is an operating system (in particular, an embedded operating system) based on the Linux kernel, primarily used on embedded devices to route network traffic. The main components are the Linux kernel, util-linux, uClibc and BusyBox. All components have been optimized for size, to be small enough for fitting into the limited storage and memory available in home routers. contrib


pfSense BSD

pfSense pfSense is an open source firewall/router computer software distribution based on FreeBSD. It is installed on a computer to make a dedicated firewall/router for a network and is noted for its reliability and offering features often only found in expensive commercial firewalls. pfSense is commonly deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server, and as a VPN endpoint. contrib


LibreCMC GNU/Linux

LibreCMC LibreCMC is a GNU/Linux-libre distribution for computers with minimal resources, such as the Ben Nanonote, ath9k-based Wi-Fi routers, and other hardware with emphasis on free software. The project's current goal is to aim for compliance with the GNU Free System Distribution Guidelines (GNU FSDG) and ensure that the project continues to meet these requirements set forth by the Free Software Foundation (FSF).


Worth Mentioning

Don't use Windows 10 - It's a privacy nightmare

Windows 10 Privacy
  1. Data syncing is by default enabled.
    • Browsing history and open websites.
    • Apps settings.
    • WiFi hotspot names and passwords.
  2. Your device is by default tagged with a unique advertising ID.
    • Used to serve you with personalized advertisements by third-party advertisers and ad networks.
  3. Cortana can collect any of your data.
    • Your keystrokes, searches and mic input.
    • Calendar data.
    • Music you listen to.
    • Credit Card information.
    • Purchases.
  4. Microsoft can collect any personal data.
    • Your identity.
    • Passwords.
    • Demographics.
    • Interests and habits.
    • Usage data.
    • Contacts and relationships.
    • Location data.
    • Content like emails, instant messages, caller list, audio and video recordings.
  5. Your data can be shared.
    • When downloading Windows 10, you are authorizing Microsoft to share any of above-mentioned data with any third-party, with or without your consent.

Download: W10Privacy

This tool uses some known methods that attempt to disable major tracking features in Windows 10.

Related Information