If you really want to maximise security, you need to understand that you have to give up any consideration of performance and that due to it's high userbase, Linux is actually has quite a lot of malicious eyes looking at it, if you're highest focus is on security, then I would actually recommend looking at OpenBSD instead of GNU/Linux as it is full-stack developed with security and reliability in mind (and as a result sacrifices performance to do that). Of course I won't let it go without saying that the most secure computer is no computer at all.
Oh and don't run anything from a snap, flatpak or appimage.
This does overlap pretty heavily with security.
Typically FOSS software is very good at not doing any shady stuff like phoning home, but it's no guarantee (looking at you, Canonical), if you're really paranoid about stuff like that you can run programs using a sandboxing application like firejail to minimise the risk.
For browsing, the best thing for privacy is of course the TOR browser, without logging into any account on any platform. However TOR is really, really slow, so your mileage may vary with that, also it blocks all JavaScript from memory, so expect 95% of the modern web to be non-functional.
If security and privacy are important, but you don't want to give up too much peformance, then my recommendations are:
1. GNU IceCat, it's basically clearweb TOR browser, so it blocks all JS by default as well as having some extra security features on top of your "normal" browsers. Still breaks most of the modern web though.
2. Brave, although annoyingly getting more bloated by the day, is probably the best choice for 90% of people (i.e. you want all the sensible security stuff, want to keep JS functionality and don't have the knowledge and/or time to roll your own hardened FireFox config). Also has what is (to my knowledge) currently the best ad blocker available (without disabling all JS that is) which makes it very nice.
3. Rolling your own FireFox config, this is a bit of a time consuming process (although there are custom user.js that speed this up considerably), because you do pretty much everything yourself, you have the best guarantee of getting the exact level of privacy and security you expect (no relying on someone else doing the work for you.
Hate to break it to you, but if you want to maximise performance, you will have to switch away from a DE and to a tiling wm, (dwm is the lightest as far as I know, but they're all usually very good). Using a Desktop Environment like Plasma or GNOME abstracts away how the operating system works from the user, now we can argue if this makes Linux 'easier' or 'harder' for normal people to use, since that's beside the point, these abstractions whether for good or for ill, cost computation, which means performance that can't be spent anywhere else.
So you need to cut this stuff out of your computing life, switching a a tiling WM is good an all, but that doesn't help much if you're using programs that have a wide feature set for more streamlined or "minimalist" programs (compare something like Evince to Zathura).
The big advantage in the long run of doing this sort of thing, is you learn how to automate and strip-down things yourself, which is just generically a good skill to have, computing or otherwise. For example I don't use a Display Manager (login screen) to log in, I use the tty directly to get in, and use a script based around Dmenu to manage logging off, shutting down, etc. Turns something that normally is a tens of megabytes program that uses who knows how many CPU cycles, to something that is literally a 4.0Kb script.
You can really only solve this with thorough research into each program, with older programs being more likely to have fewer bugs. Unfortunately, neither computers nor programmers are infallible and running into bugs and crashes it just a fact of life that one has to accept, although they are certainly less common, in my experience, on GNU/Linux than on proprietary operating systems such as Microsoft and MacOS.
Frankly they're all six for one, half-dozen the other. As far as I know S6 is the most 'drop in' replacement for SystemD in terms of what it allows end users to do (although the design philosophies are totally different), but Runit, OpenRC, etc are all pefectly capable init systems that all have their own unique quirks with how they operate.
Nothing I haven't already said above, so I won't repeat myself.
You'll have to be willing and prepared to learn a lot, you'll want to use the base iso for whatever init system you decide to use so that the fewest number of packages possible are installed (fewer packages, fewer liabilities) and install and configure what you need as you need it.
We don't live in a perfect world, so what you'll need to order in importance; Security, Performance and Ease of Use in whatever order you deem appropriate, then accept the fact that you can probably maximise one, get 60-70% in a second one then the last one will be left at the wayside. Only you can decide what is appropriate.
Finally, don't try and make the plunge all at once, remember that just by using FOSS like Linux you have a huge step up in these areas compared to most people, instead I would look at what your workflow is and replace one or two programs at a time.
For example if you use an IDE and a GUI text editor like Kate, you could instead switch to using Vim/Neovim, which not only is a fantastic, minimal text editor, but has plugins that allow you to replicate IDE functionality with things like LSP plugins and REPLs.
For another example you could replace something like Thunderbird with something like Neomutt, a terminal based email client.
I hope that helps.
Topic: w (Read 1231 times)
previous topic - next topic
