Operational Systems and Browsers
FUCK THE BIG TECHS!
Qubes is an open source operating system designed to provide strong security for desktop computing.
Qubes takes an approach called security by compartmentalization, which allows you to compartmentalize the various parts of your digital life into securely isolated compartments called qubes.
This approach allows you to keep the different things you do on your computer securely separated from each other in isolated qubes so that one qube getting compromised won’t affect the others. For example, you might have one qube for visiting untrusted websites and a different qube for doing online banking. This way, if your untrusted browsing qube gets compromised by a malware-laden website, your online banking activities won’t be at risk. Similarly, if you’re concerned about malicious email attachments, Qubes can make it so that every attachment gets opened in its own single-use disposable qube. In this way, Qubes allows you to do everything on the same physical computer without having to worry about a single successful cyberattack taking down your entire digital life in one fell swoop.
Brave Web Browser is a fast, free, secure web browser with a built-in ad blocker*, tracking and security protection, and optimized data and battery experience.
*What is Brave Ad Replacement?
Brave’s goal is to speed up the web, stop bad ads and pay publishers. One of the ways we plan to accomplish this is with ad replacements. We will also invite users to fund their wallets and to use those funds to pay the publishers of their favorite websites.
openSUSE is a free and Linux-based operating system for your PC, Laptop or Server.
The openSUSE distribution is a stable, easy to use and complete multi-purpose distribution.
It is aimed towards users and developers working on the desktop or server. It is great for beginners, experienced users and ultra geeks alike, in short, it is perfect for everybody! The latest release, openSUSE 13.1, features new and massively improved versions of all useful server and desktop applications. It comes with more than 1,000 open source applications.
openSUSE is also the base for SUSE's award-winning SUSE Linux Enterprise products.
The openSUSE project is a worldwide effort that promotes the use of Linux everywhere. openSUSE creates one of the world's best Linux distributions, working together in an open, transparent and friendly manner as part of the worldwide Free and Open Source Software community.
A Google Chromium variant for removing Google integration and enhancing privacy, control, and transparency
A number of features or background services communicate with Google servers despite the absence of an associated Google account or compiled-in Google API keys. Furthermore, the normal build process for Chromium involves running Google's own high-level commands that invoke many scripts and utilities, some of which download and use pre-built binaries provided by Google. Even the final build output includes some pre-built binaries. Fortunately, the source code is available for everything.
ungoogled-chromium is a set of configuration flags, patches, and custom scripts. These components altogether strive to accomplish the following:
- Disable or remove offending services and features that communicate with Google or weaken privacy
- Strip binaries from the source tree, and use those provided by the system or build them from source
- Add, modify, or disable features that inhibit control and transparency (these changes are minor and do not have significant impacts on the general user experience)
Bromite is a Chromium fork with support for ad blocking and enhanced privacy.
Bromite aims at providing a no-clutter browsing experience without privacy-invasive features and with the addition of a fast ad-blocking engine. Minimal UI changes are applied to help curbing the idea of "browser as an advertisement platform".
Bromite is only available for Android Marshmallow (v6.0, API level 23) and above.
This project is an independent fork of Firefox, with the primary goals of privacy security and user freedom. It is the community run successor to LibreFox
LibreWolf uses more than 500 privacy/security/performance settings, patches, LibreWolf-Addons (optional) and is designed to minimize data collection and telemetry as much as possible (updater, crashreporter and Firefox’s integrated addons that don’t respect privacy are removed).
LibreWolf is NOT associated with Mozilla or its products.
Features Latest Version of Firefox: LibreWolf is compiled directly from the latest build of Firefox Stable. You will have the the latest features, and security updates. Completely Independent Build: LibreWolf uses a completely independent build from Firefox and has its own settings, profile folder and installation path. As a result, it can be installed alongside Firefox or any other browser. Extensions firewall: limit internet access for extensions. IJWY (I Just Want You To Shut Up): embedded server links and other calling home functions are removed. In other words, zero unauthorized or background connections by default. User settings updates: gHacks/pyllyukko base is kept up to date. Settings protection: important settings are enforced/locked within librewolf.cfg and policies.json, those settings cannot be changed by addons/updates/LibreWolf itself or unwanted/accidental manipulation; To change those settings you can easily do it by editing librewolf.cfg and policies.json. LibreWolf-addons: set of optional LibreWolf extensions Statistics disabled: telemetry and similar functions are disabled Tested settings: settings are performance aware Multi-platform (Windows/Linux/Mac/and soon Android) Dark theme (classic and advanced) Recommended and code reviewed addons list Community-Driven And much more…
Pale Moon is an Open Source, Goanna-based web browser available for Microsoft Windows and Linux (with other operating systems in development), focusing on efficiency and customization.
Pale Moon offers you a browsing experience in a browser completely built from its own, independently developed source that has been hard forked off from Firefox/Mozilla code, with carefully selected features and optimizations to improve the browser's speed*, resource use, stability and user experience, while offering full customization and a growing collection of extensions and themes.
Main features: Optimized for modern processors Based on the Unified XUL Platform (UXP) containing our own optimized layout and rendering engine (Goanna) Safe: forked from mature Mozilla code and regularly updated with the latest security patches Secure: Additional security features and security-aware development Supported by our user community, and fully non-profit Privacy-aware: zero ads; no telemetry, spyware or data gathering Familiar, efficient, fully customizable interface Support for full themes: total freedom for any element's design Support for easily-created lightweight themes (skins) Smooth and speedy page drawing and script processing Superior gradients and fonts Will continue to support NPAPI plugins like Flash and Java Support for a growing number of Pale Moon exclusive extensions Extensive and growing support for existing web standards
Pale Moon will continue to provide grouped navigation buttons of a decent size, a bookmarks toolbar that is enabled by default, tabs next to page content by default (easily switchable) and not in the least a functional status bar and more freedom in customization, to name a few things.
This project is community-supported to benefit the development of not only a web browser but any other application that builds on the freely available XUL platform we are developing and using.
Waterfox is a high performance browser based on the Mozilla platform. Made specifically for 64-Bit systems, Waterfox has one thing in mind: speed.
What makes Waterfox so fast?
It's built with Intel's C++ compiler. One of the most powerful compilers out there. This enables us to make the fastest possible web browser for all the code changes we make. This potent combination makes for an unparalleled browsing experience.
The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.
The Tor Browser lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained.
Whonix is a desktop operating system designed for advanced security and privacy. Whonix mitigates the threat of common attack vectors while maintaining usability. Online anonymity is realized via fail-safe, automatic, and desktop-wide use of the Tor network. A heavily reconfigured Debian base is run inside multiple virtual machines, providing a substantial layer of protection from malware and IP address leaks. Commonly used applications are pre-installed and safely pre-configured for immediate use. The user is not jeopardized by installing additional applications or personalizing the desktop. Whonix is under active development and is the only operating system designed to be run inside a VM and paired with Tor.
Based on Tor Whonix utilizes Tor's free software, which provides an open and distributed relay network to defend against network surveillance.
Isolation Connections through Tor are enforced. DNS leaks are impossible, and even malware with root privileges cannot discover the user's real IP address.
Compatibility Whonix is available for all major operating systems. Most commonly used applications are compatible with the Whonix design.
The Fedora Project is an openly-developed project designed by Red Hat Enterprise Linux , open for general participation, led by a meritocracy, following a set of project objectives. The goal of The Fedora Project is to work with the Linux community to build a complete, general purpose operating system exclusively from open source software. Development will be done in a public forum. The project will produce time-based releases of Fedora about 2-3 times a year, with a public release schedule. The Red Hat engineering team will continue to participate in building Fedora and will invite and encourage more outside participation than in past releases. By using this more open process, we hope to provide an operating system more in line with the ideals of free software and more appealing to the open source community.
Manjaro is a user-friendly Linux distribution based on the independently developed Arch operating system. Within the Linux community, Arch itself is renowned for being an exceptionally fast, powerful, and lightweight distribution that provides access to the very latest cutting edge – and bleeding edge – software. However, Arch is also aimed at more experienced or technically-minded users. As such, it is generally considered to be beyond the reach of those who lack the technical expertise (or persistence) required to use it.
Developed in Austria, France, and Germany, Manjaro provides all the benefits of the Arch operating system combined with a focus on user-friendliness and accessibility. Available in both 32 and 64 bit versions, Manjaro is suitable for newcomers as well as experienced Linux users. For newcomers, a user-friendly installer is provided, and the system itself is designed to work fully ‘straight out of the box’ with features including:
- Pre-installed desktop environments
- Pre-installed graphical applications to easily install software and update your system, and
- Pre-installed codecs to play multimedia files
For more experienced – and adventurous – users Manjaro also offers the configurability and versatility to be shaped and moulded in every respect to suit personal taste and preference. Furthermore, a minimalist NET-Edition is also available in both 32 and 64 bit versions. Stripped of any pre-installed software, this provides a base installation on which to build your own system; starting from a command line, be completely free to chose your own greeters, desktops, hardware drivers, software applications, and so on!
ChromiumOS fork with Thorium Browser, x264/x265 codecs, Widevine, Kernel 5.15, Linux Firmware/Modules support, Nouveau, Intel/AMD microcode, and extra packages. SYNOPSIS: ThoriumOS aims to be the ChromiumOS counterpart to Thorium. It is based on tip-o-tree, and contains the compiler optimizations of Thorium applied to the whole OS. It contains a variety of extra developer friendly packages, and trys to support as much hardware as possible via kernel configuration, graphics stack configuration, and USE flags.
ThoriumOS uses the Thorium Browser, which I also make for Linux, Windows, MacOS (x64 and M1), and other platforms like the Raspberry Pi > https://github.com/Alex313031/Thorium
Extra packages include iotop, iotools, sysstat, i2ctools, haveged, telnet, bridge-utils, lm-sensors, pydf, cpuid, htop, sl, custom wallpapers, screenfetch-dev, pak, and TrImLy: a fstrim and e4defrag automator script I made for ChromiumOS.
– NOTE: Please see PACKAGES.md for the full list of extra packages! TrImLy > https://github.com/Alex313031/TrImLy/ ScreenFetch > https://github.com/KittyKatt/screenFetch Pak > https://github.com/myfreeer/chrome-pak-customizer – Sceenfetch is like neofetch for ChromiumOS – Pak can be used to unpack the .pak files used in any Chromium browser. – Also added a script I made called memr to drop all caches, added handy aliases which can be found in the dot-bashrc file, and added good cmdline flags which can be found in the chrome_dev.conf file. – Inspired by and based off of ArnoldTheBat's builds which can be downloaded here > https://arnoldthebat.co.uk/wordpress/ – Also some code from FydeOS > https://github.com/FydeOS – Also some code from NayuOS > https://nayuos.nexedi.com/
Here is Arnold's source code which this project is based on > https://github.com/arnoldthebat/chromiumos - if you don't know how to work with these overlays, I invite you to learn, but one can just download the premade image in releases.
The Amnesic Incognito Live System (Tails) is a Debian 9 based live CD/USB with the goal of providing complete Internet anonymity for the user. The product ships with several Internet applications, including web browser, IRC client, mail client and instant messenger, all pre-configured with security in mind and with all traffic anonymised. To achieve this, Incognito uses the Tor network to make Internet traffic very hard to trace.
Priorities for the next years:
ADOPTION Improve installation instructions Give some love: Fix unsupported Wi-Fi cards. Explain better what Tails is and what makes it so awesome. Tails for blind users
RESISTANCE TO REMOTE EXPLOITATIONS: HTTPS only mirrors for protection Critical parts of Tails audited
COMMUNITY GROWTH, DIVERSITY, AND INCLUSION Create outreach especially to under-represented Recruit new workers and Lower technical requirements for them so we can get more people involved
APPLICATIONS AND FEATURES Screen locker. [DONE] Tails Server: run onion services fron tails! :-) Support GUI's to mount VeraCrypt volumes GUI for the Additional Packages persistent feature: Easily add software to Tails. Mobile msg applications: investigate if we could support Signal, Firechat etc. Provide a GUI for backups
SUSTAINABILITY OF CORE CODE Basing Tails on rolling snapshots of Debian Priority for core code than polishes Port complex shells to Python Robust GMT time snyc
USER RESEARCH Perform surveys. Find more people to describe our users Power our help desk with a tracker
FUNDING FROM PRIVATE PARTNERS Strenghten our relationships with existing ones. Contact more potential ones. Document better benefits for partners
INFRASTRUCTURE MIGRATIONS Update our infrastructure to: Have a better server infrastructure to handle our growing Self-host our website as boum.org won't be hosting anymore
ROBUST AUTOMATED TESTS Local Git repos Our own email server Notify devs on failure
Linux Mint is an elegant, easy to use, up to date and comfortable GNU/Linux desktop distribution. Linux Mint is an Ubuntu -based distribution ( so Debian based ) whose goal is to provide a more complete out-of-the-box experience by including browser plugins, media codecs, support for DVD playback, Java and other components. It also adds a custom desktop and menus, several unique configuration tools, and a web-based package installation interface. Linux Mint is compatible with Ubuntu software repositories.
Linux Mint was started as a fork of Ubuntu Linux, while still relying upon the Ubuntu repositories. There are various versions, all free of cost, but some include proprietary codecs, which can not be distributed without license restrictions in certain countries. Linux Mint is quickly supplanting Ubuntu as the world's most popular desktop Linux solution.
Some of the reasons for the success of Linux Mint are:
- It works out of the box, with full multimedia support and is extremely easy to use.
- It's both free of cost and open source.
- It's community-driven. Users are encouraged to send feedback to the project so that their ideas can be used to improve Linux Mint.
- Based on Debian and Ubuntu, it provides about 30,000 packages and one of the best software managers.
- It's safe and reliable. Thanks to a conservative approach to software updates, a unique Update Manager and the robustness of its Linux architecture, Linux Mint requires very little maintenance (no regressions, no antivirus, no anti-spyware...etc).
Minimizing anti-features Included patches must be very simple to minimize maintenance Becoming a "privacy" browser is out of scope, use Mull instead
These are not very good. Pale Moon and Waterfox are two of the most insecure browsers, Manjaro always forgets to renew their SSL and Linux Mint does not support Wayland, which is a huge security issue as Xorg does not implement GUI isolation. If I were you, I'd reconsider these choices.
Sources: https://manjarno.snorlax.sh/ https://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html https://seirdy.one/notes/2022/06/01/pale-moon/ https://madaidans-insecurities.github.io/firefox-chromium.html
I'm searching the open source and privacy focused ones! Open to suggestions!
Reply written
Just because something is open source doesn't mean it's secure or privacy-respecting. Browsers can be audited by monitoring the connections with Wireshark regardless of whether it's open source or closed source. It's impossible to have privacy without security which is why you should use secure browsers like Google Chrome and Microsoft Edge. For something open source, I'd consider replacing Bromite, Pale Moon, and Waterfox with Mulch, Thorium, and maybe Brave?
I'd keep Fedora and replace the other distributions with OpenSUSE, QubesOS, and Whonix. Arch is okay too but is for advanced users.
Source: https://seirdy.one/posts/2022/02/02/floss-security/
Reply written