btw .... should one enable firstparty isolate on firefox or not?
I seem to have read that since firefox 77 if not mistaken, it should be disable and enable instead "dynamic first party isolate".
Anyone ideas ?
@alexjp sorry, I don't know the answer to your last question and was hoping that someone with knowledge on the subject would've chimed in by now.
I don't know if this calls for its own separate thread, probably not but if so I suppose I can tackle that when we cross that bridge.
The subject I wanted to get into is security-focused operating systems. Most of these are of the type that you write to/boot into on a separate storage medium, most likely a USB flash drive. I really only know 3 well, and wanted to survey the community (i.e., you guys) to learn if there are any additional security-oriented OS's that I'm missing, don't know about, etc.
The 3 that I'm familiar with are:
-
Tails - the granddaddy of the security-focused OS. Arguably the best and all one should need.
-
Whonix - I'm least familiar with this one but know that it must have gained its reputation for good reason.
-
Kodachi - while this one is lesser known than Whonix, personally I am more familiar with it and some might argue that it does itself a disservice with all its bells and whistles but they'd be hard pressed to argue, with me anyway, that it doesn't look the part and/or that it's way nicer than Tails to look at, anyhow. I actually happened across an article at Tech Republic on Kodachi, which prompted this post.
-
Honorable mention goes to Qubes OS. I feel like this one is a little bit different from the others but still deserves mentioning. I'm not super familiar with it, I've only booted into it a few times and found it to be not very user friendly but I really like the concept of sandboxing everything.
So, what am I missing? Even if I'm not missing any to your knowledge, what are your thoughts and/or personal experience, etc. with those mentioned? Your favorite(s)?
Hopefully this post doesn't fall under the umbrella of not welcome conversation for the simple fact that it's discussing OS's other than Garuda Linux. I think anyone would agree, though, that while Garuda is our favorite distro and is my daily driver, for the purposes of this post, i.e., identifying privacy focused OS's, Garuda doesn't fit the bill.
PS - I'm aware of the Blackarch flavor of Garuda and quite like it. It's on my Ventoy powered USB drive with about a dozen other OS's that I have reason to boot into on occasion and I even daily drove it for a little while, however while great for pen-testing, I don't view it as being nearly as hardened as the others mentioned and I personally view it as serving a different purpose. If I'm incorrect in this assumption, please don't hesitate to let me know and show me the light 
1 Like
I use systemd-boot now with private keys and secure boot enabled with UEFI locked down. Can't even boot a USB stick without dropping protection.
Been happy for the last few years with my protection to the Internet and so on, only weak spot was the front end until recently.
2 Likes