Which Linux distro is best for protecting your privacy?

Stay anonymous with our guide to secretive distros

Anonymising distros

Among other things here at Linux Format we are also a bit clairvoyant. We decided that it was the right moment to look at 'anonymous' Linux distributions many weeks before mainstream media started discussing PRISM.

Of course, even if nothing like that existed, there would still be many good reasons to protect at least part of what you want or need to do online: the examples go from whistle-blowing to home banking or super-invasive advertising. In all these cases, proper configuration of (at least!) the tools you use for web surfing, email, instant messaging and file sharing is crucial.

Linux 'anonymous' distros are designed to help in just these kinds of situations. As a minimum, these systems are pre-configured to make it easier to surf the web without telling everybody in clear text where, or who, you really are.

We put 'anonymous' between quotes for a couple of reasons: first of all, successfully hiding one's identity online takes quite more attention and discipline than just installing the right software. In the second place, and sometimes the first, the eye that you may want to appear anonymous to is the computer you're using! Why risk leaking passwords (or worse) to trojans and keyloggers when you must temporarily use somebody else's machine? We hope this roundup will help you cope with all this stress.

How we tested...

In the next pages, you'll find five Linux distributions designed with anonymity and general privacy protection as their primary objectives. The first selection criterion was ease of use for beginners and being actively maintained. There are other similar distros out there, but some haven't been updated for a long time.

Next, we deliberately chose systems as diverse as possible, in order to give you an idea of the many faces of (Linux-based) secure computing. We've tested these distros as virtual machines or in live mode and we've also noted how they will cope with wired and wireless Internet connections. In all cases, the primary goals were to check how complete each system is, and how easy it is to start using the most privacy-sensitive applications in their default configurations.

Our selection

IprediaOS
Liberté
Privatix
Tails
Whonix

Architecture

What's in the box? What are the main features of each distribution?

Grab 1

As important as it is, careful selection and configuration of applications is not the initial task of a 'privacy first!' Linux developer. Before that, it's essential to define, and restrict as much as possible, how the system should interact with the hardware it runs on and the Internet.

Though not sufficient, an effective part of online anonymity is a distro that is created from scratch every single time you use it, and destroyed as soon as that session is over. This guarantees that no cookies or malware that you may get will be there to do more damage the next time you go online.

All but one of the distros reviewed here use this as their default approach: they are available as binary images that you may and should directly install on CD-ROM or (better) on USB keys.

Liberté ships with a Secure Boot-based trusted boot chain and the Hardened Gentoo kernel with all the GR security patches. Their function is to give each process and user only the absolute lowest privileges they need to work properly.

Liberté is also available as a virtualisation appliance (the OVA file on the website) ready to load inside VirtualBox. I2P is a P2P anonymizing network that, like Tor, provides encrypted communications. IprediaOS is built, on a Fedora foundation to use all the features of I2P.

Privatix and Tails are Debian spin-offs. They both have (like Liberté) utilities that clean the RAM at every shut-down and tools that make installation of persistent directories for your files on encrypted USB drives a snap.