Using all the privacy and security-oriented apps and services won’t help much if you are stuck using an operating system that spies on you. All the popular default operating systems, be it Windows 10, Android, iOS or macOS collect heaps of personal data.
Apple, Google, and Microsoft are allegedly a part of PRISM. Their proprietary, closed source operating systems should not be trusted to safeguard your personal information from adversaries.
Desktop Operating Systems
Alright, enough intro, let’s dig in to find you a secure and open source operating system that doesn’t spy on you, and has tons of features for your personal and professional needs.
Most of these desktop operating systems are Linux-based open source distros, apart from Qubes OS which uses Xen.
Ubuntu is a free and open source Linux distribution, developed by Canonical Ltd and a community of other developers. It has a clean and intuitive interface, is incredibly reliable, and can run on desktops, servers, and IoT devices, with ease.
Ubuntu is based on Debian, and uses GNOME as the default desktop environment, you are free to use other desktop environments like Kubuntu, Lubuntu, Xubuntu, Ubuntu Budgie, and many others.
The default Ubuntu installation comes with all the basic software you need to get started like LibreOffice, Firefox, Thunderbird, Transmission. You can easily install many other software packages from the built-in Ubuntu Software as well as from any of APT-based package management tools.
Ubuntu aims to be secure by default, allowing users to run with low privilege, most of the network ports are closed by default to prevent hacking. It doesn’t need lots of resources, and a new version is released every six months, with long-term support (LTS) versions releasing every two years.
Fedora is a free and open source Linux distribution developed by the community-supported Fedora Project, which is sponsored by Red Hat. Fedora Workstation is a secure, reliable, and user-friendly edition developed for desktops and laptops.
There are four other versions apart from Fedora Workstation: Server, CoreOS, Silverblue, and IoT that are designed for specific users. GNOME is the default desktop environment, you can choose other desktop environments.
Fedora, just like Ubuntu comes with a wide range of softwares like LibreOffice and Firefox preinstalled. Fedora has a reputation for focussing on innovation, integrating new technologies early on, and uses Security-Enhanced Linux by default.
Qubes OS is a free and open-source, security-oriented operating system that leverages Xen-based virtualization to allow for the creation and management of isolated compartments called qubes.
These qubes are implemented as virtual machines that can be used to create user environments that can be based on Fedora, Debian, Whonix, or even Windows. Strong isolation, along with the Template System and the option to use multiple operating systems makes Qubes OS a very compelling OS, especially from security and privacy perspective.
The Security by Isolation approach of Qubes OS has publicly praised by security and privacy experts like Edward Snowden, Daniel J. Bernstein, Micah Lee, Vitalik Buterin, and many others.
Alpine Linux is a free and open source light-weight, security-oriented Linux distribution, based on musl and BusyBox. It is very minimal distribution designed to be secure and incredibly resource efficient.
Alpine Linux can easily be run from RAM, and merge configuration files into the system on boot using Alpine local backup. It uses its own package manager called apk, the OpenRC init system, and script driven set-ups.
Proactive security features like compiling all userland binaries as Position Independent Executables (PIE) with stack smashing protection makes Alpine Linux one of the simplest and secure operating system that manages to be resource-efficient.
Arch Linux is a free and open source Linux distribution that adheres to five principles: Simplicity, Modernity, Pragmatism, User Centrality, and Versatility. It is very lightweight operating system, that ships software as released by the original developer, with minimal distribution-specific changes.
Arch Linux uses a specifically written package manager called Pacman to install, remove and update software packages. It thrives to be user-centric, all users are encouraged to participate and contribute to the distribution.
Debian also known as Debian GNU/Linux is another free and open source unix-like operating system and a Linux distribution, developed by the community-supported Debian Project, which was established by Ian Murdock.
It is one of the oldest operating system based on Linux kernel, and can be used with many desktop environments like XFCE, GNOME, KDE, MATE, Cinnamon, LXDE, and LXQT. Debian comes with lots of popular softwares like LibreOffice, Firefox, VLC, GIMP, and much more to get you started.
NixOS is a free and open source Linux distribution, built on top of Nix package manager which has a unique approach to package and configuration management that treats packages like purely functional programming languages such as Haskell.
The kernel, applications, system packages, configuration files and so on — all are built on top of Nix package manager, making upgrades reliable and atomic along with many other advantages.
ParrotOS is a free and open source Linux distribution based on Debian, designed with privacy, security and development in mind. It includes a full portable laboratory for all kinds of cybersecurity operations, from pentesting to digital forensics and reverse engineering,
Parrot OS seems like a great alternative to Kali Linux for developers and security professionals alike. It comes with great features like AnonSurf, is lightweight, and has different versions suitable for home as well as professional users.
Tor-Focussed Desktop OS
These Linux distributions are designed to direct all of your network traffic through Tor, providing additional layer of anonymity, privacy and security.
Tails or The Amnesic incognito Live System is a free and open source, live operating system, based on Debian that aims to protect against surveillance and censorship, and preserving your privacy and anonymity.
Tails can boot on any computer from a DVD, USB stick, or a SD card, all incoming and outgoing connections are forced to go through Tor, and any non-anonymous connections are blocked; leaving no digital footprint on the computer.
Tails comes with GNOME, Tor Browser, OnionShare, Thunderbird and many other regular softwares in the desktop edition like LibreOffice, MAT, KeePassXC, FFmpeg, Gimp to get you started on your privacy journey.
It has built-in support for both LUKS and VeraCrypt, and other state-of-the-art cryptographic tools to encrypt files, emails, and instant messages. Tails is recommended by Edward Snowden, Electronic Frontier Foundation, Riseup, Access Now, and has even received financial support from The Tor Project in the beginnings.
Whonix, formerly known as TorBOX is another free and open source, debian-based operating system that aims to provide privacy, security, and anonymity on the internet.
Whonix consists of two virtual machines; a “Workstation” and a Tor “Gateway”, running Debian, all communication are forced through the Tor network. You can run Whonix inside Windows, macOS, Linux using VirtualBox or Linux KVM, all of your activity resides in a virtual machine, and all of your internet traffic through the Tor Network.
Whonix is based on Kicksecure, a security-hardened Linus distro, and comes with lots of advanced security features like Keystroke Anonymization, AppArmor, Stream Isolation, MAT, Live Mode, Console Lockdown, Entropy enhancements, etc to keep your data secure, and you anonymous and private.
You can run it easily with Qubes OS, to add another layer of security, Whonix has glowing recommendations from Edward Snowden, The Intercept, The Guardian, WIRED, and many other privacy and security folks.
Mobile Operating Systems
Let’s look at some privacy respecting open source mobile operating systems that you can use on your phones to get better privacy and security.
All the below mentioned Operating Systems are Android-based, also known as AOSP or Android Open Source Program.
GrapheneOS, previously known as Android Hardening, is an Android-based, free and open source mobile operating system, built with security and privacy in mind.
GrapheneOS has a hardened kernel, libc, compiler toolchain, and an in-house implementation of malloc providing cutting-edge security, along with many other low-level improvements like substantial improvements on sandboxing, exploit mitigations and the permission model.
GrapheneOS is completely Google-free, it doesn’t come with any Google Play Services or any other implementation of Google services like microG. Apps designed to run on Android rather than only Android with bundled Google apps and services already work on GrapheneOS.
GrapheneOS is regularly updated, is light-weight, and currently supports only Google Pixel product line, and has got recommendations from Edward Snowden, and many other privacy and security folks.
CalyxOS is a free and open source Android-based operating system, by The Calyx Institute, that aims to be secure and private by default by including a number of good choices for default apps.
CalyxOS supports Verified Boot to prevent tampering with your phone’s OS, and comes with lots of great free and open source apps like Signal, Tor, DuckDuckGo, K-9 Mail, built-in VPN, U2F support among others that make your phone private and secure by default.
CalyxOS strips Google’s spyware and tracking, uses F-droid and microG to ket you install and update apps. You can even run Google’s proprietary services like Google Maps, thanks to microG without giving Google access to your phone.
It gets regular automatic updates, currently supports Google Pixel devices and Xiaomi Mi A2, seems like a better alternative if you still want to use Google apps and services out of the box without compromising your privacy.
LineageOS, the sucessor of CyanogenMod is a popular Android-based free and open source operating system, that is available for a wide range of devices from phones, tablets, and even set-top boxes.
LineageOS focuses on system control and customization, device longevity, privacy and security. It comes with lots of customization features, pushing for user more personalization and preference.
LineageOS comes with some great privacy and security features like PIN scramble which scrambles the layout of PIN lock screen, Protected apps which lets you hide specific apps behind a secure lock, Privacy guard which lets you fine-tune what permissions are granted to each application, among others.
It comes with all the apps you need to get started, gets regular updates, and is available on a wide range of devices, making it a perfect fit for people who want more customization options and don’t have Pixel devices.
microG isn’t an operating system like the ones mentioned above, but a free and open source implementation of Google’s proprietary libraries, allowing you to use Apps that require Google Play Services, without giving up your privacy.
microG allows Android apps to access APIs that are provided by Google Play Services, including the ones that are associated with Google Play, Google Maps, etc, it doesn’t track user activity, and allows you to selectively enable or disable specific API features.
microG also maintains a fork of LineageOS that comes with microG, called “LineageOS for microG”, allowing you to get access to Google Play Services on you LineageOS phone.
Open Source Router Firmware
Here are some free and open source Router Firmwares that you can use to get better reliability, and features.
OpenWRT or Open Wireless Router is a free and open source embedded operating system, based on Linux, providing you with fully writable file system and package management, designed to route internet traffic.
The writable root file system of OpenWRT allows you to modify any file and easily install additional software, it provides exhaustive possibilities to configure common network-related features like IPv4, IPv6, DNS, DHCP, Routing, Firewall, NAT, Port-forwarding and WPA.
pfSense is another free and open source firewall/router software based on FreeBSD, with a custom kernel, designed with security in mind.
pfSense is known for its reliability and offering features often only found in expensive commercial firewalls, it can be easily configured through a web-based interface, and requires no knowledge of the underlying FreeBSD system to manage.
pfSense is installed on a computer ot make a dedicated firewall/router for a network, and is commonly deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server, and as a VPN endpoint.
LibreCMC is an open source GNU/Linux-libre distribution, designed for computers with minimal resources such as Ben Nanonote, ath9k-based Wi-Fi routers, and other hardware with emphasis on free software.
LibreCMC aims to give its uses freedom and control over the software that runs on their hardware, while being compliant with the GNU Free System Distribution Guidelines (GNU FSDG).
Private Operating System
That wraps up this post on private operating systems that you can use on your computers, mobile phones, and your routers. I would recommend starting your privacy-respecting open source journey with Ubuntu and Tails for your computer, GrapheneOS or LinegeOS for your phones, and pfSense for your routers, although you won’t be wrong by choosing any of the other options mentioned above.
That’s all Folks!
I will be updating this page frequently with more encryption tools, and information. You should check out Secure Web Browsers to browse the web a bit more privately and securely.
Do let me know of any feedback, tips, or suggestions based on operating system you are using, feel free to drop a comment below!