Recently I saw techlore’s video about how Fedora is one of the safest Operating system you can get out of the box ,so here I would suppose that we here are talking about the silver blue(Immutable one) edition of Fedora which is considered better in terms of security , then I went about searching for other “Immutable” operating systems which are said to be better in terms of security and then came across the fact that Chrome(and Chromium OS) are also “immutable” in that sense so I wanted a deeper analysis about why Fedora is Techlore’s choice why not something like chromium OS(The open source version of Chrome OS) or something like PrimeOS or BlissOS(Basically something android based or even not android based(NixOS maybe?))? and I found an article which talked about other “immutable” Operating Systems (here)
Now, I want to make clear that I do understand that having a read-only file system in not the only way to make an operating system “safe” & I also acknowledge that Fedora SIlverBlue/Kionite is one of the safest Linux distro present out there(But my problem with it is that it’s heavy and i’m broke so no high end systems) and when i searched about how to change Desktop Environment in Silverblue it was quite difficult plus you cannot do much on that system because of it’s nature(for eg. I was unable to even access root directory directly on that system) so I would still prefer to have a separate system for tinkering and developmental use cases(plus compartmentalisation is good) so you will use this system mostly for normal use-case(watching videos ,sending mails,etc.)
I would also like to add that on searching for “Safe Operating systems” ,you get BS results none of them is usable even for someone like me(and I am that guy in my friend group who wants communist cults to rule the world and hate google so you get the idea) and some of them are not even “secure”
So this through this post I will like to start a discussion/get suggestions/provide suggestion for techlore’s next video.

TLDR :- Why Henry says that Fedora is the best distro for privacy/security why not open source derivatives of Chrome OS or Other Linux based distro’s that have containerised approach.

Thanks in advanced for everyone’s inputs & suggestions.
Sorry I was not able to add links for some of my claims as new users are not allowed to add more than one link

I’ll let other people expand on why so you get other viewpoints, but just wanted to outline here the context of the video is specifically Linux distributions - so it’s one of the safest linux distributions you can get out of the box. Just want to make that distinction clear, since I would still personally opt for things like MacOS or ChromeOS over Fedora for security

Edit: Also I want to mention that this video is very simplified and kills a lot of nuance. This was intentional as it is meant to be an introduction into a series of Linux content we’re producing. Without getting super personal on all the stuff we do behind-the-scenes to plan/develop the content, let’s just say that each video of ours have different goals. The goal of this video wasn’t to be super technical, but just to outline basic things for people that we would later expand on. So I’m glad you’re getting that additional context elsewhere in the meantime!

Here: I have provided those links:
BS suggestions about secure Linux Distros
Henry’s video
btw Techlore recommends other operating system such as:
Debian(it’s just safe because it’s Linux but yeah i will not add any thing extra to it )
Arch(same for what i have to say for debian)
Fedora(it’s heavy)
MacOS(it’s safe but not open source)
QubesOS(it’s safe but not good for daily usage)

Okay this was really fast(I was not expecting this good response from the forum
keep it up dude:)…and what’s your opinion on other open source derivatives of chrome OS?
Should we expect to see a video on this topic soon?

EDIT: (Reply to the edit) actually I like this about techlore ,you guys talk about type of privacy a normal person wants ,I’ve seen many youtubers assuming that everyone is a spy working on a top secret project and giving bizarre suggestions.
So these non super technical videos help a lot in getting to know about that specific topic.

Honestly, your operating system is something that kinda depends on your threat model.
There are different kinds of threats that you might encounter (depending on who you are and what you do). However, I think it’s fair to say that for most people, the OS doesn’t matter as much as it seems (unless you mean something like telemetry or other massive data collection practices).

I think it is safe to assume that you should not care too much if your threat model does not include any attackers with a lot of time and resources (like APTs, organised crime groups etc.). In the post you described yourself as “broke” so, with all due respect, I think it’s safe to assume that those kind of aggressors will most likely not want to waste their resources to go for the average person that is not very wealthy. Someone who actually wants to access your data will most likely not want to compromise your operating system. It is much easier To scour some publicly available data breaches (to find your login credentials) or Impersonate someone you trust to exert some sensitive information from you. It’s much more likely that you might become a victim of credential stuffing, social engineering attack or something of that kind.

To answer your question, Immutable operating systems are a great improvement, but they are not perfect (and as you already experienced, not the most convenient) solution for everyone. In General, if you are not very tech-savvy, and you can’t afford a decent hardware, I would advise you to just use an operating system that works for your device at the first place (such as Zorin OS Lite or Peppermint OS) and focus on keeping your online accounts secure (by using 2FA, a password manager etc.). If you need to research something very sensitive, i would recommend you to simply use
tails (assuming that your device runs standard 64-bit x86 processor and
at least 2GB of RAM).

Disclaimer: I use Fedora and Chrome OS.

First, when Henry recommended Fedora as the best Linux distro for security and privacy on balance, I think he was talking about just the flagship release of Fedora Workstation. His video does a good job of covering why that is.

Second, immutability does add to the security of a system. For Fedora, there are the Silverblue (Gnome) and Kinoite (KDE) editions. There are other distros as well that accomplish this, such as NixOS, though I think they all do it slightly differently. I believe macOS also falls into this category in someway, but don’t quote me on that. And of course Chrome OS does as well.

Third, Chrome OS is definitely secure. I’ll highlight the difference between security vs privacy because of course if you’re trying to avoid tracking by Google, then you should not use an OS built by Google with only the Chrome browser as your main way of doing anything. Glad to see Henry mention this again because the security aspect of Chrome OS gets dogged on big time in the privacy community and I think it’s unwarranted depending on your threat model.

Fourth, Chromium OS is not readily available to use. If you find a way to download a Chromium OS iso, please let me know because I looked for that for months. The closest thing that we had was CloudReady by a company called Neverware. It was basically just Chromium OS and the company offered it to businesses as a way of giving new life to otherwise defunct fleets of computers. Neverware was bought by Google and CloudReady became Chrome OS Flex. What does that mean? It means that the only potentially ‘degoogled’ derivative of Chrome OS got googled. CloudReady now has the proprietary/tracking bits of Chrome OS.

Fifth, if you want immutability, customization will probably be limited to what the OS itself allows you to do. I’m not surprised that you have a hard time changing anything about Silverblue. What may be better for you is to try Kinoite and see if the out-of-the-box customization of KDE can give you the desktop experience you’re looking for. Immutability inherently means it’s hard if not impossible to affect the system itself.

So let’s put a bow on this, lol.

Assuming you want immutability no matter what, Fedora and Linux will be the most private, followed by macOS (I think), and then Chrome OS. From a security standpoint, they’re all close enough for me that I personally couldn’t confidently tell you one way or another which should be more secure. If you don’t have a very advanced threat level, you’re probably fine with any of them.

If you don’t have a lot of money to throw at this, Fedora is literally free and you can try different spins to see how they work for you. Same is true of Chrome OS Flex, the version of Chrome OS you can install on non-chromebook hardware, though you have to look into whether your computer is supported. Even if you need to buy a computer, you may be able to get an older Windows computer and install Linux on it or buy a chromebook. I bought mine for $200 and get 12 hours of battery life and pretty smooth performance for common computer tasks.

Last caveat: of course you have to understand what your use of a computer is and how it will fit into the ecosystem of each solution. They each have their limitations, but that’s a topic for another thread.

The problem with this topic is that there is no correct answer to this topic. The best operating system depends on your threat model and what you need your computer to do.

Some people need a glorified web browser (Chromium/Chrome OS) while others need to edit videos and host servers. (Linux/Mac/Windows)

I personally think that Parrot OS* and Chromium are the best OSs available for different people with different needs.
__
Speaking from my own experience, the average common user just needs something that works. My family is too lazy/doesn’t care to learn about the true greatness their tech can provide. I have to help them with simple tasks that you could easily google or tinker with to figure out.

Whatever OS you choose, just try to avoid Windows and Mac, and you are probably fine. Whatever works, works.

Thanks for reading,

jas_framework

*You could swap Parrot for your favorite Linux distro

Not a direct response, but here is my approximate copypasta regarding the average beginner’s choice of Linux distro:

Consider Linux Mint, Pop!_OS, Fedora Workstation and Spins, Fedora Silverblue, and Fedora Kinoite. Mint and Pop!_OS are pretty much the easiest distros to use and daily-drive. Both of them are based on Ubuntu, so almost all guides/documentation for Ubuntu will apply to Mint and Pop!_OS too. Fedora Workstation and Spins offer slightly better security at the cost of some of the nice-to-have’s in Mint and Pop!_OS. Fedora Silverblue and Kinoite use an immutable system model where you rely on Flatpak apps almost exclusively — this in theory means better security and reliability.

By Chrome/ChromiumOS I also wanted to bring everyone’s attention towards operating systems like these and these
I would also not like to use Chrome OS because of Google

now maybe I am being too eager to find mistakes but not all Linux distro’s are NOT immutable
EDIT: Mistakes

Respectfully, these lists are both jokes/SEO spam. Every single OS (and Android app… ) on the first list is abandonware except GalliumOS. Two of those abandoned projects are also listed on the second list, even though they were abandoned long before the second list was published. Void Linux is an absolutely insane distro to portray as an ‘alternative to Chrome OS’. Not a single one of the projects listed appears to particularly care about security (the focus of this thread), with the sole exception of the abandoned NayuOS.

Even Chromium OS is quite lacking compared to proprietary Chrome OS in security features, for example verified boot is not implemented. Not even Chrome OS Flex can hope to match the security of a stock Chromebook due to inherent weaknesses in x86 BIOS/UEFI design and implementation (Chromebooks run custom firmware derived from Coreboot).

As others have outlined, it really depends and is more nuanced than that - particularly MacOS which delivers a generally strong security option for users. (Arguably better than Fedora and most other Linux distros) Frankly, we can make justifications for any OS depending on the use-case & threat model of the individual. That’s the fun thing about this

Correct, not all Linux distros are immutable. What I meant was that if you’re considering immutable OSes, the Linux ones are the most private, and so on.

Just for clarity’s sake, on a chromebook you can also use Android apps which run in their own container and VM as well as Linux apps through the Crostini Linux environment, and it also runs in a container and VM. They do a lot of compartmentalization in there, lol.

This is true. I should have pointed out in my post that I try to balance both security and privacy. MacOS appears to provide good security but we don’t know what we’re paying for that security. This can be said for many big tech products.

It seems silly to me to pick an OS that may not respect your privacy when there are alternatives that can accomplish what you want them to do while maintaining your privacy. In some sense, this suggests that Linux/Chromium are perhaps even superior to MacOS besides the fact you lose Apple’s ecosystem.

Linux is by no means perfect security-wise but I think it makes up by having no telemetry. Depending on your threat model, privacy is usually more important than physical security as no one is trying to steal your tech to pull data off of them.
__
Just my two cents,

jas_framework

I use Chrome OS and Android (Samsung).

I recently started exploring Fedora after years of Ubuntu. I like it a lot. It has progressed far beyond the dumb yum package management of yesteryear. And far less package management breakage than apt thus far.