Linux Privacy for Beginners?

Hi everyone!

I am in the market for a new notebook. I wanted to switch to Linux for a while and now made a choice to buy the Tuxedo Infinitybook Pro 14 (the only viable option for my daily tasks and living in Germany, not wanting to drown in tax and vat).
Tuxedo computers naturally come with pre-installed Ubuntu or a derivate like Kubuntu or Tuxedo OS.

I looked into all the distros evaluating different criteria like security, privacy and ease of use. The latter being really important to me, as I never used Linux before and come from MacOS. My favorite (second hand experience watching YouTube) GUI- and privacy-wise is fedora, which unfortunately is not naturally supported on tuxedo notebooks and I am not confident enough to go the extra mile and do some porting myself to get it running stable. For now I decided to keep the pre-installed TuxedoOS, which basically is Ubuntu with KDE, and learn the linux basics until I am confident to troubleshoot on my own.

Can you recommend any resources for hardening Ubuntu / dial in privacy settings / tweak the necessities?
Besides learning Linux my initial goal is to get a “safer-than-MacOS” and more private system.

Really looking forward to your recommendations!

2 Likes

Fedora should be working without any problems on a Tuxedo Notebook. Another interesting option for Linux notebook would be frame.work Notebook the 11th gen versions are still sold in germany and the 12th gen versions are on preorder. a 3rd Option could also be a Notebook from Slimbook (they are from Spain)

If a Notebook is made with linux support in mind all Distributions should work on them no problem as the Drivers are usually Open Source and already part of the kernel and the firmware usually then gets distributed by fwupd.org

With modern Linux Distributions when installing on supported hardware they just work out of the Box.

About privacy and Security: Linux is very privat. it does not sent any data somewhere without your consent. (exception: ubuntu has a telemetry thing that can be disabled)
you just need to be careful when installing closed source Programs on Linux as they can have telemetry, for example: I am using Discord and that tries to gather system data and what programs I run etc. But when using the Discord Flatpak or using it in a Browser window Discord is sandboxed and cant snoop around.

Security: Linux is as Secure or insecure as all modern PCs/Macs.
its the biggest weakness of all modern Desktop Operating Systems be it Windows, MacOSX or Linux: they dont have a robust MAC system with secure App Sandboxing and good Secure Hardware Element (Secure Boot is a joke)

you can increase your data security when the Notebook is off by using full discencryption, that will keep your data safe in case of theft.

About Grafical userinterfaces: The big two are KDE and GNOME.
KDE is more windows like while GNOME is more MacOS like. all Linux distributions usually come with the option to choose whichever Desktop Enviroment you want. They only differ when you choose the DE, either with different Installation images for the different DE, or you can choose during install or you just install the DE you like after you installed your system.

Linux Distributions that are Beginnerfriendly in no particular order they are all equally good:
Fedora (comes usually with GNOME, but also has a KDE version)
Pop_OS! (based on Ubuntu, uses GNOME, oyu can install KDE after install)
Linux Mint (based on Ubuntu, uses Cinnemon as DE, but you can install other DES :-))
Endevour OS (Arch based Distro, you can choose the DE during install)
Manjaro (Arch Based, different DEs have different install images, is a bit controversial as there where some drama and problems in the past, but its usually solid)

if you have more questions about linux feel free to ask them :slight_smile: I switched to Linux myself a little over 2 years ago now and learned a lot since then :slight_smile:

1 Like

I would recommend the Linux hardening guide by Techlore to get you started. @Aeon has good notes as well.

Regarding a distro to pick, I recommend Fedora for the most security and privacy, though major distros should be relatively comparable, especially if they’re backed by companies. Which is to say that Ubuntu is no slouch either.

On that note, if you want to stick with Ubuntu-based systems, check out Pop!_OS. Ubuntu based but with tons of polish and more of the macOS feeling you’re used to. The company that maintains Pop!_OS is System76, who also make Linux computers, so they have to make sure you have a smooth experience for the sake of their own products.

I could be wrong, but I think that Linux out of the box will be more private than macOS, or at least comparable, so you don’t have to stress out too much on getting that right, at least based on what I think your threat model is.

Lastly, congrats on Linux machine! I hope to buy one some day but can’t justify it yet.

Thank you all for the advice!

I installed fedora and managed to update everything and install some custom tuxedo software necessary tu use all the features. After a few hours of tweaking and gnome crashing and crashing (unfortunately many people get the same errors).
I am now back to Tuxedo OS, which comparably feels much smoother and more powerful (Maybe the drivers where not 100% dialed in with fedora)

Anyway I already had a good look at the recommended resources and will no go through one by one and build up my system again.

1 Like

You may want to consider sticking with Tuxedo OS because it’s their own distro and is probably tested for quality control on your hardware. Otherwise another Ubuntu-based distro is more likely to have better compatibility than Fedora I would think.

1 Like

Just a couple things to add here, flatpaks are great from both a security perspective because of the sandboxing but they are also great because of their ease of use.

You should enable a firewall, the simplest way would be to install gufw. It is a gui app and all you ever need to do is open it once and turn it on then you can forget about it.

You can also randomize your mac address with macchanger, upon installing it will ask if you want it to randomize on its own or if you want to do it manually. If you want to set and forget just let it do it automatically.

The Linux Hardening Guide that has already been mentioned is a great resource. Welcome to the world of Linux! If you have other questions feel free to ask. I’m sure a bunch of us here would be willing to help.

Thanks for the replies. I worked through most of the resources and the techlore Linux guide (still a lot of reading to do for the advanced stuff). I got hold of a copy of Michael Bazzels Extreme Privacy, so there is even more reading and tweaking.

I already installed flatpak versions for all the apps I use and removed the others. I use one of the recommended firewalls from the techlore guide.

Maybe it’s helpful for other Linux newbies: I am working my way through: linuxjourney com for a greater understanding of the system.

Don’t feel bad about pacing yourself. Using Linux is already a huge win for your privacy. As with many things in this area, it’s something that gets improved over time.