Are you looking for the safest version of Linux? The best for your tasks?
Ask yourself why do you seek a Linux operating system with high performance in terms of security and test one of those Linux OS proposed in the link above.
I think they are the best Linux distributions today …. or does anyone have any better suggestion? If so, please write a comment below! Thank you.
If you use TAILS you are certainly interested to better know HEADS because Heads isn’t simply another Linux distribution, it merges physical hardening of particular hardware platforms and flash protection attributes with a Linux boot loader in ROM as well as custom Coreboot firmware.
The key factor in Heads is represented by its steady monitoring of the boot process that allows detecting if the firmware has been changed by malware.
If this first check certifies that all is unchanged, heads uses the TPM as a hardware key to decrypt the hard disk.
The certified integrity checking of the root filesystem is really effective against exploits but it doesn’t secure the system against each possible attack but it is able to effectively divert many types of attacks against the boot process and physical equipment that have usually been ignored in conventional setups, hopefully increasing the issue beyond what most attackers are willing to spend.
“…But pseudocides are rarer in recent times. “Vanishing” oneself is more difficult; the world is simply too small a place now, connected as it is by social media and the surveillance it entails….”
“…Let’s say you are hiding in Japan, and a tourist takes a photo where you’re in the background,” he told me. “The photo is uploaded to social media and a week later, a cop uploads your photo into a facial recognition site like TinEye [a reverse-image search engine]. Boom—you’re busted, because TinEye will find your photo online…”
Also if you use OpenDNS to improve your standard of privacy, you are not protected by “last mile” dangers but you can boost your security installing DNScrypt on your digital device. DNScrypt “works by encrypting all DNS traffic between the user and OpenDNS, preventing any spying, spoofing or man-in-the-middle attacks”.
DNScrypt “is a protocol that authenticates communications between a DNS client and a DNS resolver” and it “is not a replacement for a VPN, as it only authenticates DNS traffic, and doesn’t prevent “DNS leaks”, or third-party DNS resolvers from logging your activity”.
For this reason you have to be conscious that DNScrpt is just a -very good- improvement of your privacy but not the definitive solution to all your privacy concerns.
DNScrypt is so versatile that you can install it on every kind of device you prefer. In fact it is possible to download DNScrypt for servers, IOS, OSX, Android, Windows and Linux computers (DNScrypt-proxy version). Obviously the installation and setup will vary a little depending the OS you installed on your device.
Here we are talking about DNScrypt installation on Ubuntu.
For this purpose I suggest to use the Terminal that allows you to install DNScrypt i just 3 steps:
sudo add-apt-repository ppa:anton+/dnscrypt
sudo apt-get update
sudo apt-get install dnscrypt-proxy
Last but not least, you need to interface the Internet traffic of your computer through the DNScrypt-proxy. For this reason you have to Edit your Network Configuration and add the address 127.0.0.2 to the “DNS Servers” line as for the below screenshot:
Now you can start DNScrypt just typing:
sudo dnscrypt-proxy -R opendns -a 127.0.0.2:53 -u okturtles
Where, in my specific case, okturtles is the name of the remote DNS resolver I decided to use. I chose that specific risolver from the list I found into into my computer after DNScrypt-proxy installation:
As usual in similar situations, you may want to spend another couple of minutes to configure your computer to start DNScrypt at the computer boot. Open the Session and Startup manager through the desktop Dash and Add this specific command to the Application Autostart menu:
sudo dnscrypt-proxy -R opendns -a 127.0.0.2:53 -u dnscrypt
If you need to share a confidential file to one of your colleague and you have not enough time to manually encrypt the file before uploading it to a you may consider to use securesha.re.
This online service let you to share a file through its online service encrypting it before it is uploaded to the securesha.re servers.
DevStash.io uses a 128-bit client-side AES encryption through a SSL protocol. This website automatically offers a 40 charaters long, randomly generated password that can be changed by user if he/she prefers to use its own passphrase.
Moreover securesha.re keep the file reachable in a long, random URL to decrease that files could be discovered through a brute force search.
Last but not least, this website let you delete the uploaded file after a pre-defined amount of time or/and after a pre-defined number of views. The default configuration allows just one view and an automatic deleting after seven days but the views can be extended till 10 and the amount of days reduced to just 1 day.
Personally I normally prefer to encrypt files by myself before sharing them online but I will keep securesha.re in mind in the case I need to share a file and I have not my laptop with me.