Home / News / I tried 4 privacy oriented operating systems and this was the best choice

I tried 4 privacy oriented operating systems and this was the best choice

108
Default Tails browser

As online privacy becomes an increasingly important issue, the demand for privacy-focused operating systems is growing. I looked at the most popular privacy-focused OSes: Tails, Qubes OS, Whonix, and PureOS. Each has its own unique way of increasing privacy and security, along with quirks related to installation and use.



1 Tails OS

Tails (The Amnesic Incognito Live System) is a live operating system designed for anonymity and privacy. It routes all internet traffic through the Tor network and ensures that your browsing activity cannot be traced. One of the key features is its amnesic feature, which leaves no traces on the computer you are using once you turn it off.

Tails OS is not designed to run from a computer’s hard drive. Much of its amnesiac functionality relies on booting Tails from a USB drive, which you can easily do using the supplied Tails ISO and the ISO-to-USB tool. Since Tails is supposed to be used by people in immediate danger, such as whistleblowers, journalists, and activists, using a USB drive makes a lot of sense. But unlike other live bootable OS on USB, Tails ensures anonymity:


  • Tor Enforced Network: Tails is preconfigured to use the Tor network for all network connections, protecting your IP address and browsing activity.
  • No Trace/Amnesic: Live booting from USB and not saving any data to the host computer. This allows users the flexibility to use any computer they might borrow or rent, leaving no traces and further anonymizing their identity.
  • Pre-configured for privacy: Tails comes with pre-installed privacy tools and settings such as Tor Browser for web surfing, KeePassX for password management and Electrum for cryptocurrency transactions.

That said, Tails is great for short-term use, especially when you need strong anonymity on shared or public computers. However, the lack of endurance and slower performance may not be ideal for everyday computing.


2 OS Qubes

Qubes OS takes a different approach and focuses on security through separation. It isolates different tasks into separate virtual machines (VMs) or cubes. When one die is compromised, the others remain intact. This structure makes it highly effective in preventing the spread of malware on your system.

Unlike tails, which rely on physical media for isolation, Qubes uses virtualization to enforce security. Qubes ensures that all virtualization is secure by running directly on top of the hardware as a Type 1 hypervisor instead of a Type 2 hypervisor that runs on top of the host operating system.

“”>

Qubes isolating applications and services
Qubes

Of course, this also means that you can’t effectively run Qubes on a Type 2 hypervisor like VirtualBox and VMware. So you’ll have to dedicate an entire machine to using Qubes, which can be a problem for people who don’t have a spare computer.


But if you can spare a computer for Qubes, you get a high level of security through:

  • Isolated environment: Each application runs on its own virtual machine, so a malware-infected web browser won’t affect your document editor, email client, or any other application.
  • Device isolation: You can associate hardware, such as USB devices, with specific virtual machines to add another layer of security.
  • Disposable VM: You can run disposable VMs that are destroyed after use, ensuring nothing is left behind.

Qubes is ideal for advanced users and professionals who prioritize security. Its virtualization-based approach offers robust protection against targeted attacks, but can be cumbersome for less technical users.

3 Whonix

Whonix default web browser


Whonix works similarly to Tails, focusing on anonymity through the Tor network, but with a twist: it runs in a virtualized environment just like Qubes. Whonix consists of two virtual machines: a gateway that handles Tor connections and a workstation where you perform your activities. This setup makes it much harder for malware or workstation leaks to reveal your true identity.

What makes Whonix a great security-focused operating system is:

  • Two-layer anonymity: Whonix Gateway redirects all traffic through the Tor network, while Whonix Workstation isolates your system from the host OS.
  • Convenience factor: Both Whonix Gateway and Workstation consume little computing resources and can run on free Type 2 hypervisors such as VirtualBox. There’s no need to dedicate an entire computer or use a live bootable USB to use a privacy-focused operating system.


Like Tails and Qubes, Whonix excels in cases where strong anonymity is required. However, its use of a Type 2 hypervisor makes Whonix less of an isolated OS compared to Qubes and not as amnesiac as Tails.

4 PureOS

Pre-installed PureOS apps

Purism’s PureOS offers a balance between privacy and usability. Unlike the other operating systems mentioned above, PureOS is designed for everyday use and focuses on privacy without sacrificing convenience. It is based on Debian Linux and comes pre-installed on Purism Librem laptops and phones, but you can install it on other hardware as well. PureOS stands out as a great privacy-focused operating system with the following:


  • User friendly: PureOS offers a more familiar and refined desktop experience than other privacy-focused distributions.
  • Personal data protection: It uses privacy-focused tools like the DuckDuckGo search engine and LibreOffice to increase productivity while protecting users from data collection services.
  • FOSS philosophy: PureOS is fully open-source and adheres to strict free software principles. This level of transparency allows users to inspect its source code and ensure that no vulnerabilities or backdoors have been added.
  • Platform Convergence: PureOS is designed to work seamlessly across multiple platforms such as desktops, laptops, tablets, and smartphones.

PureOS avoids data collection by using free, open-source software and defaulting to privacy-friendly apps like Firefox-based PureBrowser and DuckDuckGo for search. However, it doesn’t force all network traffic through Tor like Tails or Whonix (which are specifically designed to use Tor as a built-in privacy layer). Instead, PureOS prioritizes transparency, user control, and privacy through open software rather than ensuring anonymity through strict rules.


5 The best operating system focused on privacy

Tails, Qubes, Whonix, and PureOS are great privacy-focused operating systems. Each has its strengths and weaknesses, its place, and will be useful for different types of users. So there is no clear winner as to which OS is the best overall, but when it comes to specific use cases, one of these OS will be better than the others.

  • Qubes is the most secure operating system of the four. Its use of cubes/VMs for each application, service and background process ensures that exploits are isolated within the cube. The downside is that it will require installation on a dedicated machine with a recommended system requirement of a 64-bit Intel VT-x processor with EPT, 16GB of RAM, and 128GB of storage.
  • Tails provides the best anonymity with a live bootable USB without persistence. This leaves no traces and can be used on any computer you can get your hands on. However, most people should probably skip this OS as a daily driver.
  • Whonix is ​​an excellent choice if you are familiar with using virtual machines such as VirtualBox or VMware. Using Tor for every network connection and isolation with a Workstation VM should be enough for most people to increase privacy and security.
  • PureOS would be a perfect distro for Linux users and people using Librem devices. It balances privacy and usability for general computing while avoiding invasive data collection.


Personally, I find that running Whonix as a VM is the best choice for Windows users like me, and probably most people using Windows and macOS. Most people simply don’t need the level of isolation that Qubes provides, or the level of discomfort of using an amnesiac OS like Tails. Of course, if I were a Linux user, I’d go with PureOS.

Comments

About cotton bureau brand icon.