So I’ve been looking for a good linux distro that is a turnkey alternative which has privacy and security in mind. Of course there are other more secure and private distros out there like Tails/Qubes/Whonix, but for the average everyday joe that needs a daily driver OS… I wanted something i could recommend that was a little easier to install, setup, and use.
I stumbled upon PureOS after a deep dive in research. It sounded great as it was recommended by the Free Software Foundation and there a little to none distros listed there that are all full free distros.
Unfortunatly upon looking into the state of the OS after a clean install onto a compatible laptop. The system is OLD. Uses an old generation GNOME desktop environment, running off the older debian 11, vs 12, and has quite a few bugs with its software manager for managing system and software updates (it couldn’t pull from it’s own repos). Not to mention even going through CLI, I had to find an install a lot of drivers that even base Debian 11 stable were able to install on OS install without issues. So I had to find wireless drivers and install through the CLI.
With it being this outdated… should I just wait to really deep dive into this system? I see that Purism sells laptops and tablets with this OS on it, but its OLD… how secure can it be with it being close to the tail end of the usual LTS release schedules and using that much outdated software within?
Is it really as private and secure as they claim now? Is this also the version of the OS running on the phones? I was thinking of getting one, but seems like it needs some time…
I’m using version 10.3 which I believe is byzantium.
PureOS is based on Debian, an older version (10). Current version is Byzantium. It has been somewhat neglected for the last couple of years. Next, Crimson, is in the works but will take months at this rate. You can find several threads on this forum about it.
PureOS is not what I’d call especially secure linux (anything in the category you listed). I think it’s at par with most of them (which is more secure and private than the consumer level alternatives) - your usecases, own cyberhygiene and risk profile matter here. Until it gets too old. PureOS is intended for Purism devices and avoids third party proprietary software, which impacts on what is available and supported (partly why it’s not cutting edge new). For security, and if you’re not using Purism devices, you can do better for now (and come back if/when things improve).
The main claim to fame for PureOS is fully libre software, which does make things more auditable. They do lag behind mainline Debian a bit to add their customizations, and do still receive security updates. Flatpaks can be used to bridge the app age gap. You can achieve similar with only libre repos of Debian, since Purism upstreams all their code.
Besides that, Quebes and Tails would be good contenders depending on your skill and concerns, as they require more considerations to use. Arch is good if you want to dive in to knowing every process that runs on your machine.
Thank you, this is about what I gathered while exploring the OS itself once I installed it. I myself use a combination of the others, but my friends and family are definitely not in the same experience category. I want to recommend something for them that would be easy for them to install and use. So far that has been LMDE6.
I’m kinda excited to see where PureOS (crimson) goes. I would like to move from a de-googled phone to a linux phone that has the convergence that is marketed right now. I just feel like the hardware and software need to catch up.
I did try Pop!_OS for a while on another machine, but came back to Debian. If you intend to use Tails at any stage then familiarity with Debian would help a bit.
The hardware/software definitely needs to catch up, but it sounds like you have what it takes to de-google your phone.
I can’t recommend it (yet) to my friends and family, but I’ve been using PinePhone, then Librem 5 as daily drivers. The modem on the PP died a week before my L5 arrived in the mail, so the timing was right. That makes for almost 5 years of Phone Freedom.
It’s not without friction points, but it feels good. The hardware/software will catch up… just a matter of time.
Yeah, I’ve tried Pop!_OS as well. Was kinda bloated for my taste. I like the aesthetic that PureOS offers and it’s simplicity, but again it’s just old. At this point I’m probably just better off with a clean install of Debian 12 with the tools selected by PureOS installed afterwards.
Yeah I’m currently using the Pixel with Graphene, but in reality with all the clientside AI and almost ALL my friends and family not really in the same privacy mindset… it kinda feel at a loss that I might as well just not inconvience myself and use a normal phone with basic opsec practices vs going “all out”
I like PureOS a lot so far, would have gotten started sooner if I hadn’t had to wait years to get the phone. This thing is a blast.
I did see a guy named Brax on rumble talking about how the OS of the phone doesn’t matter unless both phones are End to End encrypted due to clientside sharing from Apple and Microsoft a few years ago. They just read the other persons screen before the encryption, now the three letter people read all of everyone’s texts he claims.
In this case I recommend PureOS Byzantium - even if it is kinda old, it’s stable for daily driving stuff. Crimson will come and bring things to the right spot. Dawn will follow. And I think Dawn will take less time than Crimson (but who knows).
Alternatively you could also use Mobian (pur Debian plus mobile aspects). But some systems may do not work as expected. I know people daily driving it, but I also know people complaining about calls and stuff that do not work without any issue. The gain would be a completely up-to-date software stack (except some Librem 5 related things - the reason I recommend PureOS).
I also run a Pixel with GOS. And I am the only one in my family/friend/peer group that does so (ie I’m the “weird” one ;-). I have a very stripped-down set-up, with very little that is not strictly necessary on the phone. In Australia, we don’t have nearly the latitude of choice around privacy-friendly options that exist in the US, so it is far from the ideal setup, but it does feel good to be minimising what the surveillance capitalists are hoovering up…
The desktop OS equivalent would be something like Qubes, but that is a very steep learning curve and I haven’t bitten the bullet yet.
Are you talking about mobile OS Pure? or desktop? I guess I should clarify that I have not tried mobile PureOS yet. I just couldn’t get over how “old” it was and how it limits OS compatibility with software, hardware, etc. I have hopes for Crimson. I didn’t even know there was another one called Dawn.
I have not moved into the linux mobile market yet as I feel like it still needs more time compared to privacy focus android forks. I will in time try it, but as much of a niche as it is right now. The cost for entry is a little too high for me to want to play in this space yet.
Yeah I guess you can say I’m the “weird” one as well. I have been one to use the iPhone since it’s launch back in the day, so I was comfortable with it. I started doing a lot of privacy and security practices with the iPhone and I may just go back… I figured I would give it a year. I completely switch to GrapheneOS at the beginning of the year and I kind of use it as a Mobile QubesOS. I barely have any apps on the phone anyway, which also keeps me off screentime as much which is a bonus.
If you have thought about Qubes, I would just go ahead and dive in. It’s not as complex as it may seem if you actually take the time to read though the official documentation vs tinkering thinking that you know how to do stuff.
I use qubes as my main Daily driver. I installed PureOS on a thinkpad just to look for family/friend alternatives, but after installing it, it was a disappointment. Qubes is far more complex and not a recommendation I would make to any of my friends or family.
Although I would say that I use both Graphene on mobile and Qubes on desktop.
You can use Graphene similar to how qubes runs by using “user Profiles” as “qubes” and making sure that what is installed through any google play service is sandboxed within that profile. So having a financing profile, social media profile, and general profile can keep any issues that happen within that profile quarantined within in.
It’s definitely not as robust as Qubes, but it works.
In the quote you spoke about “move from a de-googled phone to a linux phone”, so I answered to this aspect (mobile). However, there is no “mobile PureOS” and “desktop PureOS” - it’s the same. The only reason why Crimson is not here for mobile yet: functionalities that are important for mobile are not fully implemented yet. So Crimson can be used on desktop, but not on mobile without troubles. Dawn would come next - based on the current unstable Debian. But I don’t think it already exists.
You also can install Linux on some other phones that costs less than Librem 5. But the Librem 5 has the best hardware if you value open source and user controlled hardware. Pinephone Pro costs less and some common smartphones can be turned into a linux phone with PostmarketOS (they support some android smartphones). Even if you don’t want to buy any yet, I wanted to show the width of options.
I phrased it badly. According to the (endless) discussions over on the GrapheneOS forums, the closest you’re likely to get to “something like” GrapheneOS on desktop is “something like” Qubes, which was why I was considering it (primarily, the separation of apps into container-like scopes). But, yes, these are equivalence classes not an actual direct equivalence, as such.
I thought so, but wanted to clarify just in case I was missing something.
Yeah I have yet to look into other phones for linux installs. I only really knew of ubuntu touch and pureos and it seemed pretty specific on the hardware they can be installed on.
While there is merit on that point, if you are just talking about SMS then, no, the three letter people don’t read it off the other person’s screen, they just hoover it all straight out of the network.
So you need E2EE and neither end a spyphone.
Of course there are many things that you can do with a phone that don’t involve “text” messages with someone else who, as you say, will most likely have a spyphone and hence let you down anyway.
