Linux is not inherently secure. I wish this rumor would drown in a fire. Even the Kali people said the distro does nothing to provide anonymity out of the box. You still have a lot of work besides just “uze lynox”. There are websites dedicated to pwning Linux with thousands of VMs to learn to tear it to shreds. Adding a GUI made out of fucking JavaScript and more open protocols is going to fist you even harder.
The primary reason Linux is “secure” is because no one uses it. Work “forces” you to use Windows? When’s the last time they were breached, and was it attributed directly to a flaw in Windows? Most people get rekt because of ignorance, arrogance, or being just plain stupid. It’s incredibly hard to actually attack Windows. Most guides will tell you to not update the OS and leave the firewall off, which no one does, unless they’re anti telemetry zealots.
The OP didn’t even say what they’re hiding from. Just regular web browsing Ghostery, a VPN, ublock origin, and the modern noScript is enough.
If they’re trying to hide from Google, Facebook, whatever, then using Linux does dick to fight that. Your unique footprint is still a big fucking footprint in their space. You would be better servered building a live USB or spinning up a different VM every time you want to browse the web. How fucking tedious.
Everyone always forgets the big fat elephant in the room, YOUR ISP. They’re still collecting metadata, encrypted or not, and know what anime you’re watching, what foot cream you’re buying, or what you’re getting off to. Even to use a VPN you still have to connect to your provider.
Have compartmental VMs and workstations. Use one VM just for IntelliJ, one VM just for Amazon, one VM just for Netflix, use Windows just for Steam, use Ubuntu Studio just for music. I can’t imagine living that way but that will segregate your tasks and “muh privacy” will be intact.
Use pfSense as a WAN and LAN. Create vLANs for each of your VMs and workstations. Put mobile and consoles on a separate subnet. Put anything Alexa, Google, and public on a separate subnet, or if you can afford it, get an entirely separate ISP connection. I have AT&T and FiOS at my home, AT&T is for InfoSec stuff and FiOS is for everything else.
How far are you willing to go? I only ask because, unless you do this for a living, it’s a second job and a half keeping up with this. If Linux is private enough for you then go for it. But let me tell you, someone can snap a picture of you on your webcam on Linux as easy as they can using Mac or Windows. They just have to alter their malware. Chances are if they’re good enough to write that for Windows they’re good enough to write it for Linux, too.
If you want to hide from a nation state or the U.S. government there is a foolproof way to do that.
- Go to your router.
- See that big looking phone cable?
- Rip it out
- Done
Getting offline is the only way to stay secure from the big dogs.
If you want to go balls deep and don’t look back, then learn Go, Python, and PowerShell. Master the Unix stack, TCP/IP stack, and shell code. Create some images with software and drivers preloaded, and fire off a new install into a segregated VM when you want to browse the web or chat on a forum. Learn C and write your own kernel and software, unique that you can’t send upsteam but unless it’s a specific 0 day targeted at you you won’t be affected.
Then, get a job at the NSA making $400,000 a year and enjoy your fucking life.