How to browse privately for real. Since Incognito isn't (and likely never was really private).

[Uttamattamakin]

I have played with various super-private browsing/computing solutions for several years now.  If you really want to browse privately here are the three best ways to do that listed in order of complexity and also privacy.   I did consider if this was more of an operating systems post, a security post, or a browsers post.  This is a complicated subject and could be any of those.  Please excuse if this has a better place on the forum. 

 

Good: Tor Browser. https://www.torproject.org/download/  It is a privacy focused browser that can run in Windows, Linux, Mac, or Android.  It will channel all traffic in it to the TOR anonymization network.  This can also browse the dark web .onion domains that are out there.   This is the easiest way to just browse privately.  However, note, that if you use it to log into clear web services like Google, Microsoft, etc etc then that kind of defeats the purpose of this browser.  This browser can also not guarantee that the OS itself is not phoning home about what you are doing in some way.   If you are one who has really serious privacy or security concerns then the options that come next may be better. 

 

Better: Whonix https://www.whonix.org/ a slimmed down Linux made to browse and do other computing task. Depending on how you use it, it can even wipe itself clean after every reboot.   You can install it on a USB that will either wipe itself clean or have only encrypted storage.  You can install it in Windows with Virtual Box, on Linux by various means.  Using KVM (Kernel Virtual Machine) is a good one. It can also be installed on Mac.  It cannot be installed as a primary OS though.  (They are working on this and it will be a good step between using a Linux based OS from time to time and going to a full Virtualization first beast like what comes next https://www.whonix.org/wiki/Whonix-Host  It might even wind up being more secure than Qubes in some ways)  

 

Tails OS does the same sorts of things as Whonix but only runs on a live USB.  Tails

 

BEST: Qubes OS http://www.qubes-os.org/  Qubes uses virtualization, sandboxing, and such to keep everything separate.  The best explanation I've found is this graphic.  It does not use KVM.  It uses a open source hypervisor called Xen with Fedora as the "Dom0" base level Linux that manages most task.  Though I do think this can be replaced with Debian if one likes.   The GUI is managed by a VM to which all other VM's talk.  Your USB devices, networking, etc all reside in a VM.  A typical mode of use is to have one single VM that is the "daily driver AppVM1 with other VM's used as needed for certain task.  Whonix VM's created as needed for very private browsing.  Debian or Fedora just to play around with.  Windows 7 is shown because it I think was the last one where the Windows windows and other Windows would be seamlessly integrated.   

 

In fact I have it on a separate partition and play around with it a little. 

If you want an out of the box super private browsing experience this is the most over the top way to get that.  I show here that I have installed WIndows 10 as a Qube.  It has steam though I have not tried to game.   I just want to get to know it.  

What I would like: A KVM based Qubes like distribution of Linux with the type of user interface Qubes has but with less security paranoia and better hardware support.  Qubes works fine with my computer, but it's got a lot of expensive things in it.  I built it with virtualization in mind.  A motherboard has to be chosen with that in mind and they tend to cost more.  Using it a laptop depends on the laptop being right for it.    I have considered that next fresh install I do I will create KVM VM's then do my computing in those VM's.   Then search for a way to see all my windows seamlessly.  Many solutions to this out there focus on showing Windows in the Linux host, not combining several VM's into one desktop.  

So, what do you all think?  How much privacy do you really need? 

[Skiiwee29]

<-- Moved to Programs, Apps, Website -->

[Dutch_Master]

Oh dear, I see a fundamental flaw in that diagram. It uses a distro that champions/uses systemd

 

Ergo: even Qubes isn't safe from spying eyes

[Uttamattamakin]

3 hours ago, Dutch_Master said:

Oh dear, I see a fundamental flaw in that diagram. It uses a distro that champions/uses systemd

 

Ergo: even Qubes isn't safe from spying eyes

Yeah. That might be why they are trying to develop a Whonix-Host OS.  One that would be installed bare metal.  

 

I would LOVE it if this Whonix-Host evolved into a ... Linux KVM based Qubes like product.  One where you can run this Whonix Host, get all the goodness of KVM and linux drivers.  Then also a well integrated workspace for using multiple VM's. 

[Dutch_Master]

Don't reinvent the wheel:

https://devuan.org/

 

HTH!