“[GNU/]Linux being secure is a common misconception in the security and privacy realm.”

https://madaidans-insecurities.github.io/linux.html

“[GNU/]Linux is thought to be secure primarily because of its source model, popular usage in servers, small userbase and confusion about its security features. This article is intended to debunk these misunderstandings”.

Based on this, one should try to do as much as possible on a GrapheneOS device

@privacy

  • @[email protected]
    link
    fedilink
    5
    edit-2
    1 year ago

    I agree there needs to be a

    • hardened kernel
    • hardened malloc
    • hardened C library
    • SELinux confined user
    • verified boot
    • easy 3rd factor audit
    • flatpaks that actually use portals

    So Linux Distros like Fedora Atomic could get close to that, by shipping the hardened components etc. But for now, this would simply break apps. And having fully verified boot requires a custom BIOS or something else, like a bootloader on your USB stick or whatever.