Operating Systems

Even your own computer could be compromising your privacy. Discover our recommended OS choices for all the devices you use.

PC Operating Systems

Qubes OS Xen

Qubes OS logo Qubes is an open-source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, the X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. contrib

Fedora Workstation GNU/Linux

Fedora Workstation logo Fedora is a Linux distribution developed by the Fedora Project and sponsored by Red Hat. Fedora Workstation is a secure, reliable, and user-friendly edition developed for desktops and laptops, using GNOME as the default desktop environment. contrib

Debian GNU/Linux

Debian logo Debian is a Unix-like computer operating system and a Linux distribution that is composed entirely of free and open-source software, most of which is under the GNU General Public License, and packaged by a group of individuals known as the Debian project.

Worth Mentioning


Remember to check CPU vulnerability mitigations

This also affects Windows 10, but it doesn't expose this information or mitigation instructions as easily. MacOS users check How to enable full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities on Apple Support.

When running a recent enough Linux kernel, you can check the CPU vulnerabilities it detects by tail -n +1 /sys/devices/system/cpu/vulnerabilities/*. By using tail -n +1 instead of cat, the file names are also visible.

In case you have an Intel CPU, you may notice "SMT vulnerable" display after running the tail command. To mitigate this, disable hyper-threading from the UEFI/BIOS. You can also take the following mitigation steps below if your system/distribution uses GRUB and supports /etc/default/grub.d/:

  1. sudo mkdir /etc/default/grub.d/ to create a directory for additional grub configuration
  2. echo GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT l1tf=full,force mds=full,nosmt mitigations=auto,nosmt nosmt=force" | sudo tee /etc/default/grub.d/mitigations.cfg to create a new grub config file source with the echoed content
  3. sudo grub-mkconfig -o /boot/grub/grub.cfg to generate a new grub config file including these new kernel boot flags
  4. sudo reboot to reboot
  5. after the reboot, check tail -n +1 /sys/devices/system/cpu/vulnerabilities/* again to see that everything referring to SMT now says "SMT disabled."
Further reading

PC Live Operating Systems

Tails GNU/Linux

Tails logo Tails is a live operating system that can boot on almost any computer from a DVD, USB stick, or SD card you control. It aims at preserving privacy and anonymity, and circumventing censorship by forcing Internet connections through the Tor network; leaving no trace on the computer; and using state-of-the-art cryptographic tools to encrypt files, emails, and instant messages. contrib

Worth Mentioning

Mobile Operating Systems

GrapheneOS AOSP

GrapheneOS logo GrapheneOS (formerly known as CopperheadOS) is a free and open-source security- and privacy-focused mobile operating system built on top of the Android Open Source Project. It currently specifically targets devices offering strong hardware security. contrib

LineageOS AOSP

LineageOS logo LineageOS is a free and open-source operating system for smartphones and tablets, based on the official releases of the Android Open Source Project. It is the continuation of the CyanogenMod project. contrib

Ubuntu Touch GNU/Linux

Ubuntu Touch logo Ubuntu Touch is a free and open-source operating system for smartphones and tablets. It's an alternative to the current popular mobile operating systems on the market. Only a few devices are supported. contrib

Worth Mentioning

Android Privacy Add-ons


Control your traffic with NetGuard

NetGuard provides simple and advanced methods to block certain apps from accessing the internet, without requiring root privileges. Applications and addresses can be individually allowed or denied access to your Wi-Fi and/or mobile connections, allowing you to control exactly which apps are able to phone home or not.


Tor for Android with Orbot

Orbot is a free proxy app that empowers other apps to use the internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world. Root Mode: Orbot can be configured to transparently proxy all of your Internet traffic through Tor. You can also choose which specific apps you wish to use through Tor.

See also

Open Source Router Firmware

OpenWrt Linux

OpenWrt logo OpenWrt is an operating system (in particular, an embedded operating system) based on the Linux kernel, primarily used on embedded devices to route network traffic. The main components are the Linux kernel, util-linux, uClibc and BusyBox. All components have been optimized for size, to be small enough for fitting into the limited storage and memory available in home routers. contrib

pfSense BSD

pfSense logo pfSense is an open source firewall/router computer software distribution based on FreeBSD. It is installed on a computer to make a dedicated firewall/router for a network and is noted for its reliability and offering features often only found in expensive commercial firewalls. pfSense is commonly deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server, and as a VPN endpoint. contrib

LibreCMC GNU/Linux

LibreCMC logo LibreCMC is a GNU/Linux-libre distribution for computers with minimal resources, such as the Ben Nanonote, ath9k-based Wi-Fi routers, and other hardware with emphasis on free software. The project's current goal is to aim for compliance with the GNU Free System Distribution Guidelines (GNU FSDG) and ensure that the project continues to meet these requirements set forth by the Free Software Foundation (FSF).

Worth Mentioning

Don't use Windows 10 - It's a privacy nightmare

Windows 10 Privacy
  1. Data syncing is by default enabled.
    • Browsing history and open websites.
    • Apps settings.
    • WiFi hotspot names and passwords.
  2. Your device is by default tagged with a unique advertising ID.
    • Used to serve you with personalized advertisements by third-party advertisers and ad networks.
  3. Cortana can collect any of your data.
    • Your keystrokes, searches and mic input.
    • Calendar data.
    • Music you listen to.
    • Credit Card information.
    • Purchases.
  4. Microsoft can collect any personal data.
    • Your identity.
    • Passwords.
    • Demographics.
    • Interests and habits.
    • Usage data.
    • Contacts and relationships.
    • Location data.
    • Content like emails, instant messages, caller list, audio and video recordings.
  5. Your data can be shared.
    • When downloading Windows 10, you are authorizing Microsoft to share any of above-mentioned data with any third-party, with or without your consent.

Download: W10Privacy

This tool uses some known methods that attempt to disable major tracking features in Windows 10.

Related Information