Idahun kukuru
Ti privacy ba jẹ ohun pataki julọ ati pe o ṣetan lati yi awọn iṣe pada:
- Extreme threat model (akọroyin ti o daabobo awọn orisun, activist ni ipinlẹ ogun, security researcher): Qubes OS fun lo ojoojumọ + Tails lori USB lọtọ fun ọtọọtọ high-risk sessions.
- Privacy-focused ṣugbọn practical (o fẹ kọmputa ti o dabi deede ti kii foonu si ile): Linux Mint — Ubuntu-compatible software ecosystem, Canonical's additions ti a yi kuro, awọn default conservative.
- Commercial OS ti o dara julọ fun privacy: macOS Sequoia pẹlu Advanced Data Protection enabled. Closed-source caveat n lo, ṣugbọn awọn default dara ju Windows lọ ati device security jẹ excellent.
- O ni lati lo Windows fun iṣẹ: Windows 11 Pro (kii ṣe Home) pẹlu Group Policy, BitLocker, Firefox, ati serious hardening pass. O ṣee ṣe lati ṣiṣẹ reasonably private Windows 11 — o kan lo ọsẹ kan lati configure, o tun padà ni gbogbo major update.
Ohun gbogbo ni isalẹ ni awọn alaye lẹhin iwọn yii — ohun ti ọtọọtọ OS ṣe ni default, ohun ti o le yi pada, ati ohun ti o ko le ṣe.
Windows 11 — ipilẹ anti-privacy
Windows 11 ni ti o burú julọ ninu awọn aṣayan mainstream, kii ṣe nitori o burú, ṣugbọn nitori aṣa iṣowo Microsoft ṣe iṣakoso OS gẹgẹ bi data product. Awọn pato:
Beere account. Windows 11 Home beere Microsoft account lakoko setup. Awọn ọna local-account (aṣẹ OOBE\BYPASSNRO, ẹtan no@thankyou.com) n di patched ni awọn cumulative updates. Windows 11 Pro tun gba awọn local accounts laaye lakoko setup ti o ba yan ọna "domain join".
Telemetry. Awọn ipele meji: "Required diagnostic data" (nigbagbogbo-on, ko le di disabled nipasẹ Settings UI — Group Policy gba ọ laaye lati dinwo rẹ, ṣugbọn awọn signal diẹ tun n ṣan) ati "Optional diagnostic data" (full browsing-level telemetry ti o le pa ṣugbọn ON ni default). Microsoft ṣe atẹjade data dictionary, ti o jẹ ju ọpọlọpọ OS vendors lọ, ṣugbọn ipilẹ jẹ "Microsoft mọ ohun ti o n ṣe".
Copilot + Recall. Recall (lori Copilot+ PCs pẹlu NPUs) mu awọn aworan screen rẹ ni gbogbo awọn iṣẹju diẹ, OCR wọn, ati kọ searchable local index. Lẹhin June 2024 security bachlash, Microsoft jẹ ki o jẹ opt-in, encrypt database, ati beere Windows Hello auth lati béèrè. Agbara abẹlẹ wa ni baked sinu OS. Gbogbo major update tun ṣii ibeere "ṣe Recall tun wa ni opt-in?" Copilot funrararẹ fi awọn ibeere ranṣẹ si Azure OpenAI ayafi ti o ba pa feature pa patapata.
OneDrive defaults. Awọn installation tuntun ni kọkọ darí Documents, Pictures, ati Desktop rẹ sinu %OneDrive%\ ki o bẹrẹ syncing. Awọn milionu awọn olumulo ni awọn faili ti ara wọn wa ninu cloud Microsoft laisi ṣiṣe pinnu ti o ni mọkan lati gbe wọn soke.
Edge + Bing. Default browser fi awọn ibeere ranṣẹ si Bing. Edge ni awọn ẹya privacy ti o wulo (tracker blocking, InPrivate) ṣugbọn ihuwasi default rẹ pẹlu fifi awọn URLs ranṣẹ si Microsoft's Defender SmartScreen.
Ohun ti o le ṣe. Windows 11 ni hardenable julọ nitori ọpọlọpọ wa lati pa:
- Fi sori ẹrọ pẹlu local account (Pro tabi registry tweak lori Home)
- Ṣiṣẹ O&O ShutUp10++ — atojọ curated ti 100+ privacy toggles pẹlu awọn default "recommended". Lo Group Policy + registry changes ti o ye awọn updates.
- Pa OneDrive setup lakoko install, yọ kuro patapata ti ko ba lo
- Rọpo Edge pẹlu Firefox tabi Brave; yi default search si DuckDuckGo, Kagi, tabi Startpage
- Uninstall Cortana, Teams Consumer, ati awọn Xbox apps ti ko ba lo
- BitLocker (Pro nikan) tabi VeraCrypt (Home) fun FDE
- Group Policy: Computer Configuration → Administrative Templates → Windows Components → Data Collection
Lẹhin pass yii, Windows 11 le di ṣe roughly private bi Ubuntu ti a ko modify. Owo ti o n lọ ni atunwo awọn settings rẹ lẹhin gbogbo Feature Update (20H2, 22H2, 23H2, 24H2 ọtọọtọ tun ṣe afihan awọn ihuwasi diẹ).
macOS Sequoia 15 — commercial OS ti o dara julọ fun privacy
macOS Sequoia dara dramatically ju Windows 11 lọ ni default, ṣugbọn "dara ju Microsoft" kii ṣe kanna pẹlu "private".
Apple's telemetry — Analytics, Device Analytics, ati iCloud Analytics — wa off ni default lori installation tuntun ni EU (GDPR), on ni default ni US (o le disable wọn ni Settings → Privacy & Security → Analytics & Improvements). Apple ṣe atẹjade privacy policy wọn ati ṣe awọn ẹtọ pato nipa on-device processing, ṣugbọn o ko le fi ọtọtọ rii daju awọn ẹtọ wọnyi nitori OS jẹ closed-source.
iCloud defaults. Photos, Contacts, Calendar, ati iCloud Drive sync ni default ti o ba wọle pẹlu Apple ID. Messages ni iCloud wa off ayafi ti o ba enabled. Advanced Data Protection (end-to-end encrypted iCloud fun ọpọlọpọ awọn ẹka — Photos, Notes, Drive, backups) jẹ opt-in ati beere iOS 16.2+ / macOS 13+ lori gbogbo awọn ẹrọ rẹ. Apple ni active de-emphasizes rẹ lakoko setup nitori enabling rẹ tumọ si pe Apple ko le gba data rẹ pada ti o ba padanu iwọlesi.
Siri + Spotlight. Awọn ibeere ni a fi ranṣẹ si Apple fun ipinnu. Apple sọ pe wọn ni anonymized ati pe kii ṣe asopọ si Apple ID rẹ. O le pa "Search Suggestions from Apple" ni Safari lati da "URL-bar typing lati de awọn olupin Apple" duro.
Apple Intelligence (fi kun 2024). Ọpọlọpọ on-device fun awọn awoṣe kekere, ṣugbọn awọn ibeere diẹ gba ranṣẹ si Apple's "Private Cloud Compute" infrastructure. PCC lo attested hardware ati published binaries — architecture privacy tuntun gaan. O jẹ opt-in ni EU, opt-in nibikibi miiran paapaa gẹgẹ bi macOS 15.
Gatekeeper + code signing. Gbogbo app ti o ṣiṣẹ gba signature check lodi si Apple's notary service. Awọn app first-run foonu ile pẹlu Developer ID hash — Apple le (ni imọran) log ohun ti gbogbo Mac n ṣiṣẹ ati igba wo. Eyi jẹ security feature (mu awọn app known-malicious) pẹlu awọn iye privacy. sudo spctl --master-disable pa signature enforcement ṣugbọn a ko gba niyanju.
Awọn agbara.
- Apple Silicon + Secure Enclave = device security to lagbara, biometric unlock ti a so si hardware
- Awọn app App Store ni awọn aami privacy (developer self-attested, ṣugbọn tun surface info)
- Awoṣe permissions jẹ strict — awọn app gbọdọ béèrè ki wọn to ka contacts, calendar, camera, mic, location
- FileVault (FDE) jẹ rọrun lati enable ati lo Secure Enclave
- Ko si mandatory anti-virus foonu ile
Awọn ailera.
- Closed-source — awọn ẹtọ privacy jẹ ọrọ Apple
- Awọn iCloud opt-outs ti tuka kaaakiri awọn panels Settings
- Advanced Data Protection setup jẹ friction-heavy (Apple ni active jẹ ki o le enable)
- Hardware lock-in — ti o ba bikita to nipa privacy lati rii daju, o ba fẹ wa lori Linux ti o le audit
Practical setup. Installation tuntun → kọ optional analytics → enable FileVault → enable Advanced Data Protection ti gbogbo awọn ẹrọ rẹ ba ṣe atilẹyin → fi Firefox sori ẹrọ → maṣe wọle si iCloud titi ti o ba ti pinnu deede awọn ẹka wo lati sync.
Ubuntu 24.04 LTS — Linux ti o gbajumọ
Ubuntu ni Linux distribution ti a lo julọ lori awọn desktop ati ipilẹ privacy ti o dara. Canonical ni itan adalu lori koko yii.
Amazon lens 2013. Fun akoko kukuru, Ubuntu Unity's Dash search fi awọn ibeere ranṣẹ si Amazon fun awọn abajade shopping "lenses". Eyi fa aami igbẹkẹle ọdun-gun ni awujọ. A ti yi feature naa kuro ni 16.04 ati pe Canonical ko ti tun ṣe. O ye ka mọ nitori o ni awọ bi awọn olumulo Linux igba pipe ṣe rilara nipa Ubuntu.
Telemetry lọwọlọwa.
- Ubuntu Report — ẹẹkan, anonymous hardware/software summary ti a fi ranṣẹ lakoko install. Opt-in; o ri prompt ki o to ṣiṣẹ.
- Apport — crash reporting. Off ni default lori awọn releases; o opt in fun crash ọtọọtọ.
- Livepatch — kernel hot-patches. Opt-in; beere Ubuntu Advantage subscription.
- PopCon — package popularity contest. Off ni default.
- Snap telemetry — Canonical's snap store gba install/update counts. Kere invasive ju browser telemetry ṣugbọn ṣi ipe si Canonical fun gbogbo snap install.
ubuntu-advantage-tools nag screens. Awọn Ubuntu versions laipe ṣafikun "motd" prompts nigba ti o SSH tabi ṣii terminal, advertising Ubuntu Pro. Annoying ṣugbọn kii ṣe privacy issue (ko si outbound data). Ti a yi kuro tabi muted ni 24.04 nipa ṣeto ENABLED=0 ni /etc/default/ubuntu-advantage-tools.
Snap vs apt. Ubuntu 22.04+ gbe Firefox gẹgẹ bi snap package. Snap store bá awọn olupin Canonical sọrọ; traditional apt packages bá mirror ti o configure sọrọ. Ti "ohun gbogbo nipasẹ Canonical" routing ba dun ọ, boya yi si ppa:mozillateam/ppa Firefox apt package, tabi fi Firefox sori ẹrọ taara lati flatpak.
Awọn agbara. Open-source, auditable, yiyan package ti o tobi, hardware support ti o dara, Wayland ni default ni 22.04+, GNOME 46 pẹlu awọn default privacy ti o dara.
Awọn ailera. Awọn anfani iṣowo Canonical nigbakan tọka si user data; Snap telemetry ko ye yago fun ti o ba lo snaps; "Ubuntu Advantage" branding nags jẹ visible.
Practical setup. Installation tuntun → kọ Ubuntu Report → disable Apport → disable PopCon → rọpo Snap Firefox pẹlu apt Firefox tabi Flatpak → enable LUKS FDE lakoko install → Firefox pẹlu uBlock Origin.
Fedora 41 — upstream-first Linux
Fedora jẹ Red Hat's (IBM's) community distribution, ti a lo gẹgẹ bi upstream fun RHEL. Privacy-wise o jọ Ubuntu pẹlu awọn iyato diẹ.
Ko si Canonical equivalent. Red Hat / IBM ko ṣe advertising "Advantage" subscription si awọn desktop users; enterprise licensing gbe lori RHEL, kii ṣe Fedora. Ko si nag screens, ko si forced upgrade prompts.
Default telemetry. To kere. Fedora Report (hardware census) ti n bọ ni 42 — ariyanjiyan awujọ ti n lọ, status lọwọlọwa jẹ opt-in. ABRT (crash reporting) jẹ opt-in; o ri notification nigba ti crash ba ṣẹlẹ o le pinnu boya lati fi silẹ.
SELinux enforcing ni default. Eyi jẹ security feature, kii ṣe privacy per se — o ni process-level exploits nitori naa compromised app ko le ka ohun gbogbo lori eto rẹ. Ubuntu lo AppArmor fun idi kanna ṣugbọn ni posture default ti o gba sii. SELinux jẹ strict sii.
Flatpak + dnf. Awọn package managers Fedora. Flathub flatpaks ba Flathub CDN sọrọ (kii ṣe telemetry signal, download kan); dnf ba Fedora mirrors sọrọ.
Wayland akọkọ. Gbogbo desktop spin (GNOME, KDE, XFCE, etc.) gbe wa pẹlu Wayland gẹgẹ bi default session, ti o ni isolation ti o dara sii laarin GUI apps ju X11 lọ (awọn app ko le screenshot / keystroke-sniff ara wọn).
Awọn agbara. Ko si Canonical-style commercial patterns, SELinux enforcing, iyara upstream tracking (kernel/Mesa/GNOME ni gbogbo wọn tun ju Ubuntu lọ).
Awọn ailera. Bleeding-edge le tumọ si "nkan kan bajẹ nitori driver regression"; 13-month support cycle fun release ọtọọtọ vs Ubuntu LTS's 5 ọdun.
Practical setup. Installation tuntun → kọ crash reports (o gba prompt ni igba akọkọ ti ọkan ba ṣe) → enable LUKS lakoko install → Firefox ti wa ni pre-installed ati kii ṣe flatpak lori Fedora Workstation.
Linux Mint 22 — Linux private-by-default ti o dara julọ
Linux Mint jẹ Ubuntu's long-running debloat. Wọn gba upstream Ubuntu LTS, yi Canonical's additions kuro, rọpo desktop pẹlu Cinnamon (tabi Xfce / MATE), ki o gbe. Ohun ti o gba:
Ko si Snap ni default. Mint ni pataki yi snap kuro ati block apt lati fi snap daemon sori ẹrọ. Firefox ti wa ni installed gẹgẹ bi regular apt package lati Mozilla's PPA. Ko si nag screens.
Ko si Ubuntu Report, ko si ubuntu-advantage-tools. Mint pa tabi uninstall awọn Canonical-commercial bits.
Ko si telemetry. Mint funrararẹ ko foonu ile. Crash reporting wa off. Update manager ba Mint's mirror sọrọ fun awọn updates — standard package-manager traffic — ṣugbọn ko report usage.
LMDE fallback. Ti o ba fẹ ẹya Canonical-free ti Mint, LMDE (Linux Mint Debian Edition) lo Debian Stable gẹgẹ bi ipilẹ. Desktop experience kanna, upstream ọtọtọ.
Cinnamon. GNOME fork ti o ṣe pataki traditional Windows-like desktop. Kere "modern" ju GNOME lọ, kere keyboard-driven ju KDE lọ, ṣugbọn sunmọ fun awọn olumulo ti n yi lati Windows.
Awọn agbara. Awọn default privacy conservative julọ ti eyikeyi mainstream distro. Awujọ nla. Stable. Hardware support to dara nipasẹ Ubuntu's base.
Awọn ailera. Lọra sii lati gba awọn imọ-ẹrọ tuntun (Wayland tun jẹ opt-in bi Mint 22, defaulting si X11). Cinnamon ni awọn contributors ti o kere si ju GNOME tabi KDE lọ. Ubuntu upstream tumọ si pe o jogún Ubuntu's bugs, kii ṣe telemetry rẹ.
Practical setup. Installation tuntun → enable LUKS lakoko install → update → fi Firefox sori ẹrọ (ti wa nibẹ tẹlẹ) + uBlock Origin → iyẹn ni. Mint ni distro nibiti "install ati lo" fun ọ ni posture privacy ti o dara laisi iṣẹ siwaju sii.
Qubes OS 4.2 — compartmentalization gẹgẹ bi threat model
Qubes wa ni ẹka tire. Dipo igbiyanju lati jẹ ki OS kan jẹ private sii, Qubes gbagbọ pe eyikeyi eto kan yoo di compromised o si ya blast radius nipa lilo virtualization.
Bawo ni o ṣe n ṣiṣẹ. Qubes n ṣiṣẹ lori bare metal nipasẹ Xen hypervisor. Gbogbo "VM" (ti a pe ni qube ni terminology wọn) ṣiṣẹ disposable Linux userspace — ni igbagbogbo Fedora tabi Debian templates. Nigba ti o ba tẹ email attachment, o ṣii ninu DisposableVM ti a bajẹ lẹhin ti o ba pa. Banking rẹ ṣẹlẹ ni AppVM tirẹ pẹlu iwọlesi network si banki rẹ nikan. Browsing awọn ọna asopọ lainidii ṣẹlẹ ni Whonix-Workstation qube ti o route nipasẹ Tor.
UX cost. Copy-paste laarin awọn qubes beere explicit keyboard shortcut (Ctrl+Shift+V) ti o jẹrisi transfer. Awọn faili ti a gbe laarin awọn qubes gba nipasẹ dedicated FileCopy dialog. O padanu "ohun gbogbo kan ṣiṣẹ lori desktop kanna" ro ti OS deede — ṣugbọn o gba awọn ala security gaan.
Awọn ohun-ini security.
- Browser exploit ni qube iṣẹ ko le de awọn faili ni qube ti ara ẹni.
- PDF reader ti o ba compromised ko le exfiltrate crypto wallet rẹ.
- USB thumb drive ti a fi sinu wa ni mounted ni dedicated sys-usb qube — ti o ba loaded pẹlu malware, o kọlu disposable VM, kii ṣe dom0 (trusted control domain).
- dom0 ko ni internet access rara; o ko le ṣiṣẹ browser lori dom0.
Awọn beere hardware. 16 GB RAM to kere (Qubes gba niyanju 16 GB), 32 GB practical. Iyara SSD (NVMe prefered). Intel CPUs pẹlu VT-x + VT-d; awọn laptops pato wa ni hardware-compatibility list (awọn Thinkpads tuntun sii, Framework, System76 Oryx Pro).
Tor integration nipasẹ Whonix. Lati box, Qubes gbe wa pẹlu Whonix templates — eto VM meji nibiti VM kan ṣe Tor routing ati miiran ṣiṣẹ browser rẹ, laisi ọna fun browser lati kọ ẹkọ IP gaan paapaa ti o ba fully exploited. Tor architecture ti o dara julọ ti kere si Tails.
Awọn agbara. Gold-standard security model fun awọn olumulo high-threat. Open-source. Snowden ati awọn akọroyin ti o ni iye pataki lo ni gbangba.
Awọn ailera. Ipa ikẹkọ to gaju (ọsẹ 2-4 lati ni itunu). Awọn beere hardware ti o wuwo. Hardware support to lopin — awọn atojọ laptop pato dipo "ọpọlọpọ modern hardware". Ko si commercial software; o wa lori Linux apps nikan.
Practical setup. Itọsọna installation ti Qubes jẹ excellent. Budget ọsẹ ale fun installation akọkọ ati ikẹkọ qube model. Pair pẹlu laptop compatible (ṣayẹwo HCL list wọn — maṣe ra hardware lainidii).
Tails 6.x — awọn amnesic sessions lori USB
Tails (The Amnesic Incognito Live System) jẹ Debian-based live OS ti o boot lati USB o si gbagbe ohun gbogbo nigba ti o ba shut down. Gbogbo outbound connection ni a fi ipa gbe nipasẹ Tor — ti bug ni app kan ba gbiyanju lati ṣe taara asopọ, yoo kuna dipo jijo.
Bawo ni o ṣe lo. Boot ẹrọ target lati Tails USB. Lo. Reboot. Hard drive ẹrọ ko fi ọwọ kan rara (ayafi ti o ba ni pataki opt in). Ko si ami ti session ku nibikibi ayafi ni memory eniyan.
Persistent storage. Opt-in, lori USB kanna, encrypted pẹlu LUKS. Gba ọ laaye lati pa folda kan pato, Tor bridge settings, ati atojọ kukuru ti awọn app pamọ kaaakiri awọn reboots. Ohun gbogbo miiran duro amnesic.
Tor routing. Gbogbo traffic. Ko si "split tunnel", ko si "domain-based exemption". Awọn app ti ko le lo Tor ko le connect. Eyi jẹ strict ati lẹẹkọọkan annoying (diẹ ninu video conferencing fọ, ọpọlọpọ awọn banking sites block Tor exits) ṣugbọn o jẹ security property.
Awọn agbara. Amnesic ni apẹrẹ — USB ti o sọnu ko jijo session rẹ. Tor ni default — ko si ọna lati ni amọdaju jijo IP gaan rẹ. Kekere attack surface — minimal software stack. Daradara maintained nipa nonprofit.
Awọn ailera. Kii ṣe daily driver. Booting lati USB jẹ lọra. Yiyan software jẹ ni ọmọwọ limited. Tor latency fọ ọpọlọpọ awọn iṣẹ commercial. Ko si persistent system state kaaakiri awọn reboots ayafi ti o ba opt in.
O dara julọ fun.
- Crossing borders (reboot si normal OS ki o to customs)
- Pade awọn orisun journalistic
- Researching koko sensitive ti ko ye ki o co-mingle pẹlu daily identity rẹ
- Eyikeyi session nibiti "ohun ti o n ṣe bayi ko gbọdọ ni asopọ si ẹni ti o jẹ akoko yoku"
Practical setup. Download Tails lati tails.net, rii signature daju (pataki), flash si USB ≥ 8 GB, boot target machine lati rẹ (le nilo BIOS/UEFI tweak). Ṣeto admin password ti o ba nilo lati ṣiṣẹ sudo commands lakoko session.
Tabili ìfiwéra
| OS | Telemetry (default) | Account required | Open source | FDE default | Cloud defaults | Privacy score |
|---|---|---|---|---|---|---|
| Windows 11 Home | Nigbagbogbo-on + opt-out nikan | Bẹẹni (Microsoft) | Rara | Igbakan (auto Device Encryption) | OneDrive on | ★☆☆☆☆ |
| Windows 11 Pro | Reducible nipasẹ Group Policy | Rara (domain join option) | Rara | Bẹẹni (BitLocker) | OneDrive on | ★★☆☆☆ |
| macOS Sequoia | Opt-out ni EU, on ni default US | Ti a gba niyanju (Apple ID) | Rara | Rara (olumulo gbọdọ enable FileVault) | iCloud on fun Photos | ★★★☆☆ |
| Ubuntu 24.04 | Install-time opt-in nikan | Rara | Bẹẹni | Optional ni install | Ko si (snap telemetry) | ★★★★☆ |
| Fedora 41 | Opt-in crash reports | Rara | Bẹẹni | Optional ni install | Ko si | ★★★★☆ |
| Linux Mint 22 | Ko si | Rara | Bẹẹni | Optional ni install | Ko si | ★★★★★ |
| Qubes OS 4.2 | Ko si | Rara | Bẹẹni | Bẹẹni (mandatory LUKS) | Ko si | ★★★★★ |
| Tails 6.x | Ko si | Rara | Bẹẹni | Persistent vol optional | Ko si (Tor routed) | ★★★★★ |
(Awọn irawo jẹ compound rough ti "telemetry burden + closed-source penalty + FDE default + cloud-lock-in". Kii ṣe ohun kan ti o ṣe pataki — hardened Windows 11 Pro le jẹ private ju sloppy Ubuntu install lọ.)
Iṣeduro wa nipasẹ use case
1. Privacy-conscious consumer ti o tun nilo mainstream software (Adobe, gaming, Office, Zoom, etc.). Windows 11 Pro pẹlu BitLocker + O&O ShutUp10++ + Firefox + local account. Tabi dual-boot Windows fun awọn apps ti o beere ati Linux Mint fun ohun gbogbo miiran.
2. Knowledge worker, developer, student, kọ. Linux Mint pẹlu LUKS + Firefox + uBlock Origin. Aadọrin ogorun Windows/macOS workflows ṣe asopọ daradara si Mint. LibreOffice fun ọpọlọpọ awọn documents, OnlyOffice ti o ba nilo Microsoft Office compatibility ti o dara sii.
3. Content creator / designer ti o lo Adobe Creative Cloud. macOS Sequoia pẹlu FileVault + Advanced Data Protection + Firefox. Adobe support jẹ gidi lori macOS; o jẹ awkward lori Linux (Wine/Bottles ṣiṣẹ fun awọn app diẹ, kii ṣe gbogbo). Apple Silicon performance lori video work jẹ gaan ti o dara julọ ti awọn aṣayan commercial mẹta.
4. Akọroyin / activist / researcher ti n mu ohun elo sensitive. Qubes OS lori compatible hardware fun daily work + Tails lori USB fun ọtọọtọ high-risk sessions. Lo awọn ẹrọ physical lọtọ fun "public identity" vs "sensitive work identity" ti o ba ṣee ṣe.
5. Occasional high-risk session (crossing border, pade source, researching koko). Tails lori USB, booted lori mọ ẹrọ, shut down lẹhinna. Maṣe tun lo USB kaaakiri awọn risk scenarios ọtọtọ laisi wiping persistent volume.
6. Grandparent ti n kọ ẹkọ lati lo kọmputa. ChromeOS lori Chromebook fun irọrun, TABI Linux Mint Cinnamon ti ẹnikẹni ebi ba le ṣe ibẹrẹ setup. Yago fun Windows 11 Home — Microsoft account setup nikan daru ati pe iṣẹ cleanup ko tọ fun light user.
Ohun ti a ṣe gaan n ṣiṣẹ
Full disclosure: ẹgbẹ ipdrop.io n ṣiṣẹ adalu — macOS fun content/design/daily work, Linux Mint lori ẹrọ lọtọ fun development/sensitive work, ati Tails USB ni drawer ti a lo boya ni 3-4 igba lọdun. Qubes a bu ọlọ ṣugbọn a ko lo ojoojumọ — friction jẹ gidi ati threat model wa ko beere rẹ.
Ohunkohun ti o ba yan, igbese privacy ti o ṣe pataki julọ kii ṣe OS — o ni enabling full-disk encryption, lilo password manager, ati maṣe dapọ awọn sensitive identities sinu everyday browser rẹ. Yiyan OS jẹ fireemu; awọn iṣe jẹ aworan.
Ti o ni ibatan
- Privacy Checklist — awọn igbesẹ 20 lati ṣe audit awọn account rẹ
- Kini VPN? — ipele loke OS fun network privacy
- Encrypted Email — Proton Mail, Tutanota, Mailbox.org ti a fiwera
- Encrypted File Storage — Proton Drive, Tresorit, Sync.com ti a fiwera
- Proton Pass vs Bitwarden — password manager deep-dive