desktop equivalent to GrapheneOS (perhaps based on ChromeOS?)

Duct9143

Is it possible to create a desktop equivalent to GrapheneOS (as far as that's possible)? Something that is secure, and at the same time respects the user's privacy?

If so, are the GrapheneOS developers interested in creating something like this, or is this out of scope?

distro

Duct9143 Hi, please search the forum before posting, there's already plenty of similar topics.

DeletedUser115

Apple Silicon macs perhaps have the best hardware security features and allow loading third-party OS. So technically someone can build a reasonably secure and private OS for that hardware. It would be lots, lots of work through.

locked

I think the issue is more with hardware security than having the time to do it, so the project will likely not consider such a project until there is.

[deleted]

On this topic, is there any way to install “Chromium OS flex” rather than Chrome OS flex? Similar to the regular Chromium browser vs Google Chrome

OfflinePuffin

[deleted]

Here are some instructions I found. I believe you'll have to build it yourself and I don't think it will receive updates, and in the chromium projects own and old words

"Keep in mind that ChromiumOS is not for general consumer use."

https://www.chromium.org/chromium-os/quick-start-guide/

GrapheneOS

[deleted] There are toggles for exec-based spawning and hardened_malloc...

[deleted]

GrapheneOS I said that its not a big deal. I was siding with GOS, which was evident from my post.

GrapheneOS

wuseman Not at all comparable... it doesn't even have the basics that AOSP does.

wuseman

GrapheneOS
Never said it was. What I said was that it's the closest you're gonna get.

GrapheneOS

[deleted] Not at all comparable.

GrapheneOS

[deleted] No.

GrapheneOS

OfflinePuffin Vanilla OS is just another particularly insecure desktop OS with fake implementations of security features and developers who attack security researchers. It doesn't have the basics of security.

GrapheneOS

Low quality answers removed from the thread. Thread will be locked if needed.

areaman

I see this come up a lot, and it is a natural question as we all need to use a desktop. Unfortunately, on desktop high security and privacy are not aligned in one OS to the degree they are on GrapheneOS. Maybe a sticky on the topic would be useful? Here is what I have found. I have tried to be correct but please let me know if anything is wrong and I will fix or remove.

Linux variants: Can be very good on privacy, but lack the modern exploit protections in Android / iOS / Windows / MacOS. Of course, if you get exploited, your privacy goes to zero.

Windows: Bad privacy by default, good exploit protections. "Secure Core" PCs have better hardware protection, but the details are beyond me. Privacy is improved by changing default settings. Searching will find ways to further reduce telemetry, but I don't want to recommend one without knowing for sure it works. Programs installed from the Microsoft Store have more isolation than traditional installs. Edge has all the isolation of Chromium, plus a mode to disable JIT (large attack surface historically), which then additionally enables more memory protections for javascript that are not compatible with JIT. ApplicationGuard and Windows Sandbox provide virtualization and allow further isolation some activities, but performance is reduced.

MacOS. I haven't used it personally. Also has modern exploit protection, and I think better privacy than Windows (at least by default).

QubesOS: Allows you to isolate programs into buckets to limit the fallout of an exploit with hardware-backed virtual machines. Each VM is as strong as the underlying OS. Can use Linux distros or Windows for VMs. Probably the least user friendly.

ChromeOS: I haven't researched much as it doesn't meet my software needs. I have seen mentions that security is good, but I don't have a good up-to-date source. Suspicious on privacy due to Google being Google.

GrapheneOS

areaman

Linux variants: Can be very good on privacy, but lack the modern exploit protections in Android / iOS / Windows / MacOS. Of course, if you get exploited, your privacy goes to zero.

They have very poor privacy too, not only poor security. Applications being able to access everything and lack of basic privacy measures is a problem aside from security. They're missing far more than modern exploit protections. They lack basic security measures and a proper application security model. There's near complete lack of systemic work on privacy/security throughout the OS.

QubesOS: Allows you to isolate programs into buckets to limit the fallout of an exploit with hardware-backed virtual machines. Each VM is as strong as the underlying OS. Can use Linux distros or Windows for VMs. Probably the least user friendly.

QubesOS mimics having a stack of desktop Linux (or sometimes Windows) laptops with x86_64 virtualization. It doesn't make the operating systems or applications harder to exploit and doesn't contain them better within the workspaces. As you say, that's limited to the security of the operating systems being used. It can do virtualization-based isolation for Wi-Fi drivers but there's still regular networking between the different isolated virtual machines.

Open_Source_Enjoyer

GrapheneOS They have very poor privacy too, not only poor security. Applications being able to access everything and lack of basic privacy measures is a problem aside from security. They're missing far more than modern exploit protections. They lack basic security measures and a proper application security model. There's near complete lack of systemic work on privacy/security throughout the OS.

areaman Linux variants: Can be very good on privacy, but lack the modern exploit protections in Android / iOS / Windows / MacOS. Of course, if you get exploited, your privacy goes to zero.

This is true for most ways of installing Linux applications, but you are forgetting about Flatpacks and Snaps.
Especially with Flatpacks you have a very high control over the permissions of the applications, even more than with GrapheneOS.

darcula

GrapheneOS so what OS do you use to develop grapheneos if desktop systems have poor security?

guser39

GrapheneOS It doesn't make the operating systems or applications harder to exploit and doesn't contain them better within the workspaces.

This isn't exactly true or at least it ignores the context of Qubes OS functionality. For example

It is easy to open (and edit) office and PDF documents in completely separate (and disposable) qubes. This can significantly lower the risk to an important qube.
It is very easy to isolate a qube at the network-level so that even if a malicious document is opened it would be unable to phone home. Important files such as password vaults, SSH/GPG keys, banking documents, etc can all be isolated from the Internet.

You don't need to worry as much about containment within a workspace because it's often disposable or would have limited impact. So while the defaults are not particularly hardened at a per-qube level there are system architecture elements that can mitigate and improve upon a singular workspace/desktop setup.

guser39

GrapheneOS there's still regular networking between the different isolated virtual machines.

This is incorrect. Network communication between individual qubes is blocked and requires the user to manually allow for such communication.

https://www.qubes-os.org/doc/firewall/#enabling-networking-between-two-qubes

rbb

GrapheneOS They have very poor privacy too, not only poor security. Applications being able to access everything and lack of basic privacy measures is a problem

Would a Linux distro not be considered more private based purely on the data collection and telemetry of Windows and Mac? Most of what I've read about privacy seems have more to do with the users themselves and the applications installed, licks clicked, etc...

Dumdum

darcula
You can find the officially supported operating systems for building here, which I imagine is what's also used by GOS devs.

N1b

Dumdum if they were using Arch, they would have told us by now. :D

Jokes aside, it's frustrating that there's no Desktop system coming close to the security and privacy of GrapheneOS, and as long as Google/AOSP doesn't step up to become a good desktop system, we're bound to compromises for productive work.

Here's to hope for an actual good Desktop mode on Android 15 or 16 (about Samsung DeX level convenience), but I have to see it to believe it.

GrapheneOS

guser39 What we wrote is accurate and isn't ignoring that functionality. It provides isolation between guests rather than making the operating systems and applications harder to exploit.

guser39 No, it's not incorrect, you're just nitpicking the wording and interpreting it as something far different from what we were clearly talking about. We did not imply in any way that every guest had to use networking. We explained QubesOS isolates network drivers in a dedicated guest and needed to clarify it does not mean guests using networking can avoid having a network stack exposed to attacks. The reason we mentioned that is because the lack of hardware GPU acceleration in each guest along with not having network card drivers in each of them is a way it differs from a stack of laptops. A stack of laptops could have some Macbooks and Chromebooks able to factory reset securely so the example you gave of disposable VMs isn't actually a counterexample of what we described it.