Murcielago I've got a job offer for you, haha
What is your desktop OS?
Hat It's your main OS ?
It's one of the OSes I use. I basically use it for the fast installation process to get a running Arch system. I found the Arch installation too error prone and especially Archinstall is extremely buggy. But I don't use it as is. I do a lot of security related modification after installation. I have plenty of MAC policies, kernel hardening, some sandboxing and a few other things to apply.
Do yourself a favor and stay away from these tools, especially, if they come from YouTubers like CTT. Most YouTubers are entertainers and not security experts.
Clueless I still feel a bit "naked" using Windows.
You can make Windows a lot more secure by applying Microsoft's security baselines and WDAC. This will make Windows quite secure for a desktop OS. You might also want to take care of most privacy invasive stuff with WRTLFB, but you need to patch it to not block security related things like Windows updates. It will take some time, reading and learning and getting used to group policy, but might be worth it if you want to stick to windows and harden it.
Clueless the UI of Windows 11 is beautiful and mostly really user friendly
The UI is fine indeed, although still not consistent, especially the settings and configuration menus are still a mess. Windows is just user friendly, if you use it as is without a lot of hardening and don't worry about all the little privacy-invasive things you need to take care of and you are used to using Windows. Once you are used to a few years of using Linux distros, and you come back to windows it might feel the other way around. I use both and feel more home on Linux, despite having spent way more years on Windows.
Pocketstar I don't like where Ubuntu is going with snaps
Despite its flaws, Snaps are still better than the native outdated packages without any confinement which Ubuntu and Debian repos provide. Backporting just a few known high-severity security patches is a fundamentally flawed approach. It is recommended to stick as close as possible to upstream versions.
Pocketstar Mint is IMO very good in keeping their stuff clear of such nonsense
The only good thing about Mint is it's user-friendlyness. Too many security downsides to actually use it.
Currently Windows 11 Enterprise trial with custom GPO policies* that I have backed up to an external HDD for the inevitable time when I have to reinstall because the trial expired.
*goodbye to you, Microsoft Copilot and your family of annoying bloat
Relaks when I have to reinstall because the trial expired.
Is massgravel not an option for you?
TheGodfather Too many security downsides to actually use it.
Go on....
TheGodfather It's a crack that requires admin rights...
Of course it needs admin rights one time to do its job. How else is it supposed to work? It's one of the projects with the most stars on GitHub and pretty safe to use.
router99 Go on....
Uses outdated very insecure standards like X11, has outdated packages which lack most security fixes, is a fork of a fork. Uses a base (Ubuntu) which basically has moved to Snap as the main packaging mechanism, but Mint doesn't use Snap, so they get only the second-class packages. Lacks modern exploit mitigations, meaningful MAC policies, sandboxing and verified boot.
TheGodfather Yes, of course it does. And with admin rights it can do nearly anything. I choose not to trust cracks no matter how many stars people have given them. I cannot assume that these people have read and understood the source code. Neither can I understand Powershell code. You are welcome to disagree and put forth arguments on why this piece of crack is fully secure.
- Edited
Relaks The way massgravel works is by "convincing" microsoft servers that the computer can be activated with a digital license.
So if one does not trust massgravel code, it is possible to execute it and then format the computer. During Windows install, the computer still will be recognized by microsoft servers as having a valid license, while being an unaltered installation.
Until there is significant hardware change, that is.
4nu4b During Windows install, the computer still will be recognized by microsoft servers as having a valid license, while being an unaltered installation.
Only with HWID, because the license is bound to the hardware ID. There are also other methods available.
Relaks You are welcome to disagree and put forth arguments on why this piece of crack is fully secure.
Some methods can also be done by hand. But I am not here to waste time convincing people. If you feel better with reinstalling Windows again and again just to get it somewhat working, that's fine. Without activation some things simply don't work.
- Edited
Windows 10/11 IoT versions. They are at least relatively well de-bloated . I realize even with my pi-hole, a vpn and the help of resources such as privacy.sexy, I am probably giving up a lot more data to Microsoft then someone running Qubes or a more hardened OS but my threat model is such that I can opt for the convenience of Windows.
TheGodfather Without activation some things simply don't work.
Enterprise trial provides all of the features of the paid version. It can reactivated up to 9 months IIRC. Then you have to reinstall to get another 9 months. This is no biggie for me.
Thank you all for having patience with my weird behaviours.
- Edited
I'm currently using ChromeOS. Adversary is a competent violent stalker. A laptop with QubesOS installed was compromised before (I know without any doubt that it was compromised). I'm just wondering if GrapheneOS on the next Pixel Tablet (with MTE) will be more safe compared to ChromeOS? (disregarding Google privacy issues)
I hope this doesn't come off as patronizing. For all I know, you are Mitnick-meets-007...or quite simply, more adept than I within the realm of OpSec. But it bears repeating that not GOS -- nor any other security tool -- can/will protect you from a persistent adversary. If someone is stalking you, the solution is far from upgrading your tablet (assuming physical stalking).
Of course you know this. Still, we see many folks become hyper-fixated on thwarting ubiquitous bad-actors; consumed with ideals and concepts that are often impossible to achieve (Tbf, network security is like, the mother of all rabbit-holes too, tho.)
No doubt, the peace of mind alone achieved from using such an effective tool as GOS is noticably beneficial from day one. But you'll never truly appreciate this if you are burdened with persistent doubt. And again...maybe you aren't.
Are you? If you feel like sharing, I can try to help. Either way, I hope that you can remove this person's negative influence en totale and when you do, I hope that you have the wherwithal to compartmentalize any doubt back where it belongs and enjoy living your life! ;)
- Edited
ezlover I'm kind of an idiot when it comes to OpSec. I used Firefox with prefetching enabled (I think that this was what revealed my IP address). The physical stalking stopped I think. You're right, it's always possible to improve something and I don't want this to become my full-time hobby. I'll probably just use whatever I enjoy to use for now.
aosjdio I'm just wondering if GrapheneOS on the next Pixel Tablet (with MTE) will be more safe compared to ChromeOS?
GrapheneOS is more secure than ChromeOS, even without MTE, deducing from what I read from Daniel Micay. However both should be plenty enough to keep stalkers from compromising the system with spyware, as long as you do not accidentally weaken security or make OPSEC mistakes and as long as the stalker does not have access to state-level exploits.
TheGodfather They should not have access to state-level exploits. They're not even wealthy, so I was surprised about QubesOS. It's either that or they somehow managed to read data transferred with HTTPS, after they compromised the router. I don't know what is more likely. They already managed to compromise a basic Linux distro before, but that isn't surprising.