I am thinking of Distrohopping and have questions about Kicksecure.
I really like gnome because of how well it works with touch environments. I have smaller Steamdeck style computer that I take with me often to do work when traveling. Is there any way to install gnome for Kicksecure? Later versions of gnome have features I like including a grey screen if I use the computer too much. What version of gnome if any could be used? I would be fine with using gnome for live sessions and doing all system maintenance sessions without gnome but I don’t know if this can be done.
I always use a VPN. I know Kicksecure always routes things through tor for package updates. Would this be problematic if I were also using a VPN? Would the Tor connection automatically go through the VPN?
Does Kicksecure create any tells that make it clear the the distro is Kicksecure? As the person who values privacy and does not like my ISP I don’t want them to know anything. Are there any pings that happen before a VPN can start?
I have an AMD cpu. Is rocm something I could use in Kicksecure?
I am increasingly uncomfortable with behavioral analytics. Does the program to slightly impact keyboard presses work in KickSecure with gnome?
I am someone who would prefer to use Qubes but I can’t pass through the single GPU from dom0. Does Kicksecure work well with KVM? With Mythos, I am more concerned about using non-Xen for virtualization because of the bigger code base although perhaps Mythos can find exploits in Xen too. Does using Kicksecure and Whonix in KVM seem like a good compromise, or is this actually a mistake? I don’t actually know if my threat model is high or medium or low but I was previously in situation where the government demanded I decrypt. My steamdeck has 32 GB of RAM and could run Qubes, I just won’t have any local GPU AI features with Xen and being unable to pass through the GPU (unless I were to run any local AI in dom0, which would be reckless). Veracrypt Hidden OS is not deniable.
As someone wrongly accused of a serious crime once by the government, I prefer to keep my laptop as clean as possible with very little personal data. I don’t want to us Tails because it’s not practical for day to day use since many Apps won’t work. A big advantage to Kicksecure is having a live mode but I just would want to be able to use it with Gnome. If there are a other good options that don’t save logs or other unneeded data by default, that would be something I could consider.
I don’t really understand the advantages to sw-date over other time sync modules. I would also prefer my time sync to be done over tor. I worry about the loss of privacy of constant pings to various time servers that doesn’t occur through tor.
I’d be interested in hearing any thoughts or feedback including from people who use this distro regularly. Is it an acceptable distro for development? I may end up just going with more mainstream distro and hoping the logs don’t matter. I am fearful now for how I was treated before.
other desktops environments aren’t supported, you could try to install it by your self but I for example use KDE and I have some issues. Other Desktop Environments
If the VPN support tor in his ToS you shouldn’t have any issue. I use ProtonVPN with kill-switch and no issues.
Does using Kicksecure and Whonix in KVM seem like a good compromise, or is this actually a mistake?
I usually test and use qemu/kvm into kicksecure with all kinds of OS, whonix included. I think it’s a good set up, I use it.
Note that the GNOME desktop has some security and privacy risks:
Probably, it depends on how the VPN software modifies your network configuration.
Hiding what distro you use from your ISP is a difficult issue to solve. Even Whonix may not be able to do this reliably. See:
Kicksecure has some security features that may give away that you’re using it, for instance tirdad (which will randomize TCP Initial Sequence Numbers, something that is likely rare since tirdad is probably not widely deployed outside of Kicksecure). This particular tell will probably be visible even if you use a VPN, since it modifies the way in which your machine interacts with other computers on the Internet at a deep level.
If it works on Debian, it should work on Kicksecure as well.
You’re probably thinking of Kloak. Unfortunately, no, this will not work on Kicksecure with GNOME. Kloak only works with wlroots-based Wayland compositors like labwc, and is only well-tested on labwc. GNOME lacks the Wayland protocols Kloak requires in order to operate.
Yes. Prebuilt KVM images are available: Kicksecure for KVM You can just download, import, and use it.
Depends on the threat model. Being forced to decrypt isn’t really something any hypervisor can protect you from.
The live mode feature of Kicksecure should be desktop-environment-agnostic. I.e., I don’t know any reason it wouldn’t work with GNOME.
sdwdate is time sync over Tor. That’s its primary reason for existence.
The only bad thing from reading this is it seems like a lot of security hardening some of which I don’t understand makes the network stack unique.
I have looked up things in Tor Browser (with javascript on) and then seen ads on a Facebook account used inside a VM that were related. (This was not something expected. I saw a flyer that mentioned something - didn’t know what it was and looked it up in Tor, so it was partly random. I do not walk with a cell phone or use a smart phone like most people. There were few security cameras in the area and it would be hard to scan my biometrics because I wear a large sombrero etc.) It may be that I am not running kloak and typing style was correlated and sold as a good guess. I also am concerned that many Tor nodes could be owned by Meta. There’s nothing to stop them from doing that and therefore they probably are doing that. But mostly I am concerned packets themselves are unique enough somehow they are detecting who I am.
I can either run debian with grub-live install sw-date and install kloak or I can install kicksecure and try to install gnome. it’s probably better to update through tor. i don’t know if there other kicksecure packages I can install. Is there any reason not to install debian and install many kicksecure things? I don’t know what is most smarter to do.