Avoid The Hack: 10 Best Privacy Friendly Operating System Picks for Desktops
This post was originally published on 3 NOV 2021; it has since been updated and revised.
If you're not aware of the privacy nightmares of Windows 10 and Windows 11, then let us inform you: Windows is not at all privacy friendly.
Also, don't think you're necessarily safe by running Apple's macOS either; while it's arguably more "privacy-friendly" than Windows, macOS does have some of its own notable privacy concerns, primarily surrounding the telemetry it sends back to Apple.
In today's operating system landscape, just about any closed-source, proprietary operating system is more than likely not going to be beneficial for your privacy. And, ideally, you should be able to trust what your operating system is doing considering all the privileges it enjoys on your device.
Generally, the ideal solution to combating the privacy issues faced by Windows and macOS is to make the switch to some type of free and open source Linux distribution. Truthfully, just about any open source Linux distribution is a better choice from a privacy (and in some cases, security) perspective. However, we have a curated list of privacy friendly operating systems right here in this post.
So, if you're ready to make the switch, then avoidthehack highly encourages you to pick any operating system from this list to get started!
Most operating systems listed here are Linux-based. Additionally, all operating systems here are both free and open source.
New/Transitioning user friendly operating systems
The operating systems in this section are geared for users who are either
- Not very keen on technical details
- Habitually used to a Windows or macOS environment , especially for long periods of time.
- Prefer a streamlined, out of the box, privacy-enhancing experience that just works with minimal set up
Or any combination of the above.
- Out-of-the-box Flatpak support for easy (and almost Windows-like) package handling
- Designed for ease-of-use
- Full multimedia support
- Removes privacy-unfriendly features from Ubuntu Core
A modern and easy-to-use operating system that works straight out of the box with full multimedia support and driver support for many different hardware specs.
Linux Mint was forked from Ubuntu a number of years ago. (It's also available in a Debian environment.) While Ubuntu is already fairly easy-to-use, Linux Mint manages to be further simplified and lends itself more to privacy by removing potentially privacy-unfriendly features found in Ubuntu Core (such as Snaps).
Linux Mint comes in different flavors of desktop: Cinnamon, MATE, or Xfce.
If you're migrating from Windows, then Mint's desktop environment is about as close as you can get to a Windows-like feel with very minimal set up and a not-so-steep learning curve.
Additionally, Linux Mint has been around since 2006 and is maintained by a dedicated community.
- Preloaded tools for engineering, deep learning, and media production
- Easy firmware management
- Easy-to-use desktop environment - Windows users should feel at home!
- Workflow customization tools
POP_OS! is a linux distribution with a heavy emphasis on navigation and workflow optimization. It also takes privacy into account as the operating system aims to collect as little data (personal and device) as possible - even for system updates.
This distribution's user interface is highly optimized for workflow(s) and easy navigation. It focuses on being very new user-friendly.
Another cool thing is that POP_OS! encrypts your installation by default, which enhances your privacy by securing the partition that POP_OS! operates within.
For example, if you were to dual boot with Windows - theoretically, if your other operating system's partition was unencrypted, Windows could "snoop" within the other partition.
Another example would be if a threat actor got physical access to your computer/hard drive - without an encrypted installation, it's usually only a matter of time before they can effectively pull data from it. An encrypted makes this hard, nearly next to impossible without the private key.
This also means you don't have to rely on a third-party tool to encrypt your POP_OS! installation.
POP_OS! is developed and maintained by System76, who has taken a serious privacy-friendly approach to consumer computer-building and OEM development.
- Includes AppCenter, curating privacy-friendly apps native to Elementary OS
- Built privacy friendly tools such as Tattle-tale and Permissions
- Familiar interface for Windows and macOS users
- Expanded hardware support
ElementaryOS is a Linux distribution that aims to be a capable and ethical direct replacement for Windows and macOS. Due to this focus, ElementaryOS is a very easy-to-use and overall highly user-friendly Linux distribution for new and transitioning users. It remains customizable and flexible enough for more advanced users as well.
ElementaryOS has a strong stance on privacy; the operating system aims to be as privacy-respecting as possible. It doesn't collect any personal data and it features a few built-in tools to help improve/preserve your privacy - especially when using third party apps. The most notable of these built-in tools is Tattle-tale, which "snitches" on app actions; for example, when an app is using your microphone, ElementaryOS notifies you.
It also comes bundled with the minimal amount of software to be useful and ready to use straight from the box. ElementaryOS places an emphasis on being streamlined, providing as little bloatware as possible. As a user, this means that you shouldn't spend a lot of time post-install deleting unnecessary software that came bundled. Interestingly, a lot of the bundled software - such as the music player - appears to be tailored specifically for ElementaryOS.
ElementaryOS also features an Appcenter, where you can download apps that have been curated by those behind ElementaryOS to ensure a "native, privacy-respecting, and secure experience."
ElementaryOS features a pay-what-you-can model; therefore, it can be downloaded for free.
Average to advanced operating systems
These operating systems are for everybody, but might not necessarily cater to new and transitioning users. The operating systems we've recommended in this section typically have a steeper learning curve than beginner friendly operating systems. Ideally, these operating systems are for people who are:
- Decently familiar with the overall Linux environment
- More willing to customize/tweak/tinker
- Willing to learn and/or maximize the Linux environment as a whole
Or any other combination of the above. Please note that number 3 is perhaps the most important point of them all; reading documentation will no doubt be your best friend when stumped by a wide range of issues while using the operating systems recommended here.
- Incorporation of YaST - a graphical system that allows super easy configuration of various Linux settings
- Zypper package manager (as opposed to apt-get in Debian derivatives), which is fast and easy-to-use
- Open Build Service
- Broad range of hardware support
openSUSE is a Linux distribution that remains easy enough to use for the average desktop user but offers flexibility and functionality for sysadmins and developers. It's one of the oldest Linux distributions out there.
It's important to note that openSUSE is Linux beginner friendly (like Fedora), however it doesn't necessarily cater to new or transitioning users via ease-of-use. Generally, for brand new users, some brief documentation reading may be required after the easy install as there is a slight learning curve.
openSUSE comes in two (2) flavors: Leap and Tumbleweed. The main different between the two are the release frequency; Leap is more stable between updates and software incorporation, whereas Tumbleweed has a more frequent release schedule and includes the "bleeding edge" of new software. Newer users - or those that prefer stability - should go with the Leap flavor.
On the community front, openSUSE is more open than other popular Linux distributions such as Fedora or Ubuntu. Meaning, there isn't super tight or rigid control by entities such as corporate sponsors or lead developers. This absolutely does not mean openSUSE releases are lacking in quality control or security (in fact, openSUSE has its own security team!), just that the process of development differs enough from other established Linux distributions.
- Fast release schedule that often features the new and "bleeding edge" software
- Native Flatpak support for easy package handling
- Variety of desktop environments to include GNOME and KDE
- A number of preloaded tools for new(er) and experienced coders/developers
Fedora is a Linux distribution that is officially (and primarily) sponsored by RedHat.
Fedora aims to be more a platform than versus another distribution. It's important to note that Fedora is fairly beginner/transitioning user friendly, but it's overall suited for average users and/or those interested in programming and coding given its high focus on innovation and learning.
Fedora's strong commitment to free software and unrestricted innovation naturally lends itself very well to user privacy.
Fedora has a relatively short lifecycle, meaning that major updates are frequent. Additionally, Fedora is a distribution that quickly incorporates newer, leading edge technologies within its releases.
Fedora is developed and maintained by the Fedora Project, which is made of a community of developers, volunteers, and Red Hat employees.
- Runs extremely well on low-end and older hardware and systems
- A huge list of available packages ready for installation and use - includes free and non-free software
- Different kernels and desktop environments
- Overall a very stable distribution with a less frequent update schedule
- Includes support for many different architectures and devices/device types
Debian is a very Unix-like GNU/Linux distribution that is dubbed the "Universal operating system." It is a super stable and secure operating system - it's one of the oldest operating systems based on the Linux kernel.
Debian has many idealistic values and has an extremely strong commitment to free and open source software (FOSS). This commitment naturally lends itself to privacy as Debian and the community who works on it are very open (even by open source standards!) about everything to do with the operating system.
Debian is developed by a large all-volunteer and dedicated organization.
- The AUR (Arch User Repository) which is a huge repository that houses a vast amount of packages
- High level of customization that begins with the upstream
- Initial installation provides only a command-line environment - no preloaded software
- Updates follow a rolling-release model
Arch Linux is an independent Linux distribution that focuses on simplicity. Because of this focus and commitment to "Keeping It Simple," Arch Linux is a lightweight and extremely minimal Linux distribution.
The main focus is user-centric, as opposed to user-friendliness. This operating system defines simplicity as without unnecessary additions or modifications and aims to provide software that fits this definition. It aims to provide minimal downstream changes, choosing to remain as upstream as possible.
Arch Linux's position on simplicity and pragmatism lends itself exceedingly well to user privacy as the operating system itself is designed to provide as little interference as possible.
Arch Linux is maintained by the Arch community, which is highly dedicated to further improving and updating Arch.
Niche and other advanced operating systems
The operating systems in this section have highly unique features; enough to distinctly set them apart from the other operating systems recommended in this post.
Typically, usage of these operating systems requires some degree of "advanced" knowledge for proper and smooth use and implementation. However, that doesn't at all mean that they're super hard to use - they'll just require some set up or learning on your behalf!
The set-up and know-how required to use these operating systems typically exceed those found in the previous sections.
- Xen virtualization - well-implemented software isolation
- Template system
- Ability to run multiple operating systems (including those found in this post!) at the same time
- Disposables - qubes/compartments that self-destruct, those erasing all data, when shut down
- U2F proxy for two-factor authentication
Qubes is an operating system that puts security first; it describes itself as a "reasonably secure operating system."
Qubes is unique in that it uses Xen-based virtualization. This virtualization enables strong isolation of different pieces of software - which includes operating systems. Multiple operating systems can run at the same time through Qubes - and they won't even "know" other operating systems exist.
The ultimate power of Qubes is its ability to firmly divide a single device into many different compartments that don't know about each other. New compartments can be created and discarded as needed.
Despite the sometimes unstable Xen virtualization, it's worth noting that Qubes can use most Linux-based software and drivers.
Qubes is maintained by a dedicated community of volunteer developers.
- All network connections are forced through Tor; if this doesn't happen, the connection is aborted
- Many privacy and security conscious applications/tools preloaded and ready for immediate use
- Tor (bundled with uBlock Origin) is the default browser
- Persistent storage option - which is encrypted automatically when enabled
TAILS = The Amnestic Incognito Live System
TAILS is a live operating system that focuses on anonymity on top of user privacy. In short, unless you enable persistent storage, everything you do while using TAILS effectively disappears when you shut down the system.
TAILS can boot and run from a DVD, USB drive, or SD card on just about any relatively modern computer without leaving a trace. It accomplishes this by never writing anything to the hard disk and only running from the memory (RAM) of the computer.
TAILS also uses very strong cryptographic tools to encrypt the likes of your files, emails and messages. Additionally, all network connections are forced through the Tor network.
TAILS' "secure by design" is also "private by design," and can provide anonymity when conducting business through the operating system.
TAILS is developed and maintained by a nonprofit and an open community.
- Based on Kicksecure - a security-hardened Linux distribution
- Keystroke anonymization via kloak
- Forces network connections through Tor
- AppArmor - restricts the capabilities of commonly used applications
- Advanced firewall
Whonix is a full operating system that runs inside your current operating system. It's available for Windows, macOS, and most Linux distributions (including those on this list.) Whonix comes pre-installed on Qubes.
Whonix focuses on privacy, security, and anonymity. It aims to realistically addresses common attack vectors.
Like TAILS, Whonix forces all Internet connections through the Tor network. Those that can't be routed through the Tor network are disabled and blocked.
Whonix is developed by independent contributors of the Whonix Project.
Criteria for desktop privacy-friendly operating systems
NOTE: Just about any Linux or FreeBSD derived operating system will be leagues better for user privacy when compared to Windows or macOS.
At a minimum, to be listed as a recommendation on avoidthehack, privacy-friendly operating systems must:
Closed-source operating systems have demonstrated they're not entirely trust worthy as there is little transparency even while using the operating system itself. To alleviate this, avoidthehack only recommends open-source operating systems here.
Recommendations listed here are free of cost. However, there are plenty of distributions requiring upfront costs prior to installation that are more privacy-friendly than Windows and macOS.
Cater to user privacy as a default
Operating systems listed here should have some direct focus on improving and maintaining user privacy. Ideally, the default settings of the operating systems would reflect this.
avoidthehack prefers operating systems that do not use Snaps (due to privacy issues) or push proprietary software known to be rather privacy invasive. Ideally, the operating system would not engage in phoning home - with the exception of checking for updates. Auto-update should be able to be disabled.
Be out of alpha/beta
Many Linux distros/forks don't make it out of alpha or beta stages. Additionally, beta operating systems may have excessive breakage or compatibility issues with hardware/software.
Truthfully, just about any Linux-based installation that you pick - even if it's not from this list - will provide better privacy than continued use of Windows or macOS. Picking an operating system from this list helps ensure that you're getting a truly privacy friendly operating system.
If you are looking for additional suggestions for GNU/Linux distributions to try out, then please visit DistroWatch as it is an excellent resource for viewing snapshots of all the different distributions out there!
However, some users might find themselves unable to switch for a variety of reasons. In this case, you should look into "shutting Windows up" by disabling as much telemetry and data collection within the operating system itself.
With all of that said, stay safe out there!