Those who know what they’re doing on the dark web generally say that using Tor, by itself, is not enough to protect you. Traffic analysis and other methods have been used to de-anonymize users numerous times.
While using a VPN is also helpful, security experts frequently recommend using Linux distros for additional privacy. That being said, it’s also a frequent point of debate as to how secure even these systems are, but that largely depends on what your purpose in using it is.
In addition to trying these systems out, it took a fair amount of searching and reading to find out which ones were consistently given good marks by others. That aside, you may find you don’t like any of these; there are hundreds of other Linux distros available as well.
Note: These are in no particular order; don’t think of them as being ranked from “best to worst.”
Credit: Whonix 2013 Wikimedia Commons
Whonix was one of the first live OS’s that I tried out. I was impressed with how simple it was to set up and run, as well as its many privacy features. Whonix is based on Tor and Debian/GNU Linux, according to their About page.
Whonix consists of two parts: Whonix Gateway, which runs Tor, and Whonix-Workstation, which is on a completely separate network. Whonix-Workstation, as you may have guessed, consists of the GUI in which you can do word processing, web browsing, etc.
One of its standard features is the Konsole, which is much like the Bash Unix shell. For those who are more accustomed to a command line interface, this is ideal.
Because all of the network connections are run through Tor, you’re less likely to break your anonymity if you use Whonix for all of your activities (although it can happen). Plus, as you probably know, if you’re using (for example) a Windows system and intend to use the Tor network, it’s far safer to do it on a virtual machine than simply accessing it on Windows (the experts already know this, I’m sure)!
The Tor Browser is included with Whonix for web browsing. Whonix also features an anonymous IRC; e-mail with Mozilla Thunderbird, Enigmail, and TorBirdy; and private obfuscated bridges support. For the unfamiliar, Enigmail is a security add-on for Thunderbird that enables you to encrypt and decrypt your emails using OpenPGP.
While Tails seems to receive consistently positive reviews in tech publications and on sites like Alternativeto.net, Whonix isn’t necessarily worse than Tails; each of these Linux distros has their advantages and disadvantages.
On the page Whonix: Comparison with Others, you can see side-by-side comparisons of Whonix with some of the most popular distros, such as Qubes OS and Tails. Two of the things that Whonix protects against in its default mode are proxy bypass IP leaks and protocol IP leaks. According to their tests, at least, Tails is not secure in these categories. Its latest version, however, may have improvements.
Credit: Yvonne Salazar 2016
Unrelated to Sonic the Hedgehog’s sidekick, Tails (The Amnesic Incognito Live System) is a Debian GNU/Linux-based live USB operating system. At the moment, it’s also one of the most popular live OS’s. Is it safe to assume that you darknet explorers have already heard of it?
Deepdotweb previously featured it in their In-Depth Guide to Tails + Persistence.
As with Whonix, Tails’ software is configured to connect to the internet through the Tor network; well, that’s the short description, at least. Like a number of other live OS’s, Tails is designed to be operated from a USB stick, DVD, or SD card.
It includes a number of built-in applications configured for security purposes, such as the Tor Browser; Pidgin preconfigured with OTR for instant messaging; Icedove (Thunderbird) email client; LUKS and GNOME Disks to install storage devices; and PWGen, which is a strong password generator.
If used correctly, Tails definitely is one of the best Linux distros, although it does have potential security holes (particularly in certain versions).
Tor does not support User Datagram Protocol (UDP), so unfortunately, Tails can’t just redirect DNS queries to the Tor intercepting proxy. For more information about how Tails routes connections through Tor, read Tails – Tor enforcement.
Credit: Brunogabuzomeu 2012
Qubes is a Unix-like desktop OS whose designers describe it as “a reasonably secure operating system.” (In other words, no OS is perfectly secure, but this is one of the better ones.)
When using Qubes, you run all of your applications through lightweight Virtual Machines(VMs) called qubes. If you install it using its default settings, the system creates several qubes to start with:
Beyond just giving each qube a name, the system will assign a label to each (which consists of several pre-defined colors). The trusted window manager uses the colors to help identify the trust levels of different domains (or for whatever reason you designate). Like Whonix, Qubes also has a command line interface called the “konsole,” in which you can access all parts of the Qubes system that are available on the GUI.
That’s all well and good, I’m sure – but your question may be, how secure is Qubes? People have debated over this question, not only with Qubes, but also with its Linux peers.
Qubes’ approach to safeguarding is “security by isolation”; the Qubes run on separate Xen VMs, which isolates the apps in a more efficient manner than a standard operating system would. Linux Magazine goes into further detail about this process in Exploring the Qubes OS secure operating system. They did an “xinput” test to demonstrate one of the ways in which Qubes has added layers of security.
It’s not flawless, but it still seems far better than, say, Windows 10 (insert laugh here).
Credit: Mick Amadio 2014
Puppy Linux, as its name suggests, prides itself on being simple, lightweight, and minimalistic.
There are many different types of Puppy Linux systems, also known as “Puplets,” but regardless of which version you’re using, they’re all lightweight (100MB to be precise).
Like a number of other Linux distros, Puppy Linux allows “live” booting from a CD, DVD, or USB flash drive. It also includes a variety of applications, such as word processors, spreadsheets, web browsers, and games.
As opposed to some of its peers, Puppy is very easy to learn and use. When you first boot it up, a “Quick Setup” toolbar appears, in which you can customize a few aspects of the system. Once you’re finished, you’ll hear a barking sound, and then you’re all set!
More advanced users might find Puppy a bit too simple, but it does offer more advanced options if you want to customize it to your liking. It seems particularly suited for systems with older hardware that need somewhat of a revival.
If you’d like to see a more visual example of how Puppy Linux works, see this YouTube video: Puppy Linux 5.7 Quick Look – Linux Distro Reviews
Credit: Offensive Security 2013
Among its Linux peers, Kali Linux is definitely on the more advanced end of the scale. It’s a Debian-derived Linux distro that’s specifically made for penetration testing.
It includes several hundred tools for that purpose – you might call it a hacker’s arsenal. If you were to peer inside Kali Linux’s “armory,” so to speak, you would find such things as Armitage (a cyber-attack management tool); Nmap (a port-scanning security tool); and OWASP ZAP (a web application security scanner).
As opposed to distros like Puppy Linux, Kali is not geared toward beginners, and will probably take more time to learn. On the other hand, it is considered to be one of the best pen testing operating systems. For all you hackers out there, this one’s definitely a contender.
A Quick Comparison
Is That All?
No, far from it, actually! When I began writing this piece, I was overwhelmed by the number of possible Linux distros I could talk about, so I thought I’d include a few that I had tried out and liked. I have a number of other suggestions, too, including (but not limited to):
And that’s just the icing on the proverbial cake. Which one really works for you is a matter of taste, experience, and purpose. If you’re really serious about finding the right Linux distro, I say go out there and try them all! (You’ll eventually find one that suits you.)
So, if I didn’t include your favorite distro here, feel free to suggest it in the comments. I’d be happy to add it to my repertoire.