Sadly, I am not sure you will find a default private environment. There are many things you can do to improve your privacy, but almost all of them require action rather than selection. "Hardening" is probably the right search term.
Given what you have said, I think any Linux environment will be fine for you and will result in immediate, significant privacy gains. All security is a trade off for convenience. If you want a more secure environment, you should expect a less convenient environment. I would choose a popular Linux environment. All of them are probably the right tradeoff.
That being said:
Without focusing on observability first, you end up with a lot of unknown unknowns. You might not think installing a home brew package on MacOS as something that violates your privacy, yet many will reach out to google for various artifacts, if not directly reporting analytics themselves.
You will not get (good) privacy without a whitelist rather than blacklist environment.
Paradoxically, modifications you make to your environment or using more bespoke environments can make you more easily identifiable. Eff runs a great website breaking down how finger-printable your browser is:
A good OS choice will help you most from nation-state actors. So if your threat model is a government (as opposed to capitalists or hackers or scammers etc.), then Linux is the best choice.
Tuned Firefox is probably the best browser choice. You will want to find a guide on how to "unfuck" the default settings. uBlock is non negotiable. PrivacyBadger and Decentraleyes are good plugins as well.
After Firefox setting up a PiHole will offer a lot of privacy protection for minimal investment by essentially being a DNS firewall.
A RaspberryPi is cheap and a fun tool. I totally recommend setting a RaspberryPi up with PiHole. After PiHole I imagine you could install MITMproxy on it or other interesting tools that would build in observability.
> I don't agree with this statement.
User data being used to power features is generally not what people would consider telemetry.
While you are absolutely correct about how search suggestions etc work, that is not what I would consider telemetry. Telemetry is specifically data like crash reports, which can and sometimes will upload memory dumps that can contain plain text passwords or private keys that were loaded into memory.
I promise you telemetry helps reduce downtime significantly. Telemetry itself is not evil, it is companies and how they use it that can be evil. If no one submitted telemetry it would make running stable services much harder. In a sense, the people who do submit telemetry are subsidizing you. I also almost universally shut off telemetry, but if everyone did that, it would definitely be problematic.
Siri (or alexa, etc.) learning from your apps, sucks in just about everything you do on your phone, letting siri run wild likely greatly breaks privacy. Your phone keyboard can remember things you've typed or proper nouns you've used. Spotlight (or other file search features) will open and "understand" every file on your computer then index them so they are searchable. Virus scanners hash every file on your computer, then check to see if the hash is in their "evil" database. It doesn't take much imagination to see how, for example russia's kaspersky virus scanner could abuse that (or any other).
> I don't currently have the tools (much less the money or equipment to set up an off device firewall)
Buy a RaspberryPi and set up a PiHole. Something like this:
Amazon has kits that provide the power cords and a nice looking protective case for probably $50 usd.
It does not take much power at all to run firewalls/piholes/etc.
I am sure there are plenty of approachable guides.
> This is something the average person simply cannot do.
I think it will have challenging moments but ultimately be much easier than you expect.
Summary:
Any linux distro, choose what feels best to use
Firefox, follow a privacy guide to configure "about:config", install uBlock, PrivacyBadger, Decentraleyes
Buy a RaspberryPi, set up PiHole
(bonus) Set up a sane firewall on your linux machine or on a different machine
(bonus) Consider setting up mitmproxy
(bonus) Follow OpenSnitch (https://github.com/evilsocket/opensnitch) and consider trying it when you feel it is mature enough
> A good OS choice will help you most from nation-state actors. So if your threat model is a government (as opposed to capitalists or hackers or scammers etc.), then Linux is the best choice.
How does the threat model change looking at government vs capitalists, etc.?
Are either Windows 11 or MacOS acceptable when it comes to privacy considerations?
> setting up a PiHole
I might look into this- it seems simple enough and additional benefits (like ad-blocking), it looks like. It's a step in the right direction.
> Telemetry
I suppose that companies calling additional data that you don't consider telemetry, "telemetry", is what muddies the water. Telemetry with zero identifiable information is probably okay, if I'm informed and can opt-out.. but collecting data on what I have typed, or have installed, or which program I have launched.. I don't think is acceptable. Maybe my concerns are overblown, but...
Microsoft is pretty much a no win. Integrating ads directly into the operating system is quite gross and shows extreme negligence. Worse it shows an environment where business interests have absolute authority over engineering interests. No engineer that cares about security or maintainability would have let OS integrated ads happen.
Linux is probably better on all fronts, but a well configured MacOS is probably reasonably resistant to (non apple) capitalist threats. Apple is also doing considerable work on things like "secure enclaves" which I generally buy in to. They are also actively engineering systems to reduce passwords as a means of authentication. Apple is doing real innovative engineering and culture changing work that I generally consider forward thinking and society improving. I also believe that work has to be rewarded (with money spent) in order to convince other companies that it is something people actually care about. Companies will ask "what are our competitors doing," not "who stopped using our products/competitors products." Forcing companies to add privacy labels to their apps is something pretty much only Apple is capable of doing, and that is backed by the threat of direct monetary and potentially legal consequences.
Of course if all of the "Apple is getting into ads" press starts to ring true and Tim Apple goes full corruption, which is probably likely, I will likely have to begrudgingly move to Linux myself.
If I was worried about the government having access to my laptop, I would consider Apple's ecosystem a rather grave threat, but if I am generally not worried about governments, then I think the convenience of using MacOS exceeds the privacy values gained by choosing a more... ascetic environment. Since I use an iPhone apple already has extreme dominion over and insight into my digital life. Access to my laptop is a marginal loss of privacy compared to what apple gets from my phone anyway. Using an android phone is almost certainly worse and using a third party android OS involves trusting entities that have no form of real accountability.
Little Snitch is a pretty fantastic piece of software that I generally trust and gives what I consider an adequate level of observability into what my computer is doing.
You are going to have to go through and disable features like cloud backup, encryption keys in cloud, autocomplete suggestions, browser syncing, telemetry/crash logs, siri, spotlight indexing etc as well as install things like uBlock, PiHole and LittleSnitch. That kind of hardening would likely have to be done regardless of environment.
Linux seems to me like there is a good possibility of a serious supply chain hack in the next decade. If you ask "Who is trying to prevent this?" it's mildly scary to think there is probably some person with no authority, reputation, or responsibility volunteering their time to try to solve that problem because its the right thing to do.
They've shown a desire to push the line, while the ubuntu community has apparently mostly kept them within it. That article wasn't meant to be a source of truth so much as a starting point to find things to read about.
> I might look into this-
The nice thing is, is that once you set it up, you can tell your router to use the PiHole as a DNS server to hand out via DHCP, and it can even block your TV from contacting the manufacturer. Your router might even give it to your phone that connects to it and prevent a share of ads from showing up on your phone.
> Telemetry with zero identifiable information is probably okay,
Sadly, while they say there is no identifiable information, this is generally not a guaranteed property so much as a "we try to do the right thing" property. Crash logs don't need identifiable information because with 3 database tables in a data warehouse you can probably de-unidentify a log no problem. If any kind of memory is sampled, it is very possible to suck in information that shouldn't be there as well.
Microsoft, for example, has found inventors of viruses (and subsequently handed their info over to the FBI) because the crash logs the viruses caused got reported and they could turn that into an identity.
> Maybe my concerns are overblown
Nah, suggestions and features like that are shady. I do not like them one bit. I will say the more you understand, the more you realize privacy is dead. Privacy must be legislated. From a technical level it is an arms race, and if you try to run in the arms race, you'll just get exhausted and lose anyway. It's still probably a good idea to be a bit ahead of the curve or at least aware. Certainly a lot of people in Hong Kong in 2019 probably wish they were more versed in privacy.
Given what you have said, I think any Linux environment will be fine for you and will result in immediate, significant privacy gains. All security is a trade off for convenience. If you want a more secure environment, you should expect a less convenient environment. I would choose a popular Linux environment. All of them are probably the right tradeoff.
That being said:
Without focusing on observability first, you end up with a lot of unknown unknowns. You might not think installing a home brew package on MacOS as something that violates your privacy, yet many will reach out to google for various artifacts, if not directly reporting analytics themselves.
You will not get (good) privacy without a whitelist rather than blacklist environment.
Paradoxically, modifications you make to your environment or using more bespoke environments can make you more easily identifiable. Eff runs a great website breaking down how finger-printable your browser is:
https://coveryourtracks.eff.org/
As for priorities.
A good OS choice will help you most from nation-state actors. So if your threat model is a government (as opposed to capitalists or hackers or scammers etc.), then Linux is the best choice.
Tuned Firefox is probably the best browser choice. You will want to find a guide on how to "unfuck" the default settings. uBlock is non negotiable. PrivacyBadger and Decentraleyes are good plugins as well.
After Firefox setting up a PiHole will offer a lot of privacy protection for minimal investment by essentially being a DNS firewall.
A RaspberryPi is cheap and a fun tool. I totally recommend setting a RaspberryPi up with PiHole. After PiHole I imagine you could install MITMproxy on it or other interesting tools that would build in observability.
> I don't agree with this statement.
User data being used to power features is generally not what people would consider telemetry.
While you are absolutely correct about how search suggestions etc work, that is not what I would consider telemetry. Telemetry is specifically data like crash reports, which can and sometimes will upload memory dumps that can contain plain text passwords or private keys that were loaded into memory.
I promise you telemetry helps reduce downtime significantly. Telemetry itself is not evil, it is companies and how they use it that can be evil. If no one submitted telemetry it would make running stable services much harder. In a sense, the people who do submit telemetry are subsidizing you. I also almost universally shut off telemetry, but if everyone did that, it would definitely be problematic.
Siri (or alexa, etc.) learning from your apps, sucks in just about everything you do on your phone, letting siri run wild likely greatly breaks privacy. Your phone keyboard can remember things you've typed or proper nouns you've used. Spotlight (or other file search features) will open and "understand" every file on your computer then index them so they are searchable. Virus scanners hash every file on your computer, then check to see if the hash is in their "evil" database. It doesn't take much imagination to see how, for example russia's kaspersky virus scanner could abuse that (or any other).
> I don't currently have the tools (much less the money or equipment to set up an off device firewall)
Buy a RaspberryPi and set up a PiHole. Something like this:
https://www.adafruit.com/product/3775?src=raspberrypi
Amazon has kits that provide the power cords and a nice looking protective case for probably $50 usd.
It does not take much power at all to run firewalls/piholes/etc.
I am sure there are plenty of approachable guides.
> This is something the average person simply cannot do.
I think it will have challenging moments but ultimately be much easier than you expect.
Summary: