Which is more secure [in QubesOS], Debian or Fedora?

I’m wondering which OS to use with QubesOS. I do not like Tor and Whonix because their communication speed is slow. I use Youtube, Reddit, and Amazon. (I do not use Facebook and Google search because I place emphasis on security and privacy.) Which operating system should I use? Also, do you have any other recommended VMs settings etc?

1 Like

I think this is one of those oft-asked questions. It’s not necessarily that one is more secure than another, but it has a lot to do with your setup, how often you do security updates, and what you install or don’t install. A friend of mine even said, “Security is something you can’t install on a computer.”

Isn’t Qubes an OS in and of itself? Do you mean that you would have Debian/Fedora preinstalled, and then install Qubes on top of it?

Also, I should make the point that if you use YouTube, you’re essentially using Google (because Google owns YouTube). I know that it’s difficult to get away from Google at this point, but if you don’t want to use their services at all, you should include YouTube in that. There are YouTube front-ends like NewPipe and Invidious if you still want to watch the same videos without the data collection from YT itself.

Youtube is owned by Google, and it’s the hardest service to find an alternative to. Personally I would keep using Youtube and not use any other Google services. Reddit isn’t terrible (not yet, but it’s getting there), and you can’t escape Amazon.

Of the two, I prefer Debian, only because Fedora has started to become like Microsoft in terms of updating. Debian is more stable and has more packages. By default all the packages are outdated (Debian 10 came out recently, but within a year the packages will be very old) but there are ways to work around it without compromising the stability. Don’t use Debian testing or unstable.

Using a VM inside an operating system ruins the whole point of privacy. I suggest you dual-boot instead on separate hard drives. Then you can have QubesOS and Debian.

1 Like

Already been discussed here as well as other distros. Please search before you post.

1 Like

I’m based on QubesOS, Fedora as VMs
I am using Debian.

“Using VMs within the operating system completely eliminates privacy issues. We recommend dual-booting on separate hard drives. You can then get Qubes OS and Debian.” This is What should I do specifically?

I imagine both have equally good security teams, but I would be biased towards Debian due to being more familiar with apt, but I haven’t used QubesOS and I don’t know if you would use apt there.

Fedora probably has newer versions of all software due to releasing so often compared to Debian, but I have no idea if QubesOS would make you run fedup or whichever it is nowadays, I wonder if that is what @shadomatrix means with

Funnily Debian Testing is my main distribution, but I guess you don’t want to suggest it to a beginner (sorry if I am wrong with these assumptions).

I have heard that Debian prefers to be a hacker, why is that? What does Debian and Fedora specialize in?

I don’t think I have heard that and I have no idea what it could mean.

I am not sure in specializing, but I guess you are looking for

https://www.debian.org/intro/why_debian

https://docs.fedoraproject.org/en-US/project/

in security QubesOS ofc! it’s make sandbox for everything you run so it’s even hacked the hacker can just control the app you running only not whole PC! so yeah QubesOS is best & its need powerful PC to run it :3

I reworded the title again, I understand the question is:

@pinp has a QubesOS machine and is wondering should those sandboxes/vms/droplets be running Debians or Fedoras and they want to base their selection on which is more secure from those two.

Please correct me if I am wrong. And please also correct me with the title as I cannot seem to reword it in English.

I can’t help but wonder if people who don’t use services like Google and FB kinda attract attention. Being the “nailed that stands up get hammered down”. Like if there’s a database out there of where people go and what they do, and if people who run opsec by avoidance get specially flagged?

As a result I use FB but using a fiction profile. I do random stuff and sign up to random groups.

I used to not use Google but found that living in the UK meant functionality was a huge weak point for Startpage or DDG when looking for geo-specific content. In the end I just went back to Google.