Skip Navigation

Smallest Security/Privacy Focused Distro Help?

I've been doing some scouring and my search results are coming back confusing. Usually either incomplete information, or some kind of sales spam, so I'm reaching out in the hopes of recommendations for actual linux users and fans. I am looking for a very small, tiny even, security/privacy focused distro. I don't mind doing some work to set it up (though LFS may kill me!)

Here is what I have.

  • RAM: 2GB (yep. Seriously. None-upgradable).
  • HDD: 20GB (say 19GB)
  • Processor: Intel Celeron N3350 (2334Mhz average)
  • GPU (hah): Intel HD Graphics 500 (Integrated)

Wishlist

  • Graphical user interface (I appreciate it's going to be very basic)
  • Arch based (I love the AUR and pacman)
  • Base runs on less than 512MB of RAM, Arch Linux is a minimum of 512MB.

The software I plan to run on said device, so to give some kind of guidance of how much RAM we're working with.

  • Tor Expert and Tor Browser bundles or Mull.
  • Virtual machine (of some kind) with Whonix
  • MariaDB
  • RClone
  • VLC/Smplayer (which ever is smaller)
  • VPN client
  • Rustdesk (I can't find anything smaller than actually works)
  • ZSnes
  • SimpleX
  • Deluge (DelugeD with thin-client)
  • LibreOffice (until I can find a lighter alternative, but I need the BASIC capabilities).

Solution

https://lemmy.world/comment/10289862

29

You're viewing a single thread.

29 comments
  • Have a look at alpine.

    For the DE, something very light is needed and I would use Wayland for security AND performance.

    Problem: apart from RaspberryPiOS I know no dedicated lightweight wayland DE.

    They use Wayfire, but one of these will work too.

    Then for the apps, good luck running a Browser at that low.

    You will need only system packages, nothing else. Might try Bubblejail for sandboxing without using Flatpak (disk space, RAM). But that is in pretty early stages.

    For your apps

    • you mean Mullvad Browser not Mull. Screw that, use Librewolf
    • you will not run a VM on that hardware. These are VM guest specs, not host. You can run Carburetor flatpak, or maybe a minimalist podman container with tor for proxying. User namespaces, bubblejail and seccomp are also secure.
    • VLC is not small. Use Celluloid or just MPV or even better just ffplay. Celluloid/Haruna/Dragon is minimal and has wayland support
    • rustdesk? Client or server? There is wayVNC and KDE and GNOME have their suites. But they need static IPs. Rustdesk Server has no wayland support
    • deluge, ktorrent, qbittorrent doesnt matter, all light. But stick to one GUI toolkit.

    I think Qt can work, pcmanfm-qt is nice.

    LXQt 6.1 will have "full" Wayland support, but you need to configure stuff in config files of course.

    I dont know a modern Wayland ready GTK alternative to GNOME.

    • I would avoid Alpine if you have a older machine as the way Alpine packages the kernel can be hit or miss. The upside is that the Alpine kernel is fast and secure.

    • I usually use rustdesk on this smaller device to log into my main, which is a decidedly tough nut to otherwise get back to as it's not on a static or exposed ip address. I've tried everything else, VNC cannot access my system, which is unfortunate.

      Wayland is not a huge thing for me I can take it or leave it. I'm not expecting performance here for example gaming or such (beyond ZSnes which I swear would work on a suitably grown potato).

      I had manjaro on the machine with operated at around 800MB, I was able to run Firefox and Rust desk on it, though I did have to trim some fat off Firefox to get that to work without setting the system into thrash mode.

      All good tips!

      • If you want a secure system you need Wayland. X11 is extremely insecure, search on the internet and you find why.

        But if you just need the VNC client no problem.

        If you want a server, have a look at KRFB. But yes, needing static IPs suck. You could use a free DynDNS service like NoIP for that.

        Trim down FF, like compile it yourself? That is for sure possible, you might want to use the ESR release to do that. You can leave out some things I suppose.

        Just start with Alpine, which uses busybox and musl and is thus security focused and smaller.

        Try a DE like LXQt, I will give it another go.

        You can use it with X11 for now and replace the compositor in the future.

        Some apps if you stick to just Qt (not that useful as Firefox will load in GTK stuff)

        • qBittorrent / Deluge
        • Haruna or Dragon
        • podman container with tor, try torvirt (and just skip the virt-manager profile stuff) (it seems unmaintained though)
        • SimpleX Appimage? Or instead of Alpine use Debian and then you can use the deb package but it was broken for me
        • Calligra instead of Libreoffice.
You've viewed 29 comments.