hi I’m still exploring stuff and I was thinking about nix, with all his stuff, what do you guys think? maybe someone with experience can tell me if I should stay away from that or could be a good choice for privacy, anonimity and security

  • Euphoma@lemmy.ml
    link
    fedilink
    English
    arrow-up
    8
    ·
    1 year ago

    If you don’t have much experience with linux you should not use nixos. I don’t think nixos is any different from debian or fedora in privacy, anonymity, or security. Many people even reduce their privacy by putting their config on github.

    • toastal@lemmy.ml
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      I mean yes you reduce your privacy by interacting with Microsoft GitHub in general, but posting your Nix config to the public isn’t much of a privacy concern since you shouldn’t have any plaintext secrets anyhow as a best practice since it would be compiled into the Nix store. There are a couple of different ways to encrypt secrets, as well as just not committing private *.nix to a public repository.

      • Euphoma@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Other people will know what bootloader you use, what apps you use, etc. Yeah I guess its not a huge concern, but its something.

        • Gooey0210@sh.itjust.works
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          It’s like giving a map of your infrastructure to a hacker, but it depends on your thread model. Most of the attacks on home servers are automated, so it shouldn’t be a consern

          Another thing if your thread model is different, then the situation is not that good, but you can encrypt a lot of stuff, especially when you’re making your config reproducible

    • Gooey0210@sh.itjust.works
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Nixos can be more secure than classic distros. First of all, you have atomic states of your system, so nothing can be added without rebuilding the whole system and giving it a new name

      Also you can do impermanence to ensure nothing can slip in for sure, because the system will be recreated every boot