Security distribution

Under the Radar

Article from Issue 199/2017

Internet users can fly under the radar of hackers and data collectors with Discreete Linux.

Banning uninvited guests from your computer these days can mean negotiating several obstacles. Leaks have revealed many of the sophisticated technical methods deployed by the intelligence services. Additionally, industrial spies and criminal hackers spare no effort to spy on users. The attackers now rely not only on software vulnerabilities but also on manipulated hardware, which poses problems for special occupational groups that rely on discretion – such as journalists, lawyers, or doctors.

Discreete Linux [1] seeks to put a stop to intrusion attempts. The former Ubuntu Privacy Remix [2] now uses Debian 8 as its basis and is available as a beta version. In this article, we take an in-depth look at the updated edition.


The system is available as 1.6GB hybrid image [3]. You can launch and run this on a USB stick or an optical medium. Discreete Linux lacks a persistence mode that lets you store your own files on USB flash drives. The system only boots on read-only ISO 9660 filesystems and creates a temporary overlay filesystem to avoid loading malicious software unnoticed in the background.

It not only does without kernel modules for internal ATA drives (optical drives being the exception) but also prevents the communication with the outside world over the network. Discreete Linux explicitly mounts USB flash drives or other external disks without the option of running programs – bad luck for malicious software and spyware programs. Last but not least, the user has no way of gaining root privileges.


Discreete Linux comes up with a fairly recent version of the Gnome desktop, 3.14.1, which has several smaller applications on board. Additionally, the operating system integrates software packages from the KDE collection and distribution-independent applications such as LibreOffice, Gimp, Firefox, and VLC. It also preinstalls applications for specific hardware, such as scanners. These features make the operating system a solid all-arounder.


To allow you to use Discreete Linux like a conventional distribution, the Debian derivative provides a special wizard, which you will find in the Applications | Security | CryptoBox Wizard menu. The wizard creates encrypted containers on a removable disk, but also uses available space on the boot drive. Setting up the containers couldn't be any easier: In a dialog, you specify where you would like to create a CryptoBox and what size you want it to be (Figure 1).

Figure 1: Discreete users can generate an encrypted container in a simple dialog.

There is the possibility to create a container for automatically backing up your data, and you can determine the encryption format. When you are done, press Continue to go to a second dialog, where you enter the ID and a password with a length of at least 20 characters. In the same dialog window, use the two selection fields to choose the encryption and hash algorithm; the options depend on the selected encryption format (LUKS [4], VeraCrypt [5], TrueCrypt [6]) (Figure 2).

Figure 2: Users can choose from various encryption methods for containers.

To generate a key that is as random as possible, the software also prompts you to move the mouse for at least a minute. Then, it creates the container and is ready for use.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • VeraCrypt

    Protect your data and operating system from prying eyes with VeraCrypt.

  • VeraCrypt

    The VeraCrypt encryption software comes with a handy graphical interface, and the ability to hide a container in an encrypted volume adds a unique professional feature: plausibly deniable encryption.

  • TruPax 9

    The TruPax tool specializes in encrypting small datasets to safeguard your data from prying eyes.

  • Critical Flaws Found in VeraCrypt

    Popular open source encryption tool is vulnerable to attack

  • Disk Encryption

    Encrypted volumes have long since ceased to be an exception or luxury. Corporate policies and compliance rules often demand encryption for critical data. This article looks at tools for disk encryption on Linux.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More