Banning uninvited guests from your computer these days can mean negotiating several obstacles. Leaks have revealed many of the sophisticated technical methods deployed by the intelligence services. Additionally, industrial spies and criminal hackers spare no effort to spy on users. The attackers now rely not only on software vulnerabilities but also on manipulated hardware, which poses problems for special occupational groups that rely on discretion – such as journalists, lawyers, or doctors.

Discreete Linux [1] seeks to put a stop to intrusion attempts. The former Ubuntu Privacy Remix [2] now uses Debian 8 as its basis and is available as a beta version. In this article, we take an in-depth look at the updated edition.

Hardened

The system is available as 1.6GB hybrid image [3]. You can launch and run this on a USB stick or an optical medium. Discreete Linux lacks a persistence mode that lets you store your own files on USB flash drives. The system only boots on read-only ISO 9660 filesystems and creates a temporary overlay filesystem to avoid loading malicious software unnoticed in the background.

It not only does without kernel modules for internal ATA drives (optical drives being the exception) but also prevents the communication with the outside world over the network. Discreete Linux explicitly mounts USB flash drives or other external disks without the option of running programs – bad luck for malicious software and spyware programs. Last but not least, the user has no way of gaining root privileges.

GUI

Discreete Linux comes up with a fairly recent version of the Gnome desktop, 3.14.1, which has several smaller applications on board. Additionally, the operating system integrates software packages from the KDE collection and distribution-independent applications such as LibreOffice, Gimp, Firefox, and VLC. It also preinstalls applications for specific hardware, such as scanners. These features make the operating system a solid all-arounder.

CryptoBox

To allow you to use Discreete Linux like a conventional distribution, the Debian derivative provides a special wizard, which you will find in the Applications | Security | CryptoBox Wizard menu. The wizard creates encrypted containers on a removable disk, but also uses available space on the boot drive. Setting up the containers couldn't be any easier: In a dialog, you specify where you would like to create a CryptoBox and what size you want it to be (Figure 1).

Figure 1: Discreete users can generate an encrypted container in a simple dialog.

There is the possibility to create a container for automatically backing up your data, and you can determine the encryption format. When you are done, press Continue to go to a second dialog, where you enter the ID and a password with a length of at least 20 characters. In the same dialog window, use the two selection fields to choose the encryption and hash algorithm; the options depend on the selected encryption format (LUKS [4], VeraCrypt [5], TrueCrypt [6]) (Figure 2).

Figure 2: Users can choose from various encryption methods for containers.

To generate a key that is as random as possible, the software also prompts you to move the mouse for at least a minute. Then, it creates the container and is ready for use.