Secure and anonymous on the Internet with Heads

Keep the Secret

Article from Issue 217/2018

Several live distributions support anonymous surfing on the Internet. Heads is a leading alternative that lets you surf secretly on older hardware.

The Internet offers unimagined opportunities, but equally unimaginable dangers. Although Linux offers effective protection against malware, spying, advertising, and trackers through a variety of free tools and technologies, the effort involved in configuring these tools is considerable and requires in-depth expertise to properly plug loopholes. Heads [1] is a still-young live distribution from the US that lets users surf safely without time-consuming and laborious installation and configuration work.

Heads is based on Devuan "Beowulf." Devuan is a Debian fork that still relies on the older SysVinit initialization process instead of systemd [2]. The dependency-based OpenRC init system [3] is also used in heads. In contrast to established distributions for anonymous surfing on the net, such as Tails, heads relies exclusively on free software and a hardened kernel: Unlike Tails, the developers have not integrated proprietary applications or binary blobs into the system. In addition, they include the grsecurity patches [4] in the kernel to prevent potential vulnerabilities such as zero-day exploits.

Unlike most distributions, heads does not have a fixed release plan. New versions are released in a manner that is true to the Debian motto: "It's done when it's done." The goal is not to meet a predefined timetable but to ensure superior software quality. In addition, heads is available in a variant for 64-bit hardware, as well as in a variant for older 32-bit systems. With the help of heads, you can rejuvenate an older computer system as a secure web browsing station.


Heads also goes its own way with the desktop: Instead of relying on a heavyweight desktop like KDE or Gnome, heads uses the Openbox window manager; alternatively, the distribution offers the Awesome window manager, which is intended for advanced users. Thanks to these resource-saving interfaces, heads ensures an agile working speed even on older computers with only one processor core.

You can pick up the 745MB ISO image (64-bit) or the 770MB image (32-bit) directly from the project website. While you are there, download the appropriate GPG signatures and SHA256 checksums. After downloading the three files for each ISO, switch to the download directory in the terminal and check the integrity of the image using the gpg --verify headss-*.asc command followed by sha256sum -c heads-*.sha. The result should be a message confirming the integrity (Figure 1).

Figure 1: You can perform an integrity check with two commands.

After a successful check, transfer the image to a USB stick or optical disc using a tool such as UNetbootin or ROSA ImageWriter [5]. Alternatively, transfer the image to the target drive in the terminal using the following command:

dd if=heads-*.iso of=/dev/target bs=1M && sync

Replace target with the appropriate device name. Then, reboot the computer with the newly installed drive.

First, select from the Grub boot menu whether you want to launch heads with Openbox or Awesome as the window manager. After this selection, the system powers up quickly and opens a settings dialog, in which you can define the keyboard layout, the language settings, the time zone, and the root password. It is only after clicking on the Start heads button in this dialog that you can access the desktop.

Openbox is visually and functionally similar to LXDE: At the bottom is a panel bar with a system tray, a number of application starters, and the button for the main menu. Awesome provides a panel bar at the top, where you can choose between nine virtual user interfaces to the right of the start button for the main menu. On the right side of the panel bar, Awesome also combines the system tray with numerous displays. You can open the main menus of both window managers by right-clicking anywhere on the desktop.

Internet access in heads shows some minor conceptual weaknesses: Although the system automatically initiates a cable network connection via a router, there may be problems with WiFi access. Heads uses the Wicd graphical front end, which offers easy access to the Internet. Due to missing proprietary firmware files, however, the system may not be able to support the WiFi hardware installed in the computer.

This problem particularly affects WiFi cards from Intel and Broadcom, although WiFi hardware from Atheros usually works out the box. Heads is also generally unable to control WWAN hardware, which is becoming increasingly common in mobile systems, because the proprietary firmware required to operate the chipsets is missing (Figure 2).

Figure 2: Atheros WiFi chipsets are still ideal for systems without proprietary firmware.


Thanks to the Tor Browser, heads ensures your anonymity on the net while improving web browsing security – and without any manual configuration work. The integrated add-ons HTTPS Everywhere [6] and NoScript [7] support encrypted connections and disable JavaScript. If you want to test whether you are communicating correctly via the Tor network after launching the Tor Browser, you can check the configuration by pressing the Test Tor Network Settings button on the start screen.

The disadvantage is that the Tor Browser does not use an ad blocker. However, the Mozilla add-on page lets you retrofit an ad filter in the form of the UBlock Origin plugin [8] without too much effort. The email client is Thunderbird, which also communicates via the Tor network using the TorBirdy add-on. The Lightning Calendar app extends Thunderbird to offer former Outlook users a slot-in replacement.

The system uses HexChat as an IRC application; it finds the settings for countless IRC channels by default, thus often removing the need for complex configuration (Figure 3). The default nickname and user in HexChat is the heads system user luther with luther as the password; you can change these settings to suit your needs. The last application in the Internet menu is the Electrum Bitcoin wallet for managing virtual currencies.

Figure 3: A chat program is also integrated in heads.

In the other submenus, you will find a useful compendium of mainly lean applications, which are well suited for daily needs and older computers. These applications include AbiWord and Gnumeric from the Office menu, as well as SMPlayer and the mpv media player in the Multimedia section. The developers make an exception to the lean app rule with the graphics program Gimp, the Tor Browser, and Thunderbird, integrating applications that are more resource heavy, especially in terms of memory.

In the System Tools menu, you will also find some leaner applications in the Openbox version of heads. The Metadata Anonymization Toolkit program (MAT) is a prominent example that helps to remove metadata from various files. For example, you can delete location data or camera information from cellphone or digital camera photos to avoid undesirable geo-tracking when you post them. In the Awesome version, this application is found in the Accessories menu. The menus also contain numerous small applications from the LXDE desktop environment.


The Preferences menu offers only the bare necessities in terms of configuration programs – the Openbox configuration manager, for example. In the Awesome variant, you can configure desktop-specific settings using the Awesome menu.

The lack of front ends for system control and configuration, as well as the absence of a graphical package manager, is primarily due to the fact that the developers designed heads as a Live-only system. Since the distribution works without installation and is said not to leave any traces on the computer you use, installation routines, as well as direct access to software repositories, would only be a hindrance.

Because these installation and package management programs have been left out, Head is very economical. In the test, for example, it used just 570MB RAM, even when the Tor Browser was running. In the Awesome variant, heads is content with just 550MB RAM. In idle mode with some small applications open, the RAM consumption in both variants drops to an astoundingly frugal 300MB (Figure 4).

Figure 4: Heads resource consumption falls within narrow limits.

You can update heads in the Live system. Since heads has no fixed release cycles, it is a good idea to check from time to time whether a newer version is available on the project website. Use the sudo heads-update command to import any updates into the system.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • BunsenLabs Helium

    For older computers with 32-bit processors, BunsenLabs Helium offers a lean alternative to popular Linux distributions. Our lab investigates how well the system performs on antiquated hardware.

  • MiyoLinux

    The lean MiyoLinux is aimed at System V lovers who aren't afraid to customize.

  • Semplice Linux

    Semplice is a fast and simple desktop system that avoids the clunky, stripped-down look associated with many "lean" Linux distros.

  • Using as an Outliner
  • PXE Boot with TinyCore

    Implementing PXE boot with TinyCore Linux lets you boot a computer over the network – a great solution for revitalizing old computing hardware.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More