Choosing between Kicksecure and Debian ?

What is better to use Kicksecure or Debian and then harden Debian using Whonix Docs?
Kicksecure is non-anonymous distribution and in case ISP can fingerprint you that you use Kicksecure, they can tell in 99% number of cases that you are using Whonix too. But if you use hardened Debian ISP will see that you use Debian, but Debian is used by a lot of people and if you use Whonix VM in Debian host. ISP can’t say if you use Whonix, they just see that you use Tor.
How easy is for them to fingerprint you and see what OS you use ?

1 Like

Kicksecure is based on Whonix research and documentation. Kicksecure is
Whonix minus Whonix related packages with only the security relevant

To start with Debian and then add hardening as per Whonix documentation
results in something similar to Kicksecure.


I read some of your previous post and you said
Probably ISP can fingerprint a user and see that user is using Kicksecure. Is there any option in Kicksecure - so for ISP it will look like user is using Debian ?

1 Like


Security vs fingerprinting is a conflicting goal unfortunately. Can’t maximize both at the same time. More secure settings are fingerprintable. Standing out form others.

The only solution would be to make as many people as possible use more secure settings so that nobody stands out anymore.


As a pure choice, between Kicksecure and Debian, it comes down to what you, as the user, want from your system.
If you want a relatively secure system but like implementing hardening solutions on your own, choose Debian.
If you want a system that is security-hardened out of the box, choose Kicksecure. Kicksecure is Debian-based, so you do not lose anything that “regular” Debian can do. You can still do everything that Debian can do, but you have the bonus of a pre-hardened system. In effect, you have an operating system that benefits from all the combined years of development, and research of the Whonix team.
Like Patrick said, fingerprinting is multi-faceted and complex. The larger of a userbase that Kicksecure has, the better. The fingerprinting becomes less and less effective as more users use the same system with the same settings.

1 Like

Do you mean a default Debian and hardened Debian can be fingerprinted as 2 different OS ? Or Kicksecure and hardened Debian fingerprinted as same os ?

What I can do to make Kicksecure less fingerprinted. Torify apt-get. What else ?

Most likely.

Likely no. Each hardening setting can have a different fingerprintable effect.

Nothing. It’s a lost cause. There’s no research, little researcher interest, let alone defenses.

Adversaries have an easier task. One fingerprintable mess up and you lost. Even in theory if there were defenses, you wouldn’t know of these are efficient.

This is quite similar to the lost cause of hiding Tor.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]