Based on Fedora 44 · GNOME 50
The Linux distribution for Dev · Admin · Creator · AI workflows — zero telemetry, daily-driver & hardened by default.
📥 Download · Quick Start · What You Get · Scope · Threat Model · AI Workspace · Comparison · Docs
A hardened, privacy-trimmed Fedora Workstation 44 desktop that still works like one — 40 modules layer defense across kernel, network, identity, integrity, firmware, services and browser, plus first-party apps, CLIs and docs, packaged as a single reproducible-from-source ISO with its own branding.
It's also built for the AI-agent workflow: a ready VSCodium + Claude Code
workspace ships with a privacy-default settings.json, a system-wide CLAUDE.md
engineering doctrine, and 39 AI-navigable docs — opt-in, telemetry-off, with a
fully-local AI path (RamaLama / Ollama / LM Studio) so your AI never has to leave the box.
Hardening is additive: security defaults ship ON without subtracting daily-driver
function. It stays a complete GNOME 50 desktop — Flatpak, NetworkManager, Firefox + uBO, dnf,
GNOME polish intact; Intel + AMD GPUs run out of the box on Mesa, NVIDIA
defaults to the open nouveau+NVK stack (proprietary NVIDIA + CUDA opt-in). Bluetooth /
Location / Camera / Microphone ship default-off with one-toggle opt-in (noid-toggle-bluetooth
/ noid-toggle-location / GNOME Settings → Privacy), and every noid-toggle-* is fully
reversible without breaking the system. LUKS2 + Btrfs + Snapper give system-state rollback (root
subvol only; /home preserved by design as a separate subvolume).
Threat model: privacy + surveillance-resistance on any network you join — not state-level
anonymity. Per-module rationale lives inline in each .ks lock-history header; deeper
trade-offs across docs/.
⚠️ Trademark: "Fedora" is a registered trademark of Red Hat, Inc. NoID Privacy Workstation is an independent derivative work, not affiliated with, endorsed by, or sponsored by the Fedora Project or Red Hat, Inc. — details.
The ready-to-flash v1.2 ISO (~3 GB, GPG-signed) lives on the NoID Privacy download page → — hosted on the project site, not GitHub Releases (a 3 GB ISO exceeds GitHub's 2 GB asset cap).
Always verify before you boot:
gpg --import noid-privacy-release.asc # one-time: import the release key
gpg --verify SHA256SUMS.asc SHA256SUMS # → "Good signature"
sha256sum -c SHA256SUMS # → "...x86_64.iso: OK"Release signing-key fingerprint 1ACB FCE4 9687 FEBB 9101 0E52 F8E3 F11D 6962 256F
(download the key).
Prefer to build it yourself from the kickstart source? See Quick Start below.
Build the ISO yourself on a Fedora 44 host:
# On a Fedora 44 build host:
sudo dnf install lorax-lmc-novirt anaconda spin-kickstarts pykickstart
git clone https://github.com/NexusOne23/noid-privacy-workstation.git
cd noid-privacy-workstation
sudo ./scripts/build-iso.sh # ~25–40 min → build-output/*.iso (~3 GB)scripts/build-iso.sh is the single supported build path — it handles ksflatten, the
Anaconda patch, branding staging, and audit-tool SHA pinning. Full guide: docs/build.md.
Always VM-test before bare-metal:
bash tests/run-all.sh # 51 structural tests
sudo ./tests/smoke/run-all.sh # bwrap smoke tests (needs bubblewrap)A kickstart image recipe — not a pre-built ISO:
- 42 kickstart files —
master.ks+ 40 module snippets (hardening + first-party apps + branding + docs) +99-finalize.kscross-module verifier. The snippets span the hardening surface (sysctl, firewall, USBGuard, AIDE, SELinux, kernel-module blacklist, …), first-party NoID Privacy apps and CLIs, user-doc bundles, branding, and post-install cleanup — not all are "hardening" in the narrow sense. The wrapperscripts/build-iso.shflattens them and feedslivemedia-creatorto produce a bootable live ISO. - 39 user-doc pages shipped inside the image at
/usr/share/doc/noid-privacy/— written for humans and structured so an AI-agent (e.g., a Claude Code session) can navigate + read them on demand. - 40+ user-facing CLI helpers (
noid-status,noid-help,noid-update-all.sh,noid-updateGUI,noid-networkGUI,noid-welcome.sh,noid-integrity-check,noid-toggle-wan-strict,noid-toggle-bluetooth,noid-toggle-location,noid-toggle-aide,noid-snap-pre,noid-luks-backup.sh,noid-firefox-harden-profile,noid-firefox-create-isolated-profile,noid-mei-restore-submodules,noid-lan-allow,noid-claude-install,noid-nvidia-install.sh, …) in/usr/local/binand/usr/local/sbin. - 51 structural + 4 smoke regression tests covering critical module invariants — current state 51/51 PASS.
Once built and installed (LUKS2 full-disk encryption, Btrfs layout), the result is a Fedora Workstation that matches or exceeds stock Fedora in every hardening dimension. Side-by-side against Kicksecure + secureblue → Comparison.
| Area | Hardening |
|---|---|
| 🤖 AI workspace (USP) | Claude Code CLI + hardened VSCodium + privacy-default settings.json + system-wide engineering doctrine + 39 AI-navigable user docs. Full breakdown → AI-Agent-Ready Workspace |
| 🔥 LAN isolation | block-lan-out drops every RFC1918 / link-local / multicast egress + firewalld L3/4 DROP inbound + layer-2 ARP hardening → invisible & unreachable on café / hotel / office WiFi. Surgical per-IP allow-list via the noid-network GTK4 app |
| 🛰️ VPN killswitch | Provider-neutral (Proton / Mullvad / IVPN / NordVPN / OpenVPN / manual WireGuard) — when the tunnel drops, traffic stops. No hardcoded provider dependency |
| 🧠 Kernel & sysctl | 120 install-time sysctl params (114 hardening + 3 audit-fixes + 1 userns + 2 privacy-network; +1 wan-ipv6-off at firstboot = 121 runtime; KSPP + Kicksecure security-misc + NoID Privacy), 52 baseline kernel-cmdline tokens (+ up to 7 hardware-conditional), 109 module blacklists, 35+ sandboxed systemd services with Protect* / Restrict* layers |
| 🔐 Firmware | Intel ME: KT/SOL PCI driver_override across 27 PCI IDs (6th–17th gen + Sapphire Rapids) + mei/mei_me loaded for BootGuard attestation (fwupd HSI caps at 1! on Fedora 44 — MemoryProtection firmware-bound, transitional + upstream-tracked, see docs/known-failures.md) / IOMMU / lockdown=integrity. No default MEI sub-module blacklists (Kicksecure-consensus per security-misc Issue #239) — mei_hdcp/mei_pxp/mei_wdt opt-in block via noid-mei-restore-submodules --block (4K HDCP / HuC HW-decode / iAMT-watchdog trade-offs explicit). AMD PSP: ccp loaded for fTPM + fwupd HSI, opt-in ccp blacklist (PSP hardware-locked since Zen 3 — no software disable; PSB OTP-fuse + CVE-2025-2884 doc'd). Plus fwupd HSI attestation + USBGuard whitelist-only |
| 🔍 Integrity & audit | SELinux enforcing (+ custom NoID Privacy module), auditd immutable (63 rules, -e 2), AIDE daily scans + re-baseline workflow, one-screen noid-status, curated known-FP list |
| 🦊 Browser | NoID Privacy Firefox Hardening (derived from arkenfox v144.0) + uBlock Origin (SHA-pinned) + FPP overrides + Quad9 DoH (TRR mode 3) + dFPI cookie-isolation + Canvas/WebGL randomization; separate Playground profile; optional Thunderbird hardening (M35) |
| 🔇 Silent machine | 98 systemd units masked source-deployed (M08 87 attack-surface + M05 8 avahi/wsdd/cups + M11 1 timesyncd + M24 2 fwupd-refresh; passim shared M08↔M24) + M27 thermald masked at firstboot on hardware with platform thermal-management (DYTC) (~100 live incl. Fedora-preset chrony masks; covers mDNS / SSDP / cups / firmware-poll / …; location/GeoClue is off via gsettings, not masking), 6 GNOME telemetry channels closed, no auto-update timers, gnome-software autostart-suppressed via dual-layer (systemd user-unit /dev/null mask + D-Bus session-service shadow org.gnome.Software.service Exec=) — manual launch via app-grid still works |
| 💾 Storage | LUKS2 AES-XTS-512 + Argon2id KDF (passphrase-only by design — TPM2 auto-unlock deliberately NOT enrolled per privacy threat model: hardware-binding ties drive to motherboard + evil-maid attack-surface via unattended-unlock + supply-chain trust requirement, see docs/22-disk-encryption.md), Btrfs + Snapper pre-update snapshots with snapper rollback CLI recovery |
| 🕒 30-day forensic retention | Strict 30-day cap on every persistent forensic source (audit logs, AIDE archive, snapper snapshots, install-time artifacts, libvirt/tuned/dnf5-rotated logs, UPower battery history, NetworkManager seen-bssids / timestamps). After day 31 the disk reveals nothing about prior activity. Saved WiFi profiles + paired Bluetooth devices stay user-managed (= no daily re-auth). Full source-by-source table in docs/log-retention.md. |
| 🔄 Updates & UX | noid-update-all.sh orchestrator + noid-update GTK4 GUI front-end (live VTE terminal, askpass dialog, snapshot → dnf → flatpak → fwupd → AIDE rebaseline), noid-welcome setup-dialog (M13, GTK4 + libadwaita, 10 PreferencesGroup sections incl. App Autostart picker — NoID Privacy-canonical GTK4 replacement for the missing GNOME 50 autostart UI), 40+ noid-* CLI helpers, 39 user docs |
| 🎮 Gaming (opt-in) | Hardening built gaming-aware (vm.max_map_count, userns, /home exec, SMT, ntsync all left game-friendly; no hardened_malloc to fight) — a single Gaming-Mode toggle in the Setup app relaxes the only 2 real blockers (ia32_emulation 32-bit exec + selinuxuser_execmod Wine W^X), installs Steam on demand, SELinux stays Enforcing, fully reversible → docs/gaming.md |
Module-by-module breakdown → INDEX.md · per-module rationale → docs/.
| ✅ Does | ❌ Does not |
|---|---|
| Stay invisible + unreachable on any LAN (inbound and outbound blocked) | Replace Tails / Whonix for whistleblowing anonymity |
| Block ISP tracking + browser fingerprinting (DoH, FPP, arkenfox, uBO) | Provide VM-level isolation like Qubes OS |
| Mitigate Intel ME (multi-layer, KT/SOL PCI + IOMMU + fwupd HSI) + document AMD PSP trade-offs | Protect against a compromised VPN provider |
| Enforce SELinux + auditd + LUKS2 + Secure Boot | Defeat physical coercion (xkcd 538) |
| Run as a working GNOME 50 + Flatpak desktop | Run on ARM / Raspberry Pi (x86_64 only) |
| Daily AIDE monitoring + Snapper rollback | Centrally manage via AD / LDAP / Intune |
This image combines configuration hardening (the foundation) with AIDE integrity detection and auditd behavioral monitoring (63 immutable rules) — detection layers catch what hardening can't prevent.
Best for: privacy-aware Fedora power-users · mobile professionals on hostile networks ·
security researchers (reproducible image, explicit per-module rationale) · developers & admins
who accept a WAN-only workflow.
Not for: multi-user / family systems (LAN-iso blocks shared services) · enterprise AD/LDAP
(sssd removed) · home-server / NAS · ARM · non-UEFI / non-TPM-2.0 hardware.
Gaming: opt-in via Gaming-Mode (Setup app) — relaxes the two real hardening blockers
(32-bit exec + Wine W^X) and installs Steam on demand; reversible, SELinux stays Enforcing.
Not tuned as a gaming-first rig, but Steam/Proton run. See docs/gaming.md.
See docs/threat-model.md for the long version. Short form:
Protects against — ad/tracker fingerprinting (FPP, arkenfox, uBO); ISP + local-network
surveillance (DoH, optional VPN, LAN-iso); data-broker profiling (dFPI, MAC randomization); LAN
attacks (block-lan-out, ARP hardening); browser memory-corruption exploits (Firefox Fission +
seccomp + namespaces); kernel exploits (sysctl + module-blacklist + kargs); USB attack devices
(USBGuard); evil-maid at rest (LUKS2 + Secure Boot); firmware-persistence (Intel ME multi-layer:
KT/SOL PCI driver_override + IOMMU + lockdown + fwupd HSI; AMD PSP awareness with opt-in ccp
blacklist — PSP is hardware-locked on Ryzen and cannot be disabled in software). Package
supply-chain uses Fedora primary repos with GPG signatures verified; third-party repos (RPM
Fusion, VSCodium) are TOFU on first install — see
docs/gpg-trust-chain.md.
Does NOT protect against — state-level global traffic analysis; targeted endpoint exploits
(no VM boundary like Qubes); a compromised VPN provider; account-linking via logged-in services
(Gmail / GitHub defeat pseudonymity); physical coercion (xkcd 538); zero-days between disclosure
and patch; upstream supply-chain attacks on Fedora itself (xz-utils-style); social-engineering /
phishing; Anthropic-side exposure of AI conversations IF you opt in to Claude Code (cloud
API, US-jurisdiction; opt-out paths + fully-local alternative →
docs/ai-workspace.md). Full out-of-scope list →
docs/scope.md.
| Layer | Detail |
|---|---|
| Bundled | Hardened VSCodium (telemetry / auto-update / AI-surfaces off) with the claude-code extension SHA-pinned in /etc/skel/.vscode-oss/extensions/ — the extension bundles the Claude Code CLI binary, so the AI panel works on first launch without marketplace. Opt-in system-wide CLI install via noid-claude-install (wraps Anthropic's signed install.sh with consent + content inspection) |
| Privacy defaults | /etc/skel/.claude/settings.json ships CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1 (auto-update ping + error reporter + non-critical analytics + usage-stats off), CLAUDE_CODE_HIDE_CWD=1 (working directory hidden from CLI banner), cleanupPeriodDays=7 (transcripts auto-purged after 7 days; upstream default = 30) |
| System directives | /etc/claude-code/CLAUDE.md ships system-wide engineering doctrine (Native > Hacky, Root-Cause First, priority hierarchy Correctness > Security > Privacy > UX > Stability > Simplicity > Performance) so agents inherit consistent posture across the system |
| AI-navigable docs corpus | 39 user docs at /usr/share/doc/noid-privacy/ shipped as flat Markdown so an agent can navigate + read on demand — per-module rationale + threat-model + trade-off notes all available |
User-overridable in ~/.claude/settings.json — the template is a privacy default, not an
enforced managed-settings layer. Built for the people who actually live in a terminal +
IDE + AI-agent loop.
Opt-in by design: no Anthropic traffic until you invoke Claude. Trade-offs (conversations
go to Anthropic API, US-jurisdiction, closed-source) + 6 opt-out levels + fully-local
alternative → docs/ai-workspace.md. Local-AI stack (RamaLama / Ollama
/ LM Studio + Continue.dev) → docs/28-local-ai.md.
| Kicksecure | secureblue | NoID Privacy WS 44 | |
|---|---|---|---|
| Kernel/sysctl baseline | ✅ (security-misc) | ✅ | ✅ (120 install-time sysctl + 52 cmdline tokens) |
| MAC framework | AppArmor | SELinux + user-ns confinement | SELinux enforcing (+ custom NoID Privacy module) |
| Hardened memory allocator | ❌ (deprecated upstream — AMD64-only + Flatpak-breakage) | ✅ GrapheneOS-based globally enabled via LD_PRELOAD |
❌ deliberate — Firefox LD_PRELOAD incompat (Bugzilla #1668674), see design-decisions |
| Hostile-LAN isolation | ❌ | ✅ (block-lan-out + ARP + per-iface) |
|
| Intel ME mitigation | ❌ (Issue #239: MEI blacklists removed 2024) | ✅ active KT/SOL PCI driver_override=none block (27 IDs, dracut-enforced) — the one real ME-specific mitigation — + BootGuard attestation + IOMMU + opt-in sub-module blocks; rest is generic Secure Boot / AMT-disable / NIC docs — detail |
|
| AMD PSP awareness | ❌ | kvm_amd.sev=1 sev_es=1 sev_snp=1 kargs) |
ccp stays loaded for fTPM/HSI, generic IOMMU + Secure Boot + fwupd HSI apply anyway, + a PSB-OTP / CVE-2025-2884 doc — detail |
| File-integrity (AIDE) | ❌ | ❌ (rpm-ostree immutable base instead) | ✅ daily |
| Default browser hardening | tb-updater) |
✅ Trivalent (Vanadium-derived Chromium, --jitless) |
✅ Firefox (arkenfox + FPP + uBO + Quad9 DoH) — detail |
| Privilege escalation | sudo + su restrictions | run0 replaces sudo/su/pkexec entirely |
sudo (timestamp_timeout=3, CIS 4.3.6) + faillock |
| AI-agent workspace | ❌ | ❌ | ✅ (Claude Code + VSCodium) |
| Gaming (Steam / Proton) | hardened_malloc crashes games, ptrace_scope blocks anti-cheat) |
✅ one-toggle Gaming-Mode (Setup app) — gaming-aware hardening, 2 surgical relaxations, SELinux stays Enforcing, reversible — detail | |
| Base | Debian | Fedora Atomic (immutable) | Fedora Workstation (mutable) |
NoID Privacy complements these references with a mutable Workstation base, AIDE daily FIM,
Firefox-side hardening (vs Chromium-side), and LAN-isolation by default. Full matrix →
docs/comparison.md.
Full rationale + sources → docs/design-decisions.md.
- No
hardened_malloc— Firefox is structurally incompatible withLD_PRELOADallocator replacements (Mozilla Bugzilla #1668674). secureblue solves this by shipping Trivalent (Chromium /PartitionAlloc); NoID Privacy keeps Firefox + arkenfox + full uBO (MV2) instead — that's the side getting the largest AI-driven security-audit pipeline (Anthropic × Mozilla Feb 2026, 22 CVE-fixes in FF148 via Claude Opus 4.6 + Claude Mythos audit April 2026, 271 additional bug-fixes in FF150 — Mozilla's Firefox CTO Bobby Holley: "the defects are finite, and we are entering a world where we can finally find them all") and where full uBO still runs after Chrome killed MV2 in July 2025. - No Immutable (no
rpm-ostree) — layering + reboot per package change is heavy friction for daily dev / admin / CUDA / Local-AI workflows. Snapper on Btrfs delivers pre-update snapshots + transactional rollback (snapper rollback) + 30-day forensic retention without the image-mode constraints. - No cross-time byte-reproducible ISO —
build-iso.shships SOURCE_DATE_EPOCH + TZ=UTC + fixed VOLID (single-build determinism). Cross-time blocked upstream: Fedora has nosnapshot.debian.orgequivalent and signing keys are ephemeral by design. Audit substitute = SHA256SUMS + .asc + build log + git-signed source. Seedocs/build-reproducibility.mdfor the honest accounting.
| Architecture | x86_64 only |
| Firmware | UEFI, Secure Boot capable |
| TPM | 2.0 chip present (used for fwupd/BootGuard attestation only — not for LUKS2 auto-unlock; passphrase-required unlock by design per docs/22-disk-encryption.md) |
| RAM | 8 GB minimum, 16 GB recommended (SELinux + auditd + Firefox Fission) |
| CPU | Intel 6th-gen+ or AMD Ryzen 1000+ (firmware mitigations target a modern stack) |
| Disk | 30 GB minimum, 60+ GB recommended (Btrfs snapshots + AIDE database) |
| Build host | Fedora 44 with lorax-lmc-novirt ≥ 44.0 |
Release ISOs ship a detached GPG signature over SHA256SUMS, signed by the NoID Privacy release key (fingerprint 1ACB FCE4 9687 FEBB 9101 0E52 F8E3 F11D 6962 256F).
NoID Privacy practices what it preaches: no telemetry from the OS itself (6 GNOME telemetry channels closed), no
analytics, no tracking, no auto-phone-home. The only outbound traffic the OS initiates without
user action is DHCP (network configuration) and NTS NTP (clock sync via chrony to 12 EU
sovereign servers, ZERO US-jurisdiction) — plus periodic DNS-health probes via Quad9 DoT if you keep
noid-dns-health.timer enabled (opt-out one-toggle). No fwupd-refresh, no dnf-makecache, no
packagekit poll, no Flathub auto-fetch, no avahi/wsdd/cups announcement.
The AI workspace inherits the same posture: telemetry off, CWD hidden, 7-day transcript retention. Full settings breakdown → AI-Agent-Ready Workspace.
Unlike "privacy" distributions that add their own telemetry on top of Fedora's, NoID Privacy removes everything that calls home and ships the disable-list in the source tree where you can audit it yourself — inspect the kickstart, the helpers, and the test-suite.
| Platform | |
|---|---|
| 🌐 Website | NoID-Privacy.com — all platforms, pricing, docs |
| 🪟 Windows | NoID Privacy — open-source PowerShell engine (630+ settings, 7 modules, BAVR pattern, GPL-3.0); commercial NoID Privacy Pro GUI wraps the engine |
| 🐧 Linux audit tool | NoID Privacy for Linux — read-only audit (420+ checks, 42 sections, pure Bash, zero deps, --ai flag for AI-agent-readable remediation output) |
| 🏰 Linux distro | You're here. |
| 📱 Android | NoID Privacy on Google Play — 87 checks, 10 categories, permission audit, Chrome hardening, anti-theft |
- Contributing —
CONTRIBUTING.md: the pre-LOCK gate (bash -nsweep + regression tests + docs update) required before any module change lands. Code of conduct:CODE_OF_CONDUCT.md. - Security — report vulnerabilities per
SECURITY.md; do not open public issues for security-sensitive findings. - License — build code (
kickstart/,tests/,scripts/) GPL-3.0-or-later (COPYING); docs CC BY-SA 4.0; NoID Privacy-original branding (name, logo, plymouth theme, app icons, avatar) proprietary; default wallpaper is GNOME'sdrool(CC-BY-SA-3.0, fromgnome-backgrounds); embedded Firefox/Thunderbird hardening derived from arkenfox / HorlogeSkynet (MIT, retained in-file); vendored uBlock Origin (GPL-3.0), DKIM Verifier (MIT/X11), and kernel-hardening-checker (GPL-3.0) retain upstream licenses. Full breakdown →LICENSING.md.
Built on — Fedora Workstation (base distribution);
hardening references from Kicksecure security-misc (sysctl +
module-blacklist), secureblue (Fedora-Atomic
hardening patterns), KSPP
(kernel recommendations), arkenfox/user.js (Firefox),
and HorlogeSkynet/thunderbird-user.js
(Thunderbird).
Hardening verified with — kernel-hardening-checker by Alexander Popov (GPL-3.0): kconfig + cmdline + sysctl audit against KSPP / CLIP OS / GrapheneOS / a13xp0p0v / CIS Benchmark baselines.
Made with 🛡️ for the privacy-aware Linux community