Oh that makes sense, thanks.

Thanks, I found this but there doesn’t appear to be much activity. Is there anything you would recommend? It seems like OpenSUSE updates so much that a hardened kernel would break a lot.

Thanks for the reply. Why no Debian stable with KDE… which part doesn’t play nicely with nvidia (Debian or KDE?)

I already use VPNs/for for 99% of my daily browsing/activities on my personal PCs, is there a higher chance of account lockout with VPNs on linux besides a few services like Netflix?

Thanks for the reply. Unfortunately it seems things haven’t changed much in the last decade as far as hardening is concerned, seems like you have to come from an infosec background and constantly read log files or set up new yara rules (or have some software do it which comes with its own set of concerns). I was recently under the impression that docker images were virtualized until I learned they’re free to break out at any time with kernel vulnerabilities which are much more numerous than hypervisor escapes, so it doesn’t surprise me there are issues with flatpaks/bubblewrap/firejail. Sandboxing solutions seem much more mature on Windows unfortunately, with both Sandboxie/Windows Sandbox and Kaspersky (I know) having their own versions of scope-specific apps and limits. But I think I have a lot more reading to do before assuming.