Liberté Linux is a secure, reliable,
lightweight and easy to use
Gentoo-based LiveUSB/SD/CD Linux distribution with
the primary purpose of enabling anyone to communicate safely and covertly in
hostile environments. Whether you are a
privacy advocate, a dissident, or a sleeper agent, you are equally likely to
find Liberté Linux useful as a mission-critical communication aid.
PLEASE NOTE: Latest release of Liberté Linux is old, and you should use it
only if you understand the security implications. A new release of Liberté, if
created, will have significantly different usage objectives.
Download Liberté Linux 2012.3, released on 2012‑09‑01 (pick binary
image for full functionality):
Why should you choose Liberté over alternative open-source, commercial, or military systems?
Liberté promptly installs as a regular
directory on a USB/SD key, taking ≈210 MiB of disk space, and not interfering
with other files present on the media. Everything is preconfigured — the only
user input required during boot is the encrypted volume password. System
requirements are just as lightweight: ≈192 MiB of RAM are entirely sufficient
for unrestricted desktop use.
Liberté Linux is shipped with the Hardened Gentoo
kernel, which includes all grsecurity/PaX security
enhancements — radically improving system’s resistance to software exploits.
Measures like service privileges separation provide additional protection.
All persistent changes are kept in a secure
volume, easily accessible from any operating system. This includes application
settings that are archived upon shutdown, as well as any documents explicitly
stored in the encrypted volume. The OTFE volume is just a file on the boot
media that can be copied, backed up, or transparently resized from inside
You can securely, reliably and covertly communicate with other Liberté Linux
users via the familiar e-mail interface, using serverless cables
communication — a
standard-based stateless messaging protocol featuring repudiability and
perfect forward secrecy.
All networking activities like browsing and chatting are automatically
Torified, with I2P
locations transparently available as well. After the system receives a network
address, the only external traffic it emits is encrypted communication on
HTTP(S) ports (used by Tor). No other traffic is sent — not even DNS requests.
I2P traffic is routed through Tor, too: you will be able to use I2P even
behind the most restrictive firewalls. In addition, a special Unsafe Browser
is available for the express purpose of registration in open Wi-Fi hotspots,
if necessary. Liberté can be also booted in non-anonymous mode, with all other
security features left intact.
Besides the encrypted volume on the boot media, Liberté leaves no traces in
the system without explicit user consent (such as manually creating files on
external automounted media). Moreover, all volatile memory is thoroughly
erased upon shutdown in order to prevent
cold boot attacks — whether
an orderly shutdown, or an immediate one due to abrupt removal of the boot
Many other privacy-enhancing features, such as wireless MAC addresses
randomization and uniform HTTP headers, are automatically employed in order to
prevent pinpointing your activities.
More mundane yet useful applications, like document and image processing, are
included as well. Do not be put off by its small image size — Liberté Linux is
a fully capable distribution with
HTML5 video support in the browser, file
managers and chat plugins, audio players, a multitude of multilingual fonts,
full application interface and keyboard localization, and much more.
The transparent and readily reproducible deployment image build process
employs rigorous verification of the complete chain of trust of all downloaded
archives, packages and signature keys. All software in the image, without
exception, is built from source — there is no reliance on externally compiled
binary executables. With reasonable competence, you can quickly
master a customized image yourself.
Feel free to explore the project site for more in-depth discussion of
security, privacy, and
design choices of Liberté Linux.
If you are fluent in Russian, the following
Lenta.Ru online press-conference by me and
«Xakep» journal article by
provide more insight on some of the principles of anonymous communication.
A note for developers: Liberté can also serve as a
robust framework for mastering Gentoo-based
LiveUSBs/CDs. The build process is fully automated with incremental build
support, and is more mature and reliable than most of Gentoo’s own outdated
LiveCD tools. Gentoo is an extremely flexible
distribution for safely generating custom live media from source — for
instance, Liberté does not contain Portage, GCC, Perl or Python.
Lenta.Ru press-conference [2011‑07‑29],
Xakep №03/2011 (146) pp. 94–97 / PDF,
LinuxWelt №5/2014 pp. 48–49 / PDF
- Forums & blogs:
Henry Le Chatelier
- The best system for security and privacy. Secure, anonymous, pseudonymous
surfing and communication works out of the box. Same for encrypted data
- This by far has to be one of the best anonymous live Linux distros I have
- In corrupted countries where censorship is the first interior politics
pillar, Liberté Linux is a vital tool! Thanks for this gem!
- I have tried Liberté on Eee PC 701, lacking any prior Linux experience. […]
No setup is necessary. […] The distribution is well-fit for surfing on unfamiliar
- This distro is the way to go. […] I have never seen anything quite as secure
as this, everything is locked down. […] I literally don’t go anywhere without
—1as3df4gh, Silk Road
- It’s a fortress. The security measures used in it will blow your effing
—CaptainJohnny, Silk Road
- Legion appreciates.
- I applaud your effort.
- My paranoia says: “Thanks!”
- Kernel: Hardened Gentoo 3.4.7
with grsecurity/PaX + overlayfs
- System requirements: x86 Pentium Ⅲ+ with
PAE, ≈192 MiB RAM, ≈210 MiB on
bootable (BIOS or (U)EFI) removable media (USB key, SD card, …)
- First Linux distribution released with
UEFI Secure Boot-based trusted boot sequence.
- Laptop Mode Tools handle
hard disks are switched to quiet acoustic mode and spun down
- Extensive Ethernet and Wi-Fi network devices support
- Extensive autoconfiguration, including X server and audio mixer channels setup
- Smooth integration as a VirtualBox (including clipboard),
- NetworkManager manages Internet connectivity,
with PPTP / OpenVPN / Cisco VPN support
- Static and removable devices are available via
automounting (includes VirtualBox and VMware shares)
- No user interaction is required during boot, except for
OTFE password entry
- User’s important configuration changes are archived to OTFE encrypted volume upon shutdown
- Applications are preconfigured and ready to use
- Fully modular X server,
with TrueType-only fonts
for all uim-supported languages
- LXDE- and GTK-based
desktop with lightweight applications:
no GNOME/KDE libraries
- Multilingualization using uim: all input languages that are supported
by m17n-lib, native Japanese support with anthy,
and Florence virtual keyboard
- Application-level UI internationalization: all unicode locales are available;
locale, timezone and keyboard layout are easily switched with a custom tool
Evince (with DjVu support),
Epiphany (with HTML5 video),
(with integrated cables communication),
Speex audio clips encoding custom tool
GNU Privacy Assistant,
Figaro’s Password Manager 2,
See also the lists on Tor Bug Tracker and on