Liberté Linux is a secure, reliable, lightweight and easy to use Gentoo-based LiveUSB/SD/CD Linux distribution with the primary purpose of enabling anyone to communicate safely and covertly in hostile environments. Whether you are a privacy advocate, a dissident, or a sleeper agent, you are equally likely to find Liberté Linux useful as a mission-critical communication aid.
Download Liberté Linux 2012.3, released on 2012‑09‑01 (pick binary image for full functionality):
liberte-2012.3-bootstrap.iso(signature) — use to safely boot installed binary image
Why should you choose Liberté over alternative open-source, commercial, or military systems?
- Liberté promptly installs as a regular directory on a USB/SD key, taking ≈210 MiB of disk space, and not interfering with other files present on the media. Everything is preconfigured — the only user input required during boot is the encrypted volume password. System requirements are just as lightweight: ≈192 MiB of RAM are entirely sufficient for unrestricted desktop use.
- Liberté Linux is shipped with the Hardened Gentoo kernel, which includes all grsecurity/PaX security enhancements — radically improving system's resistance to software exploits. Measures like service privileges separation provide additional protection.
- All persistent changes are kept in a secure LUKS/OTFE volume, easily accessible from any operating system. This includes application settings that are archived upon shutdown, as well as any documents explicitly stored in the encrypted volume. The OTFE volume is just a file on the boot media that can be copied, backed up, or transparently resized from inside Liberté.
- You can securely, reliably and covertly communicate with other Liberté Linux users via the familiar e-mail interface, using serverless cables communication — a CMS standard-based stateless messaging protocol featuring repudiability and perfect forward secrecy.
- All networking activities like browsing and chatting are automatically Torified, with I2P locations transparently available as well. After the system receives a network address, the only external traffic it emits is encrypted communication on HTTP(S) ports (used by Tor). No other traffic is sent — not even DNS requests. I2P traffic is routed through Tor, too: you will be able to use I2P even behind the most restrictive firewalls. In addition, a special Unsafe Browser is available for the express purpose of registration in open Wi-Fi hotspots, if necessary. Liberté can be also booted in non-anonymous mode, with all other security features left intact.
- Besides the encrypted volume on the boot media, Liberté leaves no traces in the system without explicit user consent (such as manually creating files on external automounted media). Moreover, all volatile memory is thoroughly erased upon shutdown in order to prevent cold boot attacks — whether an orderly shutdown, or an immediate one due to abrupt removal of the boot media.
- Many other privacy-enhancing features, such as wireless MAC addresses randomization and uniform HTTP headers, are automatically employed in order to prevent pinpointing your activities.
- More mundane yet useful applications, like document and image processing, are included as well. Do not be put off by its small image size — Liberté Linux is a fully capable distribution with HTML5 video support in the browser, file managers and chat plugins, audio players, a multitude of multilingual fonts, full application interface and keyboard localization, and much more.
- The transparent and readily reproducible deployment image build process employs rigorous verification of the complete chain of trust of all downloaded archives, packages and signature keys. All software in the image, without exception, is built from source — there is no reliance on externally compiled binary executables. With reasonable competence, you can quickly master a customized image yourself.
Feel free to explore the project site for more in-depth discussion of security, privacy, and design choices of Liberté Linux. If you are fluent in Russian, the following Lenta.Ru online press-conference by Maxim Kammerer and «Xakep» journal article by ivinside may provide more insight on some of the principles of anonymous communication.
A note for developers: Liberté can also serve as a robust framework for mastering Gentoo-based LiveUSBs/CDs. The build process is fully automated with incremental build support, and is more mature and reliable than most of Gentoo's own outdated LiveCD tools. Gentoo is an extremely flexible distribution for safely generating custom live media from source — for instance, Liberté does not contain Portage, GCC, Perl or Python.
Press: Lenta.Ru press-conference [2011‑07‑29], Xakep №03/2011 (146) pp. 94–97 / PDF
News: DistroWatch, OpenNET, LWN.net, Cryptome, MuyLinux, Datormagazin, Linux Magazin
Forums & blogs: linux.org.ru, Reddit, GreenFlash, Uptodown, Gustavo Pimentel, Hacker 10, Open attitude, Личное пространство, OSArena, elkosmas.gr, Henry Le Chatelier
Updates: Facebook, SourceForge, Freecode, DistroWatch
- The best system for security and privacy. Secure, anonymous, pseudonymous surfing and communication works out of the box. Same for encrypted data storage. Wonderful! —Christian St., SourceForge.net
- This by far has to be one of the best anonymous live Linux distros I have come across. —Keknom, SourceForge.net
- In corrupted countries where censorship is the first interior politics pillar, Liberté Linux is a vital tool! Thanks for this gem! —Winston Smith, SourceForge.net
- I have tried Liberté on Eee PC 701, lacking any prior Linux experience. […] No setup is necessary. […] The distribution is well-fit for surfing on unfamiliar machines. —Anonymous, HiveMind.me
- This distro is the way to go. […] I have never seen anything quite as secure as this, everything is locked down. […] I literally don't go anywhere without it. —1as3df4gh, Silk Road
- It's a fortress. The security measures used in it will blow your effing mind! —CaptainJohnny, Silk Road
- Legion appreciates. —Anonymous, SourceForge.net
- I applaud your effort. —Anonymous, 4chan.org
- My paranoia says: “Thanks!” —Anonymous, linux.org.ru
- Kernel: Hardened Gentoo 3.4.7 with grsecurity/PaX + overlayfs
- System requirements: x86 Pentium Ⅲ+ with PAE, ≈192 MiB RAM, ≈210 MiB on bootable (BIOS or (U)EFI) removable media (USB key, SD card, …)
- First Linux distribution released with UEFI Secure Boot-based trusted boot sequence.
- Laptop Mode Tools handle power management; hard disks are switched to quiet acoustic mode and spun down
- Extensive Ethernet and Wi-Fi network devices support
- Extensive autoconfiguration, including X server and audio mixer channels setup
- Smooth integration as a VirtualBox (including clipboard), VMWare, QEMU guest
- NetworkManager manages Internet connectivity, with PPTP / OpenVPN / Cisco VPN support
- Static and removable devices are available via udev+AutoFS-based automounting (includes VirtualBox and VMware shares)
- No user interaction is required during boot, except for OTFE password entry
- User's important configuration changes are archived to OTFE encrypted volume upon shutdown
- Applications are preconfigured and ready to use
- Fully modular X server, with TrueType-only fonts for all uim-supported languages
- LXDE- and GTK-based desktop with lightweight applications: no GNOME/KDE libraries
- Multilingualization using uim: all input languages that are supported by m17n-lib, native Japanese support with anthy, and Florence virtual keyboard
- Application-level UI internationalization: all unicode locales are available; locale, timezone and keyboard layout are easily switched with a custom tool
- Basic: LXPanel, Openbox, PCManFM / emelFM2, FileRoller, Sakura
- Editors/Viewers: gedit, AbiWord, Gnumeric, Evince (with DjVu support), FBReader
- Internet: Epiphany (with HTML5 video), Claws Mail (with integrated cables communication), XChat (with SASL), Pidgin (with OTR), gFTP, uGet
- Audio/Video: Totem, Audacious, Geeqie / GPicView, VIPS / nip2, GraphicsMagick, Cdrtools, Speex audio clips encoding custom tool
- Extras: GNU Privacy Assistant, Figaro's Password Manager 2, Qalculate!
Other LiveCD/LiveUSB and related anonymity projects
- The Amnesic Incognito Live System (Debian+GNOME)
- Privatix Live-System (Debian+GNOME)
- The Haven Project (Ubuntu)
- Odebian (Debian)
- DemocraKey LiveCD (openSUSE)
- Incognito LiveCD (Gentoo+KDE, 2009✝)
- Anonym.OS LiveCD (OpenBSD, 2006✝)
- The Crypto Project — revitalization of the Cypherpunk movement
- SmallMail — PGP-encrypted messages over Tor hidden services