PART VI ON THE NETPRAETOR.COM OVERVIEW OF THE NINE MAIN CATEGORIES OF INFORMATION TECHNOLOGY WHICH HAVE THE MOST IMPACT ON END USER DATA PRIVACY AND DATA SECURITY THROUGH DAILY USE.
Pandemic Communications
Communications permeate all facets of life and influence it for worse or for better. In the current COVID-19 pandemic era which all of us have suddenly found ourselves unwillingly thrust into, communications (especially electronic) are now more paramount than ever. Citizens in the Untied States and other western countries are seeing their personal rights to assemble temporarily suspended due to these extraordinary circumstances, among other infringements that will be up to the history books to decide.
Additionally, many individuals whose jobs afford them the opportunity to work from home are now doing so, while leveraging technology to stay synchronized with their disparate colleagues. Unfortunately for the many individuals who have been affected with jobs on on hold, essentially hanging in the balance, or let go entirely are also faced with having to leverage emails more frequently.
Email is a very useful method of communication and file sharing which is perfectly suited during shelter-in-place orders such as what most of the world is experiencing right now.
Useful Email, Inherently Unsecure
As great of a communications tool that email is, many people unfortunately have been using personal email accounts over the last two-plus decades without a second thought as to its dangers, of which, there are many.
Thankfully, as time has passed privacy advocates have risen to the challenge of solving the many problems inherent with basic free email services resulting in a growing list of options for all of us!
ProtonMail and Tutanota are the two leaders providing free and paid secure email accounts right now. This post will discuss their many features and benefits while seeking to answer a growing question. ProtonMail vs Tutanota, which is better?
Additionally, it’s understood that many people are fully entrenched with their legacy Gmail, Yahoo, and Outlook (previously Hotmail) email accounts to name a few. This post will also seek to answer the question is Gmail secure when used with Apple Mail or Thunderbird email clients?
Legacy Email Providers
You may be wondering why the term “legacy” is being used when speaking of Gmail, Yahoo, and Outlook (not the email client) email accounts? NETPRAETOR believes the future of personal email accounts rests with the likes of ProtonMail and Tutanota as will be discussed later in this post.
For now please understand that when “legacy” is used in this post it means an email provider who does not offer end-to-end encrypted email capabilities for emails in transit. Essentially, your emails in transit are either sent in the clear (unencrypted) or (if encrypted) a third-party can decrypt the contents of your email.
It also signifies an email provider that does not provide end-to-end encrypted security for emails at rest. Meaning employees from any of the aforementioned companies can fully access the content of your emails sitting in your inbox, sent folder, junk folder, or trash folder for their own internal purposes or in response to third-party requests.
Is Gmail Secure When Used With Apple Mail or Thunderbird?
Don’t get me wrong, Gmail, Yahoo Mail, and Outlook Mail (again, not the email client) are fully featured and reliable email accounts. I actually still use Gmail and Outlook Mail in limited capacities with a full understanding of their insecure weaknesses. When I do I also happen to use them both with Apple Mail and Thunderbird depending on the platform being used.
Using a legacy email such as Gmail with the Apple Mail client or the Thunderbird mail client is one of the few advantages (trading security for convenience) they have over the new generation of secure email providers like ProtonMail and Tutanota.
That final advantage of the legacy providers is fading fast as both ProtonMail and Tutanota create innovative ways to integrate their email accounts with well established email clients like Apple Mail and Thunderbird while not having to trade security for convenience.
The question of is Gmail secure for example, when accessing through Apple Mail or Thunderbird is not completely black and white. From the NETPRAETOR perspective the short answer is no due to all the legacy attributes as noted above.
However, for an intermediate to advanced technology aficionado there are creative ways to achieve end-to-end encrypted Gmail’s. I will provide a how-to guide in a later post taking you step-by-step on obtaining an S/MIME encryption certificate from a company like Sectigo, pairing it to your Gmail account and loading it to either Outlook or Thunderbird. That process achieves two things.
I. All future emails you send can be digitally signed, thus providing assurance to recipients that your emails are authentic.
II. If a recipient of one of your digitally signed emails has their own S/MIME encryption certificate loaded into their own email client, you can then begin end-to-end encrypted email correspondence.
To go through this process for secure Gmail is cumbersome at best and you can see why it would take a technology aficionado to have the patience or desire to go through all the necessary steps to implement it.
ProtonMail vs Tutanota
With respect to ProtonMail vs Tutanota its refreshing to see security by design and not as an afterthought. What takes about an hour or more to achieve in securing a Gmail account with an S/MIME certificate loaded into Outlook or Thunderbird, takes less than 5 minutes to setup either a ProtonMail account or Tutanota account.
Both ProtonMail and Tutanota each deserve their own post in order to go over each of their unique nuances and will happen at later dates. However to answer the question of which is better ProtonMail vs Tutanota, the thumbs up would have to go to ProtonMail.
With both ProtonMail and Tutanota you’re going to get the capability for secure emails encrypted in-transit and encrypted at-rest. Employees from either company can’t access client emails even if they wanted to. Where ProtonMail takes a slight lead over Tutanota is when it comes to some of their bundled products that come with paid packages. For example, ProtonMail has also rolled out a full featured no-logs VPN as discussed in my previous post on VPN’s.
In summary, legacy email accounts still serve a purpose and there is no need for an exodus from them. However if you’re looking to use newfound free-time to enhance the security of your communications which have just become an ever more critical cornerstone of our lives due to being stuck indoors while under austere social distancing measures, you can’t go wrong with either ProtonMail or Tutanota.
What do you think? Are there any other email providers you would recommend or do you believe Tutanota deserves the thumbs up over ProtonMail?
PART V ON THE NETPRAETOR.COM OVERVIEW OF THE NINE MAIN CATEGORIES OF INFORMATION TECHNOLOGY WHICH HAVE THE MOST IMPACT ON END USER DATA PRIVACY AND DATA SECURITY THROUGH DAILY USE.
Private Search Engines
Across devices and operating systems, much of the worlds online
activity is funneled through just a few channels known as search
engines. The best analogy for search engines can be understood by
fans of the Marvel Cinematic Universe Thor movies or comic books.
Think of search engines as the character Heimdall the gatekeeper, his
character has visibility into the universe and nothing passes by his
line of sight without noticing. Queries into search engines function
the same way and nothing escapes their line of sight.
Boil it all down and
Google leads the way with roughly two thirds of all search queries,
while Bing picks up most of the remaining third of global traffic. Of
the small percentage of search engine market share remaining, there
is a handful of search engines competing in that space. Former search
engine leader Yahoo, along with Dogpile, StartPage and DuckDuckGo,
along with many others all operate in this limited space.
Search Engine Competition
From this crowded and small slice of the search engine pie come the two NETPRAETOR recommended private search engines, DuckDuckGo, and StartPage. Of these two private search engines DuckDuckGo has the potential to actually breakout out of this limited space and compete with Bing in terms of search query volume. Part of their success has come from a major endorsement by Apple as part of their privacy awareness campaign. Additionally, DuckDuckGo is more than just a search engine, they are actively educating people about data security and data privacy with their own data privacy campaign.
DuckDuckGo
Instead of
monetizing an individuals entire online activity through user
identifiable tracking across websites and search queries like Google.
DuckDuckGo does not track users across websites or search queries,
nor do they retain user identifiable information. DuckDuckGo simply
serves their users ads based off of each unique search query while
maintaining user anonymity. As more and more individuals realize the
value of maintaining their online privacy, DuckDuckGo has the
potential to change the way search engines make money to the benefit
of end user privacy.
StartPage
For individuals who have been using Google as their primary search engine for many years StartPage is a great alternative. This search engine actually sources their queries from Google and produces their results with all of Google’s tracking elements removed. They can be summed up as a Google proxy service and achieve it by paying Google to remove the trackers. Like DuckDuckGo they monetize in other ways that don’t involve profiling and storing data on their users while advocating for privacy rights.
2 Private Search Engines That Don’t Follow You Around?
Using private search engines like StartPage and DuckDuckGo combined with other NETPRAETOR recommendations can go a long way towards improving data privacy and data security.
Do you think these are two of the best private search engines? Leave your comments below.
Part IV on the NETPRAETOR.com overview of the nine main categories of information technology which have the most impact on end user data privacy and data security through daily use.
Private Web Browsers
Since the mid 1990’s computer web browsers have been in widespread
use, allowing an ever growing segment of the worlds population access
to data stored among the global network of interconnected servers and
computers comprising the internet. As operating systems have evolved
from consumer desktops, to cell phones, tablets, watches, and TV
hubs, web browsers have evolved right along with them.
Like the operating
systems these web browsers function on, there are a myriad of
web-browsers to choose from. In 2020, well over 50% of the world
population accesses the internet using web browsers across all the
above mentioned devices. That amounts to more than 4.3 billion people
accessing the internet, which translates into incalculable amounts of
data being generated, retained, and commoditized by obscure and
unknown data brokers.
Web browsers,
combined with their underlying operating systems and auxiliary
software in use, such as VPN’s, play a critical role in how much
data is, or is not pumped into the all-data consuming abyss that is
the internet.
Of all the web browsers available NETPRAETOR recommends the following private web browsers.
I. Firefox
II. Safari
III. Chromium
Firefox, Safari, and Chromium by default are not inherently the most secure or the most private web browsers. However, all three of them can be configured for very robust security and enhanced privacy when combined with the NETPRAETOR recommended operating systems, VPN software and other best practices.
The NETPRAETOR methodology used in selecting these three private web browsers focused on the following areas.
I. Overall usability and compatibility to cleanly render websites
II. Current or prospective browser fingerprinting countermeasures (tracking via cookies is easily mitigated, browser/OS fingerprinting is the next evolution of tracking internet activity and is more invasive than cookies)
III. Customization for a variable threshold of data privacy and data security postures
With that criteria in place here is a breakdown of the three recommended private web browsers.
Firefox
The lineage of
Firefox dates to the creation of the Mozilla foundation back in 1998.
The Mozilla foundation is a non-profit organization which promotes
open source software and end-user privacy. In terms of browser
market share, Firefox comes in at a distant second to the Google
Chrome web browser. Although second in user market share, it ranks
number one as a NETPRAETOR recommended web browser for data privacy
and data security.
In terms of compatibility with the vast majority of websites, it would be hard to find a website that renders in Google Chrome and not in Mozilla Firefox. Firefox is fast at its job of accessing website and secure due to regular patches. Additionally, Firefox is one of the few open source browsers that has compatibility across multiple operating systems and devices. Someone with an Apple iMac desktop, a Lenovo ThinkPad X1 Carbon and a Samsung Galaxy S20 Ultra 5G smartphone could use Firefox on each device. If enabled, Firefox Sync would allow all their bookmarks to be available and up-to-date on each device as well.
Those elements
combined with its open source code for transparency and deep browser
history dating back to the earliest days of the internet, make
Firefox the first and best choice for privacy minded minded
individuals.
Additionally,
Mozilla Firefox is spearheading the initiative to make the Internet’s
Domain Name Service (DNS), which is the final insecure frontier of
the internet, secure. This is a topic to be covered in a future post,
however in summary, Firefox is changing the DNS landscape of how
devices communicate with these DNS servers.
Just like there has
been a major push in the last decade for all websites to encrypt
their internet traffic from the browser to the web server by
migrating from ‘HTTP’ to ‘HTTPS’. There is now a growing and
similar push to encrypt the top level traffic a browser initiates to
the DNS server which translates website names into their actual I.P.
address numbers. In the case of Firefox, they have built into their
network settings the ability to enable ‘DNS over HTTPS’ which
encrypts the top level communications a browser initiates before
being forwarded to the web server requested in the address bar.
Overall, this feature is a good direction towards enhancing data
privacy and data security.
Finally, there are
many advanced settings that can be configured and customized.
However, if customized to far, it can cause Firefox to lose is
reliability with rendering websites. Absent, any extreme
customization causing instability, Firefox is the premier web browser
for data security and enhanced data privacy combined with its
multi-platform compatibility.
Safari
As mentioned in Part I of the NETPRAETOR series on information technology which respects end-user privacy, Apple and its line of MacOS derived operating systems is the recommended eco-system of devices for privacy minded individuals. The Safari browser is exclusive to the MacOS eco-system and while it is a closed source browser, it ranks number two as one of the NETPRAETOR recommended private web browsers.
With the Safari web
browser, Apple has built in browser fingerprinting countermeasures
that help to reduce the privacy threat posed by that form of invasive
tracking. Additionally, what Firefox does in terms of cross-platform
compatibility, Safari far surpasses when multiple Apple devices are
in use. Although Safari is limited to Apple devices only, it works
flawlessly, and secure across, iMac’s, Macbook’s, iPhone’s, and
iPad’s and Apple Watches. Depending on how iCloud is configured, as
much information, or as little information, as an individual wants
can be synced across all devices.
Website rendering
and compatibility are on par with both Firefox and Chrome. Unlike
Firefox, Safari does not have features to configure DNS over HTTPS
(DOH) at this time. That being said, if one of the NETPRAETOR
recommended VPN’s are being used, they automatically route all
device traffic including DNS traffic through their encrypted VPN
servers for the ultimate level of data security and data privacy.
Chromium
Google’s Chrome
browser with its proprietary closed source elements is derived from
its open source experimental browser called Chromium. Although it’s
considered an experimental or developmental browser it sees
widespread use among the open source operating system crowds who run
various distributions of Linux and BSD.
If many of the
telemetry gathering and privacy infringing features are turned off,
Chromium is a very fast, stable, and secure web browser which also
has access to many of the Google Chrome extensions that and tailor
the browser for various purposes or features.
Additionally, like Firefox, Chromium is experimenting with DNS over HTTPS (DOH) and is at the forefront of helping to secure the last wild west (insecure) frontier of the internet.
For those reasons Chromium has earned a spot among the top three private web browsers.
3 Best Private Web Browsers in 2020?
This concludes the review Firefox, Safari, and Chromium, the 3 NETPRAETOR recommended private web browsers in 2020? What are your thoughts? Feel free to share below.
Part III on the NETPRAETOR.com overview of the nine main categories of information technology which have the most impact on end user data privacy and data security through daily use.
Best VPN Service Providers
Assuming you’re running an operating system which has been configured for enhanced security and reduced data leaks, along with a password manager for strong and unique passwords, a virtual private network (VPN) provided by the best vpn service providers are the next logical step towards protecting your data and your privacy.
The best VPN service providers offer a type of VPN, where your computer connects to a series of linked servers using an encrypted tunnel. The connected servers form a virtual private network forming a secure and private means for data to travel. How VPN works, along with it’s features, benefits, and levels of privacy are dependent upon the policies and word of the companies who own them.
Among the best VPN service providers, there are a multitude of companies who market their VPN service as being the best VPN service provider available. In order to determine which VPN service provider actually is the best, certain criteria needs to be established in order to see how each VPN service provider compares against the rest.
To see how VPN works, NETPRAETOR.com believes the following criteria broken down by purpose and feature, are paramount when evaluating a the best VPN service providers.
Best VPN Service Provider Purpose:
I. Increased data privacy
II. Increased data security
III. Connection speed and reliability
IV.
Multiple devices supported
Best VPN Service Provider Feature:
I. Maintain a no log policy
II. Use the latest encryption standards such as OpenVPN
III. Offers consistent speeds with good connections over a vast network
IV. Allows use of more than one device per account
The best VPN service provder will increase end-user privacy by operating servers that don’t log user activity. Many people choose to use a VPN service from home for this reason and not just while traveling. Almost all internet service providers (ISP) log customer internet activity. A VPN which logs customer activity would essentially take the place as a new ISP and defeat the purpose of enhancing end-user privacy.
With
no logs as a starting point, anyone searching for a VPN service can
automatically rule out VPN’s that are advertised as completely
free. It would be naive to think that a free VPN service is not
selling its users data for profit as ISP’s do. That being said,
some good VPN service providers who offer paid plans do offer a
scaled down free service in order for prospective customers to try
the service.
Having the foundational criteria of the best VPN service provider with a no logs policy established, the next question relates to the encryption protocols offered for data security. The two main protocols that a good VPN service will offer are called OpenVPN and IKEv2. OpenVPN is a completely open source encryption protocol that provides reliable and secure encryption tunnels. The OpenVPN protocol is best suited for desktops and laptops due to its reliability and speed on a static network.
IKEv2
is a closed source encryption protocol which also provides reliable
and secure encryption tunnels. However, the IKEv2 protocol is best
suited for tablets and mobile devices such as vpn on iPhone. This is
due to the IKEv2 protocol being more resilient to mobile device
transitions from wireless networks and cellular service. IKEv2 has
proven more reliable at maintaining a connection under these network
transitions than OpenVPN.
Only the best VPN service provider will also maintain a global network of servers for reliability and speed. A major reason to subscribe to a VPN service is to protect data while traveling and having to use unsecured and untrusted networks. Being able to login to a server close to where you’re traveling can help with overall speed. Alternatively, being able to login to a server in another country could help bypass country restricted content from entertainment providers like Netflix and Hulu. Finally, with most people owning multiple devices a good VPN service will allow for multiple devices to simultaneously use one account.
With that criteria in place, NETPRAETOR.com recommends two best VPN service providers, NordVPN and ProtonVPN. Both companies meet and exceed the purpose and features of increased privacy, increased security, speed, reliability, and support for multiple devices. As expected, they both charge fees for the quality services they provide. Also, both VPN service providers operate from countries known for their end-user privacy centric laws. Respectively, NordVPN is based in Panama, while ProtonVPN is based in Switzerland.
Check out their details below!
Fast
speeds with 5200+
servers
in 59
locations;
Privacy – strict no logs of user activity;
6 simultaneous connections;
Streaming –unblocks Netflix, Hulu, etc.;
Torrenting/P2P allowed;
ParagraphBuilt-in ad and malware blocking;
Works in China (if the case);
Easy-to-use VPN apps;
Specialty servers like Onion over VPN, Double VPN;
24/7 live chat;
30-day money-back guarantee.
610 servers in 44 countries;
Secure
core – traffic routed through privacy-friendly countries
Perfect
forward secrecy prevents traffic being decrypted
Part II on the NETPRAETOR.com overview of the nine main categories of information technology which have the most impact on end user data privacy and data security through daily use.
Across devices, operating systems, applications and websites, passwords are the common thread which tie them altogether. From logging in to a device as a local user, accessing social media platforms, or checking banking information, signing in to any of these will require a password. Factoring in entertainment platforms such as Netflix or online shopping with Amazon, most individuals end up juggling between 6 and 12 passwords on a daily basis, and that is most likely a very low estimate.
As more people are managing an ever growing list of login credentials comprised of user id’s, passwords, and sometimes two-factor authentication (2FA), it becomes an unmanageable situation for most. This usually results in people adopting one or two bad habits concerning their login credentials. The most common scenario is that people begin to standardize their usernames and passwords across devices, websites, and applications. For example, someone may pick ‘jdoe’ as a user id and ‘random25’ as a password. They begin to use that login and password for multiple accounts spanning banking, entertainment and social media.
Under this scenario it creates one weak link, whereby a breach in one area could allow access to all other sites using the same credentials. What should be an isolated breach, automatically cascades to other websites and systems like a domino effect.
Another bad habit people use to try and cope with an unmanageable list of login credentials is to physically write them down, or store them unencrypted on digital storage such as a usb stick. Both options are very bad ideas for obvious reasons. Physically writing them down means someone else can physically gain possession of them. Even if they are stored securely, they must be removed from secure storage while being used to login to a system or website. During that time the passwords would be vulnerable to theft, or more likely, someone observing over your shoulder who could potentially memorize some of the credentials.
Unencrypted digital storage of login credentials is also a very bad idea. This is due to anyone with access to the storage device having the ability to physically steal the digital storage, or quickly copy it while leaving the original file intact. There is a solution for these common password issues experienced by millions of individuals everyday.
Password managers address both problems faced by individuals trying to cope with an ever growing list of user id’s and passwords. First, they allow you to access your user id’s and passwords from any device via secure cloud storage. The best password managers will allow a local device created encryption key to be established at the time of account creation. This ensures that even the company who owns the password manager cannot access any of the data since they physically don’t have the means to decipher it. Anyone trying to view data stored with the password management company would only see garbled and unintelligible data.
Secondly, password managers allow for the creation of extremely strong and custom passwords unique to each website or system. Additionally, really good password managers will even go so far as to provide an alert when it detects the same password being used more than once. Ensuring a unique password for each site provides assurance that even if a breach does occur, it will be isolated to only that specific system or website.
NetPraetor currently recommends 1Password as the password manager of choice. They employ zero-knowledge encryption along with enterprise class security standards while offering plans covering a family of 5 for only $4.99 per month. 1Password has received multiple third-party audits attesting to their security standards. Finally, they have seamless integration with the NetPraetor recommended Apple MacOS operating system along with Apple’s entire eco-system including iPads and iPhones. Individuals choosing to use an open source operating system such as OpenBSD can even access 1Password from the command line via their CLI tool.
Now is the time to begin using a password manager, or switch if the one in use currently does not maintain zero knowledge encryption via a locally created encryption key. Secure passwords are foundational to secure data and privacy, a compromise in this area makes privacy and data security efforts in all other areas wasted time and money.
Part I on the NETPRAETOR.com overview of the nine main categories of information technology which have the most impact on end user data privacy and data security through daily use.
Data Generating Activities
Everyones online data generating activities begins and ends with their choice of operating system. In the consumer and small business realm, end users usually fall into one of two main camps. Those who use Microsoft Windows based products and those who use Apple MacOS based products. Of those two offerings, Microsoft Windows is the dominant force in terms of market saturation.
Microsoft Windows is not a NETPRAETOR recommended operating system for individuals who are privacy conscious. There are many reasons for this. Microsoft’s own success at market saturation is the number one reason. There are more nefarious individuals and entities targeting this larger user base due to increased opportunity for exploits.
In addition to Microsoft Windows users being a larger target for malware, spyware, viruses, and trojan horses, out of the box, Windows users have to exert more energy in hardening their systems against malicious activity and data leaks.
For example, limiting Cortana (Microsoft’s version of Siri, Alexa, etc.), location access, ad tracking, app permissions, feedback and diagnostics settings is far less intuitive than other operating systems.
Finally, most consumer versions of Microsoft Windows come loaded with data leaking and exploitable bloatware. Bloatware is a term coined by the early users of some of Microsoft’s Windows legacy variants such as Windows XP. It denotes mostly useless software and applications from non-Microsoft vendors. The only purpose it serves is the wasted time of the person trying to uninstall it.
Apple MacOS
Concerning the two giants of the operating system market, Apple MacOS is the recommended operating system for privacy conscious individuals. Contrasting with Microsoft’s dominant market share, Apple’s smaller user base is not the inherent reason for its increased security and privacy reputation. Although being a smaller target for malicious actors is a factor, Apple has been making concerted efforts in protecting its users data and privacy for many years.
For example, they were early adopters of implementing user friendly full-disk encryption capabilities through File Vault. Apple’s MacOS is also the cornerstone of its zero knowledge end to end encryption of devices in its ecosystem. It’s been a pioneer in this area and has been protecting its users messages and FaceTime video chats for many years as well.
These capabilities inherent in Apple’s MacOS are also built into their iOS for iPhones and iPadOS for iPads. Among market leaders offering comparable operating systems and devices, no one has come as close to Apple as creating a user friendly, secure, and privacy centric ecosystem.
Closed Source Operating Systems
Collectively, Apple’s MacOS and Microsoft’s Windows are two of the biggest proprietary operating systems. Proprietary operating systems are those whose source code, either whole or in-part, is closed from public view for review, audit, and improvement purposes.
Individual’s use these proprietary operating systems on the premise of the full faith and credit of their respective operating systems privacy policies and ultimately, their word. Apple’s MacOS has been earning consumer capital in this area for some time now and their actions appear to be speaking louder than their words for the time being. For those heavily invested in their ecosystem, lets hope it stays that way.
Open Source Operating Systems
For individuals who like to go ‘under the hood’ of their operating systems and exercise more control and customization, there are a myriad of open source alternatives. As the name implies and contrary to the proprietary operating systems, the source code is completely open and fully accessible for review, audit, and improvement purposes. Many go by the name Linux, of which there are many distributions, all tailored for various degrees of user friendliness or other narrow purposes. Linux operating systems are ultimately derived from Unix operating systems. In the heyday of early command line Unix operating systems, an open source ‘Unix-like’ operating system was born through a partnership with AT&T and University of California, Berkeley.
OpenBSD Project
This open source ‘Unix-like’ operating system became known as the Berkeley Software Distribution (BSD). Fast forward many decades and there are a few BSD distributions evolving with targeted goals, similar to the Linux distributions. In the sea of open source operating systems NetPraetor recommends OpenBSD as the best open source choice.
The OpenBSD project developers hold themselves to extremely high standards of code correctness and minimalism. Without a doubt security is their niche and they have helped to pioneer some of the important cryptographic solutions widely in use today, such as OpenSSH.
Although there are many excellent open source operating systems to choose from, NETPRAETOR only recommends OpenBSD. Our perspective is that everyone has limited time to allocate to various pursuits. Anyone seriously considering ‘nix’ operating systems, already has an inherent interest to go ‘under the hood’. Invest the time to go all-in learning one from the start rather than switching between distributions and never gaining a solid foundation in any of them. With OpenBSD the investment pays off, it can be configured as fully-capable desktop or a business class server or gateway and firewall appliance.