After spending almost two years trying to configure a Linux OS to my (I think sane) tastes to use as a secure mobile net client for a laptop, with no options among the five hundred ‘free’ versions of Linux, I have to wonder at whether Parrot is core secure or not, as for many other experiences. In truth, having used twenty or more OSs (most of them disappointing versions of Linux), I have never actually felt secure at all. The net is of course a trash heap now, as has been occasionally observed by critics, with less and less to offer, appalling search engine mess in an online universe that the search engines are able to control, making a net client of questionable point anyway.
Then there is the debacle (scandal) of security software and promises, online documentation (Linux’s principle story, the sadly populist ‘we direct to our lively forum’ so loved by cost-cutting corps and of course completely noise-generating, signup-addled, retarded and possibly horse-raping drivel, and counter to privacy, leading to a web of a pain to anyone actually trying to gain security in a very unsecure world positively at war with some lives and privacy on all fronts, the worse given Linux’s ‘problem every five minutes’ profile exascerbated by bad online advice and docs - so wonder why supposed privacy advocates endlessly endorse it if its so hard to use and of such questionble security value it defeats it alleged purpose).
Parrot I found a mess, with a few good points (usable desktop space, malleable MATE desktop, good drivers, the right apps, mostly, etc.), better than Kali, allowing working unlike TAILS (which I regard as a joke anyway, partly about Linux distros and partly about Tor), such that I have used it only to try to gradually config my own setup and blueprint for an .iso (another oversight and nightmare in Linux, leaving it very hard in most cases to simply collapse an .iso from a configured instance).
I have suspected a rootkit in Parrot in usage - the only reason it has escaped this conclusion (regardless of scans) is the generality of my observations, largely, regardless of Linux distro or even OS. I have had grave doubts about Debian in general, too, worsened by the SSL fiasco (and SSL is the backbone of security on the web, and even difficult to config in Debien clients), and doubts about Linux.
Anonsurf, which I eschew completely for a more secured Tor setup, appears unsecure - default ACCEPT policy in iptables? No proto filtering? No inbound firewall? Why the alternative localhost addresses, too?
Tor appears to be little more than a security illusion for the masses, as far as I can observe. Nothing about (quite tightened) Tor usage, including the official browser, suggests any more security than normal clearnet usage, itself a litany that suggests constant tracking, keyword analysis, etc. Tor is open source, and this is of precise value only to those supposedly able to asses it (though I notice its node negotiation is merely outdated SSL, according to the Tor Project’s Tor Spec). It is also phenemenally complicated to work (particularly iptables, the biggest joke of which is that most Tor iptables policies online are observably wrong), badly documented (our lively forum), and disadvocated by hackers who claim, I think quite rightly, that Tor is both government-broken )and government funded), and hacked (as indeed nodes can be), while the network is increasingly banned by half the web; I have only seen IRC work through Tor once, and it is banned by most networks; and despite all this, the old official stories prevail - Tor this, Linux that (attended by the usual myths - safety, security, freeness - so far costing me thousands in time and work - configuraibility and useability, or of benefit to online freedom, free speech, de-censorship, all of which I can easily pronounce fake or dead), TAILS that, buy a commercial VPN/Don’t buy a VPN (of which, note, dedicated VPNs are used - by so-called activist groups, and many others - and VPS through Tor is a definite and very cheap advantage, as could be running proxy services on such remote servers - util scripts to set up OpenVPN and VPS servers would have been lovely, like desktop documentation, but, never mind).
And Parrot’s repos have never worked from any version 3.6 I have tried, not for two years.
I still happen to think I now have a better front end than any Linux distro I have yet seen on offer - if you like sane environments for security and working, that is, and whatever the real value. I would not trust Tor for one second.
By the way, I spent around twenty minutes having to try to get a throwaway email address just to ‘sign up’ to your forum, noticing that you have disallowed every disposable mail address provider I could find (most of which are java script addled, may block Tor, or may be found defunct these days), leaving me only with the usual web mail providers fo which I spent another twenty minutes and was forced to use the clearnet. Then I had to struggle through the confirmation email process, go back on Tor, go back, come back. If I had wanted to remain anonymous, that might have spoiled the likelihood, though the effect is perhaps currently moot. Do you want me to send these pictures of bicycles and crosswalks?