Yes,DuckDuckGo is much better than Google,but it still has its own problems and there are even better search engines out there.
DuckDuckGo is a for-profit company that’s based in the United States,so even if they want to protect privacy,they probably can’t do it because of the patriot act and some three-letter-agencies that want the data.Also they rent their servers at Amazon,which is probably more of a ideological reason as I hope that Amazon doesn’t access data of their AWS costumers (however,they own the infrastructure and there’s no way to be sure) but Amazon is also a big privacy-violator who spies on real-life talk of everyone using Alexa and it’s not that cool to support them by renting their servers.
I haven’t used Google for years and I didn’t regret leaving them a single day,neither have I used DuckDuckGo.
I personally use and strongly recommend MetaGer ([DE] https://metager.de /[EN] https://metager.org ) as a search engine,which is run by a non-profit organization in Germany and uses servers of a regional hosting company.Their code is fully open-source and the results are aggregated from a few different sources so it can’t be manipulated that easily.Also they support the anonymity network Tor by running a own .onion hidden service.
Another great one is Swisscows ( https://swisscows.com ) which is closed-source unfortunately,but has a more modern interface and looks a bit more mainstream,what makes a difference for many people.I think technically it works similar to MetaGer and it’s based in Switzerland and runs on their own server hardware.
Even if there is, it would be a waste of time in the current situation. We have not done the slightest efforts to secure anything at this point. So they would either find the first hole in the swiss cheese and say “look, you have one hole here” and be done. Or, they would need an infinite amount of work listing all the holes they find.
We did a few scans with Coverity (https://scan.coverity.com) as well as PVS studio (https://pvs-studio.com/en/) occasionally. These point out the most obvious problems in the sourcecode (they are just automatic tools, and nothing like a manual audit). We have the results and we can occasionally request new scans from them, but no one really took the time to go through the results and fix all the problems.
The results for Coverity scans are available on request (approved by Haiku developers, but si far we never denied access to anyone) and the PVS results are available in two forms: a complete list of potential problems at http://pulkomandy.github.io, and additionally blogposts were they picked some of the problems to elaborate on them.
Besides that, a proper security analysis needs to define a threat model (who is trying to get your data? how much are they willing to pay for it? etc). For example in my case the main scenario is someone breaking a window to enter my flat (I live on first floor) and steal my laptop. No changes to Haiku code can help with that. Drive encryption could make sure they don’t get the data. Remote backup plans on my side could make sure I don’t lose it and can restore it. It is difficult to do an analysis outside of any context (even simple things like, do the attacker have physical access to the machine? only remote access? can they convince you to install a malicious app in some way?). Probably it would raise questions about the package repositories and how new software is added there, for example.
So then it’s a matter of compromise: making a 100% secure system is impossible. We have to decide how secure we want it, before we can do any serious analysis. The way to go is more, first start securing some things, and then ask for a 3rd party to have a look and ask them, “what did we miss?”
I don’t use arch for personal reasons, don’t like it nor it’s community and stick to Red Hat and Debian based distros.
As for Linux, I am strictly KDE and find Gnome unsatisfactory in all major areas for my personal usage. I recently upgraded my box to Mageia 8 and I am really impressed with it. I also like to use OpenSUSE as well. OpenSuse being in Germany has extra protective measures built-in due to EU’s privacy protection laws and regulations, where I think benefit from them locally here in the states.
Does Haiku have deficiencies–sure! Since it is beta, your mileage may vary in usefulness. Is it vulnerable security-wise? Of course, I cannot remember if Haiku has a dedicated team to design/improve the kernel/core–these developers would be very busy rewriting/redacting the kernel for processing, memory, and stability performance improvements.
I still like using ZetaOS since it very stable for many things that I like to do and I use Haiku for others since it has Java. It is what it is…so, welcome, enjoy your experience with Haiku. It is definitely going the right direction!!
So it sounds like the recommendations for the most secure, yet easiest to use OSs are:
OpenBSD
KDE
OpenSUSE
Is that a good analysis of this thread?
Thanks again for all your help!!
KDE is not an OS, it is a desktop environment, it is not more or less secure than other desktop environments on unices neccesarily, afaik you can use it on both OpenBSD and OpenSUSE (where it is the default)
linux has a lot of desktop environments though, and people are really vocal about liking one more than the other, in the end it’s just personal preference anyhow.
KDE also has their own distribution,it’s called KDE Neon.
It’s also from Germany,just like OpenSUSE (if that matters to you) and it’s made by the non-profit KDE e.V.
I never tried it,because it’s based on Ubuntu and I strongly dislike Ubuntu - Their proprietary crap shouldn’t be present on KDE Neon,however.
I think PulkoMandy is absolutely right to emphasise that the user can do a great deal (or very little) to keep his own data both secure and replaceable. Anybody who relies on a mythical totally secure operating system for those purposes is asking for trouble.
The most complete OS for online privacy is probably Tails.
I second the idea of trying a BSD rather than linux, but get the impression the easiest one to get into is probably GhostBSD. Reviews suggest that it even uses the Fish shell as the login default which is nice for those of us who rarely use the command line and want to have our hands held when it is inevitably required.
Having tried GhostBSD once, it wouldn’t boot after its first kernel update using the package manager. I wouldn’t recommend GhostBSD at this time.
Tails would get the nod though. Not necessarily from me, I haven’t tried it, but it is secure according to Julian Assange and his word is good enough for me regarding computer penetration testing.
Be warned you can get listed if you download Tails.
And btw you should blend in, not stand out.
For linux distros that focus on privacy and security, I think Linux Kodachi (https://www.digi77.com/linux-kodachi) is top-rated. Also, Qubes OS (https://www.qubes-os.org/) should be strongly considered.
Now a quick word…not sure if these two distros are newbie friendly. I know these are great options for experienced Linux users.
Just a thought…
I looked into Qubes a while back, and it seems to have fairly steep system requirements; can’t remember any specifics at the moment, though 
Edit: For those who want to have a look, Qubes system requirements are here → System requirements | Qubes OS
So, I’m starting to lean towards OpenSUSE for an alternative to Win10. This OS, to my knowledge, should not have any Microsoft spyware apps installed by default. It looks like the interface is fairly intuitive. I think I might give it a try.
OpenSUSE
FreeBSD
ReactOS
Hmmm. Reading a little bit more into OpenSUSE. They were acquired by EQT:
I don’t like the sound of “EQT”. It sounds an awful lot like “equity” which is a term gov’t has hijacked recently for malicious purposes.
I wonder if EQT has a relationship with Microsoft and/or if they’re installing spyware on this OS.
If you want Windows but you don’t want spyware, you should go with older versions. 7 and 8.1 is my favorite (for program compability, my real favorites are 2000, XP and 7) but you will need some tinkering and avoiding some updates if you don’t want to get spied.
If you can live without Windows i recommend Linux. I tried and installed it in my computer and it does good. I tried Xubuntu. You can go with more private versions if you are crazy about privacy.
If you can live without mainstream software, go with Haiku or BSD. Completely private.
Note: I am not crazy about privacy, but this doesn’t means “i want to give all my information”, just i accept “if a product is free, you are the product” idea and doing some settings for privacy. If you really care about privacy, don’t go with Windows.
Debian is one of my favorite OS. For a Linux OS I choose Debian for sure.
It is terribly unstable to be useful in any way. By looking at progress for may years it looks hopeless.