Please enable JS

discreet discrete DISCREETE

protection against trojan-based surveillance

Discreete Linux is an operating system with the special purpose of protecting data (more precisely: people) against surveillance attacks with trojan software.
Since Edward Snowden has revealed the extent of the global surveillance of the world's population by governments and intelligence agencies, this threat has continued to grow. Besides the general monitoring of the Internet traffic, these activities in many countries also include targeted Trojan attacks on systems of politically unwelcome citizens or organizations. These attacks are often used by authorities to access sensitive data that is stored locally and encrypted on the computer and is not transmitted over the Internet or only in encrypted form.
With the QUANTUMTHEORY / FOXACID project, the Snowden documents showed a worldwide system of automated trojan infections. In the slides for the TURBINE project, the NSA states that it is designed to control Trojan infections "automated in millions of computers" - and that was the state of 2009. Today numerous commercial providers of surveillance tools are also selling Trojan software to dictatorships and states that proclaim torture.

The Discreete Linux project has the goal to provide a protection against these attacks for whistleblowers, human rights defenders, journalists, trade union and political activists and other targets of surveillance. It is therefore designed for ease of use by people without deeper computer knowledge but high security requirements. It creates a secure, isolated environment for processing and encrypting/decrypting sensitive data.
Even strong end-to-end encryption becomes worthless if the attacker can control the systems that perform the encryption. Discreete Linux brings the endpoints of encrypted communication out of reach of trojan attacks.


Discreete Linux is a free software project. Anyone finding it useful can use it free of charge and with all rights provided by the GPL (GNU General Public License). Users are encouraged to send suggestions, bug reports and criticism to us.

The ISO-Image can be downloaded here (Please note that Discreete is still in Beta stadium and not ready for productive use). The Discreete developers can neither guarantee that the download servers never get compromised, nor can we guarantee that downloads are not being redirected to other servers by DNS spoofing or similar. We therefore strongly recommend to verify the authenticity of the image using our GPG-Signature.

If you prefer to build the Discreete Linux system yourself for full control over the final result or for custom configuration - you can find the tutorials for this here.

Um..., Discreete? You have a misspelling in your projects name...

Discreete is a word crossrooted from the English terms "discreet" (confidential, inconspicuous, no traces left behind) and "discrete" (detached, separated from [here: unsafe networks and devices]) which characterize the purpose and function of Discreete Linux. Discreete Linux is the new name and the continuation of the project "Ubuntu Privacy Remix", which has existed since 2008. Meanwhile it is based on Debian Linux. The whole project is run by volunteers, is completely free software and verifiable in the sourcecode.

How does

Discreete Linux provides an isolated, local working environment, to which spying software (Trojans) does not have access to. In this, particularly sensitive data can be safely processed, encrypted and stored. Discreete Linux is designed only for this purpose and for people who need such a high degree of security of their data. Discreete does not replace your previous operating system. It is a pure live system, i.e. it will not be installed on your computer. Instead, any computer, regardless of the installed software, can be started from a Discreete USB drive. Discreete leaves no traces on the computer used and leaves the installed systems untouched. All user data is stored exclusively on removable media encrypted with proven and tested methods.

Discreete Linux is a pure read-only live-system, i.e. it is in the same clean state after every reboot. By this means, an attacker can not install surveillance software permanently ...
All software in Discreete Linux is free, verifiable and open source. It is based on Debian, the world largest community-based Linux distribution which is ...
There are many different Methods, how trojans are installed, but the major part works by exploiting security weaknesses trough networks. Network is also the standard method ...


This is the most obvious usecase: Sensitive data is stored and edited only inside the Cryptobox, which in turn is only opened in the secure, isolated Discreete Linux system. This way attacks with trojan software have no opportunity, to access your

read more

Not only documents and information are in the crosshairs of trojan attacks. In the same way, or even more, attempts are made to steal the secret encryption keys themselves. The users of end-to-end encryption, that are victims of such attacks, consider themselves in deceptive security: While

read more

If you run an OpenSSL Certification Authority or use GnuPG to create digital signatures, e.g. to prove the integrity of software packages, other people rely on the trustworthiness of your signatures. Therefore the integrity of your private key(s)

read more




Introduces the one-stick-system method for a better usability, especially for inexperienced users. It can automatically transform the remaining free space on the boot stick into a "Cryptobox". I.e., after booting the user is automatically prompted for the encryption passphrase and can immediately start working in his then decrypted individually configured working environment.
System was updated to the current state of the Debian security updates.
Remaining old strings in dialogues or menus referring to "Truecrypt*" where corrected, because users can now choose whether they want to encrypt their Cryptoboxes with LUKS or Veracrypt.
Many smaller Bugfixes.
The ISO-Image can be downloaded here (Please note that Discreete is still in Beta stadium and not ready for productive use).
If you prefer to build the Discreete Linux system yourself for full control over the final result or for custom configuration, you can find the tutorials for this here


Includes fixed PolKit configuration, that didn't make it into Alpha1. Cleaned up application menu and removed unnecessary packages.


The Project Team released the Alpha.1 of Discreete Linux 2016.1. The core functions are implemented and can be tested, of course not for productive purposes. The alpha phase will end with a feature freeze in mid-December. Discreete Linux is a free project. Anyone finding it useful can use it free of charge and is encouraged to send suggestions, bug reports and criticism to us.