[nixpulvis]

Why not trust Linux? No activation, full control over all the processes. Seems like a good solution for people who "care".

[andromeduck]

It's good in theory but in practice you'd need to spend a lot of time and money doing deep audits yourself, both hardware and software. That just really isn't a worthwhile investment for the vast, vast, majority of people.

At the end of the day it all still boils down to trust based on reputation, incentives and oversight. Openness is important but no panacea.

[nixpulvis]

Well at least the surface area of the audit is a LOT smaller than on macOS, Windows, etc.

[andromeduck]

I really doubt that's the case if you use more than a few small apps which is the case for the vast majority of users.

[nixpulvis]

Must I link a running process list of my Linux laptop vs my macOS laptop?

[mmphosis]

  ps aux | wc

Linux:

  177

Mac OS X:

  44

macOS?

[davewritescode]

How do you know the process list is accurate for certain?

The point is, there’s potentially back doors in everything, including the C compiler that built your Linux kernel.

[nixpulvis]

We've all read reflections on trusting trust... still my point stands, it's hard to argue that Linux is not lighter than the mainstream OSes.

[michaelmrose]

Its silly to advice against reasonable actions like switching to an OS that respects your privacy based on unreasonable standards that aren't met presently anyway.

Don't bother leaving that disease ridden hag covered in boils you can't possibly invest the resources to sequence the full genome of this clean looking young lady over here it all comes down to trust amirite.

[Rjevski]

User experience and usability.

[boudin]

That has nothing to do with trust and is highly subjective.

[nixpulvis]

Sure, but that has nothing to do with the notion of trust we're talking about here.

[irq]

Perhaps, but if poor UX prevents a user from using an ostensibly more secure platform, then security of said platform doesn’t enter into the consideration at all.

[nixpulvis]

Yes, we're all well aware. That's NOT what I'm talking about though. I'm responding to "Use Linux? How do you trust that?".

Please think about things before aimlessly countering someone's question.

[gsnedders]

How many distros are shipping with ASLR now? Last I knew there were still major distros that weren't.

Heck, do the common DEs sandbox their search indexing processes yet, given there's been various vulnerabilities there previously?

Yes, okay, you have control, but when nobody implements relatively basic defence-in-depth mitigations that have been available on Windows (especially) and macOS for over a decade it's just sad and undermines the argument that its security is better.

[r00fus]

It's not that you shouldn't trust it, it's that you could from security perspective easily shoot yourself in the foot.

Does anyone know of a distro that focuses on usability and privacy"? Subgraph is still in alpha...

[nixpulvis]

Either trust yourself, or trust someone else. (of course it's generally impossible to avoid some amount of trust in others.)