|
I praise the effort. I don't think it's worth it with Linux. FreeBSD or OpenBSD are the only desktop-usable operating systems that actually make me less worried about my own OS spying on me in one way or another. For one thing, Browsers or their engines even -- they are large software projects created or financed by corporate money -- and they almost never run by users from containers; up until now (I just checked) Google Chrome was not even present on Flathub, so the fact that it is there now is an improvement. But most people don't install Google Chrome from there. Same goes for Firefox, in case you naively believed it isn't as nasty. And, frankly, I don't actually know to which degree Flatpak or Snap isolates them from the system. As a matter of fact, I'm pretty sure, they can still collect all the necessary fingerprinting data even while somewhat isolated. I know how to run them from a container or even a VM and use X client-server architecture to isolate them - that's how it should be. To set it up, though, requires time and careful considerations and knowledge of many things. I may have most of the knowledge, but not the time. And then again, a malicious vendor has many different ways to fool the system, yet as a user one only has to make a single mistake to allow them to do what they intended to do -- as opposed to preventing it. So the larger problem isn't signatures. It's the loopholes and vulnerabilities, introduced intentionally or by negligence, that have the potential to compromise an OS. Almost all software should be isolated from the filesystem or any other information that would allow it to uniquely identify your machine (like why the hell does Google Chrome need to know my webcam model and possibly its serial number, which fonts are installed, my GPU and CPU models and a ton of other things?). By the same token, all software shall have no network access UNLESS it's enabled explicitly and one should also be able to block browsers or any other software (including your operating system) from sending telemetry -- by blocking all possible ip-addresses & domain names that aren't associated with the same websites you visit or when some other software truly requires such access. And, frankly, I wish I didn't have to spend hours and days setting up firewalls and closing up all those holes. It isn't because I have things to hide. It's because it's simply wrong. If you need a shallow reason why, I'll give you one: I pay for electricity and for my internet access. No software vendor, open-source or not, for good reasons or not so good reasons, shall have the right to send a network request and, thus, send or receive data from the network without my explicit permission. That has to be the default. Update: and if they're allowed to send telemetry (again, by users themselves and explicitly) users should have the key to inspect the encrypted data that's being sent before it is sent. My machine, my rules. The irony is that the non-free, proprietary operating systems abuse privacy rights even more than the open-source ones, while I'd actually pay for the opposite happily if someone would design a system that is provably non-malicious, has the properties described above and doesn't require a lot of time and effort to achieve the desired things related to privacy and security. |