I am interested in Silverblue\Kinoite for home use of ordinary people.
There are several applications recommended in this guide that contain a flatpak version.
Is there a reliable way for the average, non-tech person to know if the community maintained packages maintain the security and privacy levels of the official distributions of these apps?
Example: ProtonVPN, Brave, Mullvad Browser, Bitwarden, etc.
Immutable systems appear to be more secure than normal distributions. I intend to install on computers to distribute in communities, for older people, who would certainly not install anything outside the Flathub store or official repository available on the system.
Another question, regarding the use for games, what do they say on the privacy and security aspect of the Ublue-OS images?
It is listed on the Fedora website as recommended for users with a NVIDIA card.
Preferred Flapaks that are ones maintained by Fedora itself, as well as the ones in Flathub that have the verified check.
Followed by the ones endorsed, but not officially maintained by the original software devs.
I draw a hard line here. The rest are community maintained and should be treated like your AURs, PPAs and COPRs. They could be safe to use too but if you dont have the capability to check/audit, you should probably use toolbox/distrobox or keep a small amount of installed .rpm apps on top of Silverblue.
Is there a reliable way for the average, non-tech person to know if the community maintained packages maintain the security and privacy levels of the official distributions of these apps?
It shouldn’t be an issue, flathub most likely vets their software and not allow random stuff willy nilly. Failing all that you can also just check the manifests
Even a lot of fedora RPMs are community maintained, the issue is honestly overblown.
Another question, regarding the use for games, what do they say on the privacy and security aspect of the Ublue-OS images?
privacy should be the same, security is just the typical immutable benefits. I’ve personally tried ublue and can vouch for it (still using it rn)
So if I am planning on using Fedora Workstation, I should get most of my apps from flatpaks. If that is not possible I use toolbox/distrobox. Are there any downsides to toolbox/distrobox? As for Fedora Silverblue, primary method should be flatpaks as well and then .rpm as a last resort?
The advice was to use it sparingly. Ive only layered about 2 apps max at the time I used it in a “workstation laptop” and I did not get any issues whatsoever. The caveat is I am not a dev, so I do not have a complex computing use case: work app, email, browser, password manager, note app, etc.
I did use SecureBoot, full disk encryption + LUKS /home encryption (yup 2 passwords at boot). I think I can fullfil a Level2 (or 3?) Security rating on Fedora 38 on Asus Vivobook Pro 14 OLED and it had a working fingerprint reader.
Does toolbox involve layering? I thought it was a container for the application (Like a VM without the benefits of a VM?) and that the layering was for rpm-ostree on Fedora Silverblue. I read that layering with rpm-ostree is what should be used sparingly.
What are people’s opinions on downloading third-party maintained flatpaks like Bitwarden? Personally, I would feel better if the flatpak was officially maintained by Bitwarden. There was a discussion about this on their forum but I don’t think anything came of it yet. Am I better off just using the web interface?
Don’t use browsers as a Flatpak. FF- and Chromium-based browsers have their own sophisticated sandboxing, which (at least partially) doesn’t work anymore as a Flatpak. All three are unofficial. I wouldn’t trust an unoffical app with all my passwords. You can use toolbox with DNF instead of flatpaks.
Don’t expect too much. Security overall is still not great. Too many parts are directly mutable or mutable after reboot and there is no cryptographical verification from an immutable root of trust.
The Firefox Flatpak is directly managed by Mozilla, even if the sandbox would be worse in the Flatpak, it is by far superior purely from a UX perspective. If you get all your apps as Flatpaks, you aren’t going out of your way to get a container, install Firefox in that, export the desktop file, and keep the container updated only for a browser.
It’s up to your trust. Personally I think the Flathub registration process, and the manifest being open source, are both enough for me to use it. I still use the site personally because the app is very annoying to use in comparison haha
What do you mean by “if”? It’s verifiable that the browser’s sandbox inside Flatpak is missing parts of the original (native) sandbox. If you have no clue about it, why even write something?
In which ways does the Flatpak version provide better UX?
What do you mean by “if”? It’s verifiable that the browser’s sandbox inside Flatpak is missing parts of the original (native) sandbox. If you have no clue about it, why even write something?
Because I’m not sure whether this is the case with Firefox, I only know it’s the case with Chromium specifically.
In which ways does the Flatpak version provide better UX?
Installable inside a GUI store everywhere. The version is up to date. You don’t have to worry about the app breaking due to bad packaging. Especially on immutable systems: automatic desktop file. It’s pretty easy to see Flathub as a better UX.
Don’t antagonize people here please, this is your last warning. The claim that the Flatpak Firefox is “missing parts of the original (native) sandbox,” and the claim that the Flatpak Firefox’s sandbox is “worse” are two different claims that people probably want to discuss further. The former doesn’t inherently imply the latter, that effect would have to be proven.
@jonah I already explained to you in detail in another thread, why the sandbox in the Flatpak version is worse and your only response was: it’s an official Flatpak and Mozilla says it’s no problemo. Of course they say, it’s their own product and at this point it is pretty much a non-argument if talking about technical aspects. Microsoft also thinks that Edge is private enough to ship it. Pale Moon also thinks that its browser is secure enough. So what? The Firefox Android app is also an official release of Firefox and nevertheless you don’t recommend it (rightfully so).
No, my response was that Firefox uses Seccomp-BPF to limit access to resources (like files, network) that Chromium would limit using the user namespaces sandbox, so user namespaces in Firefox are only providing redundant protections to what their existing sandbox already provides.
Defense in depth is certainly nice to have, but that’s an argument I would point towards Firefox developers, not people deciding whether to use Firefox/Flatpak or not.
Are you aware of a sandbox bypass which is made possible due to lack of user namespaces in the Firefox Flatpak? If not, then I still fail to see how this is a real-world concern that the average person choosing a browser should have to think about.
Well, we were discussing that further here. Whether the difference matters to you is not really something I/we can decide for you.
My personal opinion would be to lean towards native installs for browsers specifically, but if I had to use a browser Flatpak on a Flatpak-only OS like Silverblue or Endless I wouldn’t feel unsafe doing so either.
