Iirc Linux mint literally blocks snap even though it’s a Ubuntu derivative, also idk how private pop os is.
I strongly recommend people avoid GNOME Shell extensions entirely for both stability and the security/integrity of the shell.
Non-system installed extensions are forcibly pulled from extensions.gnome.org every login: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2514
Furthermore any program can tamper with already enabled extensions that are stored in
~/.local/share/gnome-shell/extensions and escalate privileges that way.
gsettings set org.gnome.shell disable-user-extensions true;
I’m still not even clear if these updates are even signed or not, can’t find updated documentation on it.
Non-system installed extensions are forcibly pulled from extensions.gnome.org every login: Add option to disable extension updates (#2514) · Issues · GNOME / gnome-shell · GitLab
this is easily fixable, if you want to block extension updates:
chattr +i ~/.local/share/gnome-shell/extensions
Furthermore any program can tamper with already enabled extensions that are stored in ~/.local/share/gnome-shell/extensions and escalate privileges that way.
Which is why you should sandbox programs and only allow access to directories which are essential to the app.
This is not the only vulnerability to exist, bashrc is the most obvious one, malware could for e.g alias “sudo” to “do the users command; also execute evil with sudo”, without the user realizing. Of course you could set bashrc to be immutable, similar to how you can set the gnome extensions path to be immutable to fix these specific examples, but that’s not to say that others don’t exist.
Alternatively, presumably you could install any extensions you want to
/usr/share/gnome-shell/extensions (system-wide), and still disable “non-system” extensions as @SkewedZeppelin suggested (I haven’t tested this).
These are valid concerns.
Personally, I have to lower my threat model for a while, or make an exception.
After some research, I found that they will discontinue snap in the next release. Canonical is allegedly considering to make snap open source for forks.
Let us see what will happens.
Edit: source of the news added.
This certainly will not happen. They are committed to snaps and a future Ubuntu Core desktop distro.
that’s an April Fools article lol
Sometimes I think the US should limit its April Fools content locally to US only because not everyone share their culture
I thought it was some kind of an ad or something like that since the guy wrote a complete article with quotes. Unbelievable.
Hm on the client side (what is installed on your computer), snapd is completely open source. The only issue I see is that there is no way of creating a third-party repo, everything gets hosted on Snapcraft. I’m not sure if that’s really such a huge issue.
With regards to outdated packages, that argument has more merit. I had a look on Repology (Repository statistics - Repology) and found these percentages of outdated packages (the smaller the better):
Alma 9: 68.9%
Debian 12: 41.5%
Fedora 38: 32.5%
Mageia 9: 38.4%
Mint 21.1: 63.5%
nixpkgs stable 23.05: 24.3%
openSUSE Tumbleweed: 22.8%
Ubuntu 23.04: 42.8%
So indeed the recommended options (Arch, Fedora, openSUSE, NixOS) are more up to date. But on the other hand, does the 10%pts difference between Fedora and Ubuntu really matter in terms of privacy? (Also keep in mind that Ubuntu 23.04 was released before Fedora 38). I agree with the general sentiment that packages shouldn’t be too outdated and it’s more secure to use a rolling release rather than stable packages with backports. But the privacy is not affected unless you think you’re being specifically targeted by hackers to extract your information from your computer and that they’re using some bug that has been fixed upstream. Also note that Snaps and Flatpaks update on their own, so if you use these for your normal applications then the above statistics are less important.
So I think it would be good to add it, maybe with a note that the packages are not as up to date as in rolling distros, but that it has lower barriers to entry for first-time Linux users.
Does this also apply to GNOME extensions that come pre-installed in Silverblue?
Since the Linux Overview emphasizes the importance of Wayland, it is understandable that distributions like Linux Mint with DEs that do not officially support Wayland are not recommended. However, I think Ubuntu and Kubuntu would benefit from being added to the recommendation page, along with some text about disabling/removing snapd and other disliked settings (such as suggesting which settings to disable or enable in browser recommendations).
Although unrelated to the topic, I would also like to address the confusion regarding the “Downloads” section of the apps under the “Recommendations” heading. As far as I can see, if the download pages of the apps do not include flatpak, no flatpak link is added to the “Downloads” section, but this does not seem to be the case for Tutanota Calendar and Bitwarden. I wondered why the exception was made for these two, as I see that one of them is in an experimental version on flatpak and the other is being maintained from an unverified account(s). If there is unverified maintainers requirement for flatpak and considering that Firefox is a flatpak version, flatpak links should be added for Tor Browser and Mullvad Browser.
Brave Browser does not recommend flatpak, but the official documentation for immutable distributions like Silverblue recommends flatpak first and toolbx second for installing applications. Let’s say we can install Brave Browser with toolbx, what about the Element and Signal desktop clients? From what I’ve seen on various YouTube channels, this can be done with distrobox, but you haven’t recommended distrobox layering to Silverblue.
This confusion is not only for immutable distros, but also for someone using Arch Linux for example. There are even AppImage files in the “Downloads” section of the recommended apps, but there are no instructions for installing packages from the official repositories of the distributions. Why should Arch Linux users have to deal with AppImage, extracting .tar files to a directory and then creating additional .desktop files, Flatpak, etc., when they can easily install Firefox, Tor Browser, Element, Signal, Nextcloud, Syncthing, Thunderbird, GNOME Evolution, etc. from the “extra” repository? Additionally, since you don’t recommend installing Signal and Element from Arch Linux’s “extra” repository and flatpak, it looks like we have to create a Debian or Ubuntu container from distrobox and install from the official DEB packages. Even Firefox’s help page recommends installing Firefox packages from the distros’ own repositories.
Perhaps an article should be added to the “Knowledge Base” on the conditions under which applications should be installed, and from which sources, in a secure and privacy-respecting manner.
Please tolerate my typos and grammatical mistakes.
This isn’t possible, because apt packages are being replaced with snap packages. Firefox would be unavailable via the official repos in this case, for example.
i feel like once you get into linux recommendations things are always hairy. there’s so many choices and i assume the goal of privacy guides here isn’t to get too deep into these weeds with caveats and recommendations and guides for user experience, etc.
not that i think Fedora should be un-recommended(at all lmao, i am a huge fan. coincidentally the privacy guides list has most of my favorite distros), but it’s hard to replace it with anything. you want a solid distro, not one that is a side project or too new or another distro that is like 8 forks deep or using less desirable defaults. hard to find and imo not worth changing because of a few small quibbles that are more related to particular software, not the distro itself…
i think it might be worth a small note of the Fedora Spins with wayland by default if GNOME doesn’t suit? but again, imho that’s pushing scope because its just about preferences.
Do the methods shown in this video no longer work or are they insufficient to get rid of snapd?
Since we are talking about Ubuntu, if it is possible to get rid of snapd, then Firefox can be installed as flatpak as you suggest, or by extracting the .tar file to a directory as described on the official website. “Install Firefox from Mozilla builds” describes how to do it. And there is already a link to the same method for Tor Browser and Mullvad Browser in the “Downloads” section.
Fedora KDE Spin is painfully bloated, couldn’t use it. As far as I know, Fedora KDE Spin is a showcase and comes with everything that KDE has to offer + more, and authors insist in keeping it bloated. This is one of the main reasons why I don’t use Fedora.
Wouldn’t recommend Fedora KDE Spin, didn’t try other spins tho.
I am surprised that someone with 10 years of Linux experience couldn’t deal with these small issues. But I agree that Ubuntu is more beginner friendly than Fedora, simply because you can get most software for Ubuntu and you will find more instructions than for Fedora. Ubuntu is still one of the most used Linux desktop OSs and often the first distro new Linux users get in contact with. At least Ubuntu has finally switched to Wayland for Gnome, so it might be ok to recommend Ubuntu (preferably non-LTS) for absolute beginners, at least it’s better than something like Linux Mint.
From a privacy standpoint in the sense of telemetry, almost all Linux distros can be recommended. But from a security and third-party privacy enforcement standpoint most desktop distros in their default state reach from plain out terrible to mediocre. If users want reasonable security they need to put in quite some effort or switch to a different OS like MacOS or ChromeOS which provides this ootb. Fedora, Arch/EndeavourOS and Tumbleweed are good starting points (but not much more), or for experienced users the great Gentoo.
You can use the Fedora Everything (network) ISO to get a more minimalistic KDE variant
It is not misinformation. It is a frequently observed behaviour regarding GNOME when it comes to extensions. But I understand where you are coming from and the concerns regarding feature bloat requests.
That is the precise problem. They should probably need to care more about what extensions are being used and incorporate the more commonly used extension into GNOME itself (Still looking at AppIndicator. But anyway, I do use and like GNOME despite this and it is still my preferred DE.
Does your concern preclude the use of extensions in the Fedora RPM repo as well (from dnf)?
The official way to layer installing other programs is via toolbox. You can still install regular .rpm files on top of Silverblue but Fedora cautions us to do this sparingly, maybe 2-3 .rpm apps maximum.
I would also like to discourage you from modifying/removing snapd. It is pretty much central to their core identity and a lot of system functionality may depend on it in the future. You will have a broken machine should an update come looking for it mid update.
Because AUR usage is pretty much running unverified/unvetted code over your computer and intentionally malicious things have been found there. The presumption is, if you use Arch, you know exactly what you are doing and offering it to Linux beginners and intermediate level users is a bad idea. To a lesser degree, unofficially supported/unverified flatpak is the same in that you are involving other people’s code that you have not explicitly trusted. Your trust is in the original app developer, not the flatpak maintainer. There could be unintended threats lurking from within in the form of out of date components.
As with Signal and all other apps that don’t seem to support .RPMs, I would like to remind you that compiling from source is still very much an option, even a conceptually desired option because at least you are running code that is publicly reviewed. It is a big bother though and I’ve stopped compiling Signal Desktop just because I am lazy and it increases Signal’s attack surface anyway.
I wrote this in the context of Silverblue. When a Silverblue user wants to install Element according to PG recommendations, they are presented with a Debian package. How can that user install the Element Debian package on Silverblue?
I’m not talking about what will happen in the future, I’m talking about the present, but if Canonical has promised that it will happen, I’d say you’re right. The video I posted there is from last year, I didn’t see anyone in the comments saying that their system broke because they got rid of snapd. If anyone has shared this experience elsewhere, please show me.
I’m not talking about AUR, I’m talking about installing the applications I mentioned from Arch’s official repository. If we can’t trust the applications in the official repositories of the distributions, we are in a very difficult situation. There should be concrete evidence of the downsides of installing Firefox, Element, Evolution from the “extra” repository.
Hmm your post doesnt really say much at all.
Ubuntu highly modifies GNOME, Fedora ships vanilla Gnome. Some like it, I prefer KDE even though Gnome may be really nice.
Signal and some others only offer native .deb packages. This sucks, but its not their fault.
For such a messy project like Signal Desktop its best to install the flatpak though, its from Flathub and works great. Just drag and drop doesnt work, as this is a general Flatpak issue.
And that was it. If you have problems, you can get answers in any forum as its all Linux. The Distro is simply how and what they package, what apps they install and so on.
Fedora is more vanilla you could say. They dont preinstall all that much stuff, thats really unconventional. Ubuntu with their modified Gnome and Snaps is a different thing. I dont know if you should call this user friendly.
For me Ubuntu simply broke, maybe it was KDE though. KDE always breaks. But Fedora Kinoite still is the distro I run daily now, as its stable but up to date.