Most of the conversation I see about moving to Linux revolves around comparing Linux to Windows. I’m wondering about how Linux distros (particularly Fedora) compare to MacOS.
GrapheneOS put out of string of tweets recently raising some concerns about Linux, particularly related to how Linux compares with iOS/MacOS. I’d love to hear thoughts on these concerns from this community.
https://x.com/GrapheneOS/status/1923968038660886770
They claimed that iOS specifically is more private/secure than traditional desktop OS (including Linux), but not macOS. I’m not an Apple user and I don’t want to go through the long series of tweets, but it seems like Apple doesn’t implement their iOS security features the same way on macOS.
None of those claims are controversial. It’s well understood that desktop operating systems are significantly less secure than their mobile counterparts.
A decent simplified ordinal ranking (ignores a lot of nuance within platforms) in terms of security is:
Linux < Windows < macOS < Android < iOS < GrapheneOS
You can sandbox apps on desktop linux just fine but you don’t get things like SIP.
Fedora has some things confined via SELinux but you still need to sandbox your apps yourself. Firmware security and support varies a lot among devices.
Regarding xz, yeah, but something like that can happen to any project (FLOSS or not).
edit: Even if you harden your linux distro, you probably can’t make it as secure as macOS but pretty much any linux distro should be more private than macOS due to the fact that telemetry even if present isn’t as invasive as what is observed in macOS.
I think that a good comparison is probably Firefox vs Chromium. Chromium may be more secure, but security isn’t everything. Firefox is not terrible in terms of security and has better privacy features and offers more control, so IMO it’s better overall. I feel the same when it comes to Linux vs macOS.
These are two completely different discussions.
When it comes to being privacy respecting, the question is somewhat simple: Does it do anything with your data without your explicit consent and/or knowledge? macOS, Windows, Android, and iOS are objectively terrible in this regard, constantly enabling features on an opt-out/default basis that handle your data in various ways, which very often connect to dangerously insecure cloud services.
When it comes to being private, it’s also somewhat simple: Who has or could have access to your data with your current configuration?[1]
When it comes to security:
The security features and drawbacks of each operating system will matter more or less to every individual depending on their particular use-case and the threats they are worried about. There is no decent simplification when it comes to cybersecurity, which is why we don’t peddle in oversimplified misinformation in our guides and resources.
Other communities like to make blanket statements about operating systems and other software, in order to create fear, sell their products, etc.
It is very important to tailor decisions to your own situation, and not trust random YouTubers or Twitter users to make your decisions for you:
This is why, for example, you can make a non-privacy-respecting operating system like macOS or iOS private in some cases, but it requires constant vigilance because as explained above it is not privacy respecting. ↩︎
Imo Windows is probably more secure than Linux for most threat models only if you don’t install anything on it. The majority of Windows apps are unsandboxed (afaik), which automatically makes it less secure than most distros that support Flatpaks. While Flatpaks are not good for security or privacy by default, you can remove permissions by default and give them on a case to case basis.
An unsandboxed app already has too much invasive access to your OS for any kind of security mitigations to be effective. Sandboxing is the single most important security property, and no CFI/shadowstack/etc will help you without it.
I think this definition leaves out protection against third party software accessing your files, against data exfiltration from malware, against data being exfiltrated from physical access. And really, the data we’re talking about here is mostly just telemetry, not personal data like photos, contacts etc. All of your personal data can be prevented from being accessible to Microsoft, Apple, etc even if by default it is i.e. iCloud being on by default and ADP being off by default.
The lines between privacy and security are very blurry when it comes to operating systems, since a lot of the time the thing you’re protecting is data. Security from data being destroyed or security from your resources being used against your will such as your computer being part of a botnet wouldn’t be included, but apps trying to access your data and send it off without your permission is both a security and a privacy issue.
I don’t think it’s possible to say an operating system is objectively good or bad, the only objective statements you can make are about what features they offer and other properties, like iOS encrypts your disk data by default. But this is why I think labels like “privacy respecting” don’t really work, because it doesn’t take into account different threat models or the features of an operating system, it’s basically just an opinion statement.
I agree, which is why I don’t think we should be making statements like “macOS, Windows, Android, and iOS are objectively terrible in this regard.”
This is kind of where my thinking is. And macOS may be great at protecting from external threats, but what if one doesn’t trust Apple itself? And it seems particularly with AI developments, one’s data becomes highly valuable to the company holding the data.
Which is where I come back to my original question, though I think I can better articulate it now: if one values protection of data both from internal and external threats, and wants an OS that is practical as a daily driver, is Fedora’s security against external threats strong enough to justify its use over macOS? Or is there another OS that better fits this criteria?
I don’t know about macOS but Windows was caught by multiple people re-enabling OneDrive folder syncing even after users explicitly turned it off. If that doesn’t make Windows “objectively bad” for privacy, then I don’t know what would.
It doesn’t, all that we can say objectively is that Windows was re-enabling OneDrive. You can personally think it’s bad, and I would agree with you, but that’s not objective.
I’m sorry but that’s pretty much data theft. I cannot think of a single threat model where having a third party arbitrarily upload your personal files to the cloud without E2EE and without consent is fine.
Consent is actually an objective measure, not a subjective measure. Thus, we can say that making decisions about your data privacy without consent is objectively bad, which does indeed make this statement true:
Well most software on desktop linux operating systems can access most of the data on your machine and send it off without your consent. Malware does it without your consent as well. The operating system needs measures like sandboxing and exploit mitigations to ensure you can choose where your data goes.
I’m not an expert, but I think that by defending Windows and MacOS/iOS over Linux, we fall into a meaningless sophistic skepticism. The criteria of privacyguides seem to make a lot of sense to me.
Apple claims they have e2ee protection, but I don’t trust them since they are closed-source. They can do whatever they want as long as they cover their backs.
As for Linux, it all depends on the applications and software you install, as always. If I install Standard Notes, I can be pretty sure that app won’t collect much data about me, not only because it’s open-source with an enviable track record but also because it has been audited.
So I’m not sure what the point is…
Anything is possible on any operating system. This is the reason we already don’t recommend certain Linux distros like Ubuntu which have a poor track record of doing this, exactly like how we don’t recommend macOS or Windows.
Manufacturing theoretical problems with distros that are actually privacy respecting, while ignoring the actual instances of this exact behavior occurring on macOS and Windows makes no sense.
Linux also has the distinct advantage in this situation, by discouraging the largest vector of malware by default (installing packages from random websites), unlike macOS and Windows.
Which of course, many Linux distros have, either available or by default:
I have clarified that it is an ordinal ranking (i.e. the order is significant but the distances between options are undefined). That being said the gap between Linux, Windows and macOS is obviously smaller than between those and mobile OSes.
That matrix chart is very outdated, last update 2021 and Fedora 34.
Just an example. It isn’t getting worse with time after all.
There are various aspects to security and there are proponents of different schools of thought which will prioritize some things over others. Whonix lists various reasons for why they generally recommend sticking to Linux, Xen, and *BSD distributions as a host OS. It’s also worth reading Kicksecure documentation on tyrant security and proprietary software. With that out of the way, I answered a very similar question a while back:
I believe macos has the only secure bootloader in entire market.