Linux privacy

In other threads, it has been vehemently and repeatedly stated that the assumption that mainline Linux distros are worse than apple is in fact false

Why? This makes no sense at all.

If that was the case, PG would recommend apple. They don’t. They never have. They recommend spins of fedora, SUSE, Qubes, and at other times have recommended ubuntu and even Debian.
Plus, apple has repeatedly exaggerated their privacy claims; remember the scanner they wanted to put on everyone’s phone earlier this year?

Why on earth would apple be preferable to mainline Linux?

Security.

I mean, considering the fact that PG still recommends 1Password, I don’t see why we couldn’t recommend macOS.

how?

That is quite a claim.

First, security at the expense of privacy is the opposite of what PG is about. Just do a locked down windows TPM computer in that case.

Second, again, how? Some Linux distros have things like secure boot, file hashing, kernal hardening…

Claiming Apple, of all companies, and a proprietary system, is more in line with privacy than Linux is a really hard sell. If anything, this just sounds like an argument to delist 1Password, rather than open the floodgates to other services

Could we get a member of the PG team to chime in on this? @jonah?

What do you think of Fedora 41 (Workstation) or SecureBlue ?

So the argument is that rather than risk Linux not being perfect, we jump into something like apple which has proven to run against privacy interests?

Sounds like a circular argument.

Make no mistake, many distros have the issues you mentioned in the blog. But most are not insurmountable, and several distros take it seriously

PG site recommends it. That’s good enough for me personally

secureblue is the cream of the crop of Linux distributions.

PG doesn’t currently recommend secureblue on the site, doesn’t mean that it’s either good or bad. The recommendation means that you should take a closer look to it, not use it as an authorative source.

Touche, they do recommend fedora though. Secureblue is just an uber version of fedora.

Uber ?

German. In conversation in this case, it means “super.”

Oh, okay

I’m very interested by installing SecureBlue, but I had so much trouble installing the workstation version that I don’t feel comfortable replacing it

Dont overstress yourself. Fedora workstation is solid. Take some time to learn it and increase confidence; it is a good option

Okay, because a few days ago the SecureBlue dev’ @RoyalOughtness told me that if I wanted security, I won’t have it with Workstation : Secureblue - Immutable Fedora Hardening - #167 by RoyalOughtness

There is security and then there is security.

Fedora is a great starting workstation, and it inherently doesn’t spy on you. So, nice start to privacy and Linux. For better security, yeah SecureBlue is better… But for most, this won’t give a practical upgrade. At the very least, you should be experienced with Fedora/Linux to really get the most out of SecureBlue, so personally I would learn workstation first if you are new to Linux

I could call secureblue solid, but definently not regular Fedora.

And he told you the truth.

I wouldn’t argue with a fedora dev. He is correct.

My only point was that Fedora workstation is a large improvement from windows, and can help newcomers learn the ropes with Linux. Throwing them into more advanced distributions where they get frustrated with permissions etc can turn them off entirely

That’s not what he said.

What is a ‘windows TPM computer’?

Secure boot is very limited on Linux and probably doesn’t protect against what you think it does. What do you mean by file hashing and what does this have to do with security? Every OS can calculate hashes of files.

Kinda offtopic but aren’t non-appstore apps not sandboxed in macOS?