As I am new to the privacy community, if not new to learning about computers beyond the absolute basics to survive as a student - I opted to Linux Mint. Perfect middle ground between privacy and user-friendliness. This is enough of a learning curve, I’ll move to Fedora later.
Only now I notice Privacy Guides recommends against Linux Mint specifically because it does not support Wayland. From what I understand, this is to prevent one malicious application from taking over the entire system. In Wayland the malicious app would be isolated.
It seems crucial and is tempting me to switch to Fedora, but further consideration and I think it’s overkill, and would only make things more difficult for me, in a way I’m not ready for right now. My usage is near confined to Brave and LibreOffice, plus VPN and whatever was on Mint from the beginning.
Maybe I’m missing something, but Wayland does not seem necessary since I am not downloading software which is not already widely supported in the privacy community.
Honestly just stick with Mint and switch later when you are more comfortable with Linux.
Just be aware that Linux in general is not very secure against exploits. Keep the system updated and be very conscious about what you install and from what source.
Hello. I agree with @Valynor completely. If I were you, I would stick with Mint, at least for now. If you feel like exploring Linux space in the future, feel free to try Fedora. Both are excellent choices as far as Linux distros for everyday uses go.
As for the Wayland issue, up until recently, no major Linux distro used Wayland by default, anyway. That means that the majority of Linux users used a predecessor of Wayland, X (Xorg), which Mint uses now. Mint (specifically, its desktop environment, Cinnamon, developed by Mint) currently does not support Wayland. The security concerns are valid, and Wayland is ultimately the better protocol for privacy and security. However, I would not fret over it much as of now. Mint will have to move to Wayland one day, too. For the foreseeable future, I would just recommend getting comfy in Linux and see what the future brings.
thank you. I have been extremely cautious of what I install, though one vulnerability is troubleshooting an issue and copying/pasting code to fix it. Any pointers on how I can ensure I am not installing something dodgy?
Others are recommending that–because you are new to Linux and already chose Mint–to just stick with it and get familiar. That is one valid approach, but I’d recommend the opposite.
If you are really new, and not yet super invested in Mint/Cinnamon, it is probably easier to switch now before you’ve built up Mint/Cinnamon specific habits, patterns, and knowledge.
There are at this time only two Desktop Environments that support Wayland (KDE Plasma and Gnome), I would recommend starting out with a distro that supports one of these DEs, if you like Linux Mint’s Cinnamon desktop environment, KDE Plasma will probably appeal to you and feel familiar (Gnome is a good option too but very different than Cinnamon, Plasma, and Windows)
As to distro choice, Kubuntu would be a beginner friendly option that keeps you within the Debian/Ubuntu family and supports Wayland, Secure Boot, and has some other security benefits compared to Mint. Outside of the Debian/Ubuntu family Fedora and OpenSUSE Tumbleweed are good options.
The only real advice is to not do that. Not only can you do the obvious thing and paste something which you don’t understand, but you could also easily end up copying something that is a legitimate command and still pasting something malicious which wasn’t even displayed on the website (demo):
There isn’t really anything better than learning what the command is and does, making sure it’ll do what you expect, and then manually typing it in yourself, unfortunately
It’s a tough problem. On the one hand, Jonah is right:
The only real advice is to not do that. There isn’t really anything better than learning what the command does
On the other, when you are new to Linux (even if you aren’t new), especially if you don’t come from a tech background, it is really impractical and unrealistic to, try to understand every single terminal command in every guide, help thread, or tutorial you follow.
In an ideal world, you would take the time to understand each command before running it, we should all have that as a goal and work towards that. But short of that ideal, here are some things I would consider if I were to run untrusted commands that I didn’t fully understand:
Consider the source, is it known to you , is it reputable, trustworthy?
Consider the command, learn some of the more risky commands, that should make you extra cautious.
Do some basic research (maybe its impractical to learn each and every command you run in depth, but you can at least quickly check a terminal command using man (for example type man apt will show you the manual page for the command line tool ‘apt’), you can preface any command line tool with man to see its manual page.
Corroborate, if you don’t understand a command you can always ask the person who recommended it or a 3rd party, or if it is a tutorial you are following, check other tutorials to see if it is a common approach.
Learn the potentially dangerous commands (things like curl, rm, and so on have legit uses but because of their power, they can be dangerous also). You should be aware of these commands and be cautious with them
After watching the demo in the link Jonah provided, I’d say manually type commands instead of copy/paste or at least copy/paste into a blank text file or something first, not directly into the terminal.
Whenever possible try to use each problem, issue, or use of the terminal as a learning experience. Maybe you can’t grasp the full complexity the first time you encounter something but you can probably understand the concept and the basic purpose of the command.
These things are not a substitute for the best and safest practice of just not running terminal commands that you don’t understand, but they can at least decrease the risk of an inherently risky behavior.
Running Wayland or X11 is not the biggest security threat: it’s you.
Get comfortable with running Linux Mint everyday, and when you’re familiar with the graphical tools try the Terminal. It’s not as scary as it seems, you just have to pay attention because there is no undo button there. And just like you wouldn’t (or shouldn’t) copy/paste commands from random websites online… do not copy/paste commands from ChatGPT!
Speaking of undoing things, learn about Timeshift (comes installed with Mint). It will allow you to take snapshots of your system, which you can set it to do periodically, and roll back to one of those snapshots should you accidentally break something. This will give you the confidence to explore without much fear of wrecking your system e.g., maybe after installing something that you shouldn’t have.
One thing to keep in mind: Timeshift is not a backup solution. I know is a bit confusing, snapshots vs backups, what’s the difference? Just know that your personal files (essentially anything in your home folder) need to be backed up separately. A good beginner’s solution would be the the tried and true method of plugging in an external drive, and drag-and-drop your files there.
Linux Mint has something that I think it’s essential: a community. They’ll help with issues that you run into, just be respectful as these are volunteers offering their help for free.
I appreciate your perspective on diving straight into a different distro. Will I benefit from the security benefits offered by Wayland while I am such a novice stage of setting up a system which merely allows me to browse, email, watch Youtube videos in a private manner.
As @prosperina says, the biggest threat is me. I trust me better when I have a good online community to help me troubleshoot things. My guess is that Fedora has one too, but I’d also guess it’s support for newbs is much thinner than mint.
His sentence is basically a nothing burger and neglects that security measures can work even if the user makes a mistake. Good modern security measures are designed in a way, that they tolerate or mitigate user errors as much as possible. Just look into modern OSs like Android. Using X11 is a big security problem, whether people realize it or not.
Ok, let me clarify more productively then, by giving an example.
There was a very popular incident with Linux Mint’s servers being breached and the ISO that people downloaded from their website was somehow tampered with. If a user downloaded and used this ISO their entire system would be compromised from the get to, even if Linux Mint at the time used Wayland exclusively.
The user should have taken care to verify the integrity of the downloaded file as to ensure that it’s safe to use. This is an example of how the user is typically the weakest link in the security chain.
I’d like to learn more about this. Can you provide sources to verify how many vulnerabilities have been exploited since the release of Wayland? Do they exceed every other exploit that resulted from user action in that same period of time?
Counting exploits or vulnerabilities is not a meaningful measure. X11 is the vulnerability and exploit in itself. It was never designed for modern systems or with security in mind. X11 allows any process (with access to the X11 socket) to get the screen data and input data of any other process, because there is no UI isolation. It’s a blatant violation of the process as a security boundary and destroys any sandboxing attempts.
Yes Wayland addresses shortcomings in X that affect everyone. It has nothing to do with whether your are a beginner or an advanced user. As a beginner you probably won’t notice the differences, but that doesn’t mean you won’t benefit.
Its not like Wayland has a bunch of super duper advanced security features that only an advanced user could take advantage of. Its just that it is built from the ground up in a more secure way than Xorg was (better compartmentalization enabling better sandboxing). So its the type of thing that doesn’t require any action on your part to benefit from.
Compared to Ubuntu, Mint, or Pop!_OS , Fedora is a bit less beginner friendly. Fedora has a reasonably large community, probably at least as large as Mint. However the main advantage Mint has is its a Ubuntu derivative so 95% of the time you can take advantage of the massive and very beginner friendly Ubuntu (and larger Debian) community when seeking help or assistance. This is one reason I usually suggest newer users start out in the Debian/Ubuntu family of distros.
That said, Fedora has a good community, people are generally helpful, until a couple years ago the community felt more intermediate to advanced, and fairly knowledgeable, more recently there has been an influx of newer users, the community has grown a lot and changed somewhat. One outcome is there are a lot more newer users using Fedora today than a few years ago. I think its probably easier to find assistance as a new Fedora user today than it was when I got started.
This sentence is incomplete: “Counting exploits or vulnerabilities is not a meaningful measure of …”
You use different metrics to measure different things. Counting how often this vulnerability has been exploited over the course of the past 10 years will give us a good indication of how exposed people using X11 really are in practical terms.
I agree with the rest of your post regarding the shortcomings of X11, but unfortunately it misses the point by focusing only on how severe those shortcomings are, from a security standpoint, rather than focusing on the actual likelihood of being affected by them. It’s like arguing that we shouldn’t swim in the sea because shark attacks can be deadly, even though they are extremely rare.
The topic of this thread is regarding providing advice to a user who claims, in their own words, to be inexperienced with Linux and computers in general. In that regard, I agree with @xe3 in that Fedora is less user-friendly and that there’s much more learning material coming from Debian- and Ubuntu- based distributions. The Linux Mint community in particular is quite helpful and plentiful.
Linux Mint is a perfectly suitable option for their needs both in terms of privacy, security and learning curve.
No, it will not. The exposure is clear. If an attacker gets a foot into your desktop Linux system, it’s game over, for everything you enter, the accounts you access, your data, everything. It’s an easy way to get full control without any additional exploit needed, just by using what X11 provides as normal functionality.
And, again, how many times have we seen this happen? You keep talking about potential consequences, not real threats that the vast majority of users are concerned about. Most security vulnerabilities are not feasible to carry out: they either require pre-existing malware on the target system, physical access, particular set of hardware and software, controlled lab conditions, etc,
Going back to the shark analogy, you’re portraying the shark as the blood-thirsty beast that will eat people, meanwhile humans are unknowingly in mortal danger of the innocent cows.
I do not understand your push back @prosperina . I feel like this is arguing in bad faith at this point. I would have seen the merit of your point a few years ago. But simply the time has come and the last call to stay with X11 is here with the upcoming version of KDE and GNOME. There are still alternatives to wayland but those are probably equally immature or probably worse.
X11 is no longer actively maintained and the developers are abandoning ship to move over to wayland. Its no longer about security features vs actual probability of exposure. It is about using software with active maintainers vs unmaintained software, and that I believe is one of the criteria to be included in the PG recommended list.
You could stay with whatever your distro is currently using, but I’m sure most will move on to wayland as well in the future, especially once KDE and GNOME moves on.