If a malware gets a foot in your desktop Linux system, you’re already fucked. With or without wayland. So asking when does wayland make a difference do make sense tbh. ESPECIALLY when your DE doesn’t support wayland yet, gnome is highly opinionated and KDE has KDE jank.
1 Like
Wayland security:
lol — I mean, in reality Linux was simply not designed to protect the user from apps that the user is running. Wayland is just one relatively minor component which does, out of a myriad of OS processes which aren’t secure against this threat at all. It’s so trivial to do something like run a keylogger if you’re running as an unsandboxed app on a Wayland system, you just can’t do it directly through Wayland itself like you can with X11. Wayland isn’t a magic band-aid that fixed all of Linux’s other deficiencies.
If isolation between apps is your priority, your only answer is to use Qubes. Strictly isolating everything by default and allowing very specific cross-app communications as necessary is the best security design. Linux (and Windows) was designed to do the exact opposite: to be as permissive as possible, and only much later did we start trying to isolate and sandbox things running on it.
There are a ton of other reasons to use Wayland though. As @HauntSanctuary pointed out, it’s actually developed and trending towards more development/adoption whereas Xorg is objectively dead. It actually works with non-Nvidia/AMD GPUs. It handles multi-monitor setups and Hi-DPI displays much better. It doesn’t have a ton of screen tearing issues. It’s far less complex, reducing your attack surface. etc.
Security was never the reason Wayland was created anyways, it just happens to be more secure due to more modern design decisions.
7 Likes
It doesn’t, but than neither do most of the other things recommended by Privacy Guides. Incremental improvements to security matter, on their own to a degree, but more importantly in aggregate when combined with a bunch of other incremental improvements.
I don’t imagine Wayland cures all woes, but whenever faced with a choice between something more secure or less secure, I’ll try to opt for the more secure option (particularly in cases like this where the more secure option is also about 40 years newer, more modern and from what I’ve heard easier to maintain).
Even if Wayland’s improved security initially looks like the gate in the picture above, hopefully with time we’ll see other incremental improvements to other pieces of the puzzle that will continue to close more and more of the gaps, and eventually we get something resembling a gate with an actual fence and not just the gate. We don’t not lock our doors just because someone could easily bypass the locked door and come in through the glass window.
I think probably we mostly agree on all this, I think Wayland support is one of the PG criteria for Linux (or at least the currently recommended distros do support Wayland). I’d put Wayland in somewhat hte same category as secure boot, its not a magic bullet, it could be better, but its a real and meaningful improvement over the status quo.
2 Likes
While I do personally use wayland, and I agree that it works for most stuff, and is actively developed. I don’t think that it’s time to retire xorg yet. It’s currently being only supported by 2 DE (KDE/Gnome), so no XFCE/Cinnamon/etc. It also doesn’t properly work with somewhat specific but not exactly uncommon software (try to do window recording on OBS, and then resize the window and watch OBS shit itself. Also needing to grant perms every time OBS opens is a massive pain in the ass)
And how hard it is to get wayland devs to implement literally anything (remember how hard it is to get wayland to implement screen tearing?)
I agree that Xorg is mostly dead but I sincerely hope that the future is not wayland (or at the very least not only wayland)
1 Like
Your feelings are misleading you, then, as I’m not arguing in bad faith at all, I was accused of making a “nothing burger” argument in regards to me pointing out that it is the user who poses the bigger threat to the system. I’m therefore asking for proof of this not being true.
Jonah (and other posts below) sums it up nicely:
That’s it, that’s all I’m saying. I’m using this statement to then shift my focus to the actual topic of at hand which is provide a recommendation of a Linux desktop to someone who has admittedly little experience with computers and is looking for a balance between privacy and ease of use.
There’s nothing wrong with Linux Mint, it’s easy to use, has a great community around it, etc. Yes, it would be nice if it did support Wayland, but that doesn’t mean that you shouldn’t use it hence not a necessity.
1 Like
I am confident that they (along with XFCE, Mate, Budgie, etc) would move forward in a more or less timely manner. I dont think the devs would allow their respective project DE to significantly fall behind with their peers.
There will be straglers for sure and those who refuse to move to wayland (and maybe move to a non-wayland, non-xorg solution). I can respect that.
1 Like
I think this is a bit of a false dichotomy. The fact that the user is in most contexts the biggest threat to themselves is not a reason not to not take other aspects of security seriously. If anything, the threat the user poses to themselves is even more reason to take advantage of whatever technical solutions they can. Its not a substitute for informing ourselves and adopting better habits and practices, but it can at least mitigate the risks/harm.
tl;dr whether your assertion is true or not true (I think its true) doesn’t impact the recommendation to use Wayland.
Jonah and others sum it up nicely:
Wayland isn’t a magic band-aid that fixed all of Linux’s other deficiencies.
This is true, but taken on its own, it doesn’t give the whole picture, and is misleading. While Jonah stated it won’t fix all of Linuxes deficiencies it certainly addresses some of those deficiencies. And is important enough to be a prerequisite for Privacy Guides Linux recommendations. What Jonah said above, doesn’t contradict or invalidate what he wrote here:
We recommend using a desktop environment that supports the Wayland display protocol, as it was developed with security in mind. Its predecessor (X11) does not support GUI isolation, which allows any window to record, log, and inject inputs in other windows, making any attempt at sandboxing futile.
We recommend against using desktop environments or window managers that do not have Wayland support, such as Cinnamon (default on Linux Mint).
Both things can be simultaneously true (Wayland not fixing all problems, while still being recommended because it helps fix some important problems).
Recommendation of a Linux desktop to someone who has admittedly little experience with computers and is looking for a balance between privacy and ease of use.
I’d agree with you if there weren’t other comparably easy to use, beginner friendly distros which do support Wayland. But those alternatives do exist, including within the Debian/Ubuntu family.
For me Mint is not an anti-recommendation, I agree with you its a nice beginner friendly distro with a nice (if somewhat less technically proficient) community, that benefits greatly from Ubuntu, and the Ubuntu community. I wouldn’t recommend against it unless someone expresses an interest in security+privacy in which case I think there are better options, even for a beginner.
That said, I agree with you insofar as its not like the sky will immediately fall if you use Xorg, is it insecure? yes. is it ancient? yes. Has it worked decently enough for most people for the past few decades? yes. Do we in the security community have a tendency to split hairs, and not always properly weigh the severity or the probability of a threat? Yes, But is that a good reason not to embrace Wayland? No.
4 Likes
Are there really though? Gnome is quite different compared to basically every other desktop environment, linux or not. It is quite an opinionated DE that you either like or hate.
I love KDE Plasma but they’re still somewhat janky compared to something like XFCE/mint that just works
It is totally valid if you or anyone else personally prefer XFCE, its a solid DE (and back in the dark ages Xubuntu was my first introduction to Linux), but it is far from the most popular or most recommended DE among beginners. Behind Gnome and Plasma it is a distant 3rd or 4th.
4 out of the 5 most popular beginner focused distros in the Ubuntu family use either Gnome or KDE Plasma (Ubuntu, Kubuntu, Pop!_OS, Zorin), the sole exception to this is Mint.
I think not having the option of XFCE is not something that would effect the vast majority of new linux users, if anything its the older crowd, the Debian users and such that would be more effected. If a beginner can’t find a distro that works for them with either KDE or some version of Gnome (there is lots of diversity here), the issue is not that the distro isn’t beginner friendly enough or good enough, or the learning curve is too steep. It is a matter of their personal preferences and priorities, which is valid, but is a separate and personal consideration.
Also, FWIW, I believe I read XFCE is working on Wayland support. Not sure how long that might take though, hopefully not too long, but considering it is a small and cautious project and that their commitment seems shaky at best, I wouldn’t expect it too soon. If Distros start dropping x11 support hopefully that work will accelerate.
edit: there are no good representative statistics on linux as a whole (because we are too telemetry-averse) but if you’d like a very rough idea of the relative popularity of the DEs on various distros see here
I think we are mostly in agreement about this topic. But just to clarify, I’m not arguing against using Wayland, or in favor of using X11, or even in favor of Linux Mint in particular. I just think there are more important things than Wayland that one can do to gain privacy and security.
The original topic of this thread was about achieving a balance between ease of use and privacy. I’m giving the OP the reassurance they’re looking for, that is perfectly safe to use Linux Mint for those purposes.
Even though the main focus of this entire project is to recommend privacy (and by extension, security), I’d much rather see someone use Ubuntu or Mint, and be happy with it while enjoying some privacy, than seeing them coming back to Windows. Someone who uses Mint for a while and becomes confident may be tempted to move on to Fedora, the original recommendation, or something else.
X11 is practically dead. KDE and Gnome are not the only ones with full Wayland support. There is also Sway and Hyperland. Forward-thinking distros like Fedora already think about dropping X11 completely. The remaining major DEs I know of work on porting to Wayland. Even a few XFCE apps already work on Wayland.
2 Likes
It’s a bit of a shame because Linux Mint is arguably the easiest Linux distribution for beginners, but it only has Cinnamon, Xfce, and MATE desktops which all don’t support Wayland.
I guess the easiest-to-use distro with Wayland is Ubuntu/Kubuntu.
My personal opinion is there is still no distro that is better suited for a beginner than Ubuntu itself. There are plenty of other beginner friendly distros that are also great, but the one advantage Ubuntu has over the rest is it has far and away the largest community, the most support from software companies outside of Linux, and the largest body of guides, tutorials, howtos and mindshare. Staying ‘with the herd’ has its advantages, particularly as a beginner…
Here are some other very beginner friendly distros within the Debian/Ubuntu family that do support Wayland:
- Ubuntu (Wayland by default, easy FDE, and easy secure boot)
- Kubuntu (Wayland by default, easy FDE and easy secure boot)
- Pop!_OS (Wayland not by default, easy FDE)
- Zorin (Wayland not by default, easy FDE)
Also, there is Debian itself, but that would not be my recommendation for new users. Outside of the Debian/Ubuntu family, Fedora and OpenSUSE are options as well, they are not at the top of my list for recommendations for new users, but they are beginner friendly enough that I think they are reasonable choices for newer users that preference security above other priorities.
6 Likes
I would just like to mention that Mint is working on Wayland support already and the experimental version will come with Mint 21.3.
6 Likes
Great. Also, I wonder. I noticed I have been installing something Wayland related on my Mint 21.2. It reads: “X server for running X clients under Wayland”. Not sure what it means.
That’s XWayland. It’s a compatibility layer for running X11 programs on Wayland.
2 Likes
Which makes the whole app window to be blurry when using with fractional scaling enabled. Unless you use KDE that lets apps decide how to scale. But KDE is not working very well with Wayland overall compared to GNOME.
Last few times I tried Wayland under KDE, it did work well actually. Their goal is to have it completely ready (and default) for 6.0 release, which should come in ~4 months.
more important your on Linux then win or Mac. so don’t stress about Wayland. there’s a lot to learn. just enjoy the ride and hopefully good support. xfce gang here 
3 Likes
Welcome to the community, Sylvia! I’m new to Linux (coming from a Mac OS) and it’s going well, with some help. I decided to start with Fedora, after reading this forum’s recommendation. I’m only moderately tech savy, and I’m impressed with Fedora and it’s usability, features, and style. 
4 Likes