What do package mirrors have to do with the values of what a distro offers over others??? And you very much can run a local Fedora mirror.
10 posts were split to a new topic: Media Players on Fedora Workstation
One “mirror” is local on your computer. You don’t need internet at all.
Fedora Workstation / Everything needs internet.
Both is cool. The Linux world is not a war zone as you want it to be - everything is possible.
Unless things have changed recently, yes there is. This was also discussed here on the forum:
These are more Ubuntu issues, Not zorin.
Zorin doesn’t need you to login or anything like that to use it.
And as dngray said:
Regarding point 3, a lot of that was in the past
and I would dare say Mint hates snap and they do remove it and that’s why it’s also within my suggestions when it comes to that. (Also no login or anything needed for Mint)
Slower adoption of newer technologies is actually more of a security concern than a privacy concern
And those first 2 points is exactly why derivatives tend to be way better.
But the last one still applies to Ubuntu and derivatives
Fedora also relies on backporting, except for a few packages like the kernel, doesn’t it?
All of the distros I mentioned have security issues (to varying degrees) which are non-existent or not as bad on Fedora. At least 2/4 of the distros have privacy issues including both Ubuntu and yes, Zorin OS:
The Software store allows you to install apps from the Zorin OS & Ubuntu APT repositories, Flathub, and the Snap Store out of the box.
Quoting my previous reference:
- Snapd
Ubuntu pushes snapd heavily, which tracks the user using a unique ID. You can read more about it here: Get snap metrics - Snapcraft 8.10.0 documentation
Each snapd instance has its own id, and this id can then be used to track which snapd packages are installed by a user. This cannot be turned off and does not repsect the telemetry settings in the OS. The only way to get rid of this is to remove snapd itself.
We cannot reasonably expect a new user to Linux to be aware of this and to remove snapd themselves. Even if they were to remove snapd, Canonical likes to put snap packages into the .deb package repository. An example of this can easily be found here: https://askubuntu.com/questions/1185091/why-apt-package-chromium-browser-installs-snap-package-instead. On Ubuntu, you can accidently reinstall snapd and a snap package when you are trying to install a .deb package from the main repositories if you don’t pay attention. Once again, we cannot reasonably expect a new user to notice/understand this.
Removing snapd without installing replacement software would at best ruin the experience for new users and at worst also ruin their security. The Ubuntu Store itself is a snap package, so it would be removed along with snapd. The store itself, besides package management, also handles firmware updates. The user has to install gnome-software and fwupdate via the command line afterwards to replace the snap store. It can be expected that a lot of users will forget to install fwupdate.
So yeah, I could’ve been more specific about what applies to which distro, but I’m not wrong.
1 Like
quoting about snap:
does mint still have some issues? Sure
but if you desperately hate snap, this is it
again.
This is besides the point. OP is using and asking about Zorin OS. I merely mentioned other popular “just works” distros that people recommend alongside Zorin OS to cover those bases as well just in case OP thought they might be an ideal alternative.
I was responding to:
There are nuances with other distros I did not elaborate on because it’d be unnecessarily long-winded. But yes, the privacy issues are even worse on Ubuntu and yet Ubuntu has fewer of the security issues. Still, the most relevant points and the overall point remains the same. Contrary to your claims, the distro OP is running and asking about (Zorin OS) has additional security and privacy issues compared to Fedora Workstation.
1 Like
yes, but not nearly to the same extent, and only for 6 month intervals vs years+
Why “user id” is a big deal to consider? Or let alone bother removing it? So it tracks installed apps. Does it track anything else more sensitive?
From linked Linux Mint article:
[…] Chromium package is indeed empty and acting, without your consent, as a backdoor by connecting your computer to the Ubuntu Store. Applications in this store cannot be patched, or pinned. You can’t audit them, hold them, modify them or even point snap to a different store. You’ve as much empowerment with this as if you were using proprietary software, i.e. none. This is in effect similar to a commercial proprietary solution, but with two major differences: It runs as root, and it installs itself without asking you.
But technically I don’t understand what this quote talks about. Does anyone have some more comprehensive link with real proof what is the fuss about?
As I understand it - Snaps are better for security, because apps are sandboxed, and one can even remove not important permissions to sandbox them even more.
The bad stuff as I know (maybe wrong) - is that server code is not open source, because that is (or was) their business model to charge companies for using this app store solution.
Will try to answer myself. It could also track IP address, but because server code is not open source, we probably don’t know and can’t verify.
P.S. I am saying this, because I once logged in to Ubuntu account, and seen they have my IP history going back many many years, and I have not seen a way to delete it.
I don’t wanna get too off-topic from OP’s question but because Zorin OS uses Snap by default I guess this still fits here.
It’s an issue for me, but you’re right that it isn’t the most egregious privacy invasion we’ve seen. This is a privacy community after all, I think forced tracking of any kind is largely rejected by most people here.
As you mentioned, it’s possible for them to track this along with any device or network identifiers like IP addresses. Whether or not they’re doing that, I’m unsure. Point 3 goes over Canonical’s not-so-great privacy track record which makes me more distrustful of them. Again, it’s not the most egregious track record we’ve seen. It just leaves a bad taste in the mouths of most privacy enthusiasts.
I think the key part missing from that quote is in the beginning:
A year later, in the Ubuntu 20.04 package base […]
I believe they’re referring to the fact Ubuntu secretly installs Snaps for certain packages when users are trying to install the Deb packages using APT. I don’t think this applies to Zorin OS.
1 Like
Thanks everyone for your input in the matter.
I’ll keep ZorinOS for now on my main PC, as I’m really comfortabe with the usability of Zorin, not only the extra layers of security and privacy offered by Fedora are to be considered. Nonetheless I’ll test Fedora on my laptop, I’ll keep in mind all of the pros, cons and problems mentioned regarding it, as the lack of some software support and certain problems with certain.
I’ve read most of what you guys said and will keep on reading, once again than you all for the help, it was all very informative and entertaining.
5 Likes
To clarify, I don’t think the disagreement I had with @GorujoCY was a big deal. I can’t speak for them but I think we’d both agree that Zorin OS is a good step up from Windows (when it comes to privacy) and that Fedora Workstation would be even better if you ever want to try it. I’m glad Zorin OS is working out for ya. 
3 Likes
No you made very good points after! I don’t want this to be admitting defeat (my silence), it was just to try and not stir the pot further than it has to.
2 Likes
Do you by any chance know how fast Fedora ships patches for high and critical severity assigned CVEs compared to other distros like RHEL, Debian or Arch?
it is a mixed bag: sometimes they manage to do it the same day as announcement/, others it can be a few days.
they will sometimes fast track an update out of updates-testing or even out of the regular mirror cycle afaict.
even basic updates for like firefox and chromium can take 2-3 days sadly
arch may be slightly better overall since it is rolling, but fedora does seem to have more manpower when it is necessary
rhel can sometimes be slightly delayed, especially if it is harder to backport but they always get it done
no idea about debian
2 Likes
That recent sudo CVE isnt patched in Fedora as of this posting. Then again even Arch wasnt up to date by the time you posted on the CVE post regarding sudo.
Debian seems to do it on its own terms, on its own timeline 
1 Like