Getting flashbacks to the absolute shitshow 2 years ago when Fedora had another brilliant proposal that people went to war over, I thought I recognized Fabios name from the discussions. If you forgor, perhaps purged your memory banks or just live under rock-sized boulders, you may interwebsearchnaningans the following: F40 Change Request: Privacy-preserving Telemetry for Fedora Workstation (System-Wide)

I saw the writing on the wall then and abandoned Fedora. It's unfortunate because the software is great but the developers have become toxic to the user and say what you want but there is a clear influence by RedHat and it's not a good one. It's totally legitimate for users to say they will leave if they feel abandoned by the product and Fedora is abandoning the well being and needs of the users. They are becoming like Microsoft where they think they know what is in the users best interest better then the users themselves do. Anything they decide to do is correct because THEY THINK it is in the best interest of the users even if the users don't. Some of these developers seethe with contempt for users while claiming to be looking out for their best interests. It's fine if you're going to have that perspective, it's your right. But it's against the history and values of what Fedora used to be. Granted they've removed some of the privacy language since the telemetry fiasco but at this point they might as well say it's made by developers, for Redhat but you're free to use it if you want. I've comfortably settled in Debian since then and I'm much happier.

View this comment - View article - View full comments

Almost nothing prevents you from running apps as a user (SELinux is pretty damn good though, wish RedHat hadn't gone down the sh***er). The security difference there is that user installed programs don't have root/admin level access. That said steam deck is fairly wide open in it's implementation, any system that will let you sudo or su without a password is vulnerable to remote execution using that vector. It is an easy fix though. Set passwords and tighten up your sudo rules.

This basically falls back to any system that tries to do all the work for the user is going to be more vulnerable to make that system easier to use. That's a big part of why Windows is so popular and so vulnerable.

All that said, no operating system is social engineering proof. If the system lets you access sensitive data and lets you upload stuff via a browser or any kind of utility, your users can ship said data off to anyone that tricks them. The only secure system is one that's been shattered into tiny little pieces and disintegrated.

Not to let Windows off the hook. Windows is garbage.

Quoting: raggytherecond

Quoting: LachuLinux do not allow to install software without provide an password by default.

It does though. Both my Fedora system and Steam Deck allow me to install software w/o a password by default. I don't think Steam Deck even has you set up a system password during setup, just a button based pin to unlock it.

You're also ignoring whole fields of attacks that don't require the user to install new software like cross site scripting or supply chain attacks. Or general software vulnerabilities like Heartbleed

Linux isn't some magical impenetrable system, that's why you have software like ClamAV since 2002 and any number of other mitigations.

The accountant here isn't stupid; reading inbetween the lines they had a very convincing phishing email because the attacker knew they had access to Accounts Receivable data for a particular client, knew what to ask for, and knew who the CEO was to impersonate.

Presumably they wanted this info because then they could then phish customers that their preorder shipment was being withheld unless they sent whatever money owed to the attacker instead

View this comment - View article - View full comments

The last stable update causes frequent in game crashes for me. I've been on the previous stable for the last week and am worried to upgrade and lose access to the version that works. I haven't seen any changelogs in the last updates about fixing gpu timeouts

View this comment - View article - View full comments

Quoting: omeganebula

Quoting: m2mg2

Quoting: 14If it's implemented similarly to the KDE wizard after a fresh installation, I think that's fine.

IBM and the Holocaust... I can't believe someone threw that into the conversation. Pretty much everyone involved is dead. Life goes on. What are you gonna do, boycott entire countries like Germany and Japan? Leaders made decisions that countries and companies followed, and those leaders are gone.

Almost no one has a problem with them doing it like KDE, which means the user has to explicitly opt in. You cannot pre select it on and allow them to just press continue. They are proposing Windows/Ubuntu style telemetry, and went so far as to say in the proposal that they are not interested in opt-in telemetry at all. They are only interested in having it on by default and users having to pay enough attention to notice and decide to turn it off (opt-out).

They also state that if they ask the users, most will say no. But insist even though they would say no if asked, they actually don't care. So it's OK to default it on to avoid them saying no, and they argue that is ethical behavior. It's not

How can you acknowledge that you won't get agreement if you ask but argue that manipulating the interface to trick people into "accepting" (they aren't really accepting it) it is ethical? It's NOT ethical. Legal and ethical are not the same

You conveniently forget to mention that the proposal put forward by its proponents is practically unanimously rejected by the community. This is quite disrespectful on your part towards the Fedora community. Due to the rejection of the opt-out approach, there is even a consideration of simply withdrawing the proposal. Most likely, the "explicit choice" raised by Cassidy James and many others will ultimately be the compromise, meaning no default value will be provided.

I actually did mention that it looks like it MAY NOT happen (comment #9 in this thread). The developers however appear to really want it and the user poll isn't as overwhelming as I'd like it to be.
https://discussion.fedoraproject.org/t/unofficial-poll-about-opt-out-metrics-proposal/85494 [External Link]

AFAIK it's still up in the air and could easily get approved. I've also stated I'm happy with the compromise (no default, user must choose).

View this comment - View article - View full comments

Quoting: 14If it's implemented similarly to the KDE wizard after a fresh installation, I think that's fine.

IBM and the Holocaust... I can't believe someone threw that into the conversation. Pretty much everyone involved is dead. Life goes on. What are you gonna do, boycott entire countries like Germany and Japan? Leaders made decisions that countries and companies followed, and those leaders are gone.

Almost no one has a problem with them doing it like KDE, which means the user has to explicitly opt in. You cannot pre select it on and allow them to just press continue. They are proposing Windows/Ubuntu style telemetry, and went so far as to say in the proposal that they are not interested in opt-in telemetry at all. They are only interested in having it on by default and users having to pay enough attention to notice and decide to turn it off (opt-out).

They also state that if they ask the users, most will say no. But insist even though they would say no if asked, they actually don't care. So it's OK to default it on to avoid them saying no, and they argue that is ethical behavior. It's not

How can you acknowledge that you won't get agreement if you ask but argue that manipulating the interface to trick people into "accepting" (they aren't really accepting it) it is ethical? It's NOT ethical. Legal and ethical are not the same

View this comment - View article - View full comments

Quoting: omer666

Quoting: m2mg2

Quoting: omer666

Quoting: m2mg2

Quoting: omer666

Quoting: m2mg2 
"Firefox, Chrome, Brave, Vivaldi, Opera, Edge, Windows, IOS, Android, etc. already are collecting this type of data by default."

This quote is from the opt-in opt-out thread. People want Linux to be just like Windows. We use it because it's not Windows. Please, don't make it Windows. Then those of us that care about what Linux is/was, will have to go to BSD.... and we will. Not that the ones who take it over will care.

I don't understand why you think people wanting more freedom will go to an OS which is more closed-source friendly, but why not...

OpenBSD is not closed source friendly.

They still prefer the BSD licence, so I don't see how it is any different from other BSDs in that respect (maybe you can educate me on that subject, I am not that well aware of the differences in the BSD ecosystem)

My understanding of the BSD license and I'm no expert either is that is even freer than GPL. GPL has restrictions on how you can use the code. BSD is basically do whatever you want with it. These are license issues and have nothing to do with operating system functionality, how free it is or how respectful of it's users it is.

I thought I read somewhere that due to its licensing, the FreeBSD kernel could integrate some non-free code, but I may be mistaken...

That may or may not be, IDK. But even closed source code can be respectful of it's users. It just doesn't happen to be the norm. I like open source but I'm not completely anti closed source.

View this comment - View article - View full comments

Quoting: omer666

Quoting: m2mg2

Quoting: omer666

Quoting: m2mg2

Quoting: omer666

Quoting: m2mg2

Quoting: omer666I think privacy advocacy may be going a little over the top on this subject. I'm all for it, I use a zero-access email provider, do my searches on Duckduckgo, have a LineageOS smartphone without Google services and so on, and yet I don't mind them collecting technical data. It's much less complete than Steam hardware survey and yet I'd bet every Linux gamer will gladly answer this one because they want to improve the system's visibility for game developers. Here the devs want to improve the system, but nope, no sir, this is bad and all.

Can you name anything that improved leaps and bounds after starting to collect telemetry? Gnome does telemetry but they continuously ignore the obvious will of users to do what they want instead. It's less about needing telemetry and more about following the industry trends of collecting data and IGNORING what users want in favor of what developers and platform owners want. The proponents of this over and over acknowledge they can't make it opt-in because users wont opt-in. They can't force an explicit choice because the choice will be no and they know it. This right here says it all. They should just not do it. They are already ignoring users in favor of what they want, you think they are going to completely flip and suddenly start doing things in the interest of the users? Nonsense.

They also make the arguments that users don't care, also total nonsense. Telemetry has been getting forced on users for years against their will. They are so bombarded it would take unrealistic effort to stop it so they submit, effectively by force. Then you guys turn around and say they don't care. They have never been given a choice, except in Linux and now people are trying to take that choice away as well. If you want to collect it, make people want to give it to you. If you can't do that, don't take it. Don't trick them, take via it attrition (bombarding them until they make a mistake by accident) and dark patterns. Be better, be ethical.

Well I am not using Linux just because of privacy, but also for technical reasons, so that's a different case altogether.

I never heard of GNOME using telemetry, but I have a pretty unpopular opinion about how they've been handling user requests since GNOME 3.0... I am glad they haven't listened :grin:

Pretty sure it's opt in, unlike the current proposal but I don't use Gnome and I find Gnome 3 to be an abomination. https://gitlab.gnome.org/vstanek/gnome-info-collect/#fedora [External Link]

I am fine with different people having different tastes :wink:
Following the link you provided, it seems it's never been used and it's not even in the official repos of the distros quoted (apart from Arch)

https://blogs.gnome.org/aday/2023/01/18/gnome-info-collect-what-we-learned/ [External Link]

Reading the paragraph about Research Limitations, we can observe that's a far cry from the idea of hidden/forced telemetry. But that's been put to use indeed.
Also in the same paragraph they explain how having such a limited and specific public opting in may have rendered the results quite irrelevant...

Not irrelevant, just not what they want. But if you can't get what you want ethically, you probably need to re evaluate your wants or look harder for an ethical way to get it.

View this comment - View article - View full comments

Quoting: omer666

Quoting: m2mg2

Quoting: omer666

Quoting: m2mg2

Quoting: omer666I think privacy advocacy may be going a little over the top on this subject. I'm all for it, I use a zero-access email provider, do my searches on Duckduckgo, have a LineageOS smartphone without Google services and so on, and yet I don't mind them collecting technical data. It's much less complete than Steam hardware survey and yet I'd bet every Linux gamer will gladly answer this one because they want to improve the system's visibility for game developers. Here the devs want to improve the system, but nope, no sir, this is bad and all.

Can you name anything that improved leaps and bounds after starting to collect telemetry? Gnome does telemetry but they continuously ignore the obvious will of users to do what they want instead. It's less about needing telemetry and more about following the industry trends of collecting data and IGNORING what users want in favor of what developers and platform owners want. The proponents of this over and over acknowledge they can't make it opt-in because users wont opt-in. They can't force an explicit choice because the choice will be no and they know it. This right here says it all. They should just not do it. They are already ignoring users in favor of what they want, you think they are going to completely flip and suddenly start doing things in the interest of the users? Nonsense.

They also make the arguments that users don't care, also total nonsense. Telemetry has been getting forced on users for years against their will. They are so bombarded it would take unrealistic effort to stop it so they submit, effectively by force. Then you guys turn around and say they don't care. They have never been given a choice, except in Linux and now people are trying to take that choice away as well. If you want to collect it, make people want to give it to you. If you can't do that, don't take it. Don't trick them, take via it attrition (bombarding them until they make a mistake by accident) and dark patterns. Be better, be ethical.

Well I am not using Linux just because of privacy, but also for technical reasons, so that's a different case altogether.

I never heard of GNOME using telemetry, but I have a pretty unpopular opinion about how they've been handling user requests since GNOME 3.0... I am glad they haven't listened :grin:

Pretty sure it's opt in, unlike the current proposal but I don't use Gnome and I find Gnome 3 to be an abomination. https://gitlab.gnome.org/vstanek/gnome-info-collect/#fedora [External Link]

I am fine with different people having different tastes :wink:
Following the link you provided, it seems it's never been used and it's not even in the official repos of the distros quoted (apart from Arch)

https://blogs.gnome.org/aday/2023/01/18/gnome-info-collect-what-we-learned/ [External Link]

View this comment - View article - View full comments

Quoting: omer666

Quoting: m2mg2

Quoting: omer666

Quoting: m2mg2 
"Firefox, Chrome, Brave, Vivaldi, Opera, Edge, Windows, IOS, Android, etc. already are collecting this type of data by default."

This quote is from the opt-in opt-out thread. People want Linux to be just like Windows. We use it because it's not Windows. Please, don't make it Windows. Then those of us that care about what Linux is/was, will have to go to BSD.... and we will. Not that the ones who take it over will care.

I don't understand why you think people wanting more freedom will go to an OS which is more closed-source friendly, but why not...

OpenBSD is not closed source friendly.

They still prefer the BSD licence, so I don't see how it is any different from other BSDs in that respect (maybe you can educate me on that subject, I am not that well aware of the differences in the BSD ecosystem)

My understanding of the BSD license and I'm no expert either is that is even freer than GPL. GPL has restrictions on how you can use the code. BSD is basically do whatever you want with it. These are license issues and have nothing to do with operating system functionality, how free it is or how respectful of it's users it is.

View this comment - View article - View full comments

Quoting: poiuz

Quoting: m2mg2Make an argument or don't, calling something FUD is a cop out because you probably have no good argument to make.

Don't spread FUD then you won't be called out.

To quote the project:

gnome-info-collect is not currently collecting information. Installation is not recommended at this time.

This alone invalidates your whole argument about ignoring the input.

You are spreading FUD. See how worthless that statement is. Gnome has been ignoring user feedback since the beginning of Gnome 3. If you aren't aware of the story behind it that isn't my problem. Microsoft is another example of an org that collects telemetry and ignores what users want. The industry knows users don't like telemetry. They also know users don't really have a choice. Accept it or abandon technology (not very feasible). They force it on users because users don't really have a choice.

View this comment - View article - View full comments