Hello,
I’ve heard that Ubuntu may not fully prioritize user privacy and collects telemetry data. Could you please clarify:
Is this accurate? Are there Linux distributions that place a stronger emphasis on privacy?
Thank you 🙏🏼
I think pretty much any of the mainstream distros can be trusted as long as you make sure to check for any “opt-in” voluntary things that many people choose to allow. It’s good to help the developers do a better job ongoing to keep the distros as good as they can be. So if you have a reason to not want any of it, just check the options to make sure you know they’re shut off.
There are probably some distros which explicitly make a point to have absolutely no data sent, but you need to take into consideration what the best distro is for your needs irrespective of this one factor, since none are going to do this behind your back to the magnitude of Windoze or ChromeOS.
afaik, it’s strictly opt-in. further reading: https://discourse.ubuntu.com/t/ubuntu-insights-how-telemetry-is-changing-on-ubuntu-desktop/73442
although they’ll still see web traffic from your system if you hit their mirrors for updates and package installs–as would be the case anywhere online.
Gets hardened, privacy focussed distro.
Logs into Google on browser.
I do use Firefox for browser and for YouTube, I use an external client that manages a local account without Google (for favorites, and watched history in example). But… I can’t resist and want to comment on videos or reply to other comments. Therefore I log into my Google account in Firefox just to comment… The YouTube account has history disabled and some other stuff that Google would collect, and therefore cripple my options and features to use YouTube in the browser.
I am fully aware of the irony to log into Google, while trying to be privacy aware. But the comments… man the comments get me all the time. It’s part of the fun watching YouTube videos to me.
I’m not criticising you. Privacy should be an informed choice. Data exchange should be via consent and transparent.
You seem to know what you are trading and why, so more power to you!
Thanks. :-)
If your goal is a personal setup, maybe for gaming, I would recommend Bazzite, it is very user-friendly and designed to be as stable as possible (you can switch to an earlier version of the system in case an update or something makes your pc bug). They have a very nice “app store” (bazaar, based on apps distributed as “flatpaks”).
I personally use an Arch-derivative to access some niche software (the Arch “app marketplace” has a community-wide range), but Arch-based distros are a bit more technical to use. Currently, the most popular Arch-based distribution is “CachyOS”.
Having used both, I haven’t heard anything about these distros concerning privacy.
“Linux Mint”, a Ubuntu derivative, is generally praised as a good entry point into the linux world. It is supposed to spin and enhance its ubuntu base into something very user friendly as well.
What’s up with all these people treating Lemmy like a search engine recently?
Search engines are flooded with AI generated crap now. The signal to noise ratio is awful.
Well, haven’t we all been noobs at some point? Plus, isn’t it funnier that they ask us rather than asking an AI, for instance?
It’s good, means it gains some popularity. Also search engines often lead you to sites like Reddit, Quora, and Stackoverflow
Removed by mod
It’s like Reddit. No one searches and just assumes everyone “works for them”
Listen, anything is better than Windows. That being said, Ubuntu is about as close as Linux gets to Windows in data collection and robbing control from the user. It’s the only distro I recommend everyone to NOT use.
Ubuntu is about as close as Linux gets to Windows in data collection in data collection and robbing control from the user.
While Ubuntu does have a worse track record in both departments compared to any other distro, it’s worth noting that neither data collection nor the patronising of users are close to Windows levels. (Your comment might be understood like that.)
Imagine drinking a fancy cocktail - that’s most Linux distros.
Ubuntu is like that, but with a few sprinkles of piss mixed in.
Windows is mostly piss these days, but with a cherry and a little umbrella, and it’s what everyone’s having, so it can’t be that bad - right?If windows is 100% nightmare, Ubuntu is like 5 to 10% that. While other distros are 0 to 1 percent.
There is one caveat that worth mentioning, one can try (and probably achieve) disable many the privacy invasive treats in Ubuntu getting to the 0 or 1% that other distros provide out of the box where with Windows there isn’t much workaround.
Honestly, Ubuntu is not even close bad to how many framed here in terms of privacy and can be more secure than Mint that still pushes Cinnamon X11 to users.
Once you get Snap out and telemetry disabled Ubuntu is in the game.
I do like an explanation comparing the pissedy of things
Not exactly anything there is still redstaros and astra linux
Agreed, do not use Ubuntu.
But it’s still miles away from Window… and technically you can get closer with a Linux System… e.g. Google Android.
Linux distributions are miles ahead in terms of privacy compared to other commercial operating systems, so just use one, if you want even more privacy, I guess there are distributions that route all your internet through tor.
What about RedStarOS ;-)
Ubuntu now doesn’t enable telemetry by default, but ironically I always enable telemetry when it is disabled and disable when enabled by default.
but ironically I always enable telemetry when it is disabled and disable when enabled by default.
Because reverse psychology. People always does or assume the opposite, because people assume the others wants to hurt them. Yes I made that up and am just joking, but maybe there is some logic behind it. Don’t take this as some sort of personal attack!
Well I assume that if it is enabled by default there is nefarius thoughts involved, but when it isn’t devs have to little data to work with…
Well I assume that if it is enabled by default there is nefarius thoughts involved, but when it isn’t devs have to little data to work with…
To answer your second question specifically:
Are there Linux distributions that place a stronger emphasis on privacy?
Yes, luckily most distros do.
If you just want decent privacy, then honestly most of the popular distros are better than Ubuntu.
Ubuntu has a history together with amazon, sending search queries in the application starter for example. There are better distros out there, like Mint.
it’s been over a decade since canonical ended that little ‘experiment’ with azn.
If you use Debian, even the simple “package popularity contest” is a default “no” in the installer.
That said, your personal conception of privacy is gonna be different than lots of other people’s.
Debian will include new systemd age-verification. A way to avoid it is Devuan Linux, which is basically Debian but with sysvinit instead of sytemd.
Ahh, let me be clear: systemd is bad. Age verification is maybe bad.
The age verification added to systemd is a field in the userdb json that the administrator can set. It’s intended to comply with California law that requires the device attest when queried.
If that isn’t clear enough: it’s a plaintext field in a text document set by the administrator.
If that still isn’t clear enough: the California law lets you lie and the systemd implementation is designed to accommodate that allowance.
Op should use devuan to not have systemd though, that shit sucks.
Depends what your threat model is, if you absolutely want no data about you whatsoever possibly leaving the device because it endangers you then Tails OS is probably the most private distro out there as others have mentioned, but it’s use case is specifically to be used for very private stuff and working through a live USB stick so that nothing remains on the device.
For the average person any distro is a huge improvement privacy wise over Windows, though Ubuntu does have ties to Amazon since it’s owned by Canonical, so if there’s any Linux distro you should avoid for privacy reasons it’s Ubuntu. It’s still incomparably private relative to Windows, but you have nothing to lose and a lot to gain by choosing other alternatives, Mint is just as easy and user friendly as Ubuntu without most of the bloat and Amazon crap.
Most distros don’t collect any data by default.
Basically any distro not built and maintained by a company will be a thousand times more private than Mac or windows. Arch and Debian are both good in that regard, most distros are derived from those. There is also Fedora which is a community project, but it’s very heavily involved with Red Hat inc who is owned by IBM. I’ve never heard about any privacy issues there, but, it’s worth keeping in mind.
If you want something super secure and locked down in regards to privacy, there is Tails which has a lot of neat tricks and tor built in. Not sure I’d recommend it as a daily driver but it’s got it’s use cases.
Tails isn’t really a security focused distro, no significant kernel or other security hardening. It is amnesic. Whonix (based on Kicksecure) is security hardened but still based on Debian which isn’t great for a security base.
Secureblue is what I would recommend because it a security focused Linux distro that benefits from Fedora’s SELinux, and has a bunch of its own additions.
QubesOS is obviously the best for security. Combine that with a Whonix or Secureblue guest OS and you’re perfect.
I completely forgot secureblue. But it was not worth the hassle for my working environment
It really isn’t that different than regular Fedora Atomic. It offers easy toggles for most security features and some convenient utilities to make things easier.
It is very private, by nature of it recording so little and leaving so little trace. Which is what was being asked about, not strictly speaking security.
I was specifically responding to at the end where you say it is “super secure” at the end of your comment. It is not a security focused distro. It isnt even (only) a privacy distro. It is an anonymity distro. Fedora is private, but it doesnt store everything in RAM or route everything through Tor, so it isn’t amnesic or anonymity focused.
When compared to Whonix (which is Debian based like Tails) or Secureblue (Fedora Atomic based), Tails doesnt do nearly anything to harden its base other than to strictly proxy the network through Tor, run in RAM, and some default apps.
I’ve never heard about any privacy issues there, but, it’s worth keeping in mind
You would hear about it, and as someone happy there, it’s a recurring nightmare, but an actual credible threat would be worth so many dollars lost to them that there’s a low likelihood. Shit, Torvalds runs fedora, still, keep a weather eye open.
Mostly Linux has the virtue of the many eyes on open source protection, but it’s far from absolute, as the rise of supply chain exploits demonstrates.
tbh you’ll likely find yourself better using anything else that isn’t Ubuntu. Debian is cool if you’re okay with your desktop environment being a bit behind (as for apps you can use flatpaks for the most up to the date, it also is good if you need most app support as it can install .deb) or arch if you want to learn a bit more about how your little penguin lives inside that metal box of yours! Fedora I am not sure as I think they implement or will implement telemetry.
One last thing is that not all telemetry is bad. if you take a look at KDE’s initial prompt for telemetry it is anonymous and is used to simply try and make the DE better
As a user added: Fedora does opt-in telemetry which is the same as Debian’s where if you want you can enable it but by default it’s disabled
After user outrage Fedora settled on opt-in telemetry instead of opt-out. So unless you actively choose to send telemetry you’re not gonna do it with Fedora.
https://fedoraproject.org/wiki/Changes/Metrics
(old proposal, the opt-out one: https://fedoraproject.org/wiki/Changes/Telemetry )Even Debian has popcon as an opt in. I can see why collecting data about hardware and package choices is useful to Ubuntu. I didn’t think they collected any personally identifying information.
I found a homemade Ubuntu 8.04 installer disk the other day, simpler times. It had it’s place.
I will never forgive the amazon partnership with the desktop search bar.
Privacy or Security? Security would be something like Fedora Atomic. Privacy (and security?) QubesOS , TailsOS But as Linux is FOSS, you can just take any distro and form it as you like.
Fedora Atomic is not more secure than traditional Fedora. That is a misconception.
Qubes, Kicksecure/Whonix, and Secureblue are basically the only major security focused Linux distros.
Tails is focused on anonymity, not simply privacy (same with Whonix). Tails is not really security hardened.
Why is Fedora atomic not more secure? It is literally immutable. Which kills the concept of persistent malware, unless they archive a complex exploit chain to gain root and install a malicious package and then reboot into the new iso, which is easier said then done.
You can just layer persistent malware (like a .rpm from the internet) using rpm-ostree, or rebase to a malicious image, because rpm-ostree doesnt require a password. Atomic doesnt mean basically anything other than you switch out images, it isnt a security feature. Or have persistent malware by creating a systemd user service that runs on login, or a system service which does the same, and does something malicious (exfiltrate data or keylog [yes that is possible on Wayland with LD_PRELOAD trick]). Or modify the use’rs ~/.bashrc and change the path to include something like /tmp or ~/.local/bin and pit a fake sudo binary which takes president over the real sudo and does something (like steal your user password). Or LD_PRELOAD a malicious binary to everything either by adding a line to the .bashrc, or get root and create /etc/ld.so.preload
The list goes on. It isn’t more secure than regular Fedora. It isn’t a (significant) security feature. It doesn’t protect against persistent malware which resides in the user home, etc, or goes unnoticed as a layered package. rpm-ostree can be used to install anything without needing a password. It isn’t secure.
