Clearly, a lot of Fedora contributors (and potential contributors!) are very passionate about privacy. We have some pretty strong claims about what users want, and what they’ll choose.
Fedora’s mission is to create an innovative platform for hardware, clouds, and containers that enables software developers and community members to build tailored solutions for their users. I know that’s unwieldy — in short, we make an operating system and we make it easy for you to do useful stuff with it.
That “useful stuff” can include variations for many purposes. We have desktop-centered Spins like KDE Plasma Desktop or XFCE. We have purpose-focused environments like Python Classroom Lab. We have variations like Silverblue and CoreOS that experiment with building the OS in a different way. We have Server and IoT to address different use cases.
As I have said several times in the conversation about the recent “telemetry” proposal, Fedora has never taken a hard line on digital privacy. It’s certainly important to us, and we care about it, but we haven’t made it a focus.
But, this could be a focus. We’ve got lots of tools that could be brought to the task. In Fedora, energy-to-build always beats stop-energy. So, make a Fedora Privacy-Focused Desktop spin. Take your favorite desktop environment, or make several an option. Use what we have, and set defaults how you like.[1] Fork the default SELinux policy, and make one that is much more protective of user information. Change the default firewall rules — or replace with OpenSnitch or some other application firewall.
Make something cool and useful which fits what you’re excited about.
You’ll probably turn off DNF Countme, but I’m sure we can find other ways to measure success… ↩︎
Because privacy shouldn’t be a spin? It should be a component of every version of Fedora.
How many spins would this need to create? Workstation-Privacy, KDE-Privacy, Mate-Privacy, Games-Privacy, JAM-Privacy, etc, etc. Splintering every community Fedora has seems counter-productive.
Not sharing our information isn’t the only reason we use Fedora. People who care about privacy still have all the other interests that everyone else has.
So the obvious concern, given the context of the existing discussion, is that the existence of such a spin would enable an argument along the lines of “why do you [privacy-minded user] care about Workstation, there’s already a spin catering to you?”
That aside, I would actually be very interested in such a spin. I personally don’t have the wherewithal to make it happen (I’ve already been down a similar road once before ) but I very much like the idea.
I guess the other problem is that the expectations set by a “privacy spin” of Fedora may well end up being similar to that of Tails, which is not particularly interesting as a dev environment or a daily driver
Suggesting the community to do something new instead of considering community feedback should not be the next step in my opinion (of course, this is a nice idea, just not the right time, honestly).
The Fedora Project’s main page states:
It’s your Operating System.
The Fedora’s Mission and Foundation’s page clearly states:
[…] Like any friends, we occasionally disagree on details, but we believe in finding an acceptable consensus […]
So my suggestion is, for now, to find consensus that will be acceptable to most users and engage with said community addressing these concerns (it is impossible to please everyone, after all!)
100%. I primarily use Fedora because of its strong position on privacy, but also because of its positions on freedom and community, it’s large repositories, it’s reliability, and flexibility. I like knowing my system is mine, that I can do with it what I wish, that I am free to add or takeaway, and while many Linux distros offer this, Fedora has built their entire purpose around these ideas.
Choosing from desktop spins is one thing, but feature spins based around whether you want your data to be private or not? That’s corporate thinking, trying to have one’s cake and eat it, too. All it does is alienate both groups, and Fedora is weakened as a result. I still believe no good can come from this, despite the genuine good I believe the devs supporting this want to see happen.
Security and data-privacy are always tradeoffs. You probably know the old one about the best way to secure a server (unplug it, put it in a safe, drop it in the middle of the Pacific).
Sharing photos or documents with others increases your visibility to the world. Fedora Workstation has lax firewall rules because feedback showed that software developers found it frustrating and confusing. We’ve had passionate pushback against encrypting disks by default, because it makes data-recovery so much harder. Similarly, folks rebelled against stronger password requirements.
Fedora Workstation will set those defaults with a general user in mind, and there are some things that very privacy-conscious users will prefer that would drive them away. We’ll always need to make a compromise. A dedicated spin could make different choices, catering to a particular audience.
That, in turn, could prove-out features that could improve the general-user experience — a new firewall tool, for example.
I’m not ignoring community feedback. Neither is FESCo (that is the deciding body for Fedora Changes[1]. I know the team advocating for the telemetry proposal are not either.
I disagree about the timing. People who want to read something malicious or dismissive into it obviously don’t know me. Which is fine, not everyone knows me — but you can!
I think it’s great timing, because right now, we have a lot of attention from a lot of people who care deeply about privacy.
theoretically could be escalated to the Council, but that’s never happened before ↩︎
Sorry, I meant that to be implied. Rephrase: Security and data privacy (which are deeply intertwined) are always tradeoffs against convenience (and arguably usability).
Absolutely. However, a privacy-focused spin would have all the same challenges.
Not everyone has the same definition of what a privacy-focused spin should look like but I would say if the purpose is to be deeply privacy focused it would move far further away from usability.
In the case of the telemetry discussion, I don’t think that is what people are asking for. All that is being requested is to ask us prior to harvesting our personal data and have the choice be private by default. There is a big difference between that and a privacy focused spin.
I believe you. And FESCo. I know you read all the replies. What I’m not fond of is ignoring the users who are being more vocal about this change proposal (who are mostly privacy-minded people) and the users that suggested other ways to tackle this issue. If you do read community feedback, please make an update to the change proposal and try to reach consensus. I don’t want to sound rude, but the impression you give me is this one.
Edit: now that the whole discussion is being a little more transparent, I see that some specific community feedback is not being as ignored as I initially thought. This is good, but still, reaching consensus would be ideal
If I understand correctly, only the original poster can change the proposal. Of course I could be wrong, but seeing no other change proposal countering the original one or changes to the proposal itself makes me think there would need to be made yet another change proposal for this specific change
It started with “just trust Red Hat not to be evil”, and we’re now in the “make your own privacy-focused spin” phase. This dismissive attitude towards users’ concerns is what’s making me reconsider my usage of Fedora, before they make any actual changes.
I’m sorry, but I’m not getting that from this post. I can definitely see how it could be viewed as such, but more it sounds like Matthew saw that a more significant number than expected of our community is very, very concerned about privacy and security, and since Fedora has to balance security/privacy with ease of use, it isn’t meeting all of the needs of this community even today.
It might be beneficial to explore the option of having a more hardened, privacy focused spin that can go above and beyond for these people.
And I can definitely see the benefit of providing such a spin in the Fedora community.
And to be 100% clear, from all the years reading the mailing list and previous interactions, even though I’ve never met Matthew, I have some trust in the intent of this message, based on those years of silently reading them.
However, given the huge pushback on the proposal, I would say that the benefit should not be limited to a spin. Apparently, there is a lot of privacy minded individuals in this community – should that not lead to the realisation that it might make sense to consider them as the default users?
I’ve intentionally stayed out of the proposal and other breakout topics, as I’m not sure where I stand as an individual on the issue (aside from the fact that opt-out only really would be a very dark pattern to me).
However I just wanted to point out what I am reading into this message, to make it obvious that this might not be what you wanted to convey. I’m pretty sure I’ll not be the only one to read it like this. And I still do not really understand what the point of this topic actually is…
I agree with both of you! Perhaps Kevin’s suggestion of a Special Interest Group is better — that’s actually more in line with our bigger vision for Fedora anyway (see Objective Review: More (active) SIGs, fewer images). However, I’d love such a group to have concrete, technical output. Make what you want into reality, don’t be limited to talking about them.
) but I very much like the idea.