Building more spin is just one of the implementation detail.
How about, Fedora as a whole can apply “themed set of settings” with installation of 1 package.
Say, doing “dnf install privacy-best-theme” will give the most privacy protection settings possible.
And why just stop with Settings. It might also trigger a “dnf group install” to install only those privacy-blessed packages.
When the user base is large enough, there will not be an one solutions fits all.
Fedora as a foundation, should allow different user to customize Fedora to their need - and enable the sharing of those customized result to benefit more users with common needs.
To be fair, I guess some will prefer to use the “Telemetry” change proposal to build a new “Telemetry Spin” first without changing the existing Workstation .
I don’t think this idea should be regarded as a way of sidestepping the concerns people are raising with the telemetry proposal. I think it’s important to listen to the community on that topic AND recognize the importance that people place on digital privacy in general, perhaps more so than some in our community realized was the case. I think this idea is about enabling privacy-minded community members to be able to do more in the Fedora Project by organizing in some way.
Personally, I do think it’s valuable to consider making Fedora as private and secure as we can. However, we also have to take into account the threat model of the average Fedora user and the usability tradeoffs that often accompany increased privacy and security as Matthew mentioned. I don’t think we want Fedora to become Qubes or else we would be using Qubes.
@kevin’s idea for a Security & Privacy SIG could be a good outlet. We wouldn’t have to structure it too much, but just gather interest in the idea and then decide as a group what initiatives, spins, or changes to Fedora we would like to pursue. Of course, that takes contributors willing to spend the time to organize. I don’t got a lot of time left, but I could try helping to bootstrap this from an organizational standpoint.
When it comes to what the starting point for a potential SIG could look like, Kevin’s ideas are good. I would also like to revive my proposal to Strategy 2028 about making Fedora more secure. For those who know, we were able to get some extra feedback from @jonah of Techlore and Privacy Guides on this proposal. To be clear, I’m not saying to add this back to the five year plan, but just to use this as a pot of ideas for a potential special interest group (SIG).
I just happened to notice this post where @elesiuta mentions a network/application monitoring tool he’s written called “picosnitch”. It’d be neat to see that packaged in Fedora and perhaps integrated with firewalld to do blocking.
(For that matter, I’d love to see someone take on feature development and UX improvements for firewalld!)
Most people don’t want a privacy-focused operating system, they want an operating system which respects their privacy.
That is, there’s a big difference between building a version of Fedora which tries to keep me anonymous and private, and Fedora asking for consent before it does something I might not know about. Ultimately it sounds like most people are just asking for their consent to be a consideration, which feels like a reasonable request for a Linux distro.
I’m having trouble wrapping my head around what you’re actually asking for here. Committing to privacy is inherently placing a limitation on yourself. The solution to privacy-invasive technologies isn’t some brand new firewall or other tool that can mitigate it, it’s to not have that privacy-invasive tech in the first place. If privacy is a goal, you have to consider privacy as part of the initial development process within every group, I don’t think you can punt responsibility to a Privacy SIG to address problems after the fact. Or, the Privacy SIG would have to be involved in that process by other projects and SIGs working on new things, but maybe that’s too much “stop energy” to work with the rest of Fedora.
If Fedora doesn’t want to commit to being private by design, I guess that is your prerogative, but having a clearer stance one way or the other would make these conversations more useful, so maybe Fedora should have a policy that’s more upfront about it.
A privacy SIG or spin might make sense if you wanted to build the next Tails or Qubes, but I don’t get the sense that there’s any demand for that here.
People primarily work on Fedora by choice, and work on what they want to for their own interests. I can declare policies from on high all day long, but they won’t have any meaning without people doing the work. I’m suggesting a framework for people who want to do the work of improving Fedora in this way.
“Private by design” makes a good slogan, but what does it mean precisely? How does it interact with usability? What does it mean for all the software we integrate? What about software that we don’t build but which people might want to run?
This is a good point, and I’d like to point out that if you look through some of the other threads, there’s no absolute agreement on the details of exactly what privacy should look like.
I for one would be happy to help with a spin. I’ll be honest though, I’m not knowledgeable enough to know whatever pitfalls that the more privacy… enthusiastic (sorry) of us would want or care about.
I kinda view it like this. I appreciate Fedora’s packaging restrictions around licenses. That there is a bar for what should be considered free and open, and that there’s a requirement to meet that in our official repos.
Installing rpmfusion repos is still one of the first things I do and have been doing since f13. I still like knowing where the baseline is.
Similarly I knew that firefox did opt-out, but wasn’t really aware of of how many people were concerned over it. I get it. I think this is still worth building for those who might want/need something on the far end of that spectrum or for those that want to just start there. The ENVs (that some programs do or don’t respect) is an example of that. Non-technical people, who may not have the background needed to set up stuff like that on their own, might really appreciate a spin with those defaults set.
Anyways. I’m absolutely willing to help others implement this.
This topic might be a bit better outlet for this since people are thinking about some things to do.
I’d like it if there was a system-wide setting akin to ‘do not track’ for Fedora (and other systems) the state of which can be queried be read by applications (d-bus, a file) to turn off their own metrics according to the user preference. Right now a lot of applications all have their own metrics collection and opt-in/opt-out preferences.
Rather than creating a bunch of spins, its probably easier to just advertise the existence of opensnitch/etc (there is a copr here: https://copr.fedorainfracloud.org/coprs/boredsquirrel/OpenSnitch/) and assure one of the solutions works well and can create privacy oriented profiles.
I’ve not felt the need to run this kind of stuff on my linux machines, but I’ve run similar stuff (most recently windows firewall control Windows 10 Firewall Control: Sphinx Software) on my windows/etc machines which turns out to be a more robust solution to returning windows update, telemetry, etc control to me as well as blocking chrome reporting home what I have installed/etc because one simply whitelists the applications/services that can communicate on the open internet/lan/whatever.
This got me thinking about what the likeliest outputs from a Privacy SIG would be, and I think it would amount to one or some of the following:
Hardened spins of Fedora for different desktop environments (most difficult and most unlikely)
Following Fedora development and chiming in with feedback on where something could be more privacy respecting (seems touch from a practical perspective and also like it would be the privacy police or something)
Picking up smaller projects like developing something for the firewall like Matthew suggested (would need buy-in from engineering people in the community, also don’t think it gets at the heart of what people would like to see from this hypothetical SIG)
Not sure what other people are thinking. If the consideration for a Privacy SIG is real, it should be done with a focus on what we’re getting together to actually produce. Otherwise I think it would just be an ill-fitting privacy club. If we’re looking for privacy-conscious contributors throughout the project, I think we already have those by virtue of Fedora being so highly recommended for privacy and security.
I would also like to note that the fact that so many people have come out in favor of the more privacy-respecting options in the telemetry proposal shows that the Fedora community is actually much more interested in digital privacy than was maybe assumed in the past. To that end, I think it could be useful to recognize this a value the community has. Maybe the importance of their value on privacy should be elevated more in the community. Fedora may have been a developer focused platform in the past, but I think the last couple of years it has shifted to also contain a large subset of privacy-conscious users.
This could really be a good idea, but should be something like Tails: very privacy focused. The regular workstations should still met a reasonable amount of privacy, and I’d like to never see opt out telemetry enabled in them.
I agree, that multi spins is too much, but a single spin (probably with what DE is already the most hardened) and guides for the other is, I think, obtainable and useful to have as a starting place.
Just an observation regarding the thought of a more privacy respecting or focused spin. If you create a separate spin you’d be implicitly implying the other spins / offerings are less so. It’s like low fat milk, that kinda implies the other offerings have more.
I think that’s fair and still ok. Lots of people still use Firefox, even though it defaults with opt-out metrics collecting. Some people are satisfied with the level of privacy they receive (in the data that’s being collected) some people aren’t and they wish they had it turned off. Others aren’t satisfied that the feature exists at all and are using other browsers that don’t have any mechanisms to collect ANY kind of data, and that’s ok too.
It’s a spectrum.
Creating a spin would start from that most private stance and allowing users to relax settings is still beneficial because it’s easier to give out data than it is to take it back.
I think it’s clear that fedora will never be solely on one side of the spectrum, but would give those concerned a nice start place and feel welcomed. Does is imply that the other spins/ISOs are less private? Yes! Because they are. that’s ok! Privacy isn’t one of the 4 pillars, but it has a place between them.
This is fundamentally the problem. If we create privacy focused spin, this would be the expectation.
However, the sacrifices it takes to get there can be quite severe. Now the user potentially has to choose between a distro that isn’t private by default and a spin that is so privacy-focused that usability becomes a problem.
IMO, it would be far better to just not harvest the data by default to being with. Then users can choose between all the various spins of Fedora knowing their privacy will be respected.
That being said, a Privacy SIG seems like an interesting idea.
Privacy isn’t one of the 4 pillars, but it has a place between them.