Continuing the discussion from Fedora Strategy 2028: February/March Planning Work and Roadmap 'til Flock:
This Objective is a proposed addition to the Theme “Fedora leads in Linux distribution development” in the Focus Area Technology Innovation & Leadership. For general discussion of this focus area, please see the topic Fedora Strategy 2028: Focus area review (Technology Innovation & Leadership) .
@mattdm you asked for input on the Fedora strategy for the next 5 years, so by golly you’re getting it.
There’s one point that I don’t see reflected in the logic model, and that has to do with the perception of Linux in the security and privacy space. I think that part of that is because this would be considered part of the ‘everyday’ things we should be working on, and the other part is based on the north star of “does this work toward doubling our active contributors.”
Security on Linux is considered a given by many in the community. I also think that every community that produces a distro would think that their own offering is secure. Personally, of course I think that Fedora is secure. I know that the Fedora Project thinks Linux is secure or otherwise what are we doing here. However, there is an important group that does not consider Linux to be secure enough, and that is some people in the digital privacy community.
The average Linux user is probably somewhat concerned with privacy. Many people who want to improve their security and privacy will think to switch to Linux. There’s a whole little world of people who go above and beyond their threat models to be as private or secure as they can be as individuals. Those people go on to give advice to regular folks trying to learn more. When I talk about the privacy community, I’m talking about people who are focusing on their own security and privacy standing. I’m not talking about cybersecurity professionals who are thinking about security for companies and organizations.
To get to my point,
Linux is not viewed as secure by some reputable resources for digital privacy, and I would like us to address their concerns in the next 5 years.
Don’t shoot the messenger! Privacy Guides and PrivSec both have articles where they list security deficiencies compared to Windows, macOS, and/or chromeOS. Then there’s the famous Linux Insecurities post by Madaidan that I’m sure some of us have seen before. Many times when the question comes up of whether Linux is secure, these sources will be linked.
Their concerns consist of the following:
- Lack of proper application sandboxing
- Not enough exploit mitigations
- Monolithic kernel (not much we can do about this one)
- Lack of verified boot
- Difference in security of desktop Linux vs server Linux
- Lack of immutability
- Inability to harden to the point of competing with macOS
- Probably more…
To be honest, I’m not technical enough to know how right or wrong these claims against Linux security are. I don’t know what context or threat model I’m missing. I don’t know whether to interpret these faults as being so dire I should avoid Linux for security. The reason for the concern is because these sites that are respected for privacy in general share this view, so who am I to disagree? There can be lots of people in my shoes who see this view of Linux coming from experts and don’t know whether they should try Linux at the end of the day. Who wants to install a supposedly insecure OS?
Furthermore, whether we agree with these sites or not, their opinions hold sway in the privacy community. If you ask about Linux security, other people who you would otherwise trust will tell you about these faults, quoting these sources. Then they will go further and suggest that Linux is so insecure that it shouldn’t be considered for use at all. One crowd thinks something can’t be private if it’s not secure. Another that if something is not the most secure option then it is not secure at all. Many of these complaints will probably always exist, and they’re not unique to Linux. However, Linux gets caught up in it because the criticisms ultimately come from valid sources in the privacy community. Here’s an example of how this tends to go.
These two points together affect the perception of Linux and Fedora by extension. Folks who come across these opinions, whether true or not, are less likely to want to try Linux.
Maybe, I don’t know. As far as I can tell the core concerns listed are valid. As a non-technical user, it makes me second-guess my choice to run Fedora instead of chromeOS or macOS. I would hate to think that I’m exposing myself more by using Linux. To be clear, I don’t think I am, but the fear is there in the back of mind, and in some sense it’s not untrue.
At the same time, it’s not like we aren’t already making progress in these areas. Every resource I’ve come across has suggested Fedora as the top distro to consider if someone wants to switch to Linux for security and privacy, despite their hesitation. Who is developing an immutable system that will one day hopefully replace a flagship spin? Fedora. Who is working on increased application sandboxing? Fedora, based on our support of flatpaks. Who is fixing the funny X11 quirk where any open window has access to everything going on in the desktop environment? Fedora is, with Wayland.
Then there’s the impact that these views have on real people. Maybe it’s totally negligible. How many people are actually be scared away from using Linux? I don’t have a way of telling. If most of the people reading this post have never heard of these concerns then that proves the point even more than I’m making a mountain out of a mole hill.
But you know what? Matthew Miller said to think about where we would like to see the Fedora Project in the next 5 years. Personally, I would love it if in 5 years we could see all of these security concerns addressed so that even more people can feel confident in their system. Free and open software brings a lot of good into the world, and I would like for security to be an undisputed benefit of Fedora.
Thank you for coming to my TED talk.
Update: see refinement and discussion of threat model below: