Comment on Major privacy question (linux distro)
FutureProofBackdoors@futurology.today 2 months agoThanks for the reply. Unfortunately it seems things haven’t changed much in the last decade as far as hardening is concerned, seems like you have to come from an infosec background and constantly read log files or set up new yara rules (or have some software do it which comes with its own set of concerns). I was recently under the impression that docker images were virtualized until I learned they’re free to break out at any time, so it doesn’t surprise me there are issues with flatpaks/bubblewrap/firejail. Sandboxing solutions seem much more mature on Windows unfortunately, with both Sandboxie and Kaspersky (I know) having their own versions of scope-specific apps and limits.
dsemy@lemm.ee 2 months ago
The situation is improving, just very slowly. Solutions are slowly being figured out to various usability issues created by sandboxing (for example, there has been discussion for a while regarding how to solve the game controller issue I mentioned), which will allow the more user-friendly solutions to be more hardened by default. Also, even though I have many issues with Flatpak, with a bit of configuration (even graphically with Flatseal) it can effectively sandbox many programs already, as long as you use Wayland.
On the MAC front, there is a 3rd party project (apparmor.d) that’s trying to build a portable set of AppArmor profiles for all common programs/environments on desktop Linux. As you might imagine this is a huge project and far from done, but it’s actually surprisingly complete already.