privacyguides
/
privacytools.io
Archived
1
0
Fork 0
Code Issues 304 Pull Requests 47 Activity

PC Operating systems 2.0 #1969

Merged
dngray merged 3 commits from pr-operating_system_new into master 2020-07-10 02:15:21 +00:00
Conversation 7 Commits 3 Files Changed 14 +124 -205
dngray commented 2020-07-02 11:17:24 +00:00 (Migrated from github.com)
Copy Link

Closes: https://github.com/privacytools/privacytools.io/issues/1376

https://deploy-preview-1969--privacytools-io.netlify.app/operating-systems/#os

Closes: https://github.com/privacytools/privacytools.io/issues/1376 https://deploy-preview-1969--privacytools-io.netlify.app/operating-systems/#os
👍 1
dngray commented 2020-07-02 15:48:48 +00:00 (Migrated from github.com)
Copy Link

Maybe we should also do something about that microcode section. It looks messy and I think most distributions would do this by default.

Maybe we should also do something about that microcode section. It looks messy and I think most distributions would do this by default.
nitrohorse (Migrated from github.com) reviewed 2020-07-03 03:44:09 +00:00
_includes/sections/tor-operating-systems.html
@ -0,0 +13,4 @@
git="https://git-tails.immerda.ch/tails/"
%}
{% include cardv2.html
nitrohorse (Migrated from github.com) commented 2020-07-03 03:43:07 +00:00

From my understanding, due to Whonix associating and using Gab as a platform, including it as a recommendation on PrivacyTools is counter to our code of conduct.

From my understanding, due to [Whonix associating and using Gab as a platform](https://micahflee.com/2020/06/is-the-whonix-project-run-by-fascists/), including it as a recommendation on PrivacyTools is counter to our [code of conduct](https://github.com/privacytools/.github/blob/master/CODE_OF_CONDUCT.md).
jonah reviewed 2020-07-03 03:48:13 +00:00
jonah left a comment

♥️

♥️
_includes/sections/mobile-operating-systems.html
jonah commented 2020-07-03 03:48:02 +00:00

Most sections seem to be in alphabetical order, while this section seems arbitrary. Is this order intentional? (Alphabetical order also happens to match the order I would recommend them to people, coincidentally)

Most sections seem to be in alphabetical order, while this section seems arbitrary. Is this order intentional? (Alphabetical order also happens to match the order I would recommend them to people, coincidentally)
_includes/sections/operating-systems.html
@ -4,83 +4,83 @@
<strong>If you are currently using an operating system like Windows 10, you should pick an alternative here.</strong>
jonah commented 2020-07-03 03:44:06 +00:00

For the advanced section you have systems in alphabetical order, while this section is reverse. Is this order intentional?

For the advanced section you have systems in alphabetical order, while this section is reverse. Is this order intentional?
_includes/sections/operating-systems.html
@ -30,0 +23,4 @@
privacy-policy="https://ubuntu.com/legal/data-privacy"
git="https://launchpad.net/ubuntu"
%}
jonah commented 2020-07-03 03:42:14 +00:00 
<div class="alert alert-info" role="alert">
  <strong>These options have advanced features and are unique in some way. These options will likely require the user to read technical background documentation.</strong>
</div>
```suggestion <div class="alert alert-info" role="alert"> <strong>These options have advanced features and are unique in some way. These options will likely require the user to read technical background documentation.</strong> </div> ```
jonah commented 2020-07-03 03:42:45 +00:00 
<h1 id="advanced_os" class="anchor"><a href="#advanced_os"><i class="fas fa-link anchor-icon"></i></a> Advanced Operating Systems</h1>
```suggestion <h1 id="advanced_os" class="anchor"><a href="#advanced_os"><i class="fas fa-link anchor-icon"></i></a> Advanced Operating Systems</h1> ```
_includes/sections/tor-operating-systems.html
jonah commented 2020-07-03 03:39:00 +00:00

Gross. Title-case:

<h1 id="tor_os" class="anchor"><a href="#tor_os"><i class="fas fa-link anchor-icon"></i></a> Tor-Focused Distributions</h1>
Gross. Title-case: ```suggestion <h1 id="tor_os" class="anchor"><a href="#tor_os"><i class="fas fa-link anchor-icon"></i></a> Tor-Focused Distributions</h1> ```
jonah commented 2020-07-03 03:40:22 +00:00 
<div class="alert alert-info" role="alert">
  <strong>These Linux distributions are developed with the purpose of directing all network traffic through Tor.</strong>
</div>
```suggestion <div class="alert alert-info" role="alert"> <strong>These Linux distributions are developed with the purpose of directing all network traffic through Tor.</strong> </div> ```
jonah commented 2020-07-03 03:46:15 +00:00

Should we mention...

  description='A Debian-based security-focused Linux distribution. It aims to provide privacy, security and anonymity on the internet. The operating system consists of two virtual machines, a "Workstation" and a Tor "Gateway". All communication are forced through the Tor network to accomplish this. <a href="https://www.whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers">Whonix is best used in conjunction with Qubes.</a>'

?

Should we mention... ```suggestion description='A Debian-based security-focused Linux distribution. It aims to provide privacy, security and anonymity on the internet. The operating system consists of two virtual machines, a "Workstation" and a Tor "Gateway". All communication are forced through the Tor network to accomplish this. <a href="https://www.whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers">Whonix is best used in conjunction with Qubes.</a>' ``` ?
dngray (Migrated from github.com) reviewed 2020-07-03 04:21:41 +00:00
_includes/sections/operating-systems.html
@ -4,83 +4,83 @@
<strong>If you are currently using an operating system like Windows 10, you should pick an alternative here.</strong>
dngray (Migrated from github.com) commented 2020-07-03 04:21:41 +00:00

No, it's not, maybe we should fix that then and just keep with alphabetical.

No, it's not, maybe we should fix that then and just keep with alphabetical.
dngray (Migrated from github.com) reviewed 2020-07-03 04:23:06 +00:00
_includes/sections/mobile-operating-systems.html
dngray (Migrated from github.com) commented 2020-07-03 04:23:06 +00:00

sounds good. we can do that.

sounds good. we can do that.
dngray (Migrated from github.com) reviewed 2020-07-03 04:51:42 +00:00
_includes/sections/tor-operating-systems.html
@ -0,0 +13,4 @@
git="https://git-tails.immerda.ch/tails/"
%}
{% include cardv2.html
dngray (Migrated from github.com) commented 2020-07-03 04:51:42 +00:00

including it as a recommendation on PrivacyTools is counter to our code of conduct.

The code of conduct relates to our platforms, ie what we have control over.

Whonix was already listed previously, and has been since forever. We continue to mention it because purely because of technical merit. It has particular use cases that other distributions do not focus on. Eg. Virtualization, Physical Isolation etc.

My understanding is that the main leader of their team @adrelanos wants to keep things apolitical. That said I do agree some of their community weren't all that professional. Purporting to be a part of the organization before you are is not a good look. Somehow they still made it to being a part of the Whonix organization and were granted control over their social media presence.

I'm also not really interested in people virtue signaling as I don't think this adds to our mission. I don't like Gab or Facebook and I'd never use either, that said I don't think we should be basing our criteria on what social media sites others use.

> including it as a recommendation on PrivacyTools is counter to our [code of conduct](https://github.com/privacytools/.github/blob/master/CODE_OF_CONDUCT.md). The code of conduct relates to our platforms, ie what *we* have control over. Whonix *was* [already](https://github.com/privacytools/privacytools.io/commit/a7cd9597cad2042bfb593f5f62d491ff2247c829#diff-72538f03a46a4c3accfb837fc9b13a04R46) listed previously, and has been since forever. We continue to mention it because purely because of technical merit. It has particular use cases that other distributions do not focus on. Eg. Virtualization, [Physical Isolation](https://www.whonix.org/wiki/Dev/Build_Documentation/Physical_Isolation) etc. My understanding is that the main leader of their team @adrelanos wants to keep things apolitical. That said I do agree [some of their community](https://github.com/privacytools/privacytools.io/issues/474#issuecomment-457252313) weren't all that professional. Purporting to be a part of the organization before you are is not a good look. Somehow they still made it to being a part of the [Whonix organization](https://github.com/orgs/Whonix/people) and were granted control over their social media presence. I'm also not really interested in people [virtue signaling](https://nitter.net/Whonix/status/1275130040972275712) as I don't think this adds to our mission. I don't like Gab or Facebook and I'd never use either, that said I don't think we should be basing our criteria on what social media sites others use.
freddy-m commented 2020-07-03 09:49:44 +00:00 (Migrated from github.com)
Copy Link

Would Parabola not be a better alternative to Arch, seeing as it was mentioned in the old page as a fully open source alternative?

Would [Parabola](https://www.parabola.nu/) not be a better alternative to Arch, seeing as it was mentioned in the old page as a fully open source alternative?
dngray commented 2020-07-03 14:09:48 +00:00 (Migrated from github.com)
Copy Link

Would Parabola not be a better alternative to Arch, seeing as it was mentioned in the old page as a fully open source alternative?

The reason it was removed was because of maintenance issues iirc.

> Would [Parabola](https://www.parabola.nu/) not be a better alternative to Arch, seeing as it was mentioned in the old page as a fully open source alternative? The reason it was removed was because of maintenance issues iirc.
👍 1
dawidpotocki (Migrated from github.com) requested changes 2020-07-04 04:25:58 +00:00
_includes/sections/operating-systems.html
@ -25,3 +11,4 @@
badges="info:Linux"
website="https://getfedora.org/"
privacy-policy="https://fedoraproject.org/wiki/Legal:PrivacyPolicy?rd=Legal/PrivacyPolicy"
git="https://src.fedoraproject.org/"
dawidpotocki (Migrated from github.com) commented 2020-07-04 04:25:24 +00:00 
  badges="info:Linux"
```suggestion badges="info:Linux" ```
nitrohorse (Migrated from github.com) reviewed 2020-07-04 04:40:17 +00:00
_includes/sections/tor-operating-systems.html
@ -0,0 +13,4 @@
git="https://git-tails.immerda.ch/tails/"
%}
{% include cardv2.html
nitrohorse (Migrated from github.com) commented 2020-07-04 04:40:17 +00:00

The code of conduct relates to our platforms, ie what we have control over.

Yeah, that's what I mean -- PrivacyTools has control over what is recommended and how it's recommended (as card or under "worth mentioning" for instance). You're right that Whonix has always been recommended on the site (not as a card though) but that doesn't mean it can't be re-evaluated.

Gab is a hateful platform--we all know this on the PrivacyTools team and actively moderate our services to protect the community from fascists. Yet the Whonix team continues to deliberately associate and use Gab. Thus from my perspective, by upgrading Whonix to a card (even currently being under "worth mentioning" is a problem) poses a greater problem: How are we able to uphold our CoC goals where "we strive to create a positive environment" and "we pledge to make our community a harassment-free experience for everyone" when software we give visibility and platform to as a recommendation actively chooses to undermine said goals for their community?

> The code of conduct relates to our platforms, ie what _we_ have control over. Yeah, that's what I mean -- PrivacyTools has control over what is recommended and how it's recommended (as card or under "worth mentioning" for instance). You're right that Whonix has always been recommended on the site (not as a card though) but that doesn't mean it can't be re-evaluated. Gab is a [hateful platform](https://en.wikipedia.org/wiki/Gab_(social_network)#Antisemitism_and_violence)--we all know this on the PrivacyTools team and actively moderate our services to protect the community from fascists. _Yet the Whonix team continues to deliberately associate and use Gab._ Thus from my perspective, by upgrading Whonix to a card (even currently being under "worth mentioning" is a problem) poses a greater problem: How are we able to uphold our CoC goals where "we strive to create a positive environment" and "we pledge to make our community a harassment-free experience for everyone" when software we give visibility and platform to as a recommendation actively chooses to undermine said goals for _their_ community?
dngray (Migrated from github.com) reviewed 2020-07-04 07:01:13 +00:00
_includes/sections/tor-operating-systems.html
@ -0,0 +13,4 @@
git="https://git-tails.immerda.ch/tails/"
%}
{% include cardv2.html
dngray (Migrated from github.com) commented 2020-07-04 07:01:12 +00:00

Gab is a hateful platform--we all know this on the PrivacyTools team and actively moderate our services to protect the community from fascists.

There would have to be people on that platform who are not fascists, just as there would be ones on Facebook that are. Neither are endorsed on PrivacyTools.

Yet the Whonix team continues to deliberately associate and use Gab

They also have a Facebook account too, which is a known violator of privacy. I think these are probably only used for outreach and online presence rather than any meaningful communication.

The endorsement for Whonix doesn't suggest users must use all their social media networks. Like we have some people who contact us via email, Matrix, or on our forums. That is up to the user.

It is also not the only way to contact the Whonix team/support, they have forums and other more direct methods of contact, Github etc.

I would not be keen to make this a precedent where all endorsed products must use what we endorse. We would have then turned this argument from one of merit into one of politics. I don't think that's helpful to our mission.

Thus from my perspective, by upgrading Whonix to a card (even currently being under "worth mentioning" is a problem) poses a greater problem: How are we able to uphold our CoC goals where "we strive to create a positive environment" and "we pledge to make our community a harassment-free experience for everyone" when software we give visibility and platform to as a recommendation actively chooses to undermine said goals for their community?

We've moved away from "worth mentioning" cards in general, throughout the site. Something is either good or it is not.

In the case of Whonix vs Tails, they have distinct different use cases, so one is not necessarily better than the other. A card vs "worth mentioning" leads readers to believe one product is a "better solution".

In regard to the CoC that only applies to our platforms, not everywhere else. We cannot be expected to enforce rules/our norms all-over the Internet. I do not also think anyone genuinely expects us to do so either.

> Gab is a [hateful platform](https://en.wikipedia.org/wiki/Gab_(social_network)#Antisemitism_and_violence)--we all know this on the PrivacyTools team and actively moderate our services to protect the community from fascists. There would have to be people on that platform who are not fascists, just as there would be ones on Facebook that are. Neither are endorsed on PrivacyTools. > *Yet the Whonix team continues to deliberately associate and use Gab* They also have a Facebook account too, which is a known violator of privacy. I think these are probably only used for outreach and online presence rather than any meaningful communication. The endorsement for Whonix doesn't suggest users must use all their social media networks. Like we have some people who contact us via email, Matrix, or on our forums. That is up to the user. It is also not the only way to contact the Whonix team/support, they have forums and other more direct methods of contact, Github etc. I would not be keen to make this a precedent where all endorsed products must use what we endorse. We would have then turned this argument from one of merit into one of politics. I don't think that's helpful to our mission. > Thus from my perspective, by upgrading Whonix to a card (even currently being under "worth mentioning" is a problem) poses a greater problem: How are we able to uphold our CoC goals where "we strive to create a positive environment" and "we pledge to make our community a harassment-free experience for everyone" when software we give visibility and platform to as a recommendation actively chooses to undermine said goals for _their_ community? We've moved away from "worth mentioning" cards in general, throughout the site. Something is either good or it is not. In the case of Whonix vs Tails, they have distinct different use cases, so one is not necessarily better than the other. A card vs "worth mentioning" leads readers to believe one product is a "better solution". In regard to the CoC that only applies to *our platforms*, not everywhere else. We cannot be expected to enforce rules/our norms all-over the Internet. I do not also think anyone genuinely expects us to do so either.
nitrohorse (Migrated from github.com) reviewed 2020-07-04 20:12:37 +00:00
_includes/sections/tor-operating-systems.html
@ -0,0 +13,4 @@
git="https://git-tails.immerda.ch/tails/"
%}
{% include cardv2.html
nitrohorse (Migrated from github.com) commented 2020-07-04 20:12:37 +00:00

I would not be keen to make this a precedent where all endorsed products must use what we endorse. We would have then turned this argument from one of merit into one of politics. I don't think that's helpful to our mission.

I think it's important for us to draw a line here though with projects that choose to use Gab for outreach and communication. When a project is recommended on PrivacyTools, we recommend it holistically, not just by its technical merit and code (at least for me that's how I perceive things). When a project is recommended we direct PrivacyTools visitors to those sites and to those communities. Making Whonix (more) visible makes Gab (more) visible and further legitimizes it. My issue is that PrivacyTools would knowingly recommend and bring visibility to a project which knowingly uses Gab.

In regard to the CoC that only applies to our platforms, not everywhere else.

I see PrivacyTools.io as our main platform and thus our CoC covers what PrivacyTools chooses to endorse and recommend.

We cannot be expected to enforce rules/our norms all-over the Internet. I do not also think anyone genuinely expects us to do so either.

Of course, I agree. However, to me and my interpretation of our CoC and its coverage, recommending Whonix would create this problematic connection to some degree for our community: PrivacyTools -> Whonix -> Gab ... PrivacyTools -> Gab. Maybe my understanding of our CoC's enforcement is incorrect. But Gab is the point where I think PrivacyTools should be intolerant which extends to anything we recommend on our platforms if we're really trying to keep our community harrassment-free and inclusive.

> I would not be keen to make this a precedent where all endorsed products must use what we endorse. We would have then turned this argument from one of merit into one of politics. I don't think that's helpful to our mission. I think it's important for us to draw a line here though with projects that choose to use Gab for outreach and communication. When a project is recommended on PrivacyTools, we recommend it holistically, not just by its technical merit and code (at least for me that's how I perceive things). When a project is recommended we direct PrivacyTools visitors to those sites and to those communities. Making Whonix (more) visible makes Gab (more) visible and further legitimizes it. My issue is that PrivacyTools would knowingly recommend and bring visibility to a project which knowingly uses Gab. > In regard to the CoC that only applies to our platforms, not everywhere else. I see PrivacyTools.io as our main platform and thus our CoC covers what PrivacyTools chooses to endorse and recommend. > We cannot be expected to enforce rules/our norms all-over the Internet. I do not also think anyone genuinely expects us to do so either. Of course, I agree. However, _to me and my interpretation of our CoC and its coverage_, recommending Whonix would create this problematic connection to some degree for our community: PrivacyTools -> Whonix -> Gab ... PrivacyTools -> Gab. Maybe my understanding of our CoC's enforcement is incorrect. But Gab is the point where I think PrivacyTools [_should_ be intolerant](https://en.wikipedia.org/wiki/Paradox_of_tolerance) which extends to anything we recommend on our platforms if we're really trying to keep our community harrassment-free and inclusive.
dngray (Migrated from github.com) reviewed 2020-07-05 03:24:20 +00:00
_includes/sections/tor-operating-systems.html
@ -0,0 +13,4 @@
git="https://git-tails.immerda.ch/tails/"
%}
{% include cardv2.html
dngray (Migrated from github.com) commented 2020-07-05 03:24:20 +00:00

I don't think listing Whonix is going to make or break Gab to be honest, see: GAB AI Inc. Annual Report May 27th 2020.

It also appears that the Whonix team have not used it since February 10 so I don't think it is an active account. I also don't see any posts particularly concerning posted by them, so this would be purely based on other people on the platform do elsewhere. That chain is starting to get pretty disconnected.

It would also appear the Whonix organization on Github has gone through a cleanup, since my reply 2 days ago. One of the removed people included the author of the shitty memes and the post used in Micah Lee's main argument.

I don't think listing Whonix is going to make or break Gab to be honest, see: [GAB AI Inc. Annual Report May 27th 2020](https://www.sec.gov/Archives/edgar/data/1709244/000110465920067852/annual_report.pdf). It also appears that the Whonix team have not used it since February 10 so I don't think it is an active account. I also don't see any posts particularly concerning posted by them, so this would be purely based on *other people* on the platform do elsewhere. That chain is starting to get pretty disconnected. It would also appear the [Whonix organization](https://github.com/orgs/Whonix/people) on Github has gone through a cleanup, since [my reply](https://github.com/privacytools/privacytools.io/pull/1969#discussion_r449374397) 2 days ago. One of the removed people included the author of the shitty memes and the post used in Micah Lee's main argument.
dngray commented 2020-07-05 03:46:53 +00:00 (Migrated from github.com)
Copy Link

I think we might swap out Guix for NixOS. We really can't be recommending kernels that have known vulnerabilities for political reasons.

But what is surprising is the "the introduction of binary blobs as arrays of numbers in source code for gen7 i915 gpus." That is actually the Intel Haswell / Ivybridge iGPU Leak mitigation that was worked around for addressing CVE-2019-14615, a.k.a. the Intel iGPU information leakage vulnerability from a few months ago that was corrected promptly for modern Intel Gen graphics but the Gen7/Gen7.5 mitigation took much longer due to working around huge performance penalties initially that occurred.

Those performance issues were resolved and the Intel Ivybridge/Haswell iGPU Leak mitigation was merged in Linux 5.7 to prevent those users on these older generation graphics from potentially being compromised. But GNU Linux-libre 5.7 is unprotected now over the handling of it.

Hopefully the next GNU Linux-libre kernel will end up changing their stance on that, but for now it actually puts their kernel at risk to this Intel iGPU Leak vulnerability. At least from the side of the university researchers that discovered this Intel graphics vulnerability, iGPU Leak can be used for website fingerprinting, AES attacks, and other exposure. Proof of concept code is available and more details via the iGPU-Leak research.

As a result we're also going to be removing the contrib label, as all distributions now are based off a mainline kernel.

CPU mitigations section will also be removed because it is expected that we only recommend distributions which are secure-by-default. If a user has disabled this then they know what they are doing.

I think we might swap out Guix for NixOS. We really can't be recommending kernels that have [known vulnerabilities](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) for political reasons. > But what is surprising is the "*the introduction of binary blobs as arrays of numbers in source code for gen7 i915 gpus.*" That is actually [the Intel Haswell / Ivybridge iGPU Leak mitigation](https://www.phoronix.com/scan.php?page=news_item&px=Linux-5.7-iGPU-Leak-For-Gen7) that was worked around for addressing CVE-2019-14615, a.k.a. [the Intel iGPU information leakage vulnerability](https://www.phoronix.com/scan.php?page=news_item&px=Intel-iGPU-Leak-Details) from a few months ago that was corrected promptly for modern Intel Gen graphics but the Gen7/Gen7.5 mitigation took much longer due to working around huge performance penalties initially that occurred. > > Those performance issues were resolved and the Intel Ivybridge/Haswell iGPU Leak mitigation was merged in Linux 5.7 to prevent those users on these older generation graphics from potentially being compromised. But GNU Linux-libre 5.7 is unprotected now over the handling of it. > > Hopefully the next GNU Linux-libre kernel will end up changing their stance on that, but for now it actually puts their kernel at risk to this Intel iGPU Leak vulnerability. At least from the side of the university researchers that discovered this Intel graphics vulnerability, [iGPU Leak can be used for website fingerprinting, AES attacks, and other exposure](https://www.phoronix.com/scan.php?page=news_item&px=Intel-iGPU-Leak-Details). Proof of concept code is available and more details via the [iGPU-Leak research](https://github.com/HE-Wenjian/iGPU-Leak). As a result we're also going to be removing the contrib label, as all distributions now are based off a mainline kernel. CPU mitigations section will also be removed because it is expected that we only recommend distributions which are secure-by-default. If a user has disabled this then they know what they are doing.
👍 2
nitrohorse (Migrated from github.com) reviewed 2020-07-05 17:27:04 +00:00
_includes/sections/tor-operating-systems.html
@ -0,0 +13,4 @@
git="https://git-tails.immerda.ch/tails/"
%}
{% include cardv2.html
nitrohorse (Migrated from github.com) commented 2020-07-05 17:27:04 +00:00

Whether or not Gab is losing revenue or Whonix hasn't used their Gab account for several months isn't a strong argument from my perspective. The time between their postings on Gab have ranged from several months to almost a year. I'm also not convinced that since they've updated their GitHub org now their association with Gab has changed. Their profile still exists, a link to their Gab profile in their site's footer still exists , and they haven't clarified publically their position to Micah or other folx who've reached out to them. So my concerns still stand.

Also, @dawidpotocki, continuing to resolve this discussion before it's actually resolved isn't helpful.

Whether or not Gab is losing revenue or Whonix hasn't used their Gab account for several months isn't a strong argument from my perspective. The time between their postings on Gab have ranged from several months to almost a year. I'm also not convinced that since they've updated their GitHub org now their association with Gab has changed. Their profile still exists, a link to their Gab profile in their site's footer still exists , and they haven't clarified publically their position to Micah or other folx who've reached out to them. So my concerns still stand. Also, @dawidpotocki, continuing to resolve this discussion before it's actually resolved isn't helpful.
jonah reviewed 2020-07-05 20:29:36 +00:00
jonah left a comment

Thanks @dngray

Thanks @dngray
jonah reviewed 2020-07-05 20:36:19 +00:00
_includes/sections/tor-operating-systems.html
@ -0,0 +13,4 @@
git="https://git-tails.immerda.ch/tails/"
%}
{% include cardv2.html
jonah commented 2020-07-05 20:36:19 +00:00

I feel perhaps as if this is outside the scope of this particular PR anyhow, which is cleanup, and deserves a separate issue (and therefore I have approved this PR). I would say this is a concern, but the Whonix team seems to have an interesting/misguided sense of what is political and what is not (see https://www.whonix.org/wiki/Official_Whonix_Online_Profiles#Selection_of_Platforms and https://www.whonix.org/wiki/Warning#Unsubstantiated_Conclusions)...

I think it's important for us to draw a line here though with projects that choose to use Gab for outreach and communication. When a project is recommended on PrivacyTools, we recommend it holistically, not just by its technical merit and code (at least for me that's how I perceive things).

I feel like this is a factor in whether or not to recommend Whonix, but it is one factor out of many. Whonix is also a long-standing project in the Tor community, a project that the Qubes project (another project well respected by security and privacy experts) trusts to use by default for Tor communication, and possibly the only way to browse Tor for users who are concerned about OS exploits de-anonymizing them (see: Facebook & TAILS exploit). These are all factors that also need to be considered, and FMPOV overall if anybody asked me what the most secure way to brose Tor was, I would still comfortably recommend the use of Whonix (+Qubes) every time.

I feel perhaps as if this is outside the scope of this particular PR anyhow, which is cleanup, and deserves a separate issue (and therefore I have approved this PR). I would say this is a concern, but the Whonix team seems to have an interesting/misguided sense of what is political and what is not (see https://www.whonix.org/wiki/Official_Whonix_Online_Profiles#Selection_of_Platforms and https://www.whonix.org/wiki/Warning#Unsubstantiated_Conclusions)... > I think it's important for us to draw a line here though with projects that choose to use Gab for outreach and communication. When a project is recommended on PrivacyTools, we recommend it holistically, not just by its technical merit and code (at least for me that's how I perceive things). I feel like this is _a_ factor in whether or not to recommend Whonix, but it is _one_ factor out of _many_. Whonix is also a long-standing project in the Tor community, a project that the Qubes project (another project well respected by security and privacy experts) trusts to use by default for Tor communication, and possibly _the_ only way to browse Tor for users who are concerned about OS exploits de-anonymizing them (see: Facebook & TAILS exploit). These are all factors that _also_ need to be considered, and FMPOV overall if anybody asked me what the most secure way to brose Tor was, I would still comfortably recommend the use of Whonix (+Qubes) every time.
nitrohorse (Migrated from github.com) reviewed 2020-07-05 21:30:18 +00:00
_includes/sections/tor-operating-systems.html
@ -0,0 +13,4 @@
git="https://git-tails.immerda.ch/tails/"
%}
{% include cardv2.html
nitrohorse (Migrated from github.com) commented 2020-07-05 21:30:18 +00:00

I feel perhaps as if this is outside the scope of this particular PR anyhow, which is cleanup, and deserves a separate issue (and therefore I have approved this PR).

To me this PR doesn't represent just cleanup: we're giving Whonix more visibility and legitimacy now as a card and thus inherently doing the same for Gab. What makes more sense to me is PR'ing Whonix to a card with a separate issue / PR.

I feel like this is a factor in whether or not to recommend Whonix, but it is one factor out of many.

Maybe I'm really off here, in the minority with the team, and misinterpreting our CoC. But to me--even taking into account a project's technical merit--not tolerating Gab nor a project's deliberate usage of Gab is consistent with our CoC and a precendent we need to set.

> I feel perhaps as if this is outside the scope of this particular PR anyhow, which is cleanup, and deserves a separate issue (and therefore I have approved this PR). To me this PR doesn't represent just cleanup: we're giving Whonix more visibility and legitimacy now as a card and thus inherently doing the same for Gab. What makes more sense to me is PR'ing Whonix to a card with a separate issue / PR. > I feel like this is a factor in whether or not to recommend Whonix, but it is one factor out of many. Maybe I'm really off here, in the minority with the team, and misinterpreting our CoC. But to me--even taking into account a project's technical merit--not tolerating Gab nor a project's deliberate usage of Gab is consistent with our CoC and a precendent we need to set.
dngray (Migrated from github.com) reviewed 2020-07-06 06:01:19 +00:00
_includes/sections/tor-operating-systems.html
@ -0,0 +13,4 @@
git="https://git-tails.immerda.ch/tails/"
%}
{% include cardv2.html
dngray (Migrated from github.com) commented 2020-07-06 06:01:19 +00:00

To me this PR doesn't represent just cleanup: we're giving Whonix more visibility and legitimacy now as a card and thus inherently doing the same for Gab.

Well it is in regard to grouping things together, ie "Tor focused distributions" and doing away with "Worth mentioning" lists. We've done a similar thing with the web browsing extensions page.

What makes more sense to me is PR'ing Whonix to a card with a separate issue / PR.

Not really, because that means we can't do away with "Worth mentioning" it also means that we would have a group with just Tails by itself, which would look silly. Tor focused distributions like Tails and Whonix have a very specific use case and that is enforcing Torification of all outgoing/incoming connections. This usecase would be unsuitable for someone who does not want to use Tor, or wants a general purpose operating system, hence the reason for splitting it off.

not tolerating Gab nor a project's deliberate usage of Gab is consistent with our CoC

Well they haven't displayed any overt behavior that is at odds with our CoC, they are only guilty of using a social network that we don't find desirable - albeit minimally along with a list of other undesirable social networks (they pretty much seem to have an official account for everything).

> To me this PR doesn't represent just cleanup: we're giving Whonix more visibility and legitimacy now as a card and thus inherently doing the same for Gab. Well it is in regard to grouping things together, ie "Tor focused distributions" and doing away with "Worth mentioning" lists. We've done a similar thing with the web browsing extensions page. > What makes more sense to me is PR'ing Whonix to a card with a separate issue / PR. Not really, because that means we can't do away with "Worth mentioning" it also means that we would have a group with just Tails by itself, which would look silly. Tor focused distributions like Tails and Whonix have a very specific use case and that is enforcing Torification of all outgoing/incoming connections. This usecase would be unsuitable for someone who does not want to use Tor, or wants a general purpose operating system, hence the reason for splitting it off. > not tolerating Gab nor a project's deliberate usage of Gab is consistent with our CoC Well they haven't displayed any overt behavior that is at odds with our CoC, they are only guilty of using a social network that we don't find desirable - albeit minimally along with a list of other undesirable social networks (they pretty much seem to have an official account for everything).
dngray commented 2020-07-06 07:50:19 +00:00 (Migrated from github.com)
Copy Link

We should have an onion image for this I think:

onion_icon

Then I think it's good to go.

We should have an onion image for this I think: ![onion_icon](https://user-images.githubusercontent.com/48640805/86568997-4cd34780-bf5d-11ea-80e3-4d75b79de8ee.png) Then I think it's good to go.
nitrohorse (Migrated from github.com) reviewed 2020-07-07 02:01:13 +00:00
_includes/sections/tor-operating-systems.html
@ -0,0 +13,4 @@
git="https://git-tails.immerda.ch/tails/"
%}
{% include cardv2.html
nitrohorse (Migrated from github.com) commented 2020-07-07 02:01:13 +00:00

that means we can't do away with "Worth mentioning" it also means that we would have a group with just Tails by itself, which would look silly.

To me, the formatting and layout of not upgrading Whonix to a card (or removing Whonix altogether) is a non-issue. Not tolerating Gab nor a project's deliberate usage of Gab for us to be consistent with our CoC is the stance that has the strongest merit in my mind.

Well they haven't displayed any overt behavior that is at odds with our CoC, they are only guilty of using a social network that we don't find desirable.

Gab isn't just a social network I find undesirable. It's specifically a fascist cesspit (fundamentally breaking our CoC) that Whonix has chosen to use to direct their users to and to welcome Gab users into the Whonix community (besides the actual content of their Gab messages). And they've deliberately ignored questioning to the point of losing potential funding.

> that means we can't do away with "Worth mentioning" it also means that we would have a group with just Tails by itself, which would look silly. To me, the formatting and layout of not upgrading Whonix to a card (or removing Whonix altogether) is a non-issue. Not tolerating Gab nor a project's deliberate usage of Gab for us to be consistent with our CoC is the stance that has the strongest merit in my mind. > Well they haven't displayed any overt behavior that is at odds with our CoC, they are only guilty of using a social network that we don't find desirable. Gab isn't just a social network I find undesirable. It's specifically a [fascist cesspit](https://en.wikipedia.org/wiki/Gab_(social_network)#Antisemitism_and_violence) (fundamentally breaking our CoC) that Whonix has chosen to use to direct their users to and to welcome Gab users into the Whonix community (besides the actual content of their Gab messages). And they've deliberately ignored questioning to the point of losing potential funding.
nitrohorse (Migrated from github.com) reviewed 2020-07-07 02:07:28 +00:00
_includes/sections/operating-systems.html
nitrohorse (Migrated from github.com) commented 2020-07-07 02:07:28 +00:00 
  description='Ubuntu is a Linux distribution developed by Canonical Ltd. Ubuntu is a reliable and distribution that is user-friendly and can be run on desktops, servers, and IoT devices.'
```suggestion description='Ubuntu is a Linux distribution developed by Canonical Ltd. Ubuntu is a reliable and distribution that is user-friendly and can be run on desktops, servers, and IoT devices.' ```
danarel (Migrated from github.com) reviewed 2020-07-07 16:14:44 +00:00
_includes/sections/tor-operating-systems.html
@ -0,0 +13,4 @@
git="https://git-tails.immerda.ch/tails/"
%}
{% include cardv2.html
danarel (Migrated from github.com) commented 2020-07-07 16:14:44 +00:00

I don't expect it to make a difference, but I wanted to chime in and say I am opposed to including Whonix as well.

I don't expect it to make a difference, but I wanted to chime in and say I am opposed to including Whonix as well.
freddy-m commented 2020-07-08 10:30:52 +00:00 (Migrated from github.com)
Copy Link

@dngray I just remembered about Hyperbola, another open source, Arch alternative. It seems to be getting updates, though from the site it says that they are "planning on implementing a completely new OS derived from several BSD implementations". Nonetheless, though that it was worth mentioning.

@dngray I just remembered about [Hyperbola](https://www.hyperbola.info/), another open source, Arch alternative. It seems to be [getting updates](https://git.hyperbola.info:50100/), though from the site it says that they are ["planning on implementing a completely new OS derived from several BSD implementations"](https://www.hyperbola.info/news/announcing-hyperbolabsd-roadmap/). Nonetheless, though that it was worth mentioning.
dngray commented 2020-07-08 13:39:03 +00:00 (Migrated from github.com)
Copy Link

Nonetheless, though that it was worth mentioning.

Thanks, I'll keep an eye on it. At this time it is too young to be added.

> Nonetheless, though that it was worth mentioning. Thanks, I'll keep an eye on it. At this time it is too young to be added.
👍 1
jonah approved these changes 2020-07-08 17:51:18 +00:00
blacklight447 (Migrated from github.com) approved these changes 2020-07-09 21:19:19 +00:00
This repo is archived. You cannot comment on pull requests.
Reviewers
No reviewers
jonah
dawidpotocki
blacklight447
Labels
Clear labels   
🔍🤖 Search Engines

   
approved

approved, waiting for a PR

  
dependencies

Pull requests that update a dependency file

  
duplicate

   
feedback wanted

   
high priority

   
I2P

The Invisible Internet Project (I2P)

  
iOS

   
low priority

   
OS

Operating Systems

  
Self-contained networks

   
Social media

   
stale

A label for stalebot if it gets added

  
streaming

Anything related to media streaming.

  
todo

   
Tor

Anything covering the Tor network

  
WIP

active work in progress, do not merge or PR (yet)!

  
wontfix

Issues or bugs that will not be fixed and/or do not have significant impact on the project.

  
XMPP

Extensible Messaging and Presence Protocol

  
[m]

Matrix protocol

  
₿ cryptocurrency

   
ℹ️ help wanted

   
↔️ file sharing

   
⚙️ web extensions

Browser Extension related issues

  
enhancement

   
software removal

   
💬 discussion

   
🤖 Android

   
🐛 bug

   
💢 conflicting

   
📝 correction

Correction of content on the website

  
🆘 critical

   
📧 email

   
🔒 file encryption

   
📁 file storage

   
🦊 Firefox

Firefox & forks, about:config etc.

  
💻 hardware

   
🌐 hosting

   
🏠 housekeeping

Anything primarily related to site cleanup.

  
🔐 password managers

   
🧰 productivity tools

   
🔎 research required

   
🌐 Social News Aggregators

   
🆕 software suggestion

   
👥 team chat

   
🔒 VPN

Virtual Private Network

  
🌐 website issue

*Technical* issues with the website.

  
🚫 Windows

   
👁️ browsers

   
🖊️ digital notebooks

   
🗄️ DNS

Domain Name System

  
🗨️ instant messaging (im)

   
🇦🇶 translations

Anything covering a translated version of the site

No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
enhancement
software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: privacyguides/privacytools.io#1969
No description provided.
Delete Branch "pr-operating_system_new"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?