What privacy is lost with other Linux distros or desktop environments?

Close to ordering Mini 2. Questions:

1- What is lost from a privacy standpoint if I install another Linux distro than Pure OS?

2- What is lost from a privacy standpoint if I install another desktop environment on PureOS and don’t use GNOME?

3- Is PureOS/GNOME needed for proper Librem Key functionality? On other DEs does the removal of the Librem key lock the Mini2 properly like on GNOME?

Thanks

hello and welcome !

proprietary code is a black-box. we can’t say for CERTAIN if it does something specific or NOT but we can choose not to allow our compute environment to contain any such POTENTIAL malware …

that being said, your mileage may vary but if you get the standard Librem-Mini-v2 then you will also get PureOS-10-Byzantium (development version) so you are SAFER than most …

if your requirements for LESS blobs are more stringent and you KNOW why that IS then you are better off looking somewhere else (mainly the HW recommended by the FSF)

1 Like

1 - There is very little in terms of privacy compromises for most Linux distributions. Ubuntu had some controversy about a decade ago with its Dash search but I do not know any recent issues. You are likely very safe in nearly any OS choice for privacy by default.

2 - Similar to your OS choice, I am unaware of any data sharing agreements between KDE, for example, and any third parties. I believe both KDE and GNOME have statements emphasizing their dedication to data privacy.

3 - I cannot speak on this item.

1 Like

It depends on the hardware.

If you are talking about Purism hardware then the hardware is chosen so that it works with PureOS without blobs. That means that it should work with other Linux distros, particularly those in the Debian family, without blobs.

There is a small risk that another distro might try to replace an open driver with a closed driver that offers more functionality - but in theory you should be able to control that. (On PureOS the closed driver simply wouldn’t exist.)

Likewise if you add further hardware yourself there is a question over whether the operating system will add closed software (driver or firmware). PureOS definitely won’t. Other distros might.

It’s not like you are locked into one distro for life, or even limited to one distro.

2 Likes

PureOS has a forked version of Firefox ESR which is configured by default for a bit more privacy. It has the extensions PrivacyBadger (to block invisible trackers), HTTPS Everywhere (to always use https when possible) and UBlock Origin installed by default, whereas with other distros you will have add these extensions yourself (which isn’t hard, but you might not think to do it). Purism is switching to GNOME Web (i.e. Epiphany) where it can more easily add code than with Firefox. See: https://puri.sm/posts/an-epiphany-regarding-purebrowser/
(The last time I installed PureOS, Google was still the default search engine in its Firefox ESR, so you might want to do future configuration)

There are probably a few other things. PureOS doesn’t offer for you to participate in a poll of what applications you have installed like Debian does. I see that PureOS has some of its own custom packages, which it presumably modified from the Debian packages:

$ sudo dpkg -l | grep -i pureos
ii  apparmor                              2.13.2-10pureos1                     amd64        user-space parser utility for AppArmor
ii  apparmor-profiles                     2.13.2-10pureos1                     all          experimental profiles for AppArmor security policies
ii  base-files                            10.1pureos6                          amd64        PureOS base system miscellaneous files
ii  bsdutils                              1:2.33.1-0.1pureos1                  amd64        basic utilities from 4.4BSD-Lite
ii  cron                                  3.0pl1-130pureos1                    amd64        process scheduling daemon
ii  dirmngr                               2.2.12-1pureos2                      amd64        GNU privacy guard - network certificate management service
ii  dpkg                                  1.19.7pureos1                        amd64        Debian package management system
ii  fdisk                                 2.33.1-0.1pureos1                    amd64        collection of partitioning utilities
ii  flashrom                              1.1.0-0pureos1                       amd64        Identify, read, write, erase, and verify BIOS/ROM/flash chips
ii  gdm3                                  3.30.2-1pureos1                      amd64        GNOME Display Manager
ii  gir1.2-gdm-1.0:amd64                  3.30.2-1pureos1                      amd64        GObject introspection data for the GNOME Display Manager
ii  gnome-boxes                           3.30.3-2pureos1                      amd64        Simple GNOME app to access remote or virtual systems
ii  gnome-control-center                  1:3.30.3-1pureos1                    amd64        utilities to configure the GNOME desktop
ii  gnome-control-center-data             1:3.30.3-1pureos1                    all          configuration applets for GNOME - data files
ii  gnome-initial-setup                   3.30.0-1pureos5                      amd64        Initial GNOME system setup helper
ii  gnome-session                         3.30.1-2pureos1                      all          GNOME Session Manager - GNOME 3 session
ii  gnome-session-bin                     3.30.1-2pureos1                      amd64        GNOME Session Manager - Minimal runtime
ii  gnome-session-common                  3.30.1-2pureos1                      all          GNOME Session Manager - common files
ii  gnome-software                        3.30.6-5pureos1                      amd64        Software Center for GNOME
ii  gnome-software-common                 3.30.6-5pureos1                      all          Software Center for GNOME (common files)
ii  gnome-software-plugin-flatpak         3.30.6-5pureos1                      amd64        Flatpak support for GNOME Software
ii  gnupg                                 2.2.12-1pureos2                      all          GNU privacy guard - a free PGP replacement
ii  gnupg-l10n                            2.2.12-1pureos2                      all          GNU privacy guard - localization files
ii  gnupg-utils                           2.2.12-1pureos2                      amd64        GNU privacy guard - utility programs
ii  gpg                                   2.2.12-1pureos2                      amd64        GNU Privacy Guard -- minimalist public key operations
ii  gpg-agent                             2.2.12-1pureos2                      amd64        GNU privacy guard - cryptographic agent
ii  gpg-wks-client                        2.2.12-1pureos2                      amd64        GNU privacy guard - Web Key Service client
ii  gpg-wks-server                        2.2.12-1pureos2                      amd64        GNU privacy guard - Web Key Service server
ii  gpgconf                               2.2.12-1pureos2                      amd64        GNU privacy guard - core configuration utilities
ii  gpgsm                                 2.2.12-1pureos2                      amd64        GNU privacy guard - S/MIME version
ii  gpgv                                  2.2.12-1pureos2                      amd64        GNU privacy guard - signature verification tool
ii  grub-common                           2.02+dfsg1-4pureos1                  amd64        GRand Unified Bootloader (common files)
ii  grub-pc                               2.02+dfsg1-4pureos1                  amd64        GRand Unified Bootloader, version 2 (PC/BIOS version)
ii  grub-pc-bin                           2.02+dfsg1-4pureos1                  amd64        GRand Unified Bootloader, version 2 (PC/BIOS binaries)
ii  grub-theme-pureos                     1.7                                  all          GRand Unified Bootloader PureOS theme
ii  grub2-common                          2.02+dfsg1-4pureos1                  amd64        GRand Unified Bootloader (common files for version 2)
ii  initramfs-tools                       0.132pureos1                         all          generic modular initramfs generator (automation)
ii  initramfs-tools-core                  0.132pureos1                         all          generic modular initramfs generator (core tools)
ii  libapparmor1:amd64                    2.13.2-10pureos1                     amd64        changehat AppArmor library
ii  libblkid1:amd64                       2.33.1-0.1pureos1                    amd64        block device ID library
ii  libfdisk1:amd64                       2.33.1-0.1pureos1                    amd64        fdisk partitioning library
ii  libgdm1                               3.30.2-1pureos1                      amd64        GNOME Display Manager (shared library)
ii  libmount1:amd64                       2.33.1-0.1pureos1                    amd64        device mounting library
ii  libnss-myhostname:amd64               241-7pureos0.2                       amd64        nss module providing fallback resolution for the current hostname
ii  libopenexr23:amd64                    2.2.1-4pureos1                       amd64        runtime files for the OpenEXR image library
ii  libpam-systemd:amd64                  241-7pureos0.2                       amd64        system and service manager - PAM module
ii  libplymouth4:amd64                    0.9.3-3pureos1                       amd64        graphical boot animation and logger - shared libraries
ii  libsmartcols1:amd64                   2.33.1-0.1pureos1                    amd64        smart column output alignment library
ii  libsystemd0:amd64                     241-7pureos0.2                       amd64        systemd utility library
ii  libudev1:amd64                        241-7pureos0.2                       amd64        libudev shared library
ii  libuuid1:amd64                        2.33.1-0.1pureos1                    amd64        Universally Unique ID library
ii  lsb-base                              10.2019031300pureos1                 all          Linux Standard Base init script functionality
ii  lsb-release                           10.2019031300pureos1                 all          Linux Standard Base version reporting utility
ii  mount                                 2.33.1-0.1pureos1                    amd64        tools for mounting and manipulating filesystems
ii  p7zip                                 16.02+dfsg-6pureos1                  amd64        7zr file archiver with high compression ratio
ii  p7zip-full                            16.02+dfsg-6pureos1                  amd64        7z and 7za file archivers with high compression ratio
ii  papirus-icon-theme                    20171102-0pureos1                    all          Papirus Icon Theme
ii  plymouth                              0.9.3-3pureos1                       amd64        boot animation, logger and I/O multiplexer
ii  plymouth-label                        0.9.3-3pureos1                       amd64        boot animation, logger and I/O multiplexer - label control
ii  plymouth-theme-pureos                 1.7                                  all          Graphical boot animation and logger -  PureOS Theme
ii  plymouth-themes                       0.9.3-3pureos1                       amd64        boot animation, logger and I/O multiplexer - themes
ii  pureos-archive-keyring                2016.09                              all          GnuPG archive keys of the PureOS archive
ii  pureos-artwork-base                   1.7                                  all          Basic artwork for PureOS desktop systems
ii  pureos-gnome                          0.9.7                                amd64        PureOS GNOME desktop system
ii  pureos-gnome-settings                 0.7.1                                all          Default settings for the PureOS GNOME desktop
ii  pureos-init-disk-crypto               0.3.2~po9u1                          all          Initialize disk encryption passwords on OEM installations
ii  pureos-minimal                        0.9.7                                amd64        Minimal core of PureOS
ii  pureos-security-hardening             0.0.1                                all          Security hardening for PureOS
ii  pureos-standard                       0.9.7                                amd64        PureOS standard system
ii  pureos-theme-gnome                    1.7                                  all          PureOS style for the GNOME desktop
ii  pureos-webext                         0.9.7                                amd64        PureOS web browser extensions
ii  python-apt                            1.8.4pureos3                         amd64        Python interface to libapt-pkg
ii  python-apt-common                     1.8.4pureos3                         all          Python interface to libapt-pkg (locales)
ii  python3-apt                           1.8.4pureos3                         amd64        Python 3 interface to libapt-pkg
ii  qemu-kvm                              1:3.1+dfsg-2pureos1+po9u1            amd64        QEMU Full virtualization on x86 hardware
ii  qemu-system-common                    1:3.1+dfsg-2pureos1+po9u1            amd64        QEMU full system emulation binaries (common files)
ii  qemu-system-data                      1:3.1+dfsg-2pureos1+po9u1            all          QEMU full system emulation (data files)
ii  qemu-system-gui                       1:3.1+dfsg-2pureos1+po9u1            amd64        QEMU full system emulation binaries (user interface and audio support)
ii  qemu-system-x86                       1:3.1+dfsg-2pureos1+po9u1            amd64        QEMU full system emulation binaries (x86)
ii  qemu-utils                            1:3.1+dfsg-2pureos1+po9u1            amd64        QEMU utilities
ii  rfkill                                2.33.1-0.1pureos1                    amd64        tool for enabling and disabling wireless devices
ii  scdaemon                              2.2.12-1pureos2                      amd64        GNU privacy guard - smart card support
ii  systemd                               241-7pureos0.2                       amd64        system and service manager
ii  systemd-sysv                          241-7pureos0.2                       amd64        system and service manager - SysV links
ii  udev                                  241-7pureos0.2                       amd64        /dev/ and hotplug management daemon
ii  util-linux                            2.33.1-0.1pureos1                    amd64        miscellaneous system utilities
ii  uuid-runtime                          2.33.1-0.1pureos1                    amd64        runtime components for the Universally Unique ID library

I assume that Purism has added a bit more strict apparmor configuration than Debian, and GPG is installed by default.

I don’t think the DE makes any difference. I don’t know of any Linux DE that is collects your info and I’m pretty sure that Debian would make it easy to disable that function if one did.

You can use the Librem Key with any distro that has an unencrypted /boot directory. See:

https://docs.puri.sm/PureBoot/GettingStarted.html

I’m not sure.

1 Like

reC
Thank you. Are you indicating that there is proprietary code in PureOS or that proprietary code is avoided by using PureOS?

Thanks everyone. I like what Purism is doing, like PureOS, but just really dislike GNOME. I’ve got PureOS with Budgie DE in a VM and like that much better. I surmise from your posts that I could get a Mini v2, with PureOS, and a DE of my choice and still maintain the rich security and privacy inherent to PureOS and also be able to use the Librem Key.

I don’t think that is default functionality anyway. Purism provides a half dozen lines of config to make this happen. You can see details here:

https://docs.puri.sm/Librem_Key/Getting_Started/User_Manual.html#automatically-lock-the-desktop-when-removing-the-librem-key

It looks Gnome-specific to me. However, depending on your level of sophistication, you can probably adapt that to any DE that exposes any kind of API for locking and unlocking. The hooks are there. It is just down to what the DE can do.

Proprietary code is avoided by using PureOS.

Purism takes a purist (hardline) approach to proprietary code. It must be avoided.

PureOS is purer than many Linux distros but it is all relative. All Linux distros are vastly more pure than e.g. Windows.

There are other free OS as well if you don’t like pureos. Can always use other fsf endorsed with my main suggestions being trisquel or parabola.