this post was submitted on 20 Aug 2024
6 points (62.5% liked)
Linux
5288 readers
405 users here now
A community for everything relating to the linux operating system
Also check out !linux_memes@programming.dev
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Not going to trust a distribution from China, even if it does claim to be open source.
(There it is, the needed china = malware comment)
Lol meanwhile trusting US software?
The difference is that laws in China require companies doing business in China provide the Chinese government with means to access all data crossing Chinese borders or involving persons of interest. You can read the DSL of China yourself; and consider that nearly every executive of any significant Chinese company also holds an office of some sort in the Chinese government, there are a vast number of Chinese nationals who are considered "persons of interest" to the national security of China and therefore fall under the DSL purview.
Any company building or selling software in China has to provide the Chinese government with access to data collected in China, or outside of China if it involves persons of interest for national security. Like I said, find the DSL and read it yourself, or read an InfoSec analysis of it from a company you trust - you don't have to take my word for it.
This immediately puts Chinese software into a different category of risk than non-Chinese software. Of course, the US could twist arms to get companies to put backdoors in software. But it's a false equivalency to say that they're the same. When the US does it, they have to do it covertly, and there's always the risk of a leak. When Chinese companies do it, they're doing it because Chinese data laws require them to.
Thanks for the clarification. If they dont collect data that would be unproblematic. If they do, of course this is extremely problematic.
but not every OS collects and transfers user data to its vendor like the very good American MacOS and Windows do.
This is very true; that's just plain Capitalism, and the government takes advantage of that through simply asking for the data.
It's a great reason to never use MS or Apple software.
I'm stuck on Android, which is no better, at least until someone sells a phone that is reasonably usable as a reliably daily driver. So, I assume everything going through my phone is surveilled. It's the price I pay for not wanting to limit myself to a dumb phone; a minimalist phone that will allowed me to use a P2P encrypted chat client would be sufficient; I'd even accept Signal, although I'm not a fan. But phones like the Light Phone are just too dumb, and none provide any sort of encrypted chat. Linux based phones (or, a phone-oriented Linux distro) are almost there, though, and I'm ready to jump when one gets a decent review.
The great thing about it being open source though, is even if it does have government mandated tracking, it's probably relatively easy to a create a fork without the tracking
Sure. If anyone is willing to put in that effort; I'm not going to audit all that code.
Does Deepin have its own package sources? B/c if so, you also have you audit all of the third-party packages for trojans, too.