Debian User Forums

I'm the first one to admit this, some of my paranoia might be unjust. Some I haven't really bothered to think of why I'm feeling the way I do about, and as long as I don't have to run them I don't really bother to look into it.

Only rule, no systemd because we don't need another of those threads.

* Electron
No idea why really. I just have this feeling that it will blow up some day and be the next Heartbleed.

* WordPress
It's so popular so people will always try to find new exploits in it. If I have to use it I prefer to run it in a container, on a different computer, in another room, preferably without internet connection.

* Anything Facebook/Google/Microsoft
It might have nice feature and all but their main goal is to earn money out of your surfing habits so they will use it in some way you didn't think they'd use it.

* Node.js
What I've heard its dependency hell and I feel a bit paranoid whenever people download things from the net without checking it for harmful code. Even containers break sometimes.

* Telegram messenger
Sorry, but the whole thing with closed source servers rub me the wrong way. Feels like the authorities just are waiting for The Reason to break it and log everything.

Bash

Also, anything with a GUI

* Anything Facebook/Google/Microsoft

I'm with you on these. No FB here. I do have a Google account as it's essential for several things I do. I like to think I'm like an amoeba floating down the digital stream amongst the school of fish that are Google's main data scraping/advertising targets. I use Startpage to avoid their targeted advertising.
As for MS, I use Win10 for gaming and have it stripped out within an inch of it's life using the Win10Privacy utility.
Also use Telegram and Slack, but for some incomprehensible reason I'm less concerned about Telegram.
As for native Linux programs I have no particular concerns but I always install security updates promptly.

Anything that I have to pay for but then find that I don't own it.

I don't have a problem with paying for software, well, within reason anyway. But the price gouging that happens with anything MS related is just that. To be asked to pay a thousand dollars, or more, and then find that it's only good for a year and comes with crippleware if operated beyond that time or on more than one machine is just beyond my ken. Commercial accounting products are the worst offenders and I simply refuse to use them.

More recently, not just software but also websites where my privacy is not respected and my personal information is seen as a commodity that can be had for free but sold for their profit. My attitude here is that it's my information and isn't for sale.

Oh yeah, Dropbox. If I was an evil mastermind I would totally invent that only to get hold of people's bits and pieces and secrets. Hm... That sounded a bit overly paranoid, let's say I don't like it because it's a probable target for hacking instead Any information I save to "the cloud" I prefer to have encrypted. Not that I think I have anything worth stealing, I just think it's better to have good routines for externally saved data.

I also don't use web based password managers, I don't want to have to change all my password just because someone else forgot to upgrade their server.

directly correlates to their user base.
more users == more reason to be paranoid
usually the facts also correlate with that.
examples:
ubuntu more than archlinux
whatsapp more than facebook

Well, really, non free software. Both because I can't be assured of who is/who isn't listening at the other end, and also free software just tends to work better.

My personal paranoia (wow, that sounds like a whole other meeting) depends a lot on the people behind the software. As an example, even if Windows was open source I wouldn't trust it mostly because Microsoft don't own up on their bugs. I can understand if they're not open about it while they're working on a fix, but Microsoft have kept quiet about bugs for months and straight out denied the existence. Not good for my future trust.

Paranoia?

Anything hooked up to a CAT5 or wireless connection.

Someone is listening and logging.
Either corporations to monetize you, or governments to control and surveil you.

Though the Redmond garbage is infested with backdoors to every greedy scammer in creation, the Unix platforms are certainly open doors to government actors. Snowden had no new news when he stated that Debian had been pwned by the Feds.

Think about it.
It was Darpa that started the internet itself, and slowly morphed into Western oversight agencies in charge of net development. Mod-heartbeat was one such project. take a good look into its developers. And similar folk. Academics and musicians. Yeah, right.

The other thing I absolutely do not trust is updates. The ideal attack vector. Comes in as unsourced binary code, in an era when 'certificates' can certainly be spoofed if one has the tech to manipulate certificate servers.

The only platform I come even barely close to trusting these days is XP. Newer boogers cant run on it, as all the new stuff is using .Net4.

I'll start to trust my newer Linux system after a few years. In the meantime I will try to kill anything with a login promt to the WAN on it.


Time to run off and shine my tinfoil hat.

Anything related to Fitbit/exercise applications: I am uncomfortable with highly sensitive personal health data being transmitted over unsecured wireless connections to who knows where.

"Cloud" storage: Do companies own the rights to uploaded content? My biggest fear is to work on something I pour my heart and soul into (e.g. a digital painting) only to have some company claim it as their own because I uploaded a backup copy online.

Pretty much any service or software made by any of the PRISM partners. (Facebook/Google/Microsoft/Apple/Amazon)

I don't like Telegram just because the default mode is insecure, secure chat should be the default. It's not really a secure messenger, more like a messenger that had some security pinned to the side of it later on.

debiman wrote:directly correlates to their user base.
more users == more reason to be paranoid
usually the facts also correlate with that.
examples:
ubuntu more than archlinux
whatsapp more than facebook

Facebook has more users then Whatsapp, also it's owned by Facebook. Also sometimes more users means more ability to resolve security issues.

If you are really paranoid about microsoft, like some seem to be, I wonder what you think about the fact that Microsoft sponsors Linux and also Debian.

I'm paranoid about everything.

pylkko wrote:Microsoft sponsors Linux and also Debian.

Don't you mean supports? Giving us money is one thing. Giving us code is entirely different. And if that code is open source, I'm ok with that.

phenest wrote:

pylkko wrote:Microsoft sponsors Linux and also Debian.

Don't you mean supports? Giving us money is one thing. Giving us code is entirely different. And if that code is open source, I'm ok with that.

No, I mean as in Microsoft sponsoring (with real money) DebConf 2017... for example. Also Microsoft hand down the money and devices for some of Debians servers, I believe. Microsoft is a Linux Foudantion member and therefore not only sponsors Linux but also has a say in it's development. Some one also said here that they don't trust big players like Google and Facebook. Well guess who are the other major sponsors of Linux?


https://www.linuxfoundation.org/announc ... n-platinum
https://www.debian.org/mirror/sponsors
https://debconf17.debconf.org/sponsors/

pylkko wrote:If you are really paranoid about microsoft, like some seem to be, I wonder what you think about the fact that Microsoft sponsors Linux and also Debian.

Microsoft sponsors Debian specifically?

No_windows wrote:

pylkko wrote:If you are really paranoid about microsoft, like some seem to be, I wonder what you think about the fact that Microsoft sponsors Linux and also Debian.

Microsoft sponsors Debian specifically?

Translation: "I am too farqing lazy to click a link when provided one."

Clarification of @pylkko's point re: servers: MSFT does indeed maintain a Debian mirror. (Again, available by clicking the link he provided.)

About 52% of Internet users are bots. We can be assured that a lot of those bots are malicious. With that in mind, the software we use cannot be depended on for 100% security. Our biggest threat is our own behaviour.

Everything!!! I'm not a programmer nor a developer so I don't know what is exactingly happening with every single thing I do on my Pc. I feel like I have to trust in the developers or the people who is compiling the programs to put them in the repositories. well maybe it's an act of faith. I guess it's better not thinking about it.

marcetm wrote:I guess it's better not thinking about it.

It is better that you do think about it. There are too many bots and people who want to take advantage of you to ignore the problem. Nobody expects you to be an expert but you should learn some Internet street smarts. There are several threads on this forum on basic security and browser security.
_________________________________

Back in the theme of this thread, I try to avoid Flash wherever possible. Flash is out dated and not necessary for most online video. I have come to suspect any site that insists that I have it.