I do not want to start a discussion about Linux since I’m no expert and a million of Linux experts will know better.
But don’t all the suggested distros here (as well any user friendly ones in general) rely on the kernel written by Torvald’s team. With that team being based in the US and at least Linus himself having acted as a three letter agency asset before, can they really be called privacy friendly or even secure? (I’m talking about the CIA or NSA having had a backdoor into Linux in the past and Linus also having banned Russian contributions last year while not banning American contributions, much less moving the operation outside of the US)
msplsh:
This looks like an implant that opens a backdoor, not an intrinsic backdoor built into the OS.
and:
sko:
From el reg: To us it seems whoever created the code would compromise or infect a selected Linux system and then install the backdoor on it.
So if someone already gained privileges to install anything on one of your machines, it doesn’t matter what it is - this host is compromised and has to be nuked from orbit.
So, unless I’m missing something this is not really about “the Linux kernel devs being compromised by NSA” as much as the endless list of Windows-targetting malware is not about “the NT kernel devs being compromised by NSA”.
If this is the case, this still wouldn’t exclude a NSA compromise though.
There is the ban of Russian contributions.
You can say this is all about politics and the war, but then those politics are clearly aligned with US agencied interests.
American contributions are still allowed despite the US being just as much as if not more of a threat to security and privacy. Just like they’re just as war mongering.
I don’t know the details of that part directly, but I do remember reading things like this which seemed to indicate delisting of some maintainers (positions of responsibility, as opposed to blocking all developer contributions) who were associated with certain sanctioned Russian companies. This seems to be in line with standard sanctions being imposed by many companies & organisations in various countries (not just USA). Regardless of personal opinions about whether that was “right, wrong, or otherwise” at the time it at least seems a far cry from “an NSA compromise”.
I do not want to start a discussion about Linux since I’m no expert and a million of Linux experts will know better.
But don’t all the suggested distros here (as well any user friendly ones in general) rely on the kernel written by Torvald’s team. With that team being based in the US and at least Linus himself having acted as a three letter agency asset before, can they really be called privacy friendly or even secure? (I’m talking about the CIA or NSA having had a backdoor into Linux in the past and Linus also having banned Russian contributions last year while not banning American contributions, much less moving the operation outside of the US)
What is this backdoor you speak of?
Bvp47
Having not heard of this one, I was curious so checked some sites about it, like:
https://www.reddit.com/r/linux4noobs/comments/kd0yml/does_the_nsa_have_a_backdoor_to_linux_this/
https://www.theregister.com/2022/02/23/chinese_nsa_linux/
https://www.bleepingcomputer.com/news/security/nsa-linked-bvp47-linux-backdoor-widely-undetected-for-10-years/
My quick impression from those seems to match what was said by some commenters on the FreeBSD forum - https://forums.freebsd.org/threads/nsa-linked-bvp47-linux-backdoor-widely-undetected-for-10-years.84258/
and:
So, unless I’m missing something this is not really about “the Linux kernel devs being compromised by NSA” as much as the endless list of Windows-targetting malware is not about “the NT kernel devs being compromised by NSA”.
If this is the case, this still wouldn’t exclude a NSA compromise though. There is the ban of Russian contributions.
You can say this is all about politics and the war, but then those politics are clearly aligned with US agencied interests. American contributions are still allowed despite the US being just as much as if not more of a threat to security and privacy. Just like they’re just as war mongering.
I don’t know the details of that part directly, but I do remember reading things like this which seemed to indicate delisting of some maintainers (positions of responsibility, as opposed to blocking all developer contributions) who were associated with certain sanctioned Russian companies. This seems to be in line with standard sanctions being imposed by many companies & organisations in various countries (not just USA). Regardless of personal opinions about whether that was “right, wrong, or otherwise” at the time it at least seems a far cry from “an NSA compromise”.
@RedPandaRaider @FallenWalnut
https://privsec.dev/posts/linux/choosing-your-desktop-linux-distribution