This questions is from
Thought I would open a new thread to get others takes an opinions on this question.
3 Likes
My response:
2 Likes
Just an interesting question to me. Its a basic Where do you draw the Line?
Does the fact that the “regular” linux kernel contains closed source binary blobs have any bearing on privacy thinking? I mean, you wouldn’t know what code is being run on your system after all. So to the suspicious mind, that code may be doing a lot of things behind the scene.
2 Likes
The “should” part of the question, as far as Linux distros are concerned, is not really enforceable, beyond community sentiment.
That said, it’s my sentiment that if a distro claims to be privacy respecting, the decisions made on behalf of the user, such as included applications, “should” be privacy respecting 
3 Likes
Actually hadn’t even though about that. I got my original question from just the License debacle
On a second thought, I may be wrong about the Linux kernel itself containing binary blobs 
I hope someone with more knowledge could give some ideas.
1 Like
From my perspective, something being closed source doesn’t inherently make it not privacy respecting.
After all, there are plenty of open source applications that aren’t privacy respecting.
2 Likes
Like? 
Obsidian is a great example of this.
1 Like
Not necessarily, no. That’s why I said “to the suspicious mind”. We don’t know after all what that code is. It my be doing bad thing and yet it may not.
1 Like
I’m not sure if your question was meant in jest.
Anything that contains telemetry. Audacity introducing telemetry caused quite a stir!
And well… I mean Firefox is big in the news at the moment.
3 Likes
Gathering telemetry is not per se disrespecting privacy. It is a matter of how it is done. So this whole discussion does not make sense if we do not agree on what is actually meant with “Privacy Respecting”.
Firefox is another good example. It is not privacy respecting out of the box but if you are interested you can have a config which makes Firefox respecting your privacy. The brave browser on the other hand can not be completely silenced with a config. So, in which bucket do these two apps belong?
I would need some examples of “Non Privacy respecting apps”.
2 Likes
Yep it was. Was hinting at Firefox. And yeah, Audacity is a good example for that side.
We could also include most AI services that claim to be open-source.
Anything Adobe, Microsoft, etc. A good marker is if it’s available in China, it’s not privacy-respecting by default, and may even not be configurable to properly do so.
The recent Microsoft announcement for ending Skype is a good example. In trying to find apps that would preserve privacy, every single one I suggested to my clients were unavailable in China.
I suggested in this order: Signal, Telegram, Discord, Zoom, Teams
I mentioned WhatsApp only as a comparison to Signal and LINE.
What was available? WhatsApp, Teams, Zoom.
EDIT: WhatsApp was NOT available. My mistake. I just remembered that I was surprised that it wasn’t available, because I don’t trust anything from Meta and was sure it was backdoored. I was wrong. Still doesn’t change my opinion on Meta. Still want it to die, or at least split them up again. Zuck zucked up both IG and WhatsApp. Zuck that guy! 
1 Like
Very good point. What is the definition of Privacy Respecting?
I’d say, “(of a service, app, or vendor) not collecting user data including but not limited to usage data, PII, etc. neither for improved functionality nor for selling said data, or other reasons such as keeping a record or number of users, demographics, etc.”
I’d probably have to add more to that for clarity and to ensure there aren’t many loopholes, but I think saying “not limited to” should do most of the work.
How is that?
2 Likes
@anon93652015 :
This is all too vague. Can you give examples of apps which you find in Linux distros, lilke arch, debian, fedora, etc., which are not respecting privacy?
1 Like
Oh, I seem to have misunderstood your question then.
In that case, the only thing I can think of is Google Chrome as a default, and maybe Skype if there are any distros that include it preinstalled.
I’m almost sure that Linux Lite and/or Zorin have Chrome as the default. Will check their site as I don’t have the ISOs anymore.
EDIT: Not Zorin. All their screenshots show Firefox.
Yep. It’s Linux Lite.
But alas, that’s one very obvious example. I’d say not many distros include privacy-invasive apps/service by default. Ubuntu maybe? But likely not many others.
1 Like
So then the question is does any collection Violate Privacy or does it depend on whats collected.
I mean I think of a situation where they collect DATA without USER direct permission (Opt out instead of Opt in) If the information is non personal then is it a Privacy concern or is it a Ethics concern?
1 Like
I’d say yes to this. At any time, just the collection of that data adds an attack vector to the mix. Whether it’s a money-hungry CEO or developer, a disgruntled or even malicious employee, or a hacker or foreign or local government.
By just collecting the data, your privacy can be violated, and more often than not it is.
In such a scenario, the second part of what you said would begin to play a role. The only way for them to know it’s you is for you to sign in to the service/app, or for some agreement among interested parties.
For instance, when you simply sign up for a new phone number. Privacy is zero.
Or something that requires more cooperation, like what I imagine they do in China:
Many things are digitised, so when you buy/download something, it is linked to your personal digital identity, as such, even if you don’t sign in, they know it’s you.
For me, definitely both. 
I grew up with lots of privacy at the forefront of my mind. I experienced some stuff that made me realise that if random people didn’t know some personal stuff that should be kept to actual friends only, then I would not have experienced them.
Additionally, I don’t trust human beings to do the right thing. We have always ALWAYS done the wrong thing throughout history. Ethics in modern society barely exists anymore. Our laws are “what can I get away with without causing an uproar”. Plus, hackers exist.
3 Likes
I would argue that any application that gathers telemetry in an opt-out or forced manner is not privacy respecting by default.
I certainly see no problem with opt-in telemetry though.
If delivered in their upstream configs, they are not privacy respecting by default by my definition.
However, if Firefox was shipped with a config that disabled the telemetry, it would be privacy respecting IMO.
How about snap which has forced telemetry? Ubuntu and Fedora Workstation which both have opt-out telemetry.
4 Likes