"No closed source software."

[SkewedZeppelin]

https://old.reddit.com/r/PrivacyGuides/comments/siqc69/consideration_on_removing_rule_1/
My 2¢ because I don't have a working Reddit account.

It would be a shame if this rule was removed.
I've seen a lot of these "open source don't matter" comments recently and it is asinine.
We use FOSS for what it affords us, the freedoms it provides.

Just because I can decompile Google Play Services to verify there is no blatant backdoor does not afford me the freedoms to alter that in any way I please. It does not afford me the freedom to distribute it or share it as I please.

Yes, Windows 11 has some pretty rad security features.
But it is also an actively hostile platform, as are most of these proprietary alternatives.

Once we give up any freedom, we will have a monstrously more difficult time in order to gain back that freedom in the future.
We must resist and not chain up our own selves.

[ph00lt0]

I believe that for quite some situation, proprietary software can also improve your privacy and security. Mostly when alternatives are lacking.

For me this seems like a similar discussion as has happened some time ago about Android in this community. F.x. should we recommend people to use uninstall apps from the user profile with adb commands or should we just give them no other alternative than buying a pixel (should they not have DivestOS compatible).

The answer to these discussions does not exist, if you'd be asking me. It depends on thread model. When speaking of proprietary software also other risks come into play, f.x. it would be much easier for a government to force a company to add a backdoor. Not saying it isn't possible as @TommyTran732 also demonstrated, but it is less likely to last.

I think if you want to support people with getting into the privacy field he is right that the website should provide information for users with different limitations and different thread models. So yes if no other 'good' option a proprietary tool could be listed to provide a service for users on a certain OS. It should just explain clearly that this may not be for everyone. I think we all agree that open source is preferred.

[SkewedZeppelin]

Guides on how to make macOS and Windows better are fine and good to have and is something I'd be happy to see.
Putting Windows 11 or the 10 mile high wall that the Apple ecosystem is as a recommendation is not good.

[ph00lt0]

I don't think @TommyTran732 is suggestion is about recommending the use of Apple or Windows. It's about the most effective ways to protect yourself on such platforms, possibly including closed sourced software.

[freddy-m]

The purpose of this site is to recommend privacy respecting services. We are pragmatic in our process, and try not to let ideology into the mix of things. We like open source (hence we are open source). Proprietary software makes it harder to inspect the code and to contribute. However, it does not directly affect the security and privacy of a service. We much prefer open source software but, in and of itself it does not enhance privacy. Personally, I prefer to use open source software though we also list closed source stuff as well. Just my thoughts on the matter.

[realguyman]

Reverse engineering isn't exactly easy, especially when companies obfuscate code prior to publishing their software. Software that has good documentation and easier to read code bases are significantly better for analysis of all sorts (including looking for security vulnerabilities).

[ghost]

I personally agree with removing it and I honestly see Privacy Guides adding the no closed source software rule to be a bit hypocritical when on the site there's a threat modelling section where people can decide whether X application fits their threat model but then when they might ask about it on the subreddit for advice their post gets removed or people fill the comments with "Use Y instead lol". We're supposed to be open as a community to support people in whatever decision they make; allowing only discussions of closed source applications just pushes away people who have a more lax threat model than others.

I also don't think proprietary code makes it inherently harder to audit as reading code and reverse engineering something are two different skill sets. Reviewing code can often be less informative than reverse engineering an application as you actually get to see how that application functions. It's kind of like reading the blueprints for a car than actually daily driving/monitoring one. Remember also as pointed out by the article linked in the post, that backdoors can be very hard to notice, things like a single = in tens of thousands of lines of code (millions in that particular case) is enough to have a root vulnerability which could be used as a backdoor.

In the end I don't only agree with the change from a privacy/security perspective but also from a community standpoint in supporting whatever decision people may make. We should be welcoming those with more lax threat models not pushing them away; them caring about privacy and willing to make a change should be considered enough and expecting them to keep sacrificing convenience for privacy/security/freedom/whatever is in my humble opinion, completely stupid and backwards thinking. If we don't expect people to solely use FOSS solutions then we should represent that by allowing closed source applications on the site as long as they've has been audited by the team.

Not only that but as others mentioned there are actual use cases for proprietary software over FOSS solutions such as BitLocker being better than Veracrypt on Windows with it supporting TPM and other security features and since you're already trusting Windows not to to do anything shady there isn't really any point in adding an additional third party to trust your data with.

Anyway that's my personal 2¢ after arguing under that post for a good while.

[dngray]

I've been thinking about this the last few days and I think we can find some middle ground. I'm thinking we could modify the rule so:

We prefer open source software where possible, but sometimes closed source components are better options. For example where they tightly integrate with already proprietary operating systems or when they solve a problem that is not already solved by any open source counterpart.

The threat model regarding closed source software was really intended not to be the OS itself, but tools installed on top of that OS. For example we don't need to hear about 99 encrypted instant messenger programs that are closed source, when we have Signal and Matrix, or some Veracrypt clone where there is no source code, there are however incentives to use things like Bitlocker, Filevault, especially where those make use of a secure cryptoprocessor and work properly with verified boot, which can very well improve privacy, prevent malware persistence etc. Of course it's worth noting some verified boot solutions sometimes come at the cost of freedom, for example where custom key enrollment is impossible, ideally we should be striving to use products where key enrollment is possible and these technologies can be leveraged to increase security.

Further reading on how these things are used on Windows and MacOS:

• https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm
• https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1
• https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/1/web/1

[remyabel2]

Stumbling across that post and reading arguments on all sides here's my opinion and concerns...

Secondly while I've seen threat model mentioned here and there, the OP post and the arguments made for/against operating systems or for closed/open source have neglected to mention a threat model. This leads to endless bickering about whether or not something is secure and muddles the mix between privacy/security, making wholesale recommendations I think inappropriate for a general audience. For example, at the DNS page at the top there is:

DNS-over-HTTPS, DNS-over-TLS, and DNSCrypt resolvers will not make you anonymous. Using Anonymized DNSCrypt hides only your DNS traffic from your Internet Service Provider. However, using any of these protocols will prevent DNS hijacking, and make your DNS requests harder for third parties to eavesdrop on and tamper with.

This is a bit misleading as DNSCrypt does not claim to make you anonymous (in fact, the author makes no such claim). If you want anonymity, you can use the built-in feature to send your requests to a relay. This warning by itself will scare off lay people who think DoH is useless if not outright harmful, but depending on your threat model, it's a useful tool. DNSCrypt out of the box affords you integrity and authenticity and optionally provides confidentiality with the correct setup. I've seen similar arguments made against DoH when it was first rolled out in Firefox that it's bad because malware, cloudflare, etc. with no mention that you can easily change the DoH provider (most users will want to use DNSCrypt's built-in server then point it towards an upstream provider of their choice) or that saying DoH is bad because malware uses it to hide traffic is nonsense. Anyway rambling aside, the point here is that there needs to be a fair representation of both sides when making claims like these.

[remyabel2]

RE: the parts about threat model and OS recommendations, that's good to hear. Also good to hear that the page is being redesigned. Not much to say about that.

If you use encrypted DNS you're unlikely to be gaining much privacy, as the domains you access will likely still be exposed unless TLS Encrypted Client Hello is also used. As this is not yet an RFC it's not widely supported. The other thing is that if you're using a VPN, you're already trusting your VPN provider, so using an external encrypted DNS provider just places trust in another party.

I agree that the privacy part is a misconception. I don't agree that it's a "limitation". It would be more accurate to say that DNSCrypt is capable of doing multiple things, some of which it is designed for and not. My concern is that DoH has enough FUD thrown at it already that introducing more doubt does more harm than good. I already used a few examples, but the threat model of a cybersecurity company (who would want to block DoH traffic due to malware) is not going to fit the same threat model of a user, who can use DoH for XYZ reasons. Similarly, sites will say that DoH can hinder your DNS filtering capabilities, but neglect to mention that DNSCrypt comes with filtering capabilities. For example, you can use its built-in generate-domains-blocklists tool and a provider that's unfiltered for max granularity. But the point is that it has not been represented fairly in the media. I've even seen some users recommend that your ISP's DNS is fine, which seems like taking it too far in the other direction.

As far as trusting providers go, Anonymized DNS + ODoH pretty much makes this a non-issue, so long as the relay and the upstream provider don't match but this is easily configurable. As far as VPN's go, the efficacy of VPN's is an entire topic in of itself that would be too long for this discussion.

[dngray]

As far as trusting providers go, Anonymized DNS + ODoH pretty much makes this a non-issue, so long as the relay and the upstream provider don't match but this is easily configurable. As far as VPN's go, the efficacy of VPN's is an entire topic in of itself that would be too long for this discussion.

It doesn't make it a non-issue because the domains you visit are still exposed to a network observer by inspecting the TLS connection handshake, regardless of how you get your DNS lookups. The reason for using a VPN is under the assumption your ISP is in your threat model.

We want to be very clear that in these scenarios encrypted DNS or anonymized DNS is not providing really all that much privacy.

As far as ECH goes, that's pretty much a non-starter. Only works with Firefox, Cloudflare, with specific Firefox settings and if the web server supports it, so I'm not even sure it's worth discussing until it becomes more mature and less of a tech demo.

That's the thing, most TLS connections don't support ECH. Until that is not true, then we need to consider that most threat models aren't really improved with "encrypted, anonymized DNS" or whatever.

I don't know the relationship between the maintainers on here and the mods on the reddit. I'm just saying that a couple of the mods were arguing extensively about Linux. Whether or not they use it themselves is kind of beside the point of my overall concerns.

I think you're talking about @TommyTran732, lets not beat around the bush on that. He is an experienced Linux sysadmin but is also smart enough to know it's limitations.

[remyabel2]

I'm not beating around the bush. I just didn't feel like (or care to) name specific individuals. My usage of "a couple of" was based on the comments I scanned.

He is an experienced Linux sysadmin but is also smart enough to know it's limitations.

And I have not and don't call this into question, so again don't see what that has to do with anything. My position has always been about information and never the qualities of a specific individual.

[remyabel2]

I've edited those parts out of my posts as they had nothing to do with the core discussion anyway and made it look like I was calling people out rather than making general comments. I'll be more mindful in the future.

[TommyTran732]

Since I have been mentioned - yes, I am a collaborator on GitHub. Most of the new Linux page is written by myself. I have been using it on my servers and desktop computers since 2016 and I have been daily driving it since 2018. I can tell you without a shadow of a doubt that Linux is not a secure operating system and you have to be very careful when recommending it to a regular user. The idea that people should ditch something like macOS and use Linux for privacy & security is mostly misinformation. The user should be very aware of the deficiencies of Linux before switching to it, otherwise they would be in for some very nasty surprise.

[dngray]

This change has been made https://reddit.com/r/PrivacyGuides/comments/t79vrd/rule_1_modification/