-
-
Notifications
You must be signed in to change notification settings - Fork 385
Conversation
a67aeb7
to
08eff8c
Compare
Maybe we should also do something about that microcode section. It looks messy and I think most distributions would do this by default. |
fa3976e
to
12e8ecb
Compare
git="https://git-tails.immerda.ch/tails/" | ||
%} | ||
|
||
{% include cardv2.html |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From my understanding, due to Whonix associating and using Gab as a platform, including it as a recommendation on PrivacyTools is counter to our code of conduct.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
including it as a recommendation on PrivacyTools is counter to our code of conduct.
The code of conduct relates to our platforms, ie what we have control over.
Whonix was already listed previously, and has been since forever. We continue to mention it because purely because of technical merit. It has particular use cases that other distributions do not focus on. Eg. Virtualization, Physical Isolation etc.
My understanding is that the main leader of their team @adrelanos wants to keep things apolitical. That said I do agree some of their community weren't all that professional. Purporting to be a part of the organization before you are is not a good look. Somehow they still made it to being a part of the Whonix organization and were granted control over their social media presence.
I'm also not really interested in people virtue signaling as I don't think this adds to our mission. I don't like Gab or Facebook and I'd never use either, that said I don't think we should be basing our criteria on what social media sites others use.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code of conduct relates to our platforms, ie what we have control over.
Yeah, that's what I mean -- PrivacyTools has control over what is recommended and how it's recommended (as card or under "worth mentioning" for instance). You're right that Whonix has always been recommended on the site (not as a card though) but that doesn't mean it can't be re-evaluated.
Gab is a hateful platform--we all know this on the PrivacyTools team and actively moderate our services to protect the community from fascists. Yet the Whonix team continues to deliberately associate and use Gab. Thus from my perspective, by upgrading Whonix to a card (even currently being under "worth mentioning" is a problem) poses a greater problem: How are we able to uphold our CoC goals where "we strive to create a positive environment" and "we pledge to make our community a harassment-free experience for everyone" when software we give visibility and platform to as a recommendation actively chooses to undermine said goals for their community?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Gab is a hateful platform--we all know this on the PrivacyTools team and actively moderate our services to protect the community from fascists.
There would have to be people on that platform who are not fascists, just as there would be ones on Facebook that are. Neither are endorsed on PrivacyTools.
Yet the Whonix team continues to deliberately associate and use Gab
They also have a Facebook account too, which is a known violator of privacy. I think these are probably only used for outreach and online presence rather than any meaningful communication.
The endorsement for Whonix doesn't suggest users must use all their social media networks. Like we have some people who contact us via email, Matrix, or on our forums. That is up to the user.
It is also not the only way to contact the Whonix team/support, they have forums and other more direct methods of contact, Github etc.
I would not be keen to make this a precedent where all endorsed products must use what we endorse. We would have then turned this argument from one of merit into one of politics. I don't think that's helpful to our mission.
Thus from my perspective, by upgrading Whonix to a card (even currently being under "worth mentioning" is a problem) poses a greater problem: How are we able to uphold our CoC goals where "we strive to create a positive environment" and "we pledge to make our community a harassment-free experience for everyone" when software we give visibility and platform to as a recommendation actively chooses to undermine said goals for their community?
We've moved away from "worth mentioning" cards in general, throughout the site. Something is either good or it is not.
In the case of Whonix vs Tails, they have distinct different use cases, so one is not necessarily better than the other. A card vs "worth mentioning" leads readers to believe one product is a "better solution".
In regard to the CoC that only applies to our platforms, not everywhere else. We cannot be expected to enforce rules/our norms all-over the Internet. I do not also think anyone genuinely expects us to do so either.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would not be keen to make this a precedent where all endorsed products must use what we endorse. We would have then turned this argument from one of merit into one of politics. I don't think that's helpful to our mission.
I think it's important for us to draw a line here though with projects that choose to use Gab for outreach and communication. When a project is recommended on PrivacyTools, we recommend it holistically, not just by its technical merit and code (at least for me that's how I perceive things). When a project is recommended we direct PrivacyTools visitors to those sites and to those communities. Making Whonix (more) visible makes Gab (more) visible and further legitimizes it. My issue is that PrivacyTools would knowingly recommend and bring visibility to a project which knowingly uses Gab.
In regard to the CoC that only applies to our platforms, not everywhere else.
I see PrivacyTools.io as our main platform and thus our CoC covers what PrivacyTools chooses to endorse and recommend.
We cannot be expected to enforce rules/our norms all-over the Internet. I do not also think anyone genuinely expects us to do so either.
Of course, I agree. However, to me and my interpretation of our CoC and its coverage, recommending Whonix would create this problematic connection to some degree for our community: PrivacyTools -> Whonix -> Gab ... PrivacyTools -> Gab. Maybe my understanding of our CoC's enforcement is incorrect. But Gab is the point where I think PrivacyTools should be intolerant which extends to anything we recommend on our platforms if we're really trying to keep our community harrassment-free and inclusive.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel perhaps as if this is outside the scope of this particular PR anyhow, which is cleanup, and deserves a separate issue (and therefore I have approved this PR). I would say this is a concern, but the Whonix team seems to have an interesting/misguided sense of what is political and what is not (see https://www.whonix.org/wiki/Official_Whonix_Online_Profiles#Selection_of_Platforms and https://www.whonix.org/wiki/Warning#Unsubstantiated_Conclusions)...
I think it's important for us to draw a line here though with projects that choose to use Gab for outreach and communication. When a project is recommended on PrivacyTools, we recommend it holistically, not just by its technical merit and code (at least for me that's how I perceive things).
I feel like this is a factor in whether or not to recommend Whonix, but it is one factor out of many. Whonix is also a long-standing project in the Tor community, a project that the Qubes project (another project well respected by security and privacy experts) trusts to use by default for Tor communication, and possibly the only way to browse Tor for users who are concerned about OS exploits de-anonymizing them (see: Facebook & TAILS exploit). These are all factors that also need to be considered, and FMPOV overall if anybody asked me what the most secure way to brose Tor was, I would still comfortably recommend the use of Whonix (+Qubes) every time.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel perhaps as if this is outside the scope of this particular PR anyhow, which is cleanup, and deserves a separate issue (and therefore I have approved this PR).
To me this PR doesn't represent just cleanup: we're giving Whonix more visibility and legitimacy now as a card and thus inherently doing the same for Gab. What makes more sense to me is PR'ing Whonix to a card with a separate issue / PR.
I feel like this is a factor in whether or not to recommend Whonix, but it is one factor out of many.
Maybe I'm really off here, in the minority with the team, and misinterpreting our CoC. But to me--even taking into account a project's technical merit--not tolerating Gab nor a project's deliberate usage of Gab is consistent with our CoC and a precendent we need to set.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To me this PR doesn't represent just cleanup: we're giving Whonix more visibility and legitimacy now as a card and thus inherently doing the same for Gab.
Well it is in regard to grouping things together, ie "Tor focused distributions" and doing away with "Worth mentioning" lists. We've done a similar thing with the web browsing extensions page.
What makes more sense to me is PR'ing Whonix to a card with a separate issue / PR.
Not really, because that means we can't do away with "Worth mentioning" it also means that we would have a group with just Tails by itself, which would look silly. Tor focused distributions like Tails and Whonix have a very specific use case and that is enforcing Torification of all outgoing/incoming connections. This usecase would be unsuitable for someone who does not want to use Tor, or wants a general purpose operating system, hence the reason for splitting it off.
not tolerating Gab nor a project's deliberate usage of Gab is consistent with our CoC
Well they haven't displayed any overt behavior that is at odds with our CoC, they are only guilty of using a social network that we don't find desirable - albeit minimally along with a list of other undesirable social networks (they pretty much seem to have an official account for everything).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that means we can't do away with "Worth mentioning" it also means that we would have a group with just Tails by itself, which would look silly.
To me, the formatting and layout of not upgrading Whonix to a card (or removing Whonix altogether) is a non-issue. Not tolerating Gab nor a project's deliberate usage of Gab for us to be consistent with our CoC is the stance that has the strongest merit in my mind.
Well they haven't displayed any overt behavior that is at odds with our CoC, they are only guilty of using a social network that we don't find desirable.
Gab isn't just a social network I find undesirable. It's specifically a fascist cesspit (fundamentally breaking our CoC) that Whonix has chosen to use to direct their users to and to welcome Gab users into the Whonix community (besides the actual content of their Gab messages). And they've deliberately ignored questioning to the point of losing potential funding.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't expect it to make a difference, but I wanted to chime in and say I am opposed to including Whonix as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would Parabola not be a better alternative to Arch, seeing as it was mentioned in the old page as a fully open source alternative? |
The reason it was removed was because of maintenance issues iirc. |
I think we might swap out Guix for NixOS. We really can't be recommending kernels that have known vulnerabilities for political reasons.
As a result we're also going to be removing the contrib label, as all distributions now are based off a mainline kernel. CPU mitigations section will also be removed because it is expected that we only recommend distributions which are secure-by-default. If a user has disabled this then they know what they are doing. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @dngray
This comment has been minimized.
This comment has been minimized.
1b94f37
to
b7ad939
Compare
b7ad939
to
a7d9029
Compare
Co-authored-by: nitrohorse <[email protected]>
@dngray I just remembered about Hyperbola, another open source, Arch alternative. It seems to be getting updates, though from the site it says that they are "planning on implementing a completely new OS derived from several BSD implementations". Nonetheless, though that it was worth mentioning. |
Thanks, I'll keep an eye on it. At this time it is too young to be added. |
Closes: #1376
https://deploy-preview-1969--privacytools-io.netlify.app/operating-systems/#os