MacOS vs Linux for security and privacy

argante

cleanbowtie
Privacy – none of them. Rather, choose some BSD. Apple sees everything you do. Many Linux distributions also implement telemetry, so you'll have to verify this yourself.

Security – definitely MacOS. Especially if you're buying the latest laptops. The point is that MacOS is tightly integrated with the hardware. New Apple CPUs have implemented hardware MTE (MIE). Similar protection is provided by hardened_malloc's MTE (since Pixel 8), but ARM MTE has two modes: synchronous (more secure) and asynchronous (provides greater compatibility). By default, hardened_malloc seems to use the asynchronous mode (but also supports both modes).

MOD NOTE: https://discuss.grapheneos.org/d/11951-ai-generated-text-is-forbidden-with-the-exception-of-automated-translation

gvprtskvni

argante The telemetry is either opt in, easy to turn off, or entirely absent depending on the distro. I wouldn't say that's a massive point against Linux.

KCne

argante You can easily find laptops with coreboot and IME disabled (only a small part loads to boot).

Intel ME and AMD PSP provide really useful security features and using things like Libreboot or Heads can severely damage security

argante Privacy – none of them. Rather, choose some BSD

I don't think BSDs are intended for desktop use. They also aren't really more secure compared to traditional Linux distros, and security protects privacy

There is nothing [truly] good for x86 desktop right now, so usually the strategy is to run a very minimal host, lock it down, and separate stuff into as many VMs as possible.

GrapheneOS has another Twitter thread talking about desktop (in)security

Privacy involves much more including privacy from services, sandboxed applications, etc. macOS would win in many areas other than privacy from OS vendor [compared to Linux distros like Fedora]

A small amount of uninvasive telemetry isn't the catastrophe people make it out to be and LOTS of open source software including Firefox has similar telemetry to macOS. You aren't avoiding all telemetry, etc. by using open source software, and it's a tiny aspect of privacy

GrapheneOS qualifies as a Linux distro, but it is far more private and secure than traditional distros or MacOS. Once Android QPR1 releases for GrapheneOS and there are improvements to Desktop Mode, I believe that will be ideal in privacy and security for many desktop needs

02673853

argante Privacy – none of them. Rather, choose some BSD. Apple sees everything you do. Many Linux distributions also implement telemetry, so you'll have to verify this yourself.

Do you have any source supporting your claim that major distribution are sending telemtry, please use sources that also state WHAT telemtry

argante

gvprtskvni Most popular distributions use telemetry, especially Ubuntu. Furthermore, telemetry can be implemented through installed packages—see, for example, VSCode vs. VS Codium. Telemetry is even being implemented in programming languages. BSDs are much more conservative. The best approach is to install OpenSnitch and see what it's trying to communicate with.

MOD NOTE: https://discuss.grapheneos.org/d/11951-ai-generated-text-is-forbidden-with-the-exception-of-automated-translation

Dav3

What are peoples thoughts on little snitch for privacy on macos? I use LuLu but have used little snitch in demo mode and prefer it but concerned about it being closed source.

spl4tt

Dav3 I'm using little snitch in demo mode currently. I have to use macos or windows for work, and I'm surely not gonna use windows, so yea.
It looks quite nice for now. I've denied everything going out I don't know

N1b

Let's get back to the main topic:

Linux for privacy: Choose your distribution wisely. Often recommended are Linux Mint for convenience or Fedora Silverblue (or even Secureblue) for higher security. There are many more and it's a controversial topic. The good news are that you can try almost every distribution for free, I'd recommend starting with Linux Mint.

If you consider Privacy as "Privacy towards Apple themselves", you're straight out of luck with MacOS. It's proprietary and often proven that Apple is collecting data e.g. through the App Store or Apple Apps without a chance for you to avoid this. You can mitigate some of this (with e.g. brew.sh or LuLu) but you won't completely get rid of it.

MacOS for Security: As mentioned in further up, Desktop Security is almost unmatched with MacOS because of the tightly integrated hardware and security efforts of Apple. Very hard to impossible getting this level of security on any popular Linux Distribution.

Worth mentioning: Soon™ there will be a fully fledged Desktop mode in AOSP and therefore GOS. If this turns out to be adequate for your use cases, you won't get a more secure and private (and usable) system than GOS with a monitor and periphery attached.

Dav3

spl4tt yea I was playing with it last night in demo mode, just wish it was open source so I could trust it. Ive been a Linux user for nearly 20 years and was given a Macbook last week and testing the water with it as Graphene has been talking about the security about it on X and as my threat model is low I would rather security on desktop computer ( or I'm just telling me self this as I kinda like it lol )

spl4tt

Dav3 So you're in a similar boat as I am. Luckily you can just use your linux dotfiles and most things work as it should.. But yea, I can't really trust the system, even without an apple account / iCloud.
I didn't hear about lulu before, so I'm also givin that a try before I'll buy little snitch, thanks

tarbeez

Has grapheneos ever commented on the Intel Management Engine and AMD and Apple equivalents and the security implications? E.g. in some Twitter threads similar to the ones linked in this thread.

Is there any consensus in the community about these (trusted execution environment/platform security processor) and if/how they are a threat, and in that case how the Intel/AMD/Apple silicon/other implementations differ?

I don't know much about it but from their description they seem like a backdoor that can compromise a whole system easily? I've read that Apple's version is better documented and more limited in remote management, but again I'm not very knowledgeable about it.

argante

tarbeez how the Intel/AMD/Apple silicon/other implementations differ?

The most researched is probably Intel ME. It's a specially crafted version of the MINIX operating system. You can easily find laptops with coreboot and IME disabled (only a small part loads to boot).

ubersecure

argante The most researched is probably Intel ME. It's a specially crafted version of the MINIX operating system. You can easily find laptops with coreboot and IME disabled (only a small part loads to boot).

So what is your recommendation for privacy?

My understanding is that HEADS is the closest thing to GOS/Android Verified Boot on a PC.

I figure the most private would be HEADS + QubesOS.

ubersecure

KCne Intel ME and AMD PSP provide really useful security features and using things like Libreboot or Heads can severely damage security

Well, that's fine if you don't mind a nation state actor having full remote access to your system.

argante

KCne Intel ME and AMD PSP provide really useful security features and using things like Libreboot or Heads can severely damage security

Thanks for the very valuable link. Here's a more readable version.

I agree with everything they wrote. I agree that heads and PureBoot are inherently pointless. The only thing missing here is the realization that the world doesn't end with their arguments.

Let me give you a simple example that will relate to the logic presented in this article. Let's say you're locked in a prison for particularly dangerous criminals. You have a single cell without a window. You're constantly monitored by cameras. You can only go for a walk while handcuffed and never in contact with other prisoners. You're constantly monitored by guards. Do you realize that you're one of the safest people in the world? You're completely safe from any risk. But would you sacrifice your sense of freedom for such uncompromising security?

Many people love to experiment with operating systems and BIOSes. It used to be common for people to compile Linux kernels and modify the entire system. Today, with systemd, we're just silent, passive consumers. Disabling IME and coreboot restores that old feeling of being the master of your hardware.

You don't need LibreKey/Nitrokey or heads to validate the BIOS and operating system. All you need is a small hardware-encrypted USB drive with a read-only switch. Install a custom version of the Linux kernel with basic tools, your own statically linked copy of mtree to scan system files, and a flashrom for BIOS validation. If you're feeling paranoid, you can initiate system boot from such a hardware-encrypted USB drive.

100X

Privacy – definitely Linux. There is a big difference between Linux and Mac, even though some Linux distributions use optional telemetry that can be disabled.

slink

Guila dnf autoremove should always be manually checked. It is extremely inadvisable to ever run it with -y.

Additionally, these are all extremely basic commands. If you aren't aware of how to just write these out yourself, you should not be sudoing anything.

To actually contribute to discussion, there have been multiple instances of Apple failing to properly handle user data/telemetry or disclose privacy information. That said, it's a quite secure OS+computer combo so long as you keep it up to date.

n3t_admin

Guila if you think security researchers need an LLM to generate commands for updating Linux, you are truly lost. This is really basic shit you can learn in a 5 minute YouTube tutorial. And that is the first thing you should know when learning Linux at ALL.
If you don't even know how to update your system, Linux is not for you. No amount of hardening commands is going to improve this situation.

Real hardening would involve something like... SELinux/AppArmor, ufw, rbash... incredibly complex setups that are near impossible to maintain if you don't have the knowledge beforehand. Using AI generated commands to configure this, WILL fuck up the system.

Guila This forum is not intended for professionals since people ask questions about security.

Interesting assumption, I see a lot of professionals here.

Guila You give a surprising image to this field.

Yes, I'm harsh but I'm also honest. No one here wants to play security theater. And that's what using AI is. The only people trusting AI are the ones who can't see when it's wrong. And it's wrong a LOT.

Guila Security researchers and developers don't use LLMs to save time, is that what you say?

Yes, that's what I'm saying. At least the good ones.

Guila They use it, no matter what you think.

I'm sure you just made that up.

02673853

NetRunner88 02673853
Mostly they ask your packages installation/usage

How do you want to install packages from remote server without telling them that you want to do so?

n3t_admin If you don't even know how to update your system, Linux is not for you. No amount of hardening commands is going to improve this situation.

You are mostly right but I want to add that its easily is possible to use Linux without typing a single commend

Revliss

The real problem about any Linux distro is that they don't come with security by default. One example is the open bootloader: anybody with physical access can open a root shell and access your files. The kernel is probably not compiled with the right flags as well. You need a lot of work to properly secure Unix.

AI is a great tool, like a high tech screwdriver ;)
If you don't know what you are doing, it's not going to be great. You have to have domain knowledge.

slink

02673853 as an example, fedora. It's to my knowledge opt-in, and clearly disclosed.

NetRunner88

02673853
Mostly they ask your packages installation/usage

akc3n

EDIT: Cleaned the comments hijacking OP's thread. Please stay on topic moving forward.
Thanks to the community members that flagged harmful advice comments and AI generated replies.
Reminder to that we do have a Code of Conduct; if you see that there is an issue, feel free to ping me or contact me (info in my profile bio).

~~Locking for now until this thread gets cleaned up as time permits.~~

For those using generators to post comment replies, yes, we have a way of detecting certain characters, please stop. Or if you are using it for translating, please add a note in the footer of your comment.

See https://discuss.grapheneos.org/d/11951-ai-generated-text-is-forbidden-with-the-exception-of-automated-translation

akc3n

ubersecure a nation state actor having full remote access to your system.

Citation needed.

akc3n

NetRunner88 akc3n
...
Every research on the web with Intel+ime+exploit give tons of infos

... There is a specific reason I asked them:

akc3n

ubersecure #44 a nation state actor having full remote access to your system.

Citation needed.