Comment by reaperducer
1 month ago
I want to turn these things off and throw away the key. But of course the vendor will never allow me to. Therefore I use Linux.
I hate to break it to you, but these things happen in Linux, too.
It's not the operating system that's the problem. It's that the tech industry has normalized greed.
It is true that there are not absolutely zero instances of telemetry or "phoning home" in Linux, but Desktop Linux is not a similar experience to Windows or macOS in this regard, and it isn't approaching that point, either. You can tcpdump a clean install of Debian or what-have-you and figure out all of what's going on with network traffic. Making it whisper quiet typically isn't a huge endeavor either, usually just need to disable some noisy local networking features. Try Wiresharking a fresh Windows install, after you've unchecked all of the privacy options and ran some settings through Shutup10 or whatever. There's still so much crap going everywhere. It's hard to even stop Windows from sending the text you type into the start menu back to Microsoft, there's no option, you need to mess with Group Policy and hope they don't change the feature enough to need to change a different policy later to disable it again. macOS is probably still better (haven't checked in a while), but there are still some features that basically can't be disabled that leak information about what you're doing to Apple. For example, you can't stop macOS from phoning home to check OCSP status when launching software: there's no option to disable that.
The reason why this is the case is because while the tech industry is rotten, the Linux desktop isn't really directly owned by a tech industry company. There are a few tech companies that work on Linux desktop things, but most of them only work on it as a compliment to other things they do.
Distributions may even take it upon themselves to "fix" applications that have unwanted features. Debian is infamous for disabling the KeepassXC networking features, like fetching favicons and the browser integration, features a lot of users actually did want.
Are there any tools that enable capturing traffic from outside the OS you’re monitoring, that still allow for process-level monitoring?
Meaning, between the big vendors making the OS, and state-level actors making hardware, I wouldn’t necessarily trust Wireshark on machine A to provide the full picture of traffic from machine A. We might see this already with servers running out-of-band management like iDRAC (which is a perfectly fine, non-malicious use case) but you could imagine the same thing where the NIC firmware is phoning home, completely outside the visibility of the OS.
Of course, it’s not hard to capture traffic externally, but the challenge here would be correlating that external traffic with internal host monitoring data to determine which apps are the culprit.
Curiosity has led me to check on and off if the local traffic monitoring is missing anything that can be seen externally a few times, but so far I've never observed this happening. Though obviously, captures at different layers can still yield some differences.
Still, if you were extra paranoid, it wouldn't be unreasonable or even difficult to check from an external vantage point.
> Are there any tools that enable capturing traffic from outside the OS you’re monitoring, that still allow for process-level monitoring?
Doing both of these things at once would be hard, though. You can't really trust the per-process tagging because that processing has to be done on the machine itself. I think it isn't entirely implausible (at the very least, you could probably devise a scheme to split the traffic for specific apps into different VLANs. For Linux I would try to do this using netns.)
Yes, but if it happens at least there is no greedy intent and it will be corrected by the community.