Comment by MathMonkeyMan
1 year ago
When I open Slack, to which servers am I explicitly requesting a connection?
I see your point, but my point is that implementing this is either impossible or would require changing how networks are used by programs at a fundamental level.
A middle ground might be to create a distro that uses something like SELinux to prevent all network access to non-system processes. Then each package would have to be audited to determine which addresses it can bind to, and/or which name lookups it can do, and how those capabilities are connected to actions performed by the user. Then there is still the question of what to do about software that accesses the network independent of the user, but maybe you can argue that shouldn't exist. How do updates work? Besides, if I allow Slack to connect to mychats.slack.com, nothing prevents the software from sending telemetry to that endpoint. You would need an army of manual enforcers, and that's not to mention non-free software.
> When I open Slack, to which servers am I explicitly requesting a connection?
Debian only supplies open source software. Proprietary apps that only support the vendor's service aren't included as it is. Open source apps using standard protocols like Matrix or similar do allow the user to choose the server.
> A middle ground might be to create a distro that uses something like SELinux to prevent all network access to non-system processes.
We're talking about open source software in the official repositories. You're not putting it in a jail to thwart it from defecting on you, you're modifying the code so that it doesn't even try.
> How do updates work?
When you install Debian it asks you which mirror you want to use for updates. Several of them are provided by universities etc. You can also make your own and some large organizations do that.