don’t know if this is the right thread for this question. I read that Deepin Linux raises concerns in terms of privacy and has a switch that you need to disable, that you don’t want to participate in a user-analytics-feedback program. Someone even called it the MS Windows of Linux. I know that Deepin Desktop on Manjaro is not equivalent to Deepin Linux. But here is my question as a privacy concerned open source user: Is Manjaro Deepin safe in terms of privacy? Is it all open source as well?
That’s for the webpage and not the OS.
That’s because that’s the easy answer: There is no spyware in Manjaro…
The complex answer would be to execute:
and verify all individual standard packages from a live session…
Never understood this for desktop linux users.
Feedback to a Linux Community to develop the OS and troubleshoot: YES!
Telemetry to some unknown chinese entity from Wuhan: NO THANK YOU!
…it is not ment to be racist. I hope you guys understand.
The Manjaro team respects your privacy. But you cannot be 100% sure about every single third party package, especially if installed from AUR or other sources. You need to take care by yourself as well to avoid data leaks.
I’d like to add that there’s always a way to implement “telemetry” (even though that term is really negative these days) in a privacy-respecting way:
- It must always be opt-in (off by default, unless user accepts it), never opt-out (on by default unless user declines it)
- Always ask the user first (and never do so by nagging the user or using dark patterns to obscure things… just a clean Yes-or-No question, with No being the default), never automatically send
- Present the data for the user to take a look at first (and also allow edits), before it’s being sent
- Describe why each piece of data is collected, what the purpose behind it is
- Generally, be completely transparent and obvious about it and what’s exactly happening
– Good example of transparency, from the Android world: Frequently Asked Questions | GrapheneOS
The reason why telemetry is such a negative term these days is because it’s being implemented in bad ways (intransparent, hidden, privacy-disrespecting, way too much data being sent, …). And this is of course because the companies behind it want to make extra money off of it and they realized that privacy isn’t something that the typical Windows/Android/iOS user cares much about. So they just collect what they want. But the Linux community has a different mindset about these things and will very much rip apart anyone who tries funny things. See the audacity disaster recently.