Open source operating systems in general are less worrisome because their code is open to inspection by anyone with the skills to understand it. Does that mean Linux computing platforms from nongovernmental sources in politically tense countries are equally worry-free? At least one situation last year brought FOSS’ safe-to-use reputation into question. Given that several governments — including the U.S. — have concerns with Android-based mobile phone products made by Huawei, should related security concerns extend to Deepin Linux?
Thank-you for this excellent article. Deepin does, indeed, seem like an interesting distro. I'm concerned about security, for the reasons mentioned, and because the Chinese government has a history of forcing people to do things on penalty of treason/disappearing. They could, someday, order the devs to put in a backdoor.
Personally, I'm hoping that someone forks Deepin Desktop Environment, so that we can have a thoroughly security-reviewed version available with all app integrations, in a non-Chinese distro. I would really like to use this, but I just can't take the risk.
One thing that I feel bears correction:
Full disk encryption cannot protect data from the operating system, if the OS is doing the encryption. The operating system has access to the decryption key, and can access everything on that machine, encryption or not.
Thank you for your comments on this article. You raise a very good point about the reliability of full disk encryption controlled by the operating system.
I frequently discuss security issues with cybersecurity experts. Interestingly, one of their often-made suggestions is to apply full disk encryption. Perhaps that mantra needs clarification. Maybe an encryption tool provided by a distro developer is not a good option.
I am not a security expert. I do not have any insight into how reliable Deepin Linux's encryption application is compared to other third-party AES-compliant encryption products. But I will broach that topic in my next chat with cybersecurity experts.
what is racist about this article? having a general concern about a product produce by a company in a country that is well known for its lack of human/civil rights and it being an overwhelming police/surveillance state isn't racism, but ignoring a potential security issue makes a fool.
I can't believe what I'm reading here. China bashing again with wot?? Rogue software in OS?? !!
Forcing people to add backdoor ??!! Are you delusional???
So far there s literally no evidence to suggest Chinese government did those.
What's proven now is US has asked software companies to added back doors. Apple CEO Tim Cook openly said: Chinese didn't ask us to add backdoor. The US government did.
I'm not even going to start on NSA.
Another government is AUS. The infamous AA bill legalised backdoor for AUS made software.
And yet you are here China bashing ?!! Textbook example of brainwashing and Donny Kruger effect.
Huawei released ALL of their software for review by UK goverment. They found no backdoor.
DJI opene sourced their government version of drone firmware.
I suggest you keep your BS / racism / PC out of the open source communities.
You are a living insult to all who put effort to make software political free.
You might want to fix your article. In it, you said you last reviewed 15.18 but meant to put 15.8. I do appreciate the article though. I know many places even Russia have a distribution and even a virus protection software as well. It is something that we have to keep a close eye on. I am glad that the code can be seen by everyone so hopefully, if someone tries to slip something through hopefully it will be caught.
Deepin Linux: Security Threat or Safe to Use?
Posted by: Jack M. Germain May 31, 2019 09:40 AMOpen source operating systems in general are less worrisome because their code is open to inspection by anyone with the skills to understand it. Does that mean Linux computing platforms from nongovernmental sources in politically tense countries are equally worry-free? At least one situation last year brought FOSS’ safe-to-use reputation into question. Given that several governments — including the U.S. — have concerns with Android-based mobile phone products made by Huawei, should related security concerns extend to Deepin Linux?
Personally, I'm hoping that someone forks Deepin Desktop Environment, so that we can have a thoroughly security-reviewed version available with all app integrations, in a non-Chinese distro. I would really like to use this, but I just can't take the risk.
One thing that I feel bears correction:
Full disk encryption cannot protect data from the operating system, if the OS is doing the encryption. The operating system has access to the decryption key, and can access everything on that machine, encryption or not.
Great article, overall. Thanks!
I frequently discuss security issues with cybersecurity experts. Interestingly, one of their often-made suggestions is to apply full disk encryption. Perhaps that mantra needs clarification. Maybe an encryption tool provided by a distro developer is not a good option.
I am not a security expert. I do not have any insight into how reliable Deepin Linux's encryption application is compared to other third-party AES-compliant encryption products. But I will broach that topic in my next chat with cybersecurity experts.
Thanks for sharing that potential flaw!
Forcing people to add backdoor ??!! Are you delusional???
So far there s literally no evidence to suggest Chinese government did those.
What's proven now is US has asked software companies to added back doors. Apple CEO Tim Cook openly said: Chinese didn't ask us to add backdoor. The US government did.
I'm not even going to start on NSA.
Another government is AUS. The infamous AA bill legalised backdoor for AUS made software.
And yet you are here China bashing ?!! Textbook example of brainwashing and Donny Kruger effect.
Huawei released ALL of their software for review by UK goverment. They found no backdoor.
DJI opene sourced their government version of drone firmware.
I suggest you keep your BS / racism / PC out of the open source communities.
You are a living insult to all who put effort to make software political free.
Wot a shame.