I’m the Never Ending Pie Throwing Robot, aka NEPTR.
Linux enthusiast, programmer, and privacy advocate. I’m nearly done with an IT Security degree.
TL;DR I am a nerd.
What is missing that makes it a deal breaker? It really seems odd to always see comments effectively saying “we should have stayed with X.Org”. The nice thing about Wayland is that it’s maintained, so new features are being added over time.
To add to what you said, X11 is unmaintained software.
Adamant transphobe, but in that insidious way where they justify letting people get bullied in the Discord because their “not on anyone’s side and value different opinions”. A trans person in the Discord server was targeted by another member and intentionally misgendered repeatedly. They spent multiple blogs basically saying “people are snowflakes, we dont want an echo chamber”. Like wtf. (IIRC, working off my memory since I read about it like 2 months ago)
If all you want to do is run VMs, Qubes is not what you are looking for. Even virtual machine manager (and other abstractions over libvirt and KVM) need to be hardened to avoid compromising the host.
Example: By default virt-manager uses a NAT bridge to allow for the guest VM to access the host and the LAN. A couple of weeks ago vulnerability was found in CUPS print server, allowing a hacker to do RCE. If a guest VM was compromised (previously or because of the vulnerability), since the host also likely has CUPS the hacker could use the guest system to compromise the host. This is avoided on Qubes because the host has minimal software.
Virt-manager offers no where near the same Security as Qubes. Qubes has a security hardened host and strong Desktop security model. Everything runs in VMs (aka qubes) including different parts of the system to further improve isolation. Sure, you could replace Qubes OS with an off the shelf Linux distro and run VMs, but that is nothing like Qubes, offers none of the convenience, and isn’t hardened or debloated (reducing host attack surface).
No Linux distro comes close. Qubes is designed for a specific job. I am not saying Qubes is the “best OS ever” when I say Linux distros dont come close, I specifically mean that no Linux distro is designed with as strong of a focus on Desktop security model and isolation-based workflow.
Yes, but Plasma doesnt protect against screen recording. The Devs expressed interest in protecting against arbitrary screen capture, still work in progress. See this issue: https://invent.kde.org/plasma/xdg-desktop-portal-kde/-/issues/7
Flatpak is installed on basically every Linux distribution. Literally all I do to install Steam is go to the Software Center and search “steam” and click install. It takes 2 clicks.
Cinnamon with Wayland is still in testing. X11/X.Org is unmaintained software and is less secure than Wayland. GNOME is the only desktop at the moment that actually protects the screen from arbitrary recording by applications. Just food for thought.
I don’t like Snaps either, but it isn’t a that big of a deal. Ubuntu is still vastly more private than Windows. I do prefer Fedora much more because it actually sandboxes system services with SELinux polices. Snap creates a better sandbox for applications than Flatpak, but it is slower to launch applications, depends on AppArmor (which is less secure than SELinux), and uses hard coded package repo (centralized design).
On Linux, you can install Steam inside a sandbox for better security. Easy to do with either Flatpak or Bubblejail. This makes it so that Steam does not have full file system access.
Disabling unnecessary background services, disabling telemetry, removing preinstalled adware. Easy to do with WinUtil by Chris Titus Tech.
Build it yourself source-driven distros?