GrapheneOS Attacks Kicksecure! What should the response be?

I do not know what the correct forum category is to post this. I presume that this category is okay? Please move the topic if there is a better forum category for it.

https://xcancel.com/GrapheneOS/status/1861465637886754839#m

Kicksecure is awful. Has a horrible choice of base OS for security and they don’t do valuable work to improve it. They sabotaged security efforts and are spreading misinformation about allocator hardening and other topics they don’t understand.

Secureblue is doing useful work.

The concept used by Whonix for forcing traffic through Tor makes sense but the OS has awful security, just like the Tor Browser itself having awful security. Someone making an equivalent out of Fedora Silverblue or Arch would obsolete it.

Kicksecure/Whonix doesn’t do any significant hardening and the efforts to do that were stalled and then rolled back when the person responsible for most of it left the project. It has some minor anonymity changes easily done elsewhere. Encrypted swap is widely used elsewhere.

Presumably, you all disagree with Daniel Micay / GrapheneOS. What is the rebuttal here?

Thank you for your responses.

Use an exclamation mark as if this is a big deal? So you just made a new account here to start a mud fight?

@Patrick: Don’t waste your time with Daniel Micay. He’s got some issues. Starting fights with everyone as reported numerous times.

Next level trolling.

As far as I can tell, this has no bearing on Kicksecure whatsoever.

External community drama is not a distro problem, it’s that simple. People are entitled to their own opinions about software applications, and are welcome to share those opinions with others. I do it, my friends do it, you’ve probably done it, and I have no issue with someone at GrapheneOS doing it too. (I say “someone” because I don’t know who has control over the official GrapheneOS Twitter account.)

1 Like

Kicksecure is awful. Has a horrible choice of base OS for security and they don’t do valuable work to improve it.

Who is they?

You mean not very many people are contributing enough or working on Kicksecure is what that translates to?
The claim that Kicksecure “doesn’t do valuable work to improve it” overlooks the contributions made by the project in terms of privacy and security enhancements. Kicksecure integrates various security features and tools that are designed to protect user anonymity and data, which can be valuable in the context of its intended use.

They sabotaged security efforts and are spreading misinformation about allocator hardening and other topics they don’t understand.

The understanding I have is it breaking Xorg and both Whonix/Kicksecure use Xfce. Again who is they who is sabotaging security efforts, do they mean more like little to no people working on it compared to GrapheneOS?

Secureblue is doing useful work.

Ok, some of those things look like they could be ported or looked at on Kicksecure/Whonix but take in mind this Secureblue is a Fedora project.

Kicksecure strives to be hardened Debian or rather what Debian out of the box should be. If you have ever manually hardened your Debian installs you understand how valuable Kicksecure or rather the repository is.

Someone making an equivalent out of Fedora Silverblue or Arch would obsolete it.

Again the focus on the base system is Debian.
This is not a Fedora based distro or Arch.

Silverblue uses two things for containerization Podman and Flatpak, but primarily uses Podman for containerization. Podman may be something for Kicksecure/Whonix to look into, but in regards to Flatpak I’m someone who will always avoid it because I think Flatpak is utter trash.

Silverblue and Android both use SELinux. SELinux is more complex then AppArmor but might be better but requires lots of configuration and policy management. Take in mind another Privacy/Security distro Tails doesn’t use SELinux but rather AppArmor instead.

Also as stated by Daniel Micay:

AppArmor is extremely limited in what it can do compared to SELinux. Ubuntu integrated of App Armor and the Fedora and RHEL integration of SELinux barely does anything though. That’s not particularly serious SELinux integration and barely does anything for a desktop setup at all.

Well I will say this Daniel Micay always has always acted like everyone is out to get him.
Unlike Daniel Micay, the main dev that maintains Whonix/Kicksecure @Patrick is the one holding up the project isn’t attacking others and acting like everyone is out to get them.
It’s important to recognize the challenges that come with being the primary maintainer of a project. Burnout can be a real issue for those who are responsible for testing and developing software, and this can impact the pace of progress. Patrick’s ability to navigate these challenges while fostering a positive environment speaks to his character and dedication to the project. I have never felt anything other then a toxic or rather elitist feeling then when I have talked to those in the GrapheneOS space, I don’t feel that reflects their developers, but rather their community. I don’t get that feeling in the Kicksecure/Whonix community.

The only thing I guess I could agree with him on is his/her’s tweet is mention of Wayland and I think a top priority of Kicksecure/Whonix would be swiching to Wayland and a different Desktop Environment instead of Xfce. As it currently stands Xfce doesn’t have Wayland support. I don’t know how Hardened Malloc works with Wayland but once the switch then it could be ported. Whonix workstation and Kicksecure could be better but this involves research/testing and you know like more people contributing, which Daniel fails to mention.

A post was split to a new topic: How does Kicksecure compare to Silverblue?

I am not sure the author of that tweet is seeking a productive conversation. This is what I get from the [Whonix X account](x.com account):

Why can’t you reply to this?

This author has blocked you, so you can’t perform this action

Got it

Generally, I am also not sure Twitter / X is a suitable place for a productive conversation.

If I had to guess, I would say that this is in retaliation for:

That tweet might have been in context of Choosing Your Desktop Linux Distribution | PrivSec - A practical approach to Privacy and Security because another commenter has posted it in that thread (https://xcancel.com/iAnonymous3000/status/1861464122405110098#m) and then the author referring to “encrypted swap”.

Kicksecure/Whonix doesn’t do any significant hardening

I can imagine how one could come to such a mistaken conclusion, if not having reviewed:

They sabotaged security efforts

They’re entitled to their opinion but I would suggest when critizing others, making grandiose accusations, it should always be backed up with actual evidence.

Better:

They sabotaged security efforts [1]

[1] exact link/reference + exact quotation

Otherwise, one first need to ask for clarification what this is even about.

and the efforts to do that were stalled and then rolled back when the person responsible for most of it left the project.

If this is about madaidan · GitHub, then it can be seen that madaidan’s github activity completely ceased in 2022, not only related to Kicksecure/Whonix.

Related: Is this project still maintained? · Issue #77 · madaidans-insecurities/madaidans-insecurities.github.io · GitHub

So this can hardly be blamed on Kicksecure/Whonix.

And I am glad to see, that secureblue was inspired by Kicksecure, forked some of Kicksecure’s configuration files. For example, documented here, quote Comparison of secureblue with Kicksecure and Development Notes

secureblue /etc/sysctl.d/hardening.conf file as of commit a6b58f042b0e9e9036a6d68a5b202eed96a1a892archive.org was inspired by, more or less copied and pasted from Kicksecure as can be seen from the following comment found in that file.

## Prevent kernel info leaks in console during boot. ## https://phabricator.whonix.org/T950 kernel.printk = 3 3 3 3

Can be discussed here:

So I hope this would extend to, “Kicksecure is doing useful work”.

Don’t forget, GrapheneOS/Micay is attacking any privacy project considered competition. These projecs are competing for attention and donations. It’s as if you’re expecting Burger King to say good things about McDonalds.

Cooperation would be preferable over drama. This rivalry is unfortunate and ridiculous. The real competion is Microsoft, who will be happy about any Linux distribution infighting.