Fair points. Admittedly I use a tiling window manager so I never see most of these problems.

My basic concern is with fragmentation. IMO many techies just don’t grasp how forbidding Linux is to normal people. Or the importance of reputation in people’s choice to take the leap. It’s all but priceless. Ubuntu-bashing has always struck me as a case of an elite group that prefers to split hairs rather than to take the win of getting extra users of FOSS. Idealism vs pragmatism, basically.

Anyway, I’m repeating myself. If you think that normies have heard of Mint already and that it won’t go away next year, then fine. The important thing is to get them to take the leap. They can always change distro later, the second time is much less forbidding.

In my opinion Ubuntu-bashing is unjustified and counterproductive.

Unjustified because Ubuntu is great! I say that having used it exclusively for years without a problem. That has to be worth something. Yes, there’s the Snap issue, and occasional shenanigans from Canonical, but so far these problems are not existential. For context I’ve been on Linux for 2 decades (also Debian) but I am not a typical techie (history major). Ubuntu just works.

Counterproductive because Linux needs a flagship distro for beginners. Just the word Linux is daunting to most normies! We absolutely need a beginner distro with name recognition. Well, this may hurt to hear but Ubuntu is basically the only candidate. Name recognition does not come cheap. At this point it is decades of work and we should not be squandering it.

That’s why I wrote typical. The question was from a beginner, not a networking expert.

Just to clarify this comment for other “total newbies”: yes, the UFW default config is fine and “you don’t need to mess with it”.

But by default UFW itself is not even enabled on any desktop OS. And you also don’t need to mess with that. It’s because the firewall is on the router.

OP said clearly that this “is just my personal computer” and here we all are spreading unintentional FUD about firewall configs as if it’s for a public-facing server.

This pisses me off a bit because I remember having exactly the same anxiety as OP, to the point of thinking Linux must be incredibly insecure - how does this firewall work? dammit it’s not even turned on!! And then I learned a bit more about networking.

This discussion should have begun with the basics, not the minutiae.

Well, screwed I will be, then. I’m not going to waste my life babysitting a bespoke firewall on my Ubuntu Desktop.

And it seems like a bad idea to be telling beginners on Ubuntu or Mint whatever that their “security philosophy is flawed” and they must imperatively run these 10 lines of mysterious code or else bad things will happen.

This whole discussion looks like a misunderstanding. OP is not a sysadmin on public-facing server. They are a beginner on a laptop at home.

You don’t need a firewall on a typical desktop computer. You only need them on routers and servers.

That is because your personal computer is not actually on the internet. It is on a local network (LAN) and it talks only to your router. The router is the computer connected to the internet, and it has a firewall.

The question highlights a classic misunderstanding about networking that IMO should be better addressed. I was like OP once, and panicking about this pointlessly.

BRB.

sudo apt purge cups

Done. This should not even be part of baseline Ubuntu desktop. Speaking for myself but I have not had a printer for about 15 years. The paperless office really did become reality.

It also has YAST which is the best GUI based managment system on Linux

Semi-offtopic. Suse was my first distro 20 years ago and in those few months I had such a nightmarish experience with dependency hell in YAST and Yum, and such a contrastingly good experience with APT after I finally moved to Debian, that I have only ever used Debian and Ubuntu since then and I am still traumatized by the mere sight of the name YAST.

Silly but alas true! Of course I didn’t understand anything back then and I’m sure YAST is much better these days.

Not exactly what you’re looking for but Waydroid on Ubuntu, for example, is pretty easy get up and running. I tried it and it works. In full-screen mode you really are sitting inside a landscape-format Android installation. Pretty weird.

That’s why I emphasized the word “server”

E2EE with a server web interface is a technical impossibility. The ends are the clients. By definition the server is only there to pass encrypted data from client to client. Presumably you can make this work with a web client using the browser’s local storage, but at that point you’re not actually looking at a web site and you might as well just use the official app. This is one reason why Telegram doesn’t do encryption by default: group chats are particularly hard to do with EE2E.

Decent counter-example. In turn I’d say that’s an edge case where we could still survive just fine without knowing the relevant fact for sure. And certainly not worth the cost in privacy terms of recording and storing everything.

Completely agree! The ephemerality of Signal is a feature, not a bug.

I didn’t always see it this way, but then a thought occurred to me. None of the conversations we have in person are recorded. Those communications are just as meaningful if not more so than text conversations, and yet somehow we get by just fine without them being stored indefinitely on some personal device, let alone in someone else’s datacenter.

This is a case of technology controlling us when we should be controlling it.

Who do you talk to on it?

All completely irrelevant to most people. Nobody they know is on those platforms.

There are only two alternatives to the Big Tech messengers that are anywhere near critical mass: Signal and the shady one we’re talking about here.

Though I would love Matrix to go mainstream.

Disappointing that the top comment is this dismissive take (whether or not it’s factually true).

If the best response we can muster is cynicism, we’ll get what we deserve.

Intriguing speculation. First Github, then Ubuntu.

Yes it looks a bit like the Twitter-Mastodon paradigm. Nobody uses it because nobody uses it. And also because changing is hard. And also because the installation and UX is bad. Which is partly because not enough people are using it.

Yes, compromising the key exchange would be one attack. But that’s not technically breaking the encryption, that’s just stealing the key. To do that, you need control of the client - which is a thousand times easier when it’s impossible to check the source code of the software it’s running. Otherwise, your only option is to break the encryption (i.e. discover the key) and that is gonna be very hard indeed because, unlike logins that humans use, the “password” is always completely random and very strong.

Telegram has open source client software, but it uses its own in-house encryption algorithm, which is not an industry standard. Some people think it might therefore be easier to compromise. But in any case, as you say, Telegram doesn’t even have encryption enabled by default.

The better reason not to use Telegram is because it’s a shady company with no obvious business model and therefore has an incentive to do bad things.

The message is encrypted using a key. The key exchange was done over a direct secure channel to the other client, in much the same way as you connect to your bank’s website using HTTPS. The server therefore does not have the key and can only see encrypted text.

Assuming the client software has not been compromised at either end, then the server will never see anything other than garbled ciphertext.

BTW, this is also the case with Whatsapp, for example. But the problem with Whatsapp is that the client software is closed source. So you have to trust them not to, for example, surreptitiously phone home with a separate copy of your message. Very unlikely but you have no way to check when the client software is a black box.

But what’s running on the server is not the issue in either case.