North Americans Love */Linux ON THE DESKTOP


 
See StatCounter
It was only a few years ago that the sycophants of M$ were trumpeting that */Linux was struggling to reach ~1% share of the desktop anywhere. Many of those were in USA. Well, the chickens have come home to roost in The Year Of The Linux Desktop. */Linux has ~5% share. Are we there yet? Nope. FLOSS is still going places and growing stronger every year. Classical GNU/Linux grew rapidly until mid-year when Android/Unknown and Chrome OS took up slack. It’s all good.

Nostalgia:

  • amicus_curious 2010/09/08: “What you need is some motivation for an OEM to sell new machines with Linux pre-installed at a price lower than that with Windows pre-installed. That isn’t going to ever happen.”
  • Contrarian 2011/07/23: ” Meanwhile uptake of Linux itself is stagnant, remaining below a 1% acceptance rate.
     
    Linux is a perfectly acceptable solution in a lot of cases, but it has no effective means of promotion and so remains just a footnote in the history of desktop computing. When you do see it listed, it is usually referred to as “others”.”
  • Mike Hunt 2011/02/25: “We’ll be back in a couple of years to remind you of this post because Linux will be at the same place it’s been for 15 years: < 1%"

Chuckle. He who laughs last laughs best.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology and tagged , , , , , , , , , . Bookmark the permalink.

43 Responses to North Americans Love */Linux ON THE DESKTOP

  1. Deaf Spy says:

    We know Android/Linux is acceptable to billions. Why would the “unknown” segment suddenly ditch it for something not from the TOOS or Apple? Be reasonable. Think for yourself.

    Aha, wishful thinking.

  2. oiaohm says:

    https://www.techdirt.com/blog/netneutrality/articles/20151001/06351732404/isp-announces-blocking-all-facebook-google-ads-until-companies-pay-troll-toll.shtml

    This is another country where ISP is filtering traffic.

    The result of ISP using deep packed inspection combined with modification is either users disappearing from web stats completely or users appear in webstats as unknowns.

    Over 50 percent of the online population could in the next 10 years find themselves behind ISP deep packet inspection performing modifications.

  3. oiaohm says:

    Robert Pogson interesting enough is warped.

    Why obscure the OS? That may well break some web-applications, something users and servers would notice. Spooks/IT don’t want to be noticed.
    When you are a ISP being noticed is not the largest worry on earth. Result of knocking out OS tag forces websites back to generic mode. Result less data for the proxy server to cache and download so increase cost effectiveness to the ISP.

    Chrome on Linux, OS X, Windows and Android all reporting without OS tag is normally not harmful to web site functionality. Same with Firefox not reporting OS information. Of course reporting with the wrong OS tag could be harmful. Correctly built websites should fall back to a generic mode if they get USERAGENT string with either a OS they don’t know or without a OS.

    Yes this is a serous case removing the OS from USERAGENT string should be harmless. Only defective websites would show a issue due to the alteration.

    Tanzania is not criminal for a ISP to man in middle SSL encrypted traffic. Its also not criminal for them to mask out the OS information from Useragent strings. Tanzania is not the only county where ISP are allowed to-do both.

    What is going on in Tanzania is nothing more than the historic repeating common story greed. ISP reducing bandwidth usage improves their costs and the responsiveness to their clients but in the Tanzania like cases ISPs have trade away a percentage of user privacy and web stat correctness to achieve the performance boost and bandwidth usage savings.

    ISP sell their clients performance not webstat correctness. Of course to be completive its most likely in Tanzania that all ISPs will have to follow suit. Yes this is not the only country going through this process.

  4. oiaohm wrote about “deep packet inspection in Tanzania”.

    I don’t see anyone in Tanzania being interested in changing User_Agent strings. It’s possible but why would they do it? About the only reason I can conceive is to tag packets for special treatment. Why obscure the OS? That may well break some web-applications, something users and servers would notice. Spooks/IT don’t want to be noticed. It could be that the slightest deviation from known User_Agent strings goes to “unknown” at StatCounter but I don’t know any counter that would do that since no one knows every User_Agent installed by everyone on the planet. It’s possibly part of a conspiracy to undercount */Linux, but that’s not working. Is it?

  5. oiaohm says:

    http://www.cyberoam.com/downloads/CaseStudies/TanzaniaElectricSupplyCompanyCaseStudy.pdf

    Robert Pogson the Tanzania Unknown spike aligns with increased usage of deep packet inception cost reduction and the first major increase unknowns lines up with start of deep usage of deep packet inspection in Tanznia. In other words Man in Middle proxies deleting the means to identify OS behind them.
    http://www.legal500.com/c/tanzania/developments/9519

    The isp deployments of deep packet inspection in Tanzania start 2009 using closed source and cheep open source deep packet starts 2014.

    Yes web stats are going to progressively become worthless for many countries. Like in 10 years time it would not be surprising if 100 percent of Tanzania traffic ends up behind interceptions proxies.

    Yes the use HTTPS to be secure is becoming extremely pointless in lots of countries.

  6. Consider Tanzania. In 2008, “unknown” appeared as a tiny share. Android/Linux appeared as a tiny share ON THE DESKTOP in 2011. Android/Linux had days where it was as high as 2% while “unknown” hovered around 0.5%. On February 18, 2014, Android/Linux disappeared while “unknown” came to life, soon reaching 1%. By late 2014, “unknown” was hitting 2%. These days, it’s often over 10%. Now, do you think 10% of Tanzanians tweak their User-Agent strings? Do you think any product available on Earth could take 10% share of Tanzania in weeks? My conclusion is that StatCounter knows something’s out there but they don’t want to call it Android/Linux any longer. Why they put it into “Desktop” is a good question. I think it’s screen size. They know it has a large screen so they know it’s not mobile. They just don’t have a good match for the User-Agent string to any known device. That could well be because it’s some random monitor plugged into a smartphone.

  7. kurkosdr wrote, “You inflated a value in your chart by counting “unknown” into it. It’s on you to prove that this counting has a basis in reality.”

    Assuming StatCounter is doing reasonable things, I’m satisfied “unknown” is mostly */Linux because when they were showing Android/Linux as a desktop OS, “unknown” was small and suddenly became large when Android/Linux dropped over night. What else could it be? We know Android/Linux is acceptable to billions. Why would the “unknown” segment suddenly ditch it for something not from the TOOS or Apple? Be reasonable. Think for yourself.

  8. kurkosdr says:

    Why don’t you ask StatCounter what goes into that bin?

    It’s on you to ask Statcounter what goes into that bin, in order to prove your assertion (in your original post) that somehow “unknown” should be counted into “*/Linux”‘ marketshare.

    To put this in plain English:

    You inflated a value in your chart by counting “unknown” into it. It’s on you to prove that this counting has a basis in reality.

  9. DrLoser wrote, “Isn’t it about time we had one?”

    Why don’t you ask StatCounter what goes into that bin? We don’t run their system. What strings do they match to get “Linux” but not “Unknown”?

  10. oiaohm wrote, “The reality is unknown could be Chrome/Firefox… running user-agent masking. Problem is we know User-agent masking is installed but not how much.”

    Look at today’s post on Dominica. It could be that StatCounter doesn’t recognize the distro… Perhaps all GNU/Linux that’s not Ubuntu drops into the “unknown”.

  11. oiaohm says:

    DrLoser
    http://www.macworld.com/article/2993132/software-productivity/office-2016-for-mac-update-doesnt-include-fix-for-crashes-under-os-x-el-capitan.html
    There are major issues with MS Office on OS X at the moment. Where it completely snaps in two. If you miss install a printer and it becomes a default under Windows 7,8.1 or 10 result is MS Office 2016 word excel and power point does not open.

    Please now you do some research and provide the link to this one on windows is a fairly simple search if you know the right terms to use.

    Explain how “OS X” is somehow equivalent to the Linux Desktop.
    Sorry the issue here is cross platform is required in a Office suite.

    I never said it was. I pointed out a major issue. Now if you are using Libreoffice for stability inside governments.

    https://www.gov.uk/government/news/collabora-deal-will-provide-savings-on-open-source-office-software

    As Oldman said its all about the Applications. The problem is we are getting more and more areas that are dependent on Applications that are not platform locked.

    Not even a fatuous and demonstrably incorrect one.

    Isn’t it about time we had one?
    No its not Drloser. The reality is unknown could be Chrome/Firefox… running user-agent masking. Problem is we know User-agent masking is installed but not how much.

    The reality is all the web stats numbers are suspect. Mobile phone numbers from carriers are better. Stats from places like Munch and so on are solid and dependable on what is operational. Web stats are in my eyes a huge joke.

    http://virtuallyfun.superglobalmegacorp.com/2014/03/11/web-rendering-proxy-update/
    Once you mix in theses beasts it gets worse. Most people are not aware you can mask browser useragent at proxy.

  12. DrLoser says:

    It’s on you to presented examples of */Linux devices which count as unknown.

    A request from Kurks that has, as yet, not been satisfied with any sort of answer whatsoever.

    Not even a fatuous and demonstrably incorrect one.

    Isn’t it about time we had one?

  13. DrLoser says:

    DrLoser you are idiot. The reality here is MS Office 2016 is not acceptable to OS X users. So the most stable current release Office suite for OS X users is Libreoffice.

    Explain, Fifi, please.

    Explain.

    Explain how “OS X” is somehow equivalent to the Linux Desktop.

    Oh, and after that little exercise in futile dishonesty, why not go on to cite a Mac link that makes your spurious claims anything less than totally risible?

  14. ram says:

    In the early days of web browsers, there was a group at the NSA that had their user agent string set to:

    Nutscrape 0.1, CP/M, IMSAI 8080

    Which just goes to show, old computer geeks never die they just GOTO and never
    RETURN.

  15. kurkosdr, pushing the limits of thickness, wrote, “No, if you download the csv it shows “unknown”, not “desktop”. Not in any configuration (show desktop or show all)”

    Here’s a URI which clearly returns “unknown”:
    http://gs.statcounter.com/#DESKTOP-os-VN-daily-20150919-20151018

    I made “desktop” larger so you could see it better. Hope that helps.

    Even the CSV shows,
    Date Unknown
    2015-Sep-19 2.06
    2015-Sep-20 2.25
    2015-Sep-21 2.1
    2015-Sep-22 2.01
    2015-Sep-23 2.13
    2015-Sep-24 2.23
    2015-Sep-25 2.25
    2015-Sep-26 1.85
    2015-Sep-27 2.54
    2015-Sep-28 2.04
    2015-Sep-29 2.11
    2015-Sep-30 2.13
    2015-Oct-01 1.82

  16. oiaohm says:

    kurkosdr it has been confirmed that particular chromebooks have failed to report correct user agent strings so are in unknown. Also some of the browser options under desktop linux don’t use user-strings with Linux in them. These would be minority users. So a percentage of unknown would be Linux but It will be a insanely small percentage. Particular tor browsers strip away OS from the useragent string as well so some of unknown could be windows as well. Unknown is unknown.
    Both Android, ChromeOS and GNU/Linux properly identify themselves.
    This is not always true kurkosdr. Android, Chrome OS and GNU/Linux will all at times be incorrectly reporting.
    https://play.google.com/store/apps/details?id=com.linuxjet.apps.ChromeUA&hl=en
    There is at least 100 000 devices with this installed. This is not the only program of this type on Android.

    The reality that users change there browsers useragent to report Windows to access particular websites means that Windows is over counted. It is insanely rare(to the point of non existant) to find a website where you have to set user-agent to Linux or Android or OS X that it works. User-agent is not a fixed value in a browser but a user configurable value. It why all web stats have to be taking with a super big grain of salt. Now if a web site is reporting 100 percent windows users this might be because everyone is changing their useragent string to Windows because unless you do the site does not work.

    This is the problem I have with stats counter and the like. Yes you can place a counter on your site and stats counter records the data but stats counter and the like does not validate that your site is a good data source by checking how browser compatible your site is.

    Web stats are garbage in resulting in garbage out.

    http://www.pcworld.com/article/2988941/software-productivity/office-2016-for-mac-users-plagued-by-crashes-after-upgrading-to-os-x-el-capitan.html

    The Linux Desktop can just about manage an acceptable browser.

    And that’s basically it. Unless, like me, you are working in a scientific/engineering discipline, in which case things like remote debugging via gdb come into play.
    DrLoser you are idiot. The reality here is MS Office 2016 is not acceptable to OS X users. So the most stable current release Office suite for OS X users is Libreoffice. Linux Desktops would not have made their way into governments and schools and other places without having a fit for purpose Office suite.

  17. kurkosdr says:

    StatCounter shows “unknown” as “desktop”. Get it? Where are all the unknown desktops?

    No, if you download the csv it shows “unknown”, not “desktop”. Not in any configuration (show desktop or show all)
    PROOF:
    https://drive.google.com/open?id=0B1xkSWvhG63eY2J1b1dVR3lWa28
    https://drive.google.com/open?id=0B1xkSWvhG63ecjR3M2hYRHRPZ2c

    (oh look, PlayStation, Blackberry and Nintendo are recognized, but FreeBSD and Solaris is not)

    Anyway, it doesn’t matter. If you had bothered to going to gs.statcounter.com and settings it up correctly like this:

    http://i.imgur.com/SjobyIo.png

    you ‘d end up with a chart like this

    http://i.imgur.com/8Mkv8wT.png

    Which shows a huge marketshare for Android (and hence “*/Linux”, whatever it is) without having to argue about what such an unknown as the “unknown” column means.

  18. kurkosdr wrote, “all the browsing that happens with those devices will count towards “unknown”. GOT IT?”

    StatCounter shows “unknown” as “desktop”. Get it? Where are all the unknown desktops? They aren’t toys. They are productivity centres; don’t you know? 😉

  19. kurkosdr says:

    don’t think it’s very smart browsing with a TV remote but I managed to browse to whatsmyuseragent.com and got “…SMART-TV;X11;Linux i686…”.

    Okay, Samsung probably uses some Tizen-derivative, so it was a mistake to add them to the list. LG SmartTVs identify themselves as Linux/SmartTV, don’t how statcounter recognizes this, probably linux. This is good, because it enforces my point that if it’s “*/Linux” based, it correctly identifies itself as linux, NOT as something else that could count towards “unknown”

    But, how about the PS3 and PS4 and Wii and WiiU? There is no linux in those, so they won’t identify as linux, so they will be identified as”unknown”.

    For example:

    – PS4 identifies itself as “PlayStation 4”. PS3 as “PlayStation 3”. Wii as “Wii” and WiiU as “WiiU”
    https://www.reddit.com/r/PS4/comments/1t6deq/playstation_4_web_browser_useragent_string/
    http://www.useragentstring.com/pages/Playstation%203/
    http://www.useragentstring.com/pages/Wii/
    https://www.nintendo.com/wiiu/built-in-software/browser-specs/

    -Blackberry identifies itself as Blackberry:
    http://www.useragentstring.com/pages/BlackBerry/

    So, all the browsing that happens with those devices will count towards “unknown”. GOT IT? That looks like a lot of browsing to me (if taken as a whole). Much more than those non-existent linux-based devices that supposedly don’t identify themselves as linux, which are apparently so rare (read: non-existent) that you Pog didn’t manage to provide ONE (I repeat ONE) measely example of a device running “*/Linux” which doesn’t identify itself as linux.

    SO, TO CONCLUDE: “unknown” should not be counted towards “*/Linux”.

  20. kurkosdr wrote, “consoles (portable or not) and Smart TVs do”, of “unknown”….

    I happen to have a SAMSUNG Smart TV. I don’t think it’s very smart browsing with a TV remote but I managed to browse to whatsmyuseragent.com and got “…SMART-TV;X11;Linux i686…”. That doesn’t seem unknown to me… and it shows Samsung has invested heavily in */Linux for all kinds of good reasons.

  21. kurkosdr says:

    that changes it’s string to something else = that changes it’s string to something else when running on a desktop, laptop, or TV box

  22. kurkosdr says:

    I don’t think M$ nor Apple would tolerate being unknown.

    But consoles (portable or not) and Smart TVs do. I think you do not understand what “unknown” means. It means the the client is giving a string that statcounter doesn’t know what it is. Each console and non-Android TV SmartTV (aka LG and Samsung smart TVs) identify themselves with their own string, which statcounter classifies as unknown.

    That leaves */Linux.
    I have presented examples of non */Linux devices which count as unknown. It’s on you to presented examples of */Linux devices which count as unknown.

    I suspect “unknown” is an Android device hooked to a large screen or running on a PC.
    And I am sure, instead of suspecting, that Android (pure AOSP or with Google Mobile Services) has NO code in it that changes it’s string to something else. Because, unlike you, I have used Android on a large screen from my ODROID-U3.

    Seriously Pogson, your desire to defend every mistake in your graphs is bordering on insanity.

    Last month, you were arguing for counting Windows versions as a seperate item on the graph each while bundling versions of Android together.
    Now, you argue that all OSes under the “unknown” banner are “*/Linux”, despite the fact I have presented examples of popular devices that are not identified by statcounter and do no run */Linux.

  23. DrLoser says:

    I dislike having to repeat myself, so I shall do so only once on this point:

    Feel free. But the classic Linux Desktop, be it Gnome or KDE, is a separate environment to the *nix alternatives, which are always accessed via the browser.

    The Linux Desktop can just about manage an acceptable browser.

    And that’s basically it. Unless, like me, you are working in a scientific/engineering discipline, in which case things like remote debugging via gdb come into play.

  24. kurkosdr wrote, “Why do you count “unknown” as being “*/linux”?”

    I don’t think M$ nor Apple would tolerate being unknown. That leaves */Linux. Statcounter is classifying as “desktop” and I don’t know how. There are a lot of countries where Android is huge and “unknown” is significant. I suspect “unknown” is an Android device hooked to a large screen or running on a PC.

  25. kurkosdr says:

    Why do you count “unknown” as being “*/linux”? How do you know it’s not consoles (i know friends who do light surfing on their PS3) or LG or Samsung SmartTVs (which do not run Android TV btw, Sony and Sharp TVs do)

    Both Android, ChromeOS and GNU/Linux properly identify themselves. I challenge you to find one GNU/Linux, Chrome OS or Android device which is minimally popular (something like over 5.000 users) and doesn’t identify itself as Android, Chrome or GNU/Linux. If you find one, I will recognize your right to count “unknown” as “*/linux”

    (also, I noticed Statcounter counts win10 among “other”, which resulted in “other” having a >10% share lol)

  26. pogson says:

    oiaohm wrote, “scientific/engineering only arguement falls down when you find schools and different governments around the world using Linux Desktops.”

    I’m writing this from firefox running on The Little Woman’s repaired PC, used as a thin client, with the browser running in HER 5gB RAM over a gigabit/s line. It’s better than local. GNU/Linux is an amazingly flexible OS which doesn’t get in your way at all and allows you to do anything the hardware will allow.

    The Little Woman’s recycled 1TB drive failed so I’m using her machine as a thin client with a local browser and media player. GNU/Linux is a winner. People and organizations not using GNU/Linux are at a severe disadvantage, slaves to M$ IMHO.

  27. oiaohm says:

    scientific/engineering only arguement falls down when you find schools and different governments around the world using Linux Desktops.

    So its not the only penetration area. Linux Desktops have not commonalty been all rounders. Case by case base you may be better off using a Linux Desktop. Problem is with the way Windows 10 is going the result is Windows is not a all rounder either.

    ChromeOS is technically gentoo based and runs a chroot simply.

    Yes it took time http://www.linux-magazine.com/Online/Blogs/Productivity-Sauce/GNURoot-Linux-on-Android-No-Root-Required
    It has along last been worked out how to run normal Linux on Android without having to root it. Yes including X11 applications.

    So android + the majority of debian is possible. Problem here what would a debian/android appear as in browser stats. Linux is a down right hard problem to count. Between running in Virtual machine to running contained to running a full install. Counting is extremely hard.

    Android needs Libreoffice right? Why not just use Debian Libreoffice on Android using GNURoot. This is why there is absolutely no rush for Libreoffice ported native to Android.

    Android and chrome os are being extended by Debian and other Linux Distributions running embedded.

  28. ram says:

    I don’t think my company is all that unusual in frequently using the TorBrowser under Linux. To start with we connect with one of our own VPN proxy servers in a relatively free country. From there we may browse with Tor. If so the Tor exit node can look at non-https traffic but can’t tell who is looking. The VPN has 256 bits of up to date very hard encryption (chacha20-poly1305@openssh.com), the Tor network link contributes another 128 bits (via another encryption algorithm), so corrupt government officials here face trying to crack a frequently changing 384 bit encryption stream.

    But wait! There’s more! Most commercial sites we deal with are https (usually modern, so ecdhe_ecdsa_aes_128_gcm_sha256 is used, older ones tend to use dhe_rsa_aes_256_sha) so the Tor exit node would have that to crack. Non https sites can be proxied again through say https://ixquick-proxy.com which uses ecdhe_ecdsa_aes_128_gcm_sha256. Now the corrupt government officials at this end would have to crack at least 512 bit encrypted streams with rapidly changing keys.

    You ask about speed? The speed is pretty good because along the way we shed all those pesky JavaScript ads, cookies, pop-ups, TraceBook links, yada yada.

    Why do this? We do alot of contract engineering development for clients around the world. We try to make industrial espionage as hard as possible. So we don’t want (often state supported enterprises) seeing which suppliers we are thinking about using, which parts we are considering, which markets we are researching.

    I am confident most private enterprise companies take similar measures. The ones that don’t, don’t stay in business long. The ones I’ve dealt with overwhelmingly use Linux although some flavors of BSD are also used (and sometimes those stripped down military Unix flavors such as HP-UX and AIX)

    Microsoft products are strictly consumer “toy-town”.

  29. DrLoser says:

    Chuckle. He who laughs last laughs best.

    I don’t wish to alarm you, Robert, but on your own link, the Linux Desktop started at 1.88%, peaked at 3.03%, and is now down to an averaged weekly mean of 1.7%.

    Now, this admittedly beats the forecast of Mike Hunt, four years ago, but not in any startling way.

    Want to add in ChromeOS? (Proprietary.) Or Other? (Guesswork. Presumably mobile phones or tablets.)

    Feel free. But the classic Linux Desktop, be it Gnome or KDE, is a separate environment to the *nix alternatives, which are always accessed via the browser.

    The Linux Desktop doesn’t really exist outside the domain of scientific/engineering client-server installations. Which, not by any sort of coincidence at all, is when I use it.

    At a domestic level, it has no penetration whatsoever, allowing for the occasional old fart in Manitoba.

  30. dougman says:

    You still did not explain “unlicensed kalashnikovs”.

  31. kurkosdr says:

    Sure. e.g. VW, M$ and a host of other corporations are known to do dirty tricks including spying. They are in it for the money and they get away with it largely because they are so big/remote/hidden.

    Let’s assume they do (although you haven’t answered what they are going to do with your continuously changing dynamic IP address, assuming of course you opt out of cookies and don’t register because you are truly privacy minded and not a show-off who uses Tor to look l33t) . But let’s assume those big companies do.

    They still won’t use any of your data to impersonate you to take your money or do forged requests to services for you by mining as much info they can from your unencrypted transfers and/or altering them, and won’t use your data to spear-fish your cousin.

    That anonymous dude however running the exit node… hmm…

    Yuri Orlov has to take that risk to avoid an even bigger risk (getting caught by the FBI and ending up in a prison getting butt-banged by BigBoy Joe). What greater risk you, who doesn’t traffic child-porn/unlicensed-kalashnikovs/drugs/leaked-gov-secrets are afraid and have to use Tor?

    VW and MS logging your dynamic IP? That’s the greater risk you are trying to avoid?

  32. kurkosdr wrote, “visiting a non-https site you trust is the same as having your data hop through the computers of completely random basement dwellers who have no accountability whatsoever?”

    Sure. e.g. VW, M$ and a host of other corporations are known to do dirty tricks including spying. They are in it for the money and they get away with it largely because they are so big/remote/hidden.

  33. kurkosdr says:

    and cares about your dynamic IP = and nobody cares about your dynamic IP

  34. kurkosdr says:

    unlicensed kalashnikovs

    When people say “Kalashnikov” with no model number, they usually mean an AK-47.

    See this movie for more info.

    The protagonist of the movie (and the real-life counterparts) need Tor. You don’t. Nobody follows you when you walk the street, nobody bugs your room, and cares about your dynamic IP, and you can decline cookies and the ability to register on a site every time you want.

    Sure, dynamic IPs can be converted to real names (the name of the person paying the ISP bill) but only if you have done something illegal. If you haven’t done so, nobody cares about your Dynamic IP because they can’t do anything really usefull with it.

    But I am sure that suffering the performance issues and worrying about anything you send unencrypted may fall into the wrong hands or be altered is totally worth it to justify the tin-foil hat paranoia.

  35. kurkosdr says:

    Of course, the same could be said of any server to which one browses…

    So, visiting a non-https site you trust is the same as having your data hop through the computers of completely random basement dwellers who have no accountability whatsoever?

  36. ram wrote, “many Linux users use Tor and Tor Browser”.

    That may be one of many problems with web-stats. Tor may be useful, like GNU/Linux but few people actually use tor. I have it installed but rarely use it.

  37. kurkosdr wrote, “If you use Tor, and are not trafficking child-porn/unlicensed kalashnikovs/drugs/leaked government secrets, you are an idiot.

    Any un-encrypted traffic passing through a Tor exit node is vulnerable to being changed and/or intercepted by a malicious Tor exit node.”

    Of course, the same could be said of any server to which one browses… So, no, one is not an idiot for using tor, unless one uses it unwisely. There are many reasons to use tor, like simply hiding one’s location from a site that wants to bar users from some region. A proxy server will do but tor will too.

    Don’t blame tor or GNU/Linux for problems of That Other OS, like most of the malware on Earth.

  38. dougman says:

    Please explain “unlicensed kalashnikovs”

  39. oiaohm says:

    http://krebsonsecurity.com/2014/10/signed-malware-is-expensive-oops-for-hp/
    This is a good read.
    http://www.pcworld.com/article/251925/digitally_signed_malware_is_increasingly_prevalent_researchers_say.html
    Note the key point about windows failing to check the “certificate revocation lists “(CRL) This still applies to Windows 10 by the way and was known 2012 and before.

    Even if you only run signed/verified executables
    Does not get you very far under windows because you system unless you are careful Windows will accept invalid acceptable signature lists. So application that should be reported as bad get reported as perfectly fine.

    Windows is getting infected badly because it verification system is broken.

    http://www.hstoday.us/columns/critical-issues-in-national-cybersecurity/blog/what-is-the-most-secure-web-browser/3a0af7b24e5eae97667df104b3edc007.html
    On the point of web browsers anyone read up on Homeland security recommendations know that there recommendation is that web browser runs in a virtual machine that rolls back after usage.

    So the OS of the browser might have absolutely nothing todo with the the OS the user runs their desktop with.

  40. kurkosdr says:

    If you use Tor, and are not trafficking child-porn/unlicensed kalashnikovs/drugs/leaked government secrets, you are an idiot. Because of problems like this and this

    Any un-encrypted traffic passing through a Tor exit node is vulnerable to being changed and/or intercepted by a malicious Tor exit node. Even if you only run signed/verified executables, how do you know a malicious Tor node isn’t changing or sniffing something else?

    And no, not every site is willing to switch to https (bummer). Maybe we should have a proxy after the Tor network, and send our stuff to the proxy encrypted via https, which can then be decrypted for the other site. Oops! Now that proxy knows who I am and can change or sniff my stuff.

    But hey, those evil ISPs and governments are already over you, so why not allow some basement dwellers operating Tor exit nodes enter the party too? Being anonymous to some sites who couldn’t care less about your dymamic IP (accepting cookies and registering is optional) is totally worth it!

    One reason, among others, is that many Linux users use Tor and Tor Browser (it is trivial to install and maintain on Linux).
    [citation needed]

    Not every Desktop Linux user is a tinfoil-wearer constantly looking over his/her back in order to surf with Tor in order to deal with the security and data sniffing risks (see above) or speed reduction.

  41. ram says:

    Statcounter underestimates Linux usage. One reason, among others, is that many Linux users use Tor and Tor Browser (it is trivial to install and maintain on Linux). It does, however, identify itself as a Firefox on Microsoft 7. The same problem exists for Android tablet users of Tor Browser, they look like a Microsoft desktop. Quite frankly Statcounter has no idea what people are using.

  42. YY compared the loss of freedom to M$ with the evils of smoking, “the smokers are tolerated only on the outside”.

    My father smoked and it killed him. I’ve been known to cross a street to avoid being in proximity with smokers. I can smell them ~100m away downwind. I don’t know how it happened but one of my children smokes. Horror knows no limits.

  43. YY says:

    Windows usage is undergoing the same transformation as smoking.

    Like in the ’50s, everybody did it and no harm was recognized.
    Now we see the damage and the smokers are tolerated only on the outside.

    Now we see the damage, and (M$) usage is only tolerated for the addicted, frightened and confused.

    Most people already know they’ll move on to better alternatives, they just wait for an opportunity. And we give it to them happily 😀

Leave a Reply