this post was submitted on 24 Jul 2024
15 points (85.7% liked)
Linux Gaming
15849 readers
25 users here now
Gaming on the GNU/Linux operating system.
Recommended news sources:
Related chat:
Related Communities:
Please be nice to other members. Anyone not being nice will be banned. Keep it fun, respectful and just be awesome to each other.
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Again, if you have malicious code running on your computer it can do lots of things. It can access your files, the network etc. You have to keep an eye on security vulnerabilities all the time anyway, which thanks to FOSS is easier. You're pigeonholing on keylogging but there are lots of ways that malicious code can hurt.
Windows has chosen to go the route of allowing malware in and dealing with the fallout later. It didn't work out so great. UNIX and Linux have been on the side of not allowing malware in at all if possible.
If you want to use a system that restricts access to all apps to all resources all the time you can, but I think you'll find it very limiting and inconvenient. But it would be your choice.
In the meantime, if my choice is to disregard the purely hypothetical threat of keylogging, I should be able to do that, especially since breaking inter-window communication also breaks all desktop automation.
And that's why I don't use Wayland: it broken desktop automation and it won't give us a choice in the matter, for the sake of one, randomly selected, purported security issue.
Security is preemptive. Keylogging is not a hypothetical, it just hasn't happened to you. Neither is it random, desktop linux is differentiated from linux server by its GUI. It is much harder to make linux desktop secure. I see threat as one of many in a long list of the weaknesses present in desktop linux.
I am not trying to say you shouldn't have the choice to use X11, my original comment was about how Linux Mint doesn't offer the choice of a DE that supports Wayland.
Similarly, a flower pot falling on your head is not a hypothetical, it just hasn't happened to you.
But does it mean you should wear a helmet every time you go outside?
To begin with, the probability of keylogging being used in an attack against you is abysmal. Not because it can't be done, but because it's a complicated, inefficient attack, and if the attacker can run code on your machine there are much better ones.
Secondly, keylogging is still possible on Wayland, if the malicious code can attach to the relevant processes. Such as a vulnerability in your browser, which also happens to be a place where you type passwords and CC numbers a lot.
Third, as Wayland evolves it will have to develop better IPC features. You can't have a functional desktop with zero communication. And we'll be back to square one.
Fourth, desktop communication is not even that sensitive. 99% of it is stuff like "window id 0x09123 was maximized".
Last but not least, if keylogging were a real issue, don't you think it would have been addressed in the 40 years that X11 and Xorg have been around? It's fascinating how some people think that Wayland was the first to discover this previously completely unknown threat that threatens to doom us all.