Firewall in Endless OS?


#1

What about firewall in Endless OS? Does it exist and if not then how we can get it? One example - gufw (GUI for ufw - uncomplicated firewall) - could be integrated.
Tested 3.3.7 full version and did not find the firewall.


#2

https://support.endlessm.com/hc/en-us/articles/115004169706-Do-I-need-anti-virus-software-on-Endless-OS-What-makes-Endless-OS-more-secure-


#3

Great - thanks for response!


#4

I did not find the firewall in Os Endress, how to install a firewall?


#5

this answer is edited. the following answers resulted from my criticism of the lack of a firewall and other things. i do not want to harm the project but the following answers are helpful for the end-user, so everything should be fine, despite my edit. privacy/security/transparency:


#6

Endless makes money with Endless Solutions, Hack Computer and sells Endless computers.


#7

Hi there,

I’m really sorry that you’ve evidently concluded that Endless is not deserving of your trust, but I feel compelled to respond at least once because there is a great deal of conjecture, accusation and misconceptions in your message.

  1. The reason we have not included a firewall is simply that we don’t perceive it would provide a lot of user value for the engineering time invested. We by default ship almost no “listening” services in the ostree, and it’s not so easy to install any more, so the status quo of having no firewall (only these few, intentionally included, services can be connected to) is similar to having one (we would open those ports where it provides some user function).
  2. To clarify a misconception: If we had included a firewall, but we wanted to collect “evil” telemetry somehow… we could also open those ports in the firewall. A typical desktop firewall policy would permit all outbound connections in any case.
  3. The search on the desktop searches the apps, content and files you have locally, and only sends a search to Google if you select this on the next screen. It is given such prominence on the desktop to encourage the user to search, because in a full installation, when you are offline, this is a great jumping-off point into the content apps we bundle with the OS such as the Encyclopedia.
  4. If Chrome /re/-installs itself, this is a bug. It’s supposed to be automatically installed precisely once on a “free” (eg downloaded, or pre-installed on an OEM machine such as Acer or Asus) system in order to give the user a browser that includes patent-encumbered video decoders such as H.264 and allow Youtube to work. If it wasn’t for this, we would infinitely prefer the user to use “our” browser, Chromium, which we patch to provide a better experience (handling low memory situations, hardware video acceleration, etc).
  5. Most apps can be uninstalled (ie fully deleted, not just removed from the desktop) via the app center, other than those built in to the ostree, which is at the moment very basic apps such as GEdit, Totem, etc. Chromium is delivered in this way because it is not supported to run in a Flatpak, but we would prefer to move even these apps to Flatpak over time.
  6. Endless receives no money for inclusion of any apps within the OS, desktop or app center. Many of the apps you mention (“Facebook app”) are simply web links and were included as a result of user testing indicating that these were the most popular sites that people wished to access if they had access to the internet.
  7. The data that Endless collects (both the mandatory count of users/devices and the optional additional usage metrics) does not contain any user information, demographics or personally identifiable information at all. It is collected and used by us for exactly the stated reason - to understand the usage of the product and enhance it. It is not sold or analysed by us for any advertisement, user profiling or other monetisation purposes, and in practice has no monetary value for this purpose even if we did decide to “turn evil”. We don’t know anything about our users from this data that an advertiser (or a Google or Facebook style “data economy” company) would care about. When we designed the system, we intentionally did not build in any capability for anyone to associate the collected information with any identifiable user. It was built by engineers who care quite a lot about the user’s privacy.
  8. Our selection of ostree as an updater technology was from a time 6-7 years ago when Endless was originally targeting a hybrid phone/desktop system and needed an entirely robust/atomic updater. There is no intention to limit any user flexibility (as you can see by our readiness to explain how to circumvent any restrictions), however we believe that our users are still best served by these robust, reliable and seamless atomic updates and never having to solve conflicts between individual packages in a package manager.
  9. Our investors are predominantly individuals who care about our mission, and place no such “evil” requirements on us. They wish that we will succeed to bring technology, education and opportunity to the world, and do so at scale because we are commercially successful.
  10. We don’t answer all of the forum posts that we’d like to because we don’t have quite enough resources in our customer support / community team. I hope to improve this over time, but we have finite resources and many competing priorities.

Ultimately I would like you to remember our Code of Conduct which includes “Assume other people mean well.” Endless is a team of engineers, designers and product specialists who are trying to create a great computer OS for a very diverse global market. We’re not perfect by any means and might make mistakes, but most people here joined because of our mission. As a group of human beings, I can assure you everyone I have met in my 3+ years working here has shown nothing but good intentions. If we don’t seem to be doing the right thing, we’d rather you asked us about it than presume there is some malicious intent in what we do.

Thanks,
Rob
(Chief of Engineering, Endless Mobile Inc.)


#8

thx for the response. i wrote a very long, balanced answer, gone into every point. but deleted it after one hour and edited my first post. why? I don’t want to harm anybody - despite some considerations. trust is a difficult thing in times like these, especially when it comes to the web. this sentence should be everything that should remain from my - now deleted - contribution. the fact that answers were given led to this action (too). whether i agree or disagree with some points is not important.

i see that now.

finally your last 2 posts are meaningful for the end - user. maybe this should flow into the faq.

however, i respect your pioneering technical work .

all the best,
mart


closed #9