REBUTTAL
xonus I mean, does the system contain backdoors?
I gotta hand it to ya. I try to think of there being no such thing as a stupid question, but this is pretty high up there. You're asking on the Solus-operated forums if Solus has backdoors. That's like walking into the FBI and demanding to know whether or not you are under surveillance. I can say "of course not", but that's literally meaningless. No one in their right mind would take me or anyone else here at their word for that. These things always require independent investigation by qualified third-parties.
For anyone willing to take me at my word, of course the answer is "no". Something like this would be found out very quickly by anyone watching packet traffic between a device running Solus and the rest of the network. Introducing it would be suicide for a distro and I personally feel that just the act of asking such a question is a huge insult.
xonus How will the people who created it respond to a request from the intelligence services?
It's not a matter of who created it so much as a matter of the people currently involved in running it. Solus is not a legal entity on its own and as such its operation requires that its operators adhere to all applicable laws. In the entire time the project has been operating, we have never been issued such a request, but that doesn't change the fact that we would have to comply if legally required to.
xonus Don't get me wrong, I am not a criminal, I am engaged exclusively in informational activities, testing different distributions from time to time. And for me as a connoisseur of privacy would be interested in these questions.
Then I suggest you learn a bit more about security, especially as it pertains to computer systems. We could have the most secure OS on the planet and all it takes is a user doing something stupid to compromise all of that. There is no substitute for user education when it comes to both security and privacy.
REAL TALK
As for anyone actually looking for a serious answer that you are welcome to independently verify:
Solus is about as secure as most other distributions. If you feel the need to harden your system to a greater degree, you already know how to do so and are more than capable.
With regards to privacy, we do not collect telemetry data (not even automated bug reports!). If you run a wireshark of your system you'll see that your system will:
- Periodically check for package updates, which requires talking to one of our servers and can be disabled.
- Periodically try to fetch
https://getsol.us/sources/hotspot.txt
as part of Network Manager's Captive Portal detection. This file was specifically chosen not as a means of collecting telemetry, but in order to request a file from servers that we control (rather than someone else's) to protect your privacy. You are welcome to disable this check or change the URL to something else.