The dual root partitions we described in Deepin 20.5 are gone, but version 23 still sets up a moderately complex partitioning scheme, including an EFI system partition, a 1.5 GB /boot partition, a swap partition, and a 15 GB root partition, and the rest of the disk given to a partition labeled _dde_data. All are in plain old ext4 format, but there's some magic being done with the data partition that we didn't have time to trace. It appears to be mounted at multiple places, including /home, /var, /opt, and a mount point called /persistent beneath them all. We're not sure exactly how it's been done, but the distro has some kind of atomic installation facility with rollback.

Lack of proper documentation by Deepins Devs is enough of a red flag for me to never consider trying it.

Companies get extra data through Firefox

You mean extra data compared to them using any other advertising model, like google advertising? Do you have a source for that?

Because that is what PPA has to be compared to, and not to no ad measurement at all. It‘s meant to be replacing other advertising measurement techniques.

The comparison chart looks like it‘s copied from somewhere, would you mind sharing? I wouldn‘t mind a deeper dive into the topic.

I will say it again: The way i read it, it sounds like the companies will get some general data if their ads work, without a profile about you being created. I am fine with that.

Just imagine what a boon it would be for the “normal“ less tech savvy, if advertisers switched to a more privacy respecting technology like this.

If more privacy focused people don't like it, they can simply disable it by ticking one box, without negative consequences (unlike content blockers and similar techniques where a website can penalize you, turned off PPA is not detectable).

It has no downsides as far as I am concerned. It doesn’t give advertisers additional data that they wouldn’t already be able to get, it just creates the option of measuring their ads in a privacy respecting way.

Does anyone know why they switched to this new packaging format, especially since they, as far as i can tell, were using flatpak before? I cant find any explanation on it in blog posts or release notes. In general i find the information they provide on implementations (atomic updates etc.) rather minimal.

Some SATA and NVMe devices support hardware encryption (TCG OPAL2 standard) and with the latest cryptsetup LUKS devices can be configured to use hardware encryption to encrypt the data either by itself or together with the existing dm-crypt software encryption. Support for this feature was added in the latest cryptsetup upstream release and we’d like to provide an option for users to use this feature when installing Fedora with disk encryption.

As this is an expert option, it will be available only through the kickstart interface. […] There will be two new options to select either hardware encryption only or hardware encryption in combination with software encryption (analogous to the --hw-opal-only and --hw-opal options used when configuring hardware encryption with cryptsetup).

I haven’t looked into the technicals much further than the support page.

The way i read it, it sounds like the companies will get some general data if their ads work without a profile about you being created. I would be fine with that. What I don’t like is the lack of communication to users about it being enabled.

PPA does not involve websites tracking you. Instead, your browser is in control. This means strong privacy safeguards, including the option to not participate.

Privacy-preserving attribution works as follows:

1. Websites that show you ads can ask Firefox to remember these ads. When this happens, Firefox stores an “impression” which contains a little bit of information about the ad, including a destination website.
2. If you visit the destination website and do something that the website considers to be important enough to count (a “conversion”), that website can ask Firefox to generate a report. The destination website specifies what ads it is interested in.
3. Firefox creates a report based on what the website asks, but does not give the result to the website. Instead, Firefox encrypts the report and anonymously submits it using the Distributed Aggregation Protocol (DAP) to an “aggregation service”.
4. Your results are combined with many similar reports by the aggregation service. The destination website periodically receives a summary of the reports. The summary includes noise that provides differential privacy.

This approach has a lot of advantages over legacy attribution methods, which involve many companies learning a lot about what you do online.

PPA does not involve sending information about your browsing activities to anyone. This includes Mozilla and our DAP partner (ISRG). Advertisers only receive aggregate information that answers basic questions about the effectiveness of their advertising.

This all gets very technical, but we have additional reading for anyone interested in the details about how this works, like our announcement from February 2022 and this technical explainer.

It‘s not only about using the tpm to unlock the FDE, you should be able to do that on every distro with systemd-cryptenroll. The part that is new, is the the measuring of the systems integrity. It’s a way to ensure that the firmware has not been tampered with, the boot loader is the one that was installed and has not been replaced, that the kernel is exactly the one that comes from the distribution, that the kernel command line is the one that we expect, and that the initrd that is used does not contain any extra binary that we do not control.

It has been asked on the forum. Idk if they will consider implementing some type of notification for critical issues on the OS itself. Edit: they are working on a solution

If you dont want to miss future announcements:

• With an Account on the forums you can get notifications if you turn them on for the “Announcement“ tag
• You can add https://universal-blue.discourse.group/tag/announcements.rss to your RSS reader

Saying that I dont trust a homophobe is not "sharing my political opinions". The lives of gay people may be affected by politics (just as we all are), but that doesn't mean homophobia (or being against homophobia) is a political opinion.

I couldn’t agree more with you👍🏼

I find it rather repulsive, that people would label “being against gay marriage” as “only holding an opinion”. It makes it seem so harmless. It is depriving people of the same rights that heterosexuals have. And that is why it might matter to people. It’s not just “any” opinion, like a view on how the economy should be regulated, where one could definitely argue about. But a view, which would deprive people of the same rights that others have, is not a valid opinion to have. There is no way that it can be respected. It’s the paradox of tolerance

In a comment further down you write the following: (Edit: the comment has since been removed by a mod)

You have the right to have a liberal opinion so why not let people have their own? It's like discrimination of black people at this point.

Which is quite ironic. You try to defend holding an opinion, which would discriminate against a certain group by not giving them the same rights. You argue that it’s discrimination to not respect their discrimination. In essence you ask the tolerant to respect the views of intolerant.

The setup process isn’t really much different from other distros, quite easy. It’s documented here. If it’s still too intimidating for you, you could always do a test run in a virtual machine first, there is even an image that you can select at the bottom of the download menu on the website for virtual machines.

The nice thing is that, if you have some kind of special hardware (e.g. certain laptops, nvidia gpu…) you only need to select it the downloading menu and then you are all set with the special tweaks that the hardware requires provided by the community.

After the initial installation it’s an even better experience than other distros I have used. It gives you a first time portal, where you can choose additional applications that you would like installed. If you get your application via flatpak then you are all setup. If you need other applications not available in flathub, you will have to do some further reading in the documentation, it’s all explained there.