tutorial for the use of flatpak
A tutorial on how to use flatpak to install and run applications, and how to store them even on a second USB.
- many more apps that are currently unavailable to tails user become available (signal, wire, briar, onionshare 2.0…)
- apps become portable and can then be easily shared with others, even offline
Some of this got already written in this blogpost:
#1 Updated by intrigeri 2020-04-02 08:01:31
While researching the Flatpak-in-Tails topic, I’ve identified a bunch of problems that IMO such a tutorial should take into account.
It would make me sad if the person who wrote this tutorial rediscovered them on their own.
I lack time to document these problems right now. If someone ever wants to work on this issue, please ask me and I’ll do my best to share info in a timely manner.
#2 Updated by cypherpunks 2020-04-04 16:43:38
Flatpak’s sandboxing is extremely flawed. It fully trusts the applications and allows them to define their own policy. Its security is optional and apps can just choose not to use the sandbox.
Flatpak’s permissions are also far too vague to be meaningful. For example, many apps come with “filesystem=home” which is read-write access to the entire home directory, giving the app access to all your personal files and allowing trivial sandbox escapes via writing to files such as .bashrc.