I would let anyone, even a total stranger, use my Chromebook in guest mode without a second thought (as long as I am reasonably sure they won’t steal it, break it, or disassemble it).
Exactly. I would never let my (non-tech savvy) grandparents near a Linux machine without supervision, but I wouldn't hesitate to let them near a Chromebook in guest mode.
Linux is quite secure in the hands of an experienced user. ChromeOS is secure in the hands of anyone who's not state sponsored attacker-adjacent.
The permission model is such that the most damage they should be able to do, is to an account you've provided to them
Or are we assuming they get sudo and unlimited time, like the typewriter thing?
I'd be more worried handing it over to a experienced person who's familiar with rd.break, assuming the filesystem isn't encrypted
I specifically give family members Linux so I don't have to go clean hundreds of toolbars and the like, as I've had to with their Windows boxen
Security does not only mean security of your own data stored on the device. A device made by Google will never be secure.
[1] https://www.politico.com/news/2022/07/18/google-data-states-...
I don't doubt the features are there, I'm genuinely curious what they are.
- All user data is encrypted at the login level. A guest user cannot access any other users’ data. Whereas in Ubuntu, for example, home directories have 755 permissions.
- The Linux userspace in ChromeOS is actually running on KVM, so ChromeOS itself is insulated from user-installed malware.
- Verified boot is huge. It is theoretically impossible for a modification to system-level software to survive a reboot. An attacker would have to modify the hardware too. And even if someone stole your Chromebook and modified the hardware to run malware, your data is still encrypted.
If you are interested, a more thorough explanation can be found here: https://chromium.googlesource.com/chromiumos/docs/+/HEAD/sec...
But! It's your fault! They shouldn't be able to sudo!
But that's the point. If they couldn't sudo, they could do something else as disastrous. It is difficult to secure a Linux system if the user is allowed to log in. If I needed to give someone access, I just would give him a freshly installed Linux virtual system, and if he deleted something important, it's his problem, not mine.
If you spend some time configuring the OS, Linux is actually much easier and safe to use than Windows for a series of often overlooked reasons:
1- Application installation and removal is centralized: you fire up the distribution package manager and can install almost all software, including lots of 3rd party, using the same interface; no need to wander around the net with the risk of landing on a malicious page disguised as a download site.
2- Drivers are built at kernel level and nearly all of them are already included: if you buy a new device, chances are that besides not having to insert any drivers CD, they are already included in the distribution.
3- Hardware support doesn't come with added bloatware: say, you connect the new printer and can safely ignore the accompanying CD or their manufacturer's site downloads, which usually will attempt to make you download crippled version of commercial products and other junk along the drivers. Under Linux you use the supplied applications with all hardware of that class.
etc.
Some 20 years ago I was working at a company operating in the sports betting field; we had abut 50 points of sale deployed all over the country and my assignment was to find a way to allow each remote point of sale to work in the safest possible way, no distractions and including remote support on demand. All of this of course in the cheapest possible way. The best thing about working in a small company is that sometimes you can earn the freedom of choosing the rope to hang yourself with: I'm not interested in the betting world, but that problem was intriguing, and I had carte blanche. The solution I came up with after some fiddling was a RedHat distro plus WindowMaker "desktop" with a restricted launcher whose dockapps allowed the operator to check/write emails, file for a remote support connection, open StarOffice and a couple other things I don't recall. The system was essentially in kiosk mode, with the browser set so that it would open fullscreen to operate only on the company webpage. I had to write the scripts to file for remote support since all the points of sale had dynamic IPs which could change by the time we could reach them, therefore the connection had to be the other way around. I solved this by using a remote "pinger" written in Ruby that would periodically send some data about the remote station, so we immediately had the who+where data pair, and a receiving Ruby application on our side would populate a GTK list (I used Glade and Anjuta iirc) with the stations that asked for intervention. As soon as a local operator clicked on one element, a reverse ssh tunnel was opened and we had the remote shell ready. To my memory that contraption never failed; with very slow connections (~2002, so 1 Mbit down/ 128Kbit up when we were lucky) luxuries such as VNC were out of question. 50 points of sales could be easily managed by a single operator.
Of course I'm not suggesting to turn every Linux PC in a tight closed terminal that does 3 things only. My point is that you can effectively turn a Linux desktop into something that non tech people can work without troubles, but that doesn't come out of the box, as it doesn't with Windows: you can have everything from a dumbed down terminal that couldn't be crashed by a colony of cats walking on the keyboard for a week, to something so advanced and full of knobs that you can literally do everything, including shooting yourself in the foot. Some work is needed though.
(Having said that, I still haven't been able to completely wean myself off Google services, so Google already has plenty of data on me, and gathers more every day.)
