The Nix daemon itself still uses root at build/install time for now. NixOS doesn't have any built-in sandboxing for running applications à la Docker, though it does have AppArmor support. But then, NixOS doesn't generally have applications run as root (containerized or otherwise), unlike Docker.
purelynonfunctional
joined 11 months ago
The fact of running an OS and other software that spies on you is proof against being 'privacy focused'. And many cybersecurity professionals use Windows at home, have dozens of devices with always-on microphones all throughout their house, use a host of cloud-based home automation, etc. It's just not true that working in cybersecurity means you do much to preserve your privacy.
And in practice today, privacy and security are in tension when it comes to desktop OS choice. macOS has a more destructive security model than most Linux distros, better suited to running proprietary software from untrusted sources. But compared to *BSD along with many Linux distros, macOS is also absolutely teeming with telemetry and cloud-centric functionality. In a word, macOS is more secure but less private. That many cybersecurity professionals would take that tradeoffs doesn't at all show that macOS has better privacy than Linux.