Update the Desktop Environment section of Choosing Linux Distros

content/posts/linux/Choosing Your Desktop Linux Distribution/index.md

@@ -41,7 +41,11 @@ If you want to use one of these distributions for reasons other than ideology, y
 
 ## Desktop Environments
 
-Consider using GNOME as your desktop environment. It supports [Wayland](https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)), a display protocol developed with security [in mind](https://lwn.net/Articles/589147), and implements permission control for privileged Wayland protocols like `screencopy`. There are other desktop environments and window managers with Wayland support, but we are not aware of any permission control implemented by them. One caveat with GNOME is that it is written in unsafe languages, but we think the trade off for permission control is well worth it.
+This section is a relative recommendation between desktop environments. This should not be misconstrued as saying that any one solves any of the fundamental issues with desktop Linux security. 
+
+[Consider using GNOME (or Sway)](https://secureblue.dev/images#security-recommendation) as your desktop environment. GNOME provides weak [thumbnailer sandboxing](https://gitlab.gnome.org/GNOME/gnome-desktop/-/issues/213) in Gnome Files, and Thunar/Tumblerd on secureblue Sway images provide weak [thumbnailer sandboxing](https://gitlab.gnome.org/GNOME/glycin/-/blob/main/glycin/src/sandbox.rs#L32) via Glycin. These are both efforts to mitigate [attacks via thumbnailers](https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-compromising-linux-desktop.html). COSMIC [is planning](https://github.com/pop-os/cosmic-files/issues/1189#event-20127287968) to add thumbnailer sandboxing for the release of Epoch 2. It's not known whether KDE plans to add this to Dolphin.
+
+GNOME, KDE Plasma, Sway, and COSMIC secure privileged Wayland protocols like screencopy. This means that on environments outside of GNOME, KDE Plasma, Sway, and COSMIC, applications can access screen content of the entire desktop. This implicitly includes the content of other applications.
 
 Wayland's predecessor, [X11](https://en.wikipedia.org/wiki/X_Window_System), does not support GUI isolation, allowing all windows to [record screen, log and inject inputs in other windows](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html), making any attempt at sandboxing futile. While there are options to run nested X11 sessions such as [Xpra](https://en.wikipedia.org/wiki/Xpra) or [Xephyr](https://en.wikipedia.org/wiki/Xephyr), they often come with negative performance consequences, are not convenient to set up, and are not preferable to Wayland. You should avoid desktop environments and window managers which only support X11.