I do confirm that i explicitly tested this with my super unused facebook account, just stating that i was testing restrictions on talking about Linux, the text was: """I don't often (or ever) post anything on Facebook, but when I do, it's to check if they really, as announced on hckrnews, are restricting discussing Linux. So here's a few links to trigger that: https://www.qubes-os.org/downloads/ ... https://www.debian.org/releases/stable/"""
and indeed within seconds I got the following warning: """ We removed your post The post may use misleading links or content to trick people to visit, or stay on, a website. """. This is one massive wow considering how much Facebook runs on Linux.
A user who never posts anything suddenly posting a message containing urls might in itself be a signal that something is weird. It would be an interestint test to post something not linux related and see how that fares.
> 6. No Discrimination Against Fields of Endeavor
The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.
I'd be curious if it's blocked if someone links just debian.org . I can definitely see a [totally overzealous] "security filter" blocking Qubes, but Debian is one of the most popular Linux distros in the world, so that would be especially ridiculous.
If your domain links to content that AVs flag as malware, it gets blocked on FB. Distrowatch is likely uniquely susceptible to this because they're constantly linking to novel, 3rd-party tarballs (via the "Latest Packages" column).
Right, a proxy focused on privacy and removing ads. Of course that's "malware" to Facebook, a site recommending devilry such as this must be silenced at all cost...
It's either intentional, which would be puzzling and unsettling, or it's a bug which has gone unnoticed. In any case it is proof that big tech is in no shape to take on the responsibility for moderating discourse on the internet. This reminds me of the bug that falls into a typewriter in the beginning of the movie "Brazil" which causes a spelling error and the arrest and execution of a random innocent person. Granted, this type of automated banning without any ability to involve a real human is not costing any lives (yet), but I am increasingly worried about how big tech is becoming a Kafkaesque lawnmower. One thing is to deliberately censor speech that you do not like, another is to design a system where innocent and important speech is silently censored and noone in charge even notices.
> It's either intentional, which would be puzzling and unsettling, or it's a bug which has gone unnoticed.
I've long believed that a large part of technological evil comes from bugs which were introduced innocuously, but intentionally not fixed.
Like, your ISP wouldn't intentionally design a system to steal your money, but they would build a low-quality billing system and then prioritise fixing systematic bugs that cause errors in the customer's favour, while leaving the ones that cause overbilling.
This could easily be the same on Facebook - this got swept up in a false positive and then someone decided it's not a good one to fix.
Distrowatch was blocked for linking to an AV-flagged privoxy 4.0.0 tarball. The same kind of anti-malware blocking you'd expect for a mass-market, non-technical audience. Nothing to do with "speech" or Linux in general.
I guess filtering is level of:
"My 11-year-old son keeps talking about this Linux thing with his computer. What is Linux? Is it a hacking tool? Should I be worried?"
On another note, Sourceforge just removes the malware flag, but did they actually check anything or just went with the provided explanation without any concrete details? If I hijacked some software and got caught, I'd act nonchalantly like this as well and hope it'll blow over without anyone noticing.
Nimda was a Windows malware from 2001. It seems unlikely that would be a meaningful attack vector for a compromised privoxy in 2025. But again, I have not investigated it.
Thank you for providing this, it seemed a little clickbaity. Even far less technical companies run some things in Linux so seems weird they’d ban Linux talk in general.
> Starting on January 19, 2025 Facebook's internal policy makers decided that Linux is malware and labelled groups associated with Linux as being "cybersecurity threats".
That's quite the statement to make without any source to back it up; I wonder what the evidence for this is.
I assumed that part was conjecture. However, if you define “internal policy makers” broadly from the users perspective, then it’s provably true from the result.
I get that it is worded like it was people in a boardroom making a decision after having a debate. However an overworked admin, or an AI Moderator could just as easily be lumped together as “internal policy makers” from the users perspective.
They are the source. A journo could write an article and mention distrowatch as where they got their information from. If you don't trust them - great, you can do your own research.
> I wonder what the evidence for it is
Maybe "Any posts mentioning DistroWatch and multiple groups associated with Linux and Linux discussions have either been shut down or had many of their posts removed" and "We've been hearing all week from readers who say they can no longer post about Linux on Facebook or share links to DistroWatch. Some people have reported their accounts have been locked or limited for posting about Linux"
What do you think evidence consists of if not that?
The evidence shows that Facebook is blocking Linux related posts, while the initial "policy makers decided" claim is significantly stronger and is not supported by anything. Much more obvious explanation is that some buggy ML classifier has added the distrowatch website to the spam list which triggers automated enforcement without any policy maker involvement.
I thoroughly dislike Facebook as much as the next person, but none of what you quoted constitutes evidence for a ban on discussing Linux on the platform.
Reading the post, it sounds like this may rather be because of incorrect categorization of DistroWatch and links to it than an outright ban on Linux discussion. So yet another issue with Facebook's content moderation methods.
"A bad thing is happening and the evidence of it happening is that I said it's happening."
By the way, I love DistroWatch and do think FB is messing with their posts. But there's no evidence to show if it's a new policy, a glitch in the moderation or an internal screw up.
Probably this: "I've tried to appeal the ban and was told the next day that Linux-related material is staying on the cybersecurity filter." (from the OP) .. Of course, it would have helped if the post author quoted FB's response so we could judge that for ourselves.
I can't speak for anyone else, it just seems that statement is a very specific accusation with nothing backing it up. I'm curious, that's all. It is very much possible that there's some evidence of policy makers discussing this, or even a public statement; nothing to do with "proving a negative".
It is obviously allowed to discuss Linux. There is plenty of discussion about Linux on Facebook, including some about the recent "ban".
My guess is that some automated scanner found something wrong about the linked page. Maybe there is some link to a "hacking"-oriented distro, maybe some torrents, some dubious comment, etc... Probably a false positive, it happens.
Meta is one of the biggest contributors to free software in the world. They certainly don’t believe that it’s equivalent to piracy. If your guess is indeed what happened, it will be corrected by higher-ups soon.
But at this point, in 2025, it's perfectly reasonable for GAFAMs (and other Russian/Chinese/USian infocoms) to be blocked (ideally at the state level).
And particularly in the context of work primarily about communication or computing : having an official Xitter account for a journalist or a GitHub account for a software developer is like promoting a brand of cigarettes or opiates by a doctor - a violation of professional deontology.
We are obligated to have an external auditor run PCI DSS penetration testing and network segmentation testing every year.
Their second request (after a network diagram) is always to create an EC2 instance running Kali.
Which, honestly, confuses me a bit -- all of the packages are available in AL or Ubuntu, so why do they care? I don't know, and I guess I don't care enough to ask. Just give me the attestation document please. :)
Reminds me of when they do 'firewall updates' at work, and many of the common open-source repositories/hosting etc are blocked.
I understand than some malicious software may use things like curl, but it's also annoying to have to re-create the same ticket and submit to internal IT, and then if someone working on the ticket hasn't done this before, they close it, we have to have a meeting about why we need access to that site...
The inverse isn't tolerated. If you're a software developer, you get tested for IT knowledge with phishing emails. Yet in IT it's perfectly normal to have an ignorance of the core needs of the developers - and computing itself - that results in reduced productivity or shadow IT systems.
It's not an exaggeration to say I've experienced it at every employer I've had.
I was on a penetration testing team at a large corp that doesn't specialize in cybersecurity and I downloaded Metasploit and about 15 minutes later an IT person came up to my desk to talk about the malware I just downloaded. I had to walk him to my manager to get him to understand what it was and why it was okay for me to download it.
Their OS is based on CentOS Stream, I think they're one of the very few major organizations that stuck with CentOS post-Stream and did not switch to something else entirely.
Didn't Zuck recently announce that he's getting rid of fact checkers, on the pretext that the parties hired to do fact checking are biased and introduce censorship and unfair false positives that get accounts shut down?
Was it just a cost reduction: fact checking takes effort and those checkers have to be paid? With the result being situations like this?
There is no such thing as unbiased information. So FWIW, I think fact checking is really just a fight for censorship. Official lies and half truths instead of lies from everywhere intermixed with truths.
There are so many ways to do it wrong even if you tag info as true or fake and in principle you do it with good intention. For example it was the case that certain information was tagged as fake and when claimed for a correction the administrators "could not do anything" (Spain cases researched by Joan Planas by doing requests himself personally for the biggest official agency in Spain, called Newtral, which is intimately tied to the Socialist Party in Spain... really, the name makes me laugh, let us call war peace etc. like in 1984). But they were way faster in doing it in the other direction or often found excuses to clearly favor certain interests.
Now put this in the context of an election... uh... complicated topic, but we all minimally awake people know what this is about...
Your point doesn't hold together because it seems to be conflating fact checking with bias elimination.
They are obviously different and mostly separate.
A presentation of facts can be biased.
E.g. a news agency can have a characteristic political slant, yet not make up facts to suit that narrative.
When a bias is severe, such that it leads to behaviors like concealing important facts in order to manipulate the correct understanding of a situation, then fact checking can find a problem with it.
Readit News
Source: I work building an SMM tool, and Facebook Link posts constantly need our attention
...on a social media site designed to aggregate URLs?
Dead Comment
Dead Comment
> 6. No Discrimination Against Fields of Endeavor The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.
I've been perplexed for years, I wonder if it went unnoticed all this time or they reverted then reimplement the ban.
If your domain links to content that AVs flag as malware, it gets blocked on FB. Distrowatch is likely uniquely susceptible to this because they're constantly linking to novel, 3rd-party tarballs (via the "Latest Packages" column).
In this case, it was the Privoxy 4.0.0 release from the 18th. You can see it linked in this Jan 19 snapshot of the site: https://web.archive.org/web/20250119125004/https://distrowat...
I've long believed that a large part of technological evil comes from bugs which were introduced innocuously, but intentionally not fixed.
Like, your ISP wouldn't intentionally design a system to steal your money, but they would build a low-quality billing system and then prioritise fixing systematic bugs that cause errors in the customer's favour, while leaving the ones that cause overbilling.
This could easily be the same on Facebook - this got swept up in a false positive and then someone decided it's not a good one to fix.
And what are you going to do about it? Get into a lawyer slap fight with a foreign trillion dollar corporation?
Some context: https://sourceforge.net/p/forge/site-support/26448/
Here's VirusTotal on the tarball (note Chrome blocks its download, for the same reason): https://www.virustotal.com/gui/file/c08e2ba0049307017bf9d8a6...
Nimda was a Windows malware from 2001. It seems unlikely that would be a meaningful attack vector for a compromised privoxy in 2025. But again, I have not investigated it.
That's quite the statement to make without any source to back it up; I wonder what the evidence for this is.
I get that it is worded like it was people in a boardroom making a decision after having a debate. However an overworked admin, or an AI Moderator could just as easily be lumped together as “internal policy makers” from the users perspective.
> I wonder what the evidence for it is
Maybe "Any posts mentioning DistroWatch and multiple groups associated with Linux and Linux discussions have either been shut down or had many of their posts removed" and "We've been hearing all week from readers who say they can no longer post about Linux on Facebook or share links to DistroWatch. Some people have reported their accounts have been locked or limited for posting about Linux"
What do you think evidence consists of if not that?
- Facebook is censoring this content
- They decided Linux is malware
- They label groups associated with Linux as "cybersecurity threats"
The first one they seem to give evidence for the second two seem to be assumptions.
Reading the post, it sounds like this may rather be because of incorrect categorization of DistroWatch and links to it than an outright ban on Linux discussion. So yet another issue with Facebook's content moderation methods.
"A bad thing is happening and the evidence of it happening is that I said it's happening."
By the way, I love DistroWatch and do think FB is messing with their posts. But there's no evidence to show if it's a new policy, a glitch in the moderation or an internal screw up.
It is obviously allowed to discuss Linux. There is plenty of discussion about Linux on Facebook, including some about the recent "ban".
My guess is that some automated scanner found something wrong about the linked page. Maybe there is some link to a "hacking"-oriented distro, maybe some torrents, some dubious comment, etc... Probably a false positive, it happens.
I knew a company that leapt to the same conclusion regarding GitHub.
And particularly in the context of work primarily about communication or computing : having an official Xitter account for a journalist or a GitHub account for a software developer is like promoting a brand of cigarettes or opiates by a doctor - a violation of professional deontology.
I presume that it is used for launching hacks, but even so discussion should not be banned.
Just makes me wonder if DistroWatch is telling the whole story.
Nobody outside of Facebook can possibly know the whole story. Hell, most people within Facebook can’t know, either.
Are you suspecting that distrowatch knows more about the context than they are letting on?
Their second request (after a network diagram) is always to create an EC2 instance running Kali.
Which, honestly, confuses me a bit -- all of the packages are available in AL or Ubuntu, so why do they care? I don't know, and I guess I don't care enough to ask. Just give me the attestation document please. :)
Likewise, discussion should be allowed.
The actual title of this story is literally not believable if you take the most generic meaning of discussion and Linux.
I'd go even further: I don't believe that anyone could believe that the title is believable.
http://www.fedora.mirror.facebook.net/
I understand than some malicious software may use things like curl, but it's also annoying to have to re-create the same ticket and submit to internal IT, and then if someone working on the ticket hasn't done this before, they close it, we have to have a meeting about why we need access to that site...
It's not an exaggeration to say I've experienced it at every employer I've had.
Seriously though, I'm curious (have no account): are you able to post that link on Facebook?
Was it just a cost reduction: fact checking takes effort and those checkers have to be paid? With the result being situations like this?
I guess Linux needs to go mainstream first.
No, it was clearly an attempt to court Trump, unfortunately 'not enough ass kissing, yet' according to the trump team.
There are so many ways to do it wrong even if you tag info as true or fake and in principle you do it with good intention. For example it was the case that certain information was tagged as fake and when claimed for a correction the administrators "could not do anything" (Spain cases researched by Joan Planas by doing requests himself personally for the biggest official agency in Spain, called Newtral, which is intimately tied to the Socialist Party in Spain... really, the name makes me laugh, let us call war peace etc. like in 1984). But they were way faster in doing it in the other direction or often found excuses to clearly favor certain interests.
Now put this in the context of an election... uh... complicated topic, but we all minimally awake people know what this is about...
They are obviously different and mostly separate.
A presentation of facts can be biased.
E.g. a news agency can have a characteristic political slant, yet not make up facts to suit that narrative.
When a bias is severe, such that it leads to behaviors like concealing important facts in order to manipulate the correct understanding of a situation, then fact checking can find a problem with it.