Is signal-desktop via deb or flatpak more secure?
Although installing Additional Software outside of the Debian repositories isn't recommended, many people I know are already using Signal Desktop from Tails. This is because the quality of the encrypted messaging is much higher than email PGP, and OMEMO jabber is too technical for many to set up. I want to understand whether the deb or flatpak is preferable in regards to Stream Isolation and any other factors.
The flatpak approach is represented in this systemli guide, and uses the proxy socks://127.0.0.1:9050
. The deb approach is official.
I don't understand Stream Isolation well enough to be able to say - are both approaches equivalent in this respect (are either Stream Isolated)? Apart from needing to additionally trust the flatpak maintainer, are there any other security considerations that would make one approach preferable over the other?
The same question applies to the Element desktop client as well - Systemli also has a guide for using the flatpak on Tails, and the official instructions are the deb approach.
I understand that this isn't an "issue" with Tails, but in the absence of a Tails forum I don't know where else to ask.
EDIT: I came across this documentation draft which implies that the best practice would be to use torsocks --isolate COMMAND
or to set a specific ALL_PROXY
variable alongside the command. Which of those two would be appropriate for this scenario?