The wider community doesn't seem that concerned with the fact that all
Debian and Ubuntu users are now (with the most recent stable releases)
completely unable to change their default umask (and further have a
default setting that gives the world read access to all their
documents). I think this needs to be viewed as a security issue.
Even with the premise that the average Linux user is more computer
competent than the average Windows or Mac user, I still don't think it's
a fair assumption that all linux users know all about umask and
permissions. Due to this, many users may unwittingly create "guest"
accounts or friend accounts on their computers unknowingly giving read
access to all documents they've created. This is not an uncommon
practice in university contexts especially. Same goes if there's any
sort of remote access going on through SSH etc.
This issue strikes me as something that should be of higher concern to
the community.
Someone mentioned changing the permissions on one's home folder. That
just adds insult to injury that by default everyone's home folder let's
the world have read access along with all files being created with read
access. It's poor privacy and security policy. The average computer-user
assumes that other account holders can't read their "stuff" unless they
do something to allow that person to read their stuff. But this is
completely untrue on Debian Stretch and Ubuntu 17.04.
