Linux and the Surveillance State
One of the challenges of living in a surveillance state is few people escape and everybody is presumed guilty of something. Linux users are no different.
While historically Linux users have not had significant need to worry about spyware, the concept of the surveillance state means everybody is a target. As Linux continually grows in popularity, Linux users will need to be watchful for the introduction of various forms of spyware.
The design of distro packaging systems, signed packages, quality control, and a general community desire and attitude to avoid proprietary thinking means spyware is unlikely to be delivered through the package system. Possible, yes, but unlikely.
Introducing spyware through source code is possible but challenging.
In the consumer market vendors seem intent on installing root certificates in Windows to help with technical support. These certificates open the doors for man-in-the-middle attacks, which allow for installing spyware. Considering human nature, expect some vendors to do the same for preinstalled Linux systems.
Closed source proprietary firmware is another exploit possibility for introducing spyware.
For most users the likely avenues of delivery will be the web browser, media streaming services, and torrents. While the design of Linux systems generally limits infections to a single user account rather than entire systems, the people behind spyware software are clever and skilled. They take advantage of zero day exploits. They take advantage of unpatched systems. They take advantage of human habits and social engineering.
Spyware in the form of data mining is already prevalent.
Linux users should be diligent towards any form of spyware. In a surveillance state everybody is a target.