BoF at DebConf18
BoF = https://en.wikipedia.org/wiki/Birds_of_a_feather_(computing)
https://debconf18.debconf.org/talks/69-does-debian-respect-users-privacy/
Agenda
- Volunteers needed
- take notes on gobby.debian.org/bof/privacy, and add them to the wiki :ulrike:
- take questions from IRC
Do some Debian packages have privacy issues? I.e. can Debian users expect a privacy friendly operating system, when they install Debian? Is Debian "privacy by default"?
- Examples, where privacy might be violated:
- music player loads cover art or lyrics (3rd party gets information about which music someone is listening to at what time)
- web browser is checking extension compatibility with upstream server after upgrading the Debian package, even if no extensions or only packaged extensions are packaged
- chat program publishes presence information and chat state indicators by default
firmware update daemon phoning home after updating firmware which a overwhelming majority of users agreed with — on a G+ poll
default graphical interface calculator downloads currency conversion rates
email program guesses IMAP/SMTP server addresses over unencrypted connection
- how can we automatically choose targets for manual testing?
- how can we do automated testing for potential issues?
- Examples, where privacy might be violated:
- Is there something we should do about it?
- are we able to patch the software or convince upstream to change things?
how can we keep track of such requests & patchs within Debian?
- how can we share our improvements with other distributions?
- can we create some "guidelines" for both upstream programmers and upstream to make privacy the default?
- can we create similar guidelines for packages in Debian?
- do we need more things packaged and/or reviewed by the privacy packaging team?
- Tools:
tag BTS bugs with user tag "privacy", some existing users have a privacy tag: pabs@debian.org
- make a list, e.g. in the wiki, of privacy issues, so users can make informed choice