|
Size: 2481
Comment:
|
← Revision 13 as of 2020-02-26 19:33:27 ⇥
Size: 2533
Comment: fix dead link: need to escape to get final right parens in the link
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 3: | Line 3: |
| BoF = https://en.wikipedia.org/wiki/Birds_of_a_feather_(computing) | BoF = [[https://en.wikipedia.org/wiki/Birds_of_a_feather_(computing)]] |
| Line 10: | Line 10: |
| * take notes and send them to debian-mobile mailing list, IRC and wiki :ulrike: | * take notes on gobby.debian.org/bof/privacy, and add them to the wiki :ulrike: |
| Line 12: | Line 12: |
| 1. Does have Debian privacy issues? I.e. can Debian users expect a privacy friendly operating system, when they install Debian? Is Debian "privacy by default"? | 1. Do some Debian packages have [[PrivacyIssues|privacy issues]]? I.e. can Debian users expect a privacy friendly operating system, when they install Debian? Is Debian "privacy by default"? |
| Line 37: | Line 37: |
| * PrivacyIssues |
BoF at DebConf18
BoF = https://en.wikipedia.org/wiki/Birds_of_a_feather_(computing)
https://debconf18.debconf.org/talks/69-does-debian-respect-users-privacy/
Agenda
- Volunteers needed
- take notes on gobby.debian.org/bof/privacy, and add them to the wiki :ulrike:
- take questions from IRC
Do some Debian packages have privacy issues? I.e. can Debian users expect a privacy friendly operating system, when they install Debian? Is Debian "privacy by default"?
- Examples, where privacy might be violated:
- music player loads cover art or lyrics (3rd party gets information about which music someone is listening to at what time)
- web browser is checking extension compatibility with upstream server after upgrading the Debian package, even if no extensions or only packaged extensions are packaged
- chat program publishes presence information and chat state indicators by default
firmware update daemon phoning home after updating firmware which a overwhelming majority of users agreed with — on a G+ poll
default graphical interface calculator downloads currency conversion rates
email program guesses IMAP/SMTP server addresses over unencrypted connection
- how can we automatically choose targets for manual testing?
- how can we do automated testing for potential issues?
- Examples, where privacy might be violated:
- Is there something we should do about it?
- are we able to patch the software or convince upstream to change things?
how can we keep track of such requests & patchs within Debian?
- how can we share our improvements with other distributions?
- can we create some "guidelines" for both upstream programmers and upstream to make privacy the default?
- can we create similar guidelines for packages in Debian?
- do we need more things packaged and/or reviewed by the privacy packaging team?
- Tools:
tag BTS bugs with user tag "privacy", some existing users have a privacy tag: pabs@debian.org
- make a list, e.g. in the wiki, of privacy issues, so users can make informed choice