BoF at DebConf18

BoF = https://en.wikipedia.org/wiki/Birds_of_a_feather_(computing)

https://debconf18.debconf.org/talks/69-does-debian-respect-users-privacy/

Agenda

  1. Volunteers needed
    • take notes and send them to debian-mobile mailing list, IRC and wiki
    • take questions from IRC
  2. Does have Debian privacy issues? I.e. can Debian users expect a privacy friendly operating system, when they install Debian? Is Debian "privacy by default"?
    • Examples, where privacy might be violated:
      • music player loads cover art or lyrics (3rd party gets information about which music someone is listening to at what time)
      • web browser is checking extension compatibility with upstream server after upgrading the Debian package, even if no extensions or only packaged extensions are packaged
      • chat program publishes presence information and chat state indicators by default
      • firmware update daemon phoning home after updating firmware which a overwhelming majority of users agreed with — on a G+ poll

  3. Is there something we should do about it?
    • are we able to patch the software or convince upstream to change things?
    • can we create some "guidelines" for both upstream programmers and upstream to make privacy the default?
    • do we need more things packaged and/or reviewed by the privacy packaging team?
  4. Tools:
    • tag BTS bugs with user tag "privacy" (TBD: chech which tags might already exist)
    • make a list, e.g. in the wiki, of privacy issues, so users can make informed choice