Differences between revisions 1 and 12 (spanning 11 versions)
Revision 1 as of 2018-07-31 07:33:29
Size: 116
Comment: Initial draft.
Revision 12 as of 2019-04-30 02:35:14
Size: 1611
Editor: PaulWise
Comment: logging
Deletions are marked like this. Additions are marked like this.
Line 5: Line 5:
 * gnome-calculator - fetches currencies when started  * gnome-calculator - [[https://gitlab.gnome.org/GNOME/gnome-calculator/issues/34|fetches currencies]]
 * Firefox - [[Firefox#Automatic_connections|multiple issues]]
 * Chromium - phones home in various ways, e.g. DebianBug:792580, [[https://lwn.net/Articles/648392/|binary blob downloads]], [[https://www.chromium.org/developers/design-documents/site-engagement|site engagement profiles]], [[https://blog.cryptographyengineering.com/2018/09/23/why-im-leaving-chrome/|Google login tied-in with the browser]]
 * DebianPackage:basex - phones home to find out the latest version

== Phone elsewhere ==

 * systemd - Uses Google DNS resolvers as internal default, not explicitly documented: See "FallbackDNS" in [[https://manpages.debian.org/stretch/systemd/resolved.conf.5.en.html|systemd-resolved manpage]]

== Data sharing ==

 * remmina - shares the clipboard with remote hosts over RDP by default
 * pidgin - shares typing notifications with remote peers by default

== Data storage ==

 * web and other servers of various kinds default to logging information about requests over the network from external entities

== Bug reports ==

 * [[https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=pabs@debian.org;tag=privacy|usertagged by pabs]]

= Issue categories =

 * logging & verbose logging
 * homephoning without user consent
   * cleartext
   * TLS
 * featurebug: when a bug is also a feature
 * privacy defaults
   * optin
   * optout
 * traceability
 * no deletion of config files when uninstalling a package

Privacy issues in Debian packages

Phone home

Phone elsewhere

  • systemd - Uses Google DNS resolvers as internal default, not explicitly documented: See "FallbackDNS" in systemd-resolved manpage

Data sharing

  • remmina - shares the clipboard with remote hosts over RDP by default
  • pidgin - shares typing notifications with remote peers by default

Data storage

  • web and other servers of various kinds default to logging information about requests over the network from external entities

Bug reports

Issue categories

  • logging & verbose logging

  • homephoning without user consent
    • cleartext
    • TLS
  • featurebug: when a bug is also a feature
  • privacy defaults
    • optin
    • optout
  • traceability
  • no deletion of config files when uninstalling a package