Differences between revisions 11 and 13 (spanning 2 versions)
Revision 11 as of 2019-04-04 06:20:13
Size: 1458
Editor: PaulWise
Comment: basex phones home
Revision 13 as of 2019-05-21 23:57:42
Size: 2588
Editor: PaulWise
Comment: add links to lintian privacy tags
Deletions are marked like this. Additions are marked like this.
Line 19: Line 19:
== Data storage ==

 * web and other servers of various kinds default to logging information about requests over the network from external entities
Line 22: Line 26:
 * lintian privacy-breach tags: [[https://lintian.debian.org/tags/privacy-breach-generic.html|generic]] [[https://lintian.debian.org/tags/privacy-breach-donation.html|donation]] [[https://lintian.debian.org/tags/privacy-breach-facebook.html|facebook]] [[https://lintian.debian.org/tags/privacy-breach-google-adsense.html|google-adsense]] [[https://lintian.debian.org/tags/privacy-breach-google-cse.html|google-cse]] [[https://lintian.debian.org/tags/privacy-breach-google-plus.html|google-plus]] [[https://lintian.debian.org/tags/privacy-breach-logo.html|logo]] [[https://lintian.debian.org/tags/privacy-breach-piwik.html|piwik]] [[https://lintian.debian.org/tags/privacy-breach-statistics-website.html|statistics-website]] [[https://lintian.debian.org/tags/privacy-breach-twitter.html|twitter]] [[https://lintian.debian.org/tags/privacy-breach-uses-embedded-file.html|uses-embedded-file]] [[https://lintian.debian.org/tags/privacy-breach-w3c-valid-html.html|w3c-valid-html]]

Privacy issues in Debian packages

Phone home

Phone elsewhere

  • systemd - Uses Google DNS resolvers as internal default, not explicitly documented: See "FallbackDNS" in systemd-resolved manpage

Data sharing

  • remmina - shares the clipboard with remote hosts over RDP by default
  • pidgin - shares typing notifications with remote peers by default

Data storage

  • web and other servers of various kinds default to logging information about requests over the network from external entities

Bug reports

Issue categories

  • logging & verbose logging

  • homephoning without user consent
    • cleartext
    • TLS
  • featurebug: when a bug is also a feature
  • privacy defaults
    • optin
    • optout
  • traceability
  • no deletion of config files when uninstalling a package