2878
Comment: moved my privacy tags to debian-devel
|
3577
move version checks to a separate section, add gmic
|
Deletions are marked like this. | Additions are marked like this. |
Line 7: | Line 7: |
There are some common categories of phoning home: * version checks: DebianPackage:gmic, DebianPackage:basex These packages either don't fit those categories or do lots of them and more: |
|
Line 10: | Line 16: |
* DebianPackage:basex - phones home to find out the latest version | * syncthing - [[https://blog.harterrt.com/syncthing_data.html|data transfer volume, unique ID submission, version check and lots more]], [[https://data.syncthing.net/|public data report]] * cura - [[https://github.com/Ultimaker/Cura/issues/2810|phones home]] in various ways, [[https://salsa.debian.org/3dprinting-team/cura/blob/master/debian/patches/2001-no-default-telemetry.patch|patched out in Debian]]. |
Line 20: | Line 27: |
* hw-probe - includes truncated salted hashes of MAC addresses and serial numbers in hardware probe reports | |
Line 30: | Line 38: |
* [[https://github.com/kushaldas/unoon/|unoon]] |
Contents
Privacy issues in Debian packages
Phone home
There are some common categories of phoning home:
These packages either don't fit those categories or do lots of them and more:
gnome-calculator - fetches currencies
Firefox - multiple issues
Chromium - phones home in various ways, e.g. 792580, binary blob downloads, site engagement profiles, Google login tied-in with the browser
syncthing - data transfer volume, unique ID submission, version check and lots more, public data report
cura - phones home in various ways, patched out in Debian.
Phone elsewhere
systemd - Uses Google DNS resolvers as internal default, not explicitly documented: See "FallbackDNS" in systemd-resolved manpage
Data sharing
- remmina - shares the clipboard with remote hosts over RDP by default
- pidgin - shares typing notifications with remote peers by default
- hw-probe - includes truncated salted hashes of MAC addresses and serial numbers in hardware probe reports
Data storage
- web and other servers of various kinds default to logging information about requests over the network from external entities
Detection tools
Reports
lintian privacy-breach tags: generic donation facebook google-adsense google-cse google-plus logo piwik statistics-website twitter uses-embedded-file w3c-valid-html
Issue categories
logging & verbose logging
- homephoning without user consent
- cleartext
- TLS
- featurebug: when a bug is also a feature
- privacy defaults
- optin
- optout
- traceability
- no deletion of config files when uninstalling a package