Differences between revisions 18 and 19
Revision 18 as of 2019-12-27 02:05:25
Size: 3021
Editor: PaulWise
Comment: mention hw-probe issue, add unoon
Revision 19 as of 2020-01-06 02:06:47
Size: 3211
Editor: PaulWise
Comment: syncthing phones home
Deletions are marked like this. Additions are marked like this.
Line 11: Line 11:
 * syncthing - [[https://blog.harterrt.com/syncthing_data.html|data transfer volume, unique ID submission, version check and lots more]], [[https://data.syncthing.net/|public data report]]

Privacy issues in Debian packages

Phone home

Phone elsewhere

  • systemd - Uses Google DNS resolvers as internal default, not explicitly documented: See "FallbackDNS" in systemd-resolved manpage

Data sharing

  • remmina - shares the clipboard with remote hosts over RDP by default
  • pidgin - shares typing notifications with remote peers by default
  • hw-probe - includes hashes of MAC addresses and serial numbers in hardware probe reports

Data storage

  • web and other servers of various kinds default to logging information about requests over the network from external entities

Detection tools

Reports

Issue categories

  • logging & verbose logging

  • homephoning without user consent
    • cleartext
    • TLS
  • featurebug: when a bug is also a feature
  • privacy defaults
    • optin
    • optout
  • traceability
  • no deletion of config files when uninstalling a package