Differences between revisions 20 and 22 (spanning 2 versions)
Revision 20 as of 2020-01-09 07:59:59
Size: 3221
Editor: PaulWise
Comment: note the truncation after 32 bytes
Revision 22 as of 2020-01-27 00:06:19
Size: 3450
Editor: PaulWise
Comment: cura
Deletions are marked like this. Additions are marked like this.
Line 12: Line 12:
 * cura - [[https://github.com/Ultimaker/Cura/issues/2810|phones home]] in various ways, [[https://salsa.debian.org/3dprinting-team/cura/blob/master/debian/patches/2001-no-default-telemetry.patch|patched out in Debian]].
Line 21: Line 22:
 * hw-probe - includes truncated hashes of MAC addresses and serial numbers in hardware probe reports  * hw-probe - includes truncated salted hashes of MAC addresses and serial numbers in hardware probe reports

Privacy issues in Debian packages

Phone home

Phone elsewhere

  • systemd - Uses Google DNS resolvers as internal default, not explicitly documented: See "FallbackDNS" in systemd-resolved manpage

Data sharing

  • remmina - shares the clipboard with remote hosts over RDP by default
  • pidgin - shares typing notifications with remote peers by default
  • hw-probe - includes truncated salted hashes of MAC addresses and serial numbers in hardware probe reports

Data storage

  • web and other servers of various kinds default to logging information about requests over the network from external entities

Detection tools

Reports

Issue categories

  • logging & verbose logging

  • homephoning without user consent
    • cleartext
    • TLS
  • featurebug: when a bug is also a feature
  • privacy defaults
    • optin
    • optout
  • traceability
  • no deletion of config files when uninstalling a package