|
Size: 3450
Comment: cura
|
Size: 3577
Comment: move version checks to a separate section, add gmic
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 7: | Line 7: |
| There are some common categories of phoning home: * version checks: DebianPackage:gmic, DebianPackage:basex These packages either don't fit those categories or do lots of them and more: |
|
| Line 10: | Line 16: |
| * DebianPackage:basex - phones home to find out the latest version |
Contents
Privacy issues in Debian packages
Phone home
There are some common categories of phoning home:
These packages either don't fit those categories or do lots of them and more:
gnome-calculator - fetches currencies
Firefox - multiple issues
Chromium - phones home in various ways, e.g. 792580, binary blob downloads, site engagement profiles, Google login tied-in with the browser
syncthing - data transfer volume, unique ID submission, version check and lots more, public data report
cura - phones home in various ways, patched out in Debian.
Phone elsewhere
systemd - Uses Google DNS resolvers as internal default, not explicitly documented: See "FallbackDNS" in systemd-resolved manpage
Data sharing
- remmina - shares the clipboard with remote hosts over RDP by default
- pidgin - shares typing notifications with remote peers by default
- hw-probe - includes truncated salted hashes of MAC addresses and serial numbers in hardware probe reports
Data storage
- web and other servers of various kinds default to logging information about requests over the network from external entities
Detection tools
Reports
lintian privacy-breach tags: generic donation facebook google-adsense google-cse google-plus logo piwik statistics-website twitter uses-embedded-file w3c-valid-html
Issue categories
logging & verbose logging
- homephoning without user consent
- cleartext
- TLS
- featurebug: when a bug is also a feature
- privacy defaults
- optin
- optout
- traceability
- no deletion of config files when uninstalling a package