Differences between revisions 23 and 24
Revision 23 as of 2020-05-08 02:34:33
Size: 3577
Editor: PaulWise
Comment: move version checks to a separate section, add gmic
Revision 24 as of 2020-07-15 02:33:30
Size: 3635
Editor: PaulWise
Comment: azure-cli telementary, mentioned by jwilk
Deletions are marked like this. Additions are marked like this.
Line 18: Line 18:
 * azure-cli - collects "anonymous" telemetry by default

Privacy issues in Debian packages

Phone home

There are some common categories of phoning home:

These packages either don't fit those categories or do lots of them and more:

Phone elsewhere

  • systemd - Uses Google DNS resolvers as internal default, not explicitly documented: See "FallbackDNS" in systemd-resolved manpage

Data sharing

  • remmina - shares the clipboard with remote hosts over RDP by default
  • pidgin - shares typing notifications with remote peers by default
  • hw-probe - includes truncated salted hashes of MAC addresses and serial numbers in hardware probe reports

Data storage

  • web and other servers of various kinds default to logging information about requests over the network from external entities

Detection tools


Issue categories

  • logging & verbose logging

  • homephoning without user consent
    • cleartext
    • TLS
  • featurebug: when a bug is also a feature
  • privacy defaults
    • optin
    • optout
  • traceability
  • no deletion of config files when uninstalling a package