|
Size: 2799
Comment: link to debtags privacy facet
|
Size: 2878
Comment: moved my privacy tags to debian-devel
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 29: | Line 29: |
| * [[https://github.com/jonasdn/nsntrace/|nsntrace]] | |
| Line 32: | Line 33: |
| * [[https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=pabs@debian.org;tag=privacy|usertagged by pabs]] | * [[https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=debian-devel@lists.debian.org;tag=privacy|usertagged under debian-devel]] |
Contents
Privacy issues in Debian packages
Phone home
gnome-calculator - fetches currencies
Firefox - multiple issues
Chromium - phones home in various ways, e.g. 792580, binary blob downloads, site engagement profiles, Google login tied-in with the browser
basex - phones home to find out the latest version
Phone elsewhere
systemd - Uses Google DNS resolvers as internal default, not explicitly documented: See "FallbackDNS" in systemd-resolved manpage
Data sharing
- remmina - shares the clipboard with remote hosts over RDP by default
- pidgin - shares typing notifications with remote peers by default
Data storage
- web and other servers of various kinds default to logging information about requests over the network from external entities
Detection tools
Reports
lintian privacy-breach tags: generic donation facebook google-adsense google-cse google-plus logo piwik statistics-website twitter uses-embedded-file w3c-valid-html
Issue categories
logging & verbose logging
- homephoning without user consent
- cleartext
- TLS
- featurebug: when a bug is also a feature
- privacy defaults
- optin
- optout
- traceability
- no deletion of config files when uninstalling a package