This Debian Privacy Tools Maintainers packaging team takes care of privacy and anonymity related packages in Debian. It was previously called Anonymity Tools packaging team and OTR packaging team. Not all packages related to privacy are handled by our team though (see tor) and there is no obligation to do so.

Infrastructure

Interacting with the team

Get involved

Package Maintainers & Team membership

Our team processes Git repository contains our Membership and decision making policy. You may request membership via our Salsa page. We will then, following this policy, decide upon your request. The abovementioned document also contains information on decision making processes within our team.

We use a mailing list to communicate with each other.

The email address of this list is also the address used as "Maintainer:" control field of team-maintained packages. See pkg privacy process.

Furthermore, we have a dedicated mailing list for commits related to team maintained packages.

Tools & Processes

Please read the information in team processes Git repository, in particular our membership and decision making process policy, that also contains some information about package team maintenance.

Furthermore:

Developers & Bug Triagers

Help squash bugs

Have a look at the bug tracker if you want to help squash bugs from various projects. If you would like to do this long-term, we encourage you to subscribe to the mailing-list.

Bug Triagers

Triaging bugs is welcome!

Users

Reporting bugs

We like to fix bugs in anonymity software. If it's not Debian specific, we'll forward it to upstream. An example of a bug email can be found below.

  To: submit@bugs.debian.org
  From: diligent@testing.linux.org
  Subject: Cannot launch the Tor Browser

  Package: torbrowser-launcher
  Version: 0.1.0-1.2
  Severity: serious

  There is some sort of error with twisted preventing the version check
  information from being downloaded, which in turn prevents the Tor
  Browser from starting at all.

  Here is my output:
  <output>

  I am using Debian GNU/Linux 7, Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores).

Privacy in Debian beyond this packaging team

Usertag bugs

As the Debian BTS is package centric, when you report a bug, only the package maintainers will be made of aware of this bug. However, if you've found a privacy issue in a software not maintained by the privacy team, you can make us aware of it by usertagging a bug for us.

By email

Basically, you would send an email to control@bugs.debian.org with the following content:

user pkg-privacy-team@lists.alioth.debian.org
usertags #123456 + privacy
thanks

where "123456" is your bug number, and "privacy" the tag you want to add to the bug.

There can be multiple lines with different usertags in such an email.

Delete a usertag like this:

user pkg-privacy-team@lists.alioth.debian.org
usertags #123456 - privacy
thanks

This would delete the tag "privacy" on bug number #123456

Using the CLI

The bts command is provided by the devscripts package.

bts user pkg-privacy-team@lists.alioth.debian.org . usertags #123456 + privacy-

where "123456" is your bug number, and "privacy" the tag you want to add to the bug.

Tag packages

It is not part of our team's work, but we are interested in maintaining a list of privacy-related packages in Debian as well as in providing information to users who install packages about the privacy status of packages.

Debtags

On Debtags it is possible to tag packages related to privacy (use tag Security::privacy) and also to tag packages that do *not* respect user's privacy (use tags Privacy::).

The current list of tags relies on a list introduced by F-Droid ♡ that we adapted to our use case:

Facet: privacy
Description: Privacy issues or anti-features
 See https://f-droid.org/wiki/page/Antifeatures

Tag: privacy::no-known-issues
Description: No known issues
 The package has been checked and no known privacy issues or
anti-features were
 found

Tag: privacy::ads
Description: Advertisement
 The software contains advertising

Tag: privacy::tracking
Description: Tracking
 The software tracks and/or reports your activity to somewhere, either
 without your permission, or by default (i.e. you’d have to actively
disable it)

Tag: privacy::network-traffic
Description: Network traffic
 The software reveals information about the user activity by accessing
assets
 or other information over the network without asking for the user's
permission

Tag: privacy::non-free-service
Description: Non-free Network Services
 The software promotes or depends entirely on a non-Free network service

Tag: privacy::non-free-addons
Description: Non free Addons
 The software promotes other non-Free apps or plugins

Tag: privacy::deprecated-crypto
Description: Deprecated crypto
 The software needs deprecated, known to be insecure, cryptographical
 algorithms and protocols

We are looking for volunteers to implement showing these tags in apt and Gnome Software Center.

Information about Privacy Issues

We've created a page to collect all sorts of privacy issues with software in Debian. Please help to expand this page so that other users might check a software's privacy status. Thanks!