Originally posted by discordian
View Post
Announcement
Collapse
No announcement yet.
Debian 12 "Bookworm" Installer Alpha 1 Released
Collapse
X
-
-
Originally posted by nist View PostMaybe Debian has the less amount of spywares included in its products by default: geoclue should be the only. Others are features of applications. For instance, Network Manager has the feature "connectivity-check" (it's also a spyware without any doubt).
Comment
-
-
Originally posted by mxan View Post
Your package manager is also "spyware" by that logic. You run `apt update && apt upgrade` and now Debian has your IP address and a list of all the packages on your system! ZOMG!
Don't talk about Debian, because other famous distros do worst. I know. I know what I'm saying.
Comment
-
Originally posted by ATLief View Post
Official releases (including alphas and betas of the installer) are almost always better than the installer generated automatically (which I used). Even if there wasn't any QC/testing on the release, formal releases have components that are probably all in the same development stage.
Comment
-
Originally posted by nist View PostMaybe Debian has the less amount of spywares included in its products by default: geoclue should be the only. Others are features of applications. For instance, Network Manager has the feature "connectivity-check" (it's also a spyware without any doubt).
What's even worse, there is no disclosure or warning that a peace of code in your host facilitating such functionality.
As a matter of a standard practice, not even a part of separate effort to harden Debian based hosts, we routinely disable geoclue.service as a part of the OS install.
One more important note, 'geoclue' is a code that makes it's way in to Debian through Gnome environment, and something to be addressed with a Gnome foundation directly. (has been done, to no avail).
Debian distro with out the Gnome (a typical instance with a primary purpose to run as a server) does NOT come with geoclue.service present on the system.
Comment
-
Originally posted by mxan View Post
Your package manager is also "spyware" by that logic. You run `apt update && apt upgrade` and now Debian has your IP address and a list of all the packages on your system! ZOMG!
When geoclue.service sends network request to the 3ed parties servers (mozilla for example), it does it in the background, with out disclosing, asking, warning, giving any options to the user!
And that is very much consistent with a type of behavior exhibited by the software commonly viewed as a spyware.
While the intent and the purpose of the geoclue.service is know and understood, network activity resulted from geoclue.service is absolutely can be leveraged as an attack vector.
Coupled with it's stealthy (to the local host user(s) on a desktop type PC with Gnome UI ) presence WITH OUT any control mechanism with in the Gnome UI... is a very legitimate concern.
For users, who have a reasons to believe they might be a target of the state sponsored surveillance - journalist, activists, people with a sensitive national security related jobs, Gnome desktop contain software components that bluntly disregard users privacy, something that most users of for the most part safe and secure operating systems like Debian would not expect to be the case.
So, disregarding comment of who might be insane or not, security and privacy is very legitimate concern and a good cause for a public conversation. A polite and respectful conversation I hope.
Comment
Comment