Package: gnome Severity: normal gnome-software depends on fwupd which triggers web requests containing "client user-agent, IP address, timestamp, OS distribution name and OS version to fwupd.org upon each firmware downloading process (or checking for firmware updates manually by the user)" without the knowledge of the user. The metadata is downloaded from a CDN hosted by amazon.
https://fosspost.org/analytics/privacy-security-concern-regarding-gnome-software Please follow the suggestions of above article: "We believe the following should be taken into consideration to solve the issues above: GNOME Software should detach fwupd as a dependency. Because if fwupd package is installed, it will auto-check for updates in the background (fwupd daemon will autostart after boot) and it will send the data to fwupd.org automatically. GNOME Software should disable the service of using fwupd.org for firmware updates by default. Users wishing to subscribe to such service should opt-in their selves. Upon activation of fwupd service, a privacy policy dialog should be displayed telling users about what’s going to be collected and why." Thanks!
