* Paul Wise <p...@debian.org>, 2015-07-06, 14:10:
#786909 was absolutely not acceptable, and was treated as such. Social
contract #1 remains in effect and will continue to do so in spite of
day to day bugs that violate its spirit.
It might be interesting to think about ways we can automatically
discover such problems in future.
lintian has privacy checks but this kind of problem doesn't seem
statically detectable to me.
Perhaps we could run everything in $PATH in virtual machines and log
all network beyond localhost.
So I made this experiment with Iceweasel. These are the requests it
makes with a fresh profile, before you even type an URL:
POST https://location.services.mozilla.com/v1/country?key=no-mozilla-api-key
GET http://www.ebay.com/favicon.ico
GET http://en.wikipedia.org/favicon.ico
GET http://www.yahoo.com/favicon.ico
GET http://www.google.com/favicon.ico
GET http://www.amazon.com/favicon.ico
GET http://www.yahoo.com/favicon.ico
GET https://tiles.services.mozilla.com/v2/links/fetch/en-US
GET http://www.yahoo.com/favicon.ico
GET https://en.wikipedia.org/favicon.ico
GET https://en.wikipedia.org/favicon.ico
GET https://www.yahoo.com/favicon.ico
GET
https://tiles.cdn.mozilla.net/desktop/PL/en-US.dd461b9cdf65d101f61b5dddac1ce4996e8d91ca.json
GET https://en.wikipedia.org/favicon.ico
POST
https://safebrowsing.google.com/safebrowsing/downloads?client=Iceweasel&appver=38.1.0&pver=2.2&key=no-google-api-key
+ a few dozens of GET requests to https://safebrowsing.google.com/
So nothing serious here. It's just casually violating your privacy.
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150714230628.ga7...@jwilk.net
