I don't know if many packages have them, but there is a privacy:: debtag that for potential privacy concerns and other anti-features. Synaptic should be able to show them.
On May 21, 2019 9:16:53 AM EDT, npdflr <npd...@zoho.com> wrote: >Hi, > >Would you recommend me or debian users to go through privacy policy for >the default packages/softwares installed in Debian images/iso files. > > > >An example would be the firefox-esr that has data collection >policy: https://wiki.mozilla.org/Firefox/Data_Collection > >The default is off for Web activity data and Highly Sensitive data so >it should not be a problem. > > > >But for other default packages should I go through their privacy >policies? > > >Note: As for the packages installed manually by the user (not default >packages), it would be the user's responsibity to make sure that they >don't send any sensitive data. > > > >Also, what ways can one check the privacy policy of the packages >installed (by default or manually installed)? > >- One way would be to open Synaptic Package Manager (for the packages >installed from the repositories listed in sources.list), check for >homepage (if there) for every package installed and then read the >privacy policy on that homepage. > >- For the packages downloaded from elsewhere, I think the user would >have to check the source/homepage etc for its privacy policy. > > >Thank you. > > > > > >---- On Wed, 27 Feb 2019 13:02:28 -0800 Joerg Jaspert ><jo...@debian.org> wrote ---- > > > >On 15326 March 1977, mailto:npd...@zoho.com wrote: > >> I am posting an excerpt from the 'Data privacy' page >> (https://www.debian.org/legal/privacy): > >> Service related logging > >> In addition to the explicitly listed services above the Debian >> infrastructure logs details about system accesses for the purposes of > >> ensuring service availability and reliability, and to enable >debugging >> and diagnosis of issues when they arise. This logging includes >details >> of mails sent/received through Debian infrastructure, web page access > >> requests sent to Debian infrastructure, and login information for >> Debian systems (such as SSH logins to project machines). None of this > >> information is used for any purposes other than operational >> requirements and it is only stored for 15 days in the case of web >> server logs, 10 days in the case of mail log and 4 weeks in the case >> of authentication/ssh logs. > >> a) Does 'system' and 'Debian systems' in the above excerpt mean an >> installation of Debian OS? > >No. It means a system installed and run by Debian admins providing a >service. Like the machine handling this list, or a machine handling a >webserver for www.debian.org. > >> b) I am assuming that 'Debian infrastructure' means the 'Debian >> Security Infrastructure' >> (https://www.debian.org/doc/manuals/securing-debian-howto/ch7) which >> is used to handle security in the stable distribution. Please correct > >> me, if wrong. > >No, it means the whole infrastructure. We have many machines. > >> c) Details regarding non-personally identifiable data: Does Debian >> (Debian.org) collect any kind of 'telemetry' or 'monitoring data' >> other than required for operational requirements? I am asking this as > >> from a company's or business point of view: one is concerned about >> intellectual property, company data etc. > >As written, no we do not. > >> d) (This is related to the above point) Does the statement in the >> above excerpt "This logging includes details..... login >information >> for Debian systems" mean that Debian stores username and passwords of > >> users? In my case: A local login not a network based login. > >Not in the sense you read into it, no. We do not, in any way, collect >users data of systems installed with Debian[1]. The above is for >machines >running "inside" the debian.org domain and affects Debian Developers, >not any user who just happens to install Debian. > > >[1] There is one tool named popcon. That does actually send data our >way. That is opt-in and you can find more information at >https://popcon.debian.org/ >
