-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 18/05/16 18:54, Holger Levsen wrote: > On Wed, May 18, 2016 at 06:33:52PM +0200, Jakub Wilk wrote: >> Could you explain how any of these tools leak any information >> "without a user's consent/expectation"? > > gnome-calculator contacts a web page/service with currency > exchange information *on every start*, I think that's a good > example of the kind of programs Patrick is looking for. > >
I am running Debian on Qubes OS, I use gnome-calculator on a vault domain (a VM without any network device) because I though it does not need Internet or data/files from another domain. So without any knowledge I was protecting myself from this privacy leak... Maybe Debian should adopt a strong policy about what packages should have Internet access and what does not... All packages not supposed to have Internet access will be blocked by firewall or a similar approach (probably some kind of whitelist). Then, the privacy leak surface will be very small and easy to audit. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXPsweAAoJEBQTENjj7Qil9oUQALTcpe+hrqSccXeqTGSieIEs Lf6pHoVSNU6grzvIs4YTxKPhTbzq/ZBohmBhps1FLJbeeDHNtZisxVOwj0lcTKpZ 835QmWZ0+fOXgwbh6V6UqwCjraKj9g7236RhfXmob//ejKhrZHfKoYfYl1KzO6nx /Q9sMj7XoKL1tFItyWX6Edq9BqIvPZwmsrGLmOaTkPtWRI1GWFFgOjYwLv9vjUBY z+AwX8eEGG7DUvfYMqez1HkEvDhcxnxw0wS+Yn0aQL33jhS1beoh4lI1GXcLbm8F 3gny5ZizMiA4lmaRC+HPUOW6bcEeNEemH8zumQNu3A3CxStW62s6rSaf9C9WK++G TRwtP43gN6OlM6GZM4jssYk7GD4chjmbb74LujQWuuHSMyxED6MOhUH2RyMTHl1y gPx2x6XGyByyu8s/DcbuJzjhQ16Xy64GIx1/uOb03HuxnHRrM5astHM0FqF4kWW4 JrzXU5jMzm7/a2Fqz3MZBZsBgUAZTql+LerkZG8WIrIJing1ocnDQvo/bYS/yL7G LN4h2Iojsq/NE3mIZbpRsP/60nRyFagRjNDWAL3HrZ8h9dLRec4NrsGisGB7NqDc ypOHEwPrZ25Ha2w5hGBz1LPH0tNvK1KNX9IWbYFABPm8qIQ9uNB7R+Eej+WyRdVQ CoSqJxhqugd/FlFFL74/ =OPRB -----END PGP SIGNATURE-----
