Package: gajim Version: 0.16-1 Severity: important At least on first startup, gajim phones home to ftp.gajim.org without asking for user consent. This is a little bit frightening, because the first thought of the innocent user is: Will it upload my ~/.gnupg/ and ~/.ssh/ directories?
Even if not uploading sensitive data, gajim is committing a privacy violation here: The administrators of the ftp.gajim.org server and iliad and French authorities can see that a certain IP is trying to use gajim in version 0.16. It seems, that it does phoning home for a bad reason, too: It seems to look for software updates and/or plugins. On Debian systems, software updates and plugins are not subject to a specific package, but should be handled by apt instead. Workaround: Before ever running gajim, put the following line into your /etc/hosts: 127.0.0.1 ftp.gajim.org
