Package: geoclue-2.0 Version: 2.5.6-1 Severity: serious The geoclue package collects SSIDs in the neighborhood and sends them to Mozilla location services.
The SSID of an adhoc network (which for instance is set up for tethering via a mobile phone) is personally identifiable information. Sending this information about a third person without his or her explicit consent to another party especially one outside of the European Union is in breach of the German law Datenschutz-Grundverordnung which is the German implementation of the European General Data Protection Regulation (GDPR). The easiest remedy would be to remove the package from the repository until it is fixed upstream to be compliant. Cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924516 src/gclue-config.c:219: #define DEFAULT_WIFI_URL "https://location.services.mozilla.com/v1/geolocate?key="; MOZILLA_API_KEY #define DEFAULT_WIFI_SUBMIT_URL "https://location.services.mozilla.com/v1/submit?key="; MOZILLA_API_KEY Best regards Heinrich Schuchardt
