* Helge Kreutzmann ([EMAIL PROTECTED]) wrote: > Hello Eric, > On Sun, Jul 22, 2007 at 07:54:17PM -0400, Eric Dorland wrote: > > severity 398166 wishlist > > User privacy is a wishlist item? Does Debian no longer care?
You're not talking to Debian, you're talking to me, Eric Dorland, Debian Developer. Pleased to meet you. Now, I am concerned about privacy. I'm mostly concerned about features that send out information without being able to disable that feature or things that reveal information more sensitive than your IP address. This feature fails to do either, it is easy to disable (just remove the live bookmark) and all it does is send a HTTP request to the people who developed the browser you're using (whom you already trust to a great extent since you're running the webbrowser they wrote, or have you done a complete code audit of their codebase?). Do you check the source of every page you look at before viewing it? Because they could contain embedded images that violate your privacy in exactly the same way. And if I disable this for privacy reasons, I'll need to disable the phishing black too. And the find box suggest feature (Google could steal what you type!). And extension cause they can do pretty much whatever they want to your system. Now I've disabled a bunch of useful features that 99% of users will just reenable and curse my name while doing it. It doesn't seem like a good tradeoff. You're free to appeal to the rest of the project, but I'm confident the rest of the project will feel I'm being reasonable. > > tags 398166 wontfix > > Then this should be prominently displayed, so users can take the > choice before installing iceweasel. > > > > b) There is a "latest headlines" button, under which several links are > > > listed (and which had to be retrieved from the web) > > > > I really think this is a non-issue for most users. There are various > > bits in Icewesel that by default connect to the Internet. You are > > perfectly free to turn all of these off if you like. > > Please provide guidance on how to achieve this, and turn off those > features by default. (Alternativly, ask some question during install). Probably remove all Live Bookmarks, disable the Suspicious sites feature in the preferences, and disable the search suggestion feature (I'm not sure how to do this offhand, I'm sure there's a configuration option in about:config). If you'd like to write a document about disabling any features that call out without user action I'll consider adding it to the README.Debian. > > > No other browser I know in Debian (lynx, konqueror, chimera2, ...) > > > access the web without requests by users. I think this is quit a > > > privacy issue, as users should not expect that a browser without URL > > > already starts accessing the web. If you think this is sensible, that > > > at least provide a system wide option to turn it off (and make it off > > > by default, maybe asking a debconf question on installation). > > > > > > This (new) user account is not intended for (unfiltered) web access, and > > > I was suprised (in a bad way) that firefox violates this by default. I > > > personally belive that Debian honors users privacy and security (by > > > default) and therefor Debians Firefox should do the same (IMHO). Or at > > > least a big warning should be issued. > > > > > > Please not that this problem is not specific to a "non-browser" user, > > > in some countries accessing certain of the sites below "latest > > > headlines" may already be problematic, or the user might want to > > > configure e.g. a privacy enhaning daemon to prevent unfiltered access > > > (e.g. to satisfy regulatory requirements). > > These points remain valid. > > Greetings > > Helge -- Eric Dorland <[EMAIL PROTECTED]> ICQ: #61138586, Jabber: [EMAIL PROTECTED] 1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6
signature.asc
Description: Digital signature
