Am 2016-05-20 um 10:34 schrieb donoban:
I am running Debian on Qubes OS, I use gnome-calculator on a vault domain (a VM without any network device) because I though it does not need Internet or data/files from another domain. So without any knowledge I was protecting myself from this privacy leak... Maybe Debian should adopt a strong policy about what packages should have Internet access and what does not... All packages not supposed to have Internet access will be blocked by firewall or a similar approach (probably some kind of whitelist).
Well, in order to block network access for individual apps you would need something like SELinux. However I do not know abouot the availability of security profiles for all such apps, neither do I know about a convenient tool to browse such profiles f.i. in order to see whehther a given app is allowed to access the network.