On Sat, Mar 09, 2019 at 11:01:43AM -0500, Hendrik Boom wrote:
> On Sat, Mar 09, 2019 at 02:34:28AM -0600, goli...@dyne.org wrote:
> > Oh, my . . . how fast and how hard Debian has fallen . .  I am all for
> > shining light into dark, dank places.  What a terrific idea to track
> > down all the offending packages that are "leaking" information and then
> > publish an ongoing list of them and how they "phone home".
> 
> Good idea.  Just like the evil bit. https://www.ietf.org/rfc/rfc3514.txt

The evil bit is impossible only if you don't have means of controlling the
software.  A distribution, and the user, can check and/or alter every bit of
code that's running.

The vast majority of phone home functionality in question has no malicious
_intent_, even if consequences may be dire.  For example:

* clementine, a music player -- sends info about every song you play, even
  local, to 20+ servers to get lyrics, "last.fm scrobbler" (whatever that
  is), etc.  The intent is to have a feature some users may want, enabled by
  default.  Consequences: copyright mafia getting you for piracy, marketing
  mafia knowing your music preferences, possibly government mafia if instead
  of music you listen to dissident podcasts.

* systemd-networkd falls back to 8.8.8.8 if there's no configured DNS resolver
  (usually due to tempfail).  Intent: even with misconfiguration, "the
  Internet" works.  Consequences: every single your network requests gets
  sent to world's second most nosy company, which has extensive
  infrastructure for cross-matching this kind of data.  Extra fun if you're
  working in a secret government group of a country not liked by the US --
  or a competitor to Google, or, ...

There's very few cases where I suspect ill intent:

* chromium saves the URL and referer of every file you download hidden as
  an user namespace xattr (so methods known to the vast majority of
  sysadmins and even filesystem engineers won't find that)
* chromium sends /etc/machine-id as "Cloud something Enrollment Token"

The latter is golden, and can fool a casual reviewer:
  // The client ID is derived from /etc/machine-id
  // (https://www.freedesktop.org/software/systemd/man/machine-id.html). As per
  // guidelines, this ID must not be transmitted outside of the machine, which
  // is why we hash it first and then encode it in base64 before transmitting
  // it.
So how exactly a 160-bit hash of a 128-bit random value (ie, having no
structured data inside beside being unique) would help?  At this point, we
face either stupidity or malice, but I wouldn't insult Googlers by accusing
them of incompetence.  And that means...


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋⠀ Have you accepted Khorne as your lord and saviour?
⠈⠳⣄⠀⠀⠀⠀
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Reply via email to