This is a not a completely technical discussion but I think it helps to get a clear picture and ultimately one can know (or atleast try to know) which companies/individuals may gather personal data and then one can make decisions accordingly.
(I have listed a hardware or software and the next line contains the possibility of how the company/individual can get data from the internet user) One can add their opinions and other hardware and software which is not in the list below. Hardware list:- 1. Device manufacturer (device which one uses to connect to the internet) Device manufacturer firmware 2. Manufacturer of specific hardware within the device such as Motherboard, BIOS, RAM, Hard Disk, CPU, GPU etc. Hard disk firmware, BIOS firmware Not sure: CPU firmware? GPU firmware? RAM firmware/backdoor? or other parts such as Video card, Sound Card etc. Motherboard is just a circuit board for connecting other hardware components. So I think it can't have a backdoor. Correct me if wrong. 3. Manufacturer of input devices such as microphone, keyboard, mouse etc. Input device firmware 4. Manufacturer of output devices such as printer, speakers, etc. As long as these devices can only recieve output but can't send input to the device, there should not be a backdoor. 5. Manufacturer of input and output devices such as usb drives, media card readers etc. Removable drive firmware 6. GPS technology Not sure? 7. The internet service provider Based on their terms/privacy policy Software list:- 1. Operating system OS telemetry 2. Applications Applications which have backdoor etc. 3. Browser and addons Personal identification data sent to the developer of the browser and addons 4. Internet authorities such as: - Internet Assigned Numbers Authority (IANA) https://www.iana.org - Internet Corporation for Assigned Names and Numbers (ICANN) https://www.icann.org - Internet Architecture Board (IAB) https://www.iab.org - Internet Engineering Task Force (IETF) https://www.ietf.org - American Registry for Internet Numbers (ARIN) https://www.arin.net The above authorities are only for IP address allocation, evolution/support of internet, etc. They don't gather personal data as per their privacy policy. - TLS/SSL certificate authorities Not sure whether they can get any personal data. - Any other internet or internet protocol authorities? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk