ALL software that reports back to its authors (phones home) can place users in certain categories in physical danger. Here's an example: UbuntuStudio or any other Linux media distro is likely to be used by social activists media makers like myself.
Suppose while you are uploading a video about police brutality via Torbrowser the package updater contacts the Ubuntu repos. Let's also assume the same computer has ever been used with the same operating system to run a Facebook account. Data from Facebook might give police enough information about the computer to connect the access to Ubuntu's servers plus the timestamp to the time the post was sent plus the IP address the computer was connecting from. Since the computer could not have been in two places at one time, this timing attack defeats Tor and identifies the poster. Even worse, the timestamp and IP address from the Ubuntu server may be enough for a direct "confirmation attack" against Tor itself to directly trace the packets from source to destination. Examination of security camera footage may then identify the poster himself for arrest or worse. To secure that situation would require that the poster either use the computer for nothing else and certainly never commerical social networking sites, find and disable every last "phone home" option, or preferably both. One thing we do not have in any Linux distro I have tried is a privacy/security manager that will show a user in one place every possible program that phones home and enable or disable all of these options from a single place. On 7/10/2015 at 5:33 AM, "Ralf Mardorf" <ralf.mard...@alice-dsl.net> wrote: > >You might be interested in a discussion about Linux spyware, so I >opened a thread in an open mailing list. IOW you don't need to be >subscribed to send to this list and could read replies using the >list's archive. > >The thread starts with: > >How wide spread is Linux spyware? >http://lists.alioth.debian.org/pipermail/d-community-offtopic/2015- >July/000939.html > > >This is the list: > >About D-community-offtopic >English (USA) > >This list is meant to strengthen the community around Debian by >providing a place for both users and developers to talk about >non-technical stuff (but technical stuff is not prohibited). >http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/d- >community-offtopic > > >Regards, >Ralf > >PS: Send to Ubuntu Studio users, Ubuntu Studio devel, Xubuntu >users and >perhaps Bcc to one ore the other. > >-- >ubuntu-studio-devel mailing list >ubuntu-studio-devel@lists.ubuntu.com >Modify settings or unsubscribe at: >https://lists.ubuntu.com/mailman/listinfo/ubuntu-studio-devel -- ubuntu-studio-devel mailing list ubuntu-studio-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-studio-devel
