[Dev] Blacklist zeitgeist in your-privacy-blacklist

Tue May 23 01:34:59 GMT 2017

To me, the line is drawn when the system starts recording what files you 
open, or have opened, and at what time. I'd prefer it didn't do that.

Programs are next on the list. I'd rather the system didn't record which 
programs were opened when.

These kind of things create treasure troves of data, which if accessed 
can be easily used in digital forensics, or, snooping.

It is the same reason why ISPs shouldn't record, or be forced to record 
which websites you visit and when. The security services, like from 
which prism originated, would love access to this kind of data, and so 
probably would many black hat hackers and commercial companies.

In the UK, we have something called the Data Protection Act, which says 
that data held is supposed to be relevant if it is to be held on 
somebody. Of course, the UK now is effectively a surveillance state, but 
the principle still stands; there should be a good justification for 
holding and recording data like this.

One could of course argue that the metadata collected is at least 
partially relevant. But I consider the disadvantages (to privacy and 
security) to outweigh the possible advantages by far, in this instance.

I think privacy is about not leaving paper trails as much as it is about 
anything else. Otherwise, you would have to ensure the system was 100% 
secure to avoid the risk of the papers being taken any time in the 
future. And 100% security simply does not exist. Especially in complex 
systems.

Far better not to collect and hold that sort of data in the first place 
than to end up a cropper later on.

Not that I have anything to 'hide' or 'fear': I simply value my privacy 
and right to a private life.

Finally, if parabola's nonprism is about solely shunning packages that 
exfiltrate information to third parties, then perhaps we can also 
discuss a anti-logging version of parabola and/or parabola package which 
universally disables these almost unnecessary log(s)?

P.S.

I would also advise that you check to see if the directory 
~/.local/share/zeitgeist exists, as I wasn't explicitly 'asked' about 
the package either, and it seemed to exist on my system.

Thanks,

Josh

On 23/05/17 01:53, Isaac David wrote:
> Josh Branning wrote:
>> It basically keeps a log of all of the users actions in the form of an
>> sqllite3 database.
>
> where do you draw the line between this kind of desktop log and the
> plethora of traditional-ish system logs? should we also blacklist
> journaling filesystems? storing useful information is something that
> lots of programs are expected to do.
>
> I sense a misunderstanding in the purpose of `your-privacy`. afaict,
> `your-privacy` is designed to shun packages that exfiltrate
> information to third parties (internet companies for example), but
> zeitgeist only makes the information it collects locally-available
> (correct me if I'm wrong, I don't use it myself).
>
>> Deleting the package can cause problems for gnome-desktop users
>> though,...
>>
>> ...It is worth noting that this affects all gnome desktops, and ubuntu
>> and it's derivatives.
>
> I don't think so. I'm a GNOME user and I have never been asked to
> install zeitgeist. I think this could be a problem for other
> GNOME-based desktops though. I'm thinking of Elementary and Unity.
>