[Dev] Blacklist zeitgeist in your-privacy-blacklist
Josh Branning
lovell.joshyyy at gmail.com
Tue May 23 01:34:59 GMT 2017
To me, the line is drawn when the system starts recording what files you
open, or have opened, and at what time. I'd prefer it didn't do that.
Programs are next on the list. I'd rather the system didn't record which
programs were opened when.
These kind of things create treasure troves of data, which if accessed
can be easily used in digital forensics, or, snooping.
It is the same reason why ISPs shouldn't record, or be forced to record
which websites you visit and when. The security services, like from
which prism originated, would love access to this kind of data, and so
probably would many black hat hackers and commercial companies.
In the UK, we have something called the Data Protection Act, which says
that data held is supposed to be relevant if it is to be held on
somebody. Of course, the UK now is effectively a surveillance state, but
the principle still stands; there should be a good justification for
holding and recording data like this.
One could of course argue that the metadata collected is at least
partially relevant. But I consider the disadvantages (to privacy and
security) to outweigh the possible advantages by far, in this instance.
I think privacy is about not leaving paper trails as much as it is about
anything else. Otherwise, you would have to ensure the system was 100%
secure to avoid the risk of the papers being taken any time in the
future. And 100% security simply does not exist. Especially in complex
systems.
Far better not to collect and hold that sort of data in the first place
than to end up a cropper later on.
Not that I have anything to 'hide' or 'fear': I simply value my privacy
and right to a private life.
Finally, if parabola's nonprism is about solely shunning packages that
exfiltrate information to third parties, then perhaps we can also
discuss a anti-logging version of parabola and/or parabola package which
universally disables these almost unnecessary log(s)?
P.S.
I would also advise that you check to see if the directory
~/.local/share/zeitgeist exists, as I wasn't explicitly 'asked' about
the package either, and it seemed to exist on my system.
Thanks,
Josh
On 23/05/17 01:53, Isaac David wrote:
> Josh Branning wrote:
>> It basically keeps a log of all of the users actions in the form of an
>> sqllite3 database.
>
> where do you draw the line between this kind of desktop log and the
> plethora of traditional-ish system logs? should we also blacklist
> journaling filesystems? storing useful information is something that
> lots of programs are expected to do.
>
> I sense a misunderstanding in the purpose of `your-privacy`. afaict,
> `your-privacy` is designed to shun packages that exfiltrate
> information to third parties (internet companies for example), but
> zeitgeist only makes the information it collects locally-available
> (correct me if I'm wrong, I don't use it myself).
>
>> Deleting the package can cause problems for gnome-desktop users
>> though,...
>>
>> ...It is worth noting that this affects all gnome desktops, and ubuntu
>> and it's derivatives.
>
> I don't think so. I'm a GNOME user and I have never been asked to
> install zeitgeist. I think this could be a problem for other
> GNOME-based desktops though. I'm thinking of Elementary and Unity.
>
More information about the Dev
mailing list