[Dev] Plans for nonprism [was neutered geoclue]

Freemor freemor at freemor.ca
Mon Dec 16 02:23:07 GMT 2019


I'm seriously considering re-doing nonprism for the following reasons.

1.) Too many packages in there are solely there to remove geoclue2 support. much better to just patch geoclue (see nonprism-testing)
Patching geoclue vs trying to keep on top of the many bits seems a much saner approach.

2.) The name nonprism tho probably trendy at the time may promise more then it delivers. I think it'd be better to rebrand it to Privacy Enhanced or something similar
for me the nonprism moniker promises too much and may lead people to a false sense of security. Which is a bad thing. Prism is far to expansive for a distro to
be able to protect a user from. Where "Enhanced Privacy" we stand a hope of delivering.

3.) Several of the packages have been rolling forward without much real attention paid to new features/protocols/etc that may have bee added that will
effect privacy. So a comprehensive look at each package is most likely in order.

My Plan. when time permits (most likely in the new year) is to:

1.) Move nonprism-testing to privacy-enhanced (or something similar but shorter
2.) Keep the patched geoclue2 in there and do more work on it to be sure its returning "location unavailable"
3.) move the nonprisn packages that are patched for reasons other then geoclue into the new repo
4.) Update and take a serious look at those packages as they are moved over and apply any further patches
5.) Get Feedback from testers on all this work.
6.) Write a PrivacyEnhanced_README.txt that explains the intent of the repo and probably also a wiki wntry
7.) When all is sane create a migration path, make Privacy-enhanced live (add it to the pacman.conf (commented out)
8.) Remove nonprism.

Hopefully this will: Create more realistic expectattions, lower the maintenance load, Stop breaking gnome and all browsers that depend on webkit2gtk, etc.

In order to even come close to "nonprism" we'd have to so drastically alter the system so as to make it foreign to most users. No JS. Many websites/services blocked at a system level (not pre application),
Most likely all traffic through Tor or other anonymizing services. We'd have to block anything bound for any AWS EC, any Google owned thing, any Microsoft thing, Probably many others. As I said above "nonprism"
is an unrealistic goal for a distro and clearly something that falls into the personal responsibility bucket. I'd hate for people to be thinking that by enabling a nonprism repo they were suddenly somehow
shielded from all the 5 eyes prying.


Input is of course welcomed.
Freemor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20191215/f9035a36/attachment.sig>


More information about the Dev mailing list