Gee! These Aren't Roasted!
On learning to set date/time w/out npt, I stumbled into the issue of ssl certs. Technically astute can smile.
So in advanced tabs of firefox, I find a long list of certs from banks w/ verbage that seems like it was part of the orig. install. WhyTF would these be there? Are they part of orig. install? Why? Paid inclusions?
Just Give Me the Beans!
Thanks heaps for the fantastic post.
My position on the paranoid<->convenience scale is that I'm quite happy for 'MY' computer to log things, such as conversations, files opened, etc. It's my computer after all and no one uses it but me. However, because it's completely opaque when, how and by what process this data is being used I start to get fearful.
I certainly DO NOT want this private identifiable info being transmitted over a network!
What I'd really like is for developers to implement some low down privacy framework similar to android's "This application wants to access..." but better, in that it should allow fine grained selection: "Yes Google Search, I don't mind you knowing which state I'm located in but No you can't have access to my recent files list."
The other day I was at the fruit and veg shop and I wanted to scan a 'QR' code. However, the first 5 apps I went to download on my android all wanted full access my contacts! "What! Why?" I thought "I just want to know what this code on this tomato means not send that info to all my friends!"
Finally I found one that didn't need to access my contacts and used that. Of course I later discovered that what the first 5 apps were probably wanting was the ability to 'let me' send QR business cards. So nothing sinister really but because no REASONS were given I had to either COMPLETELY trust the makers of the app or NOT AT ALL.
I'd be really happy if I could install a program on ubuntu and disable it's access to a bunch of things that I don't understand why it needs and when I discovered what parts of it don't work because it doesn't have the information it needs, THEN and ONLY THEN grant it access.
I'm sure this is possible, it's what modular programming is for right?
The Linux filesystem standard has done this sort of thing wonderfully for years. Think about it, what can you do with a file? You can READ it, you can EXECUTE/RUN it, and you can WRITE/ERASE it. The filesystem give us these permission options separately for the OWNER of the file, the Super Owner/administrator/ROOT, and for OTHERS, everybody else.
Since a program runs with the same permissions as whoever ran it that means that when you run a program that program is allowed to access any of the files you are! It's like giving a robot the keys to your office, home, car and safe. Do you fully trust who built the robot?
The good news is that with open source software ANYONE can look at how the robot is built and what it's programmed to do, so if it's an *Evil Robot* hopefully someone will notice.
But I'd still feel better if I could choose WHICH rooms I let the robot into.
---
It's all about NOT assuming we know what other want.
First Cup of Ubuntu
Re: Disabling privacy-invasive Zeitgeist, Geoclue, Whoopsie (and NTPD)
Other than NTPD is any of the other softwares necessary for an ubuntu server ?
First Cup of Ubuntu
Re: Disabling privacy-invasive Zeitgeist, Geoclue, Whoopsie (and NTPD)
Thank you very much for your post!
I downloaded the File "indicator-datetime_0.3.94.0.1.zip" and it has a different checksum (sha1sum: da39a3ee5e6b4b0d3255bfef95601890afd80709). That is why i did not complete the last steps. I am very new to Ubuntu and Terminal and i am no native english speaker. Maybe you can upload the original File for me and others in a post?Originally Posted by besouro
Btw, i am trying out Linux because i care about privacy and read Linux would be the most privacy friendly system. It is sad that Ubuntu is also establishing connections in the background without asking. At least they could give you a choice. I do not think the most people do not care. I think the most people accept it because they do not know about the dimensions of data different companies are collecting or about the possible abuses coming with it. Maybe they simply think there was no other way or they just do not care. If Ubuntu was asking me if it could connect to this or that server for this and that reason i probably would allow it. But it seems to become as a matter of course to collect data of us and our behavior without any transparency or moderation, just with a hidden link to some instructable privacy policy.
If software is sending data off a computer or a device it should ask the owner before. The question is not if the data is useful or not, the question is why should i trust in a system, which is using my line without asking me? Without letting me know even?
(i.e. Maybe i feel secure by surfing the web via VPN in a open W-Lan Hotspot with many other strangers and than Linux is connecting to its servers, letting possible cracker know which system and what software i am using, maybe other information's i do not even know about.)
Under OS X the snake oil "little snitch" gave me at least the feeling i had the control over outgoing connections. I never caught the system or any software connecting to the internet without "litte snitch" were asking my before if i want to allow it or not. And nearly every software is using the internet without asking. Is there a tool like that for Linux? I know it will not help against real spyware or hackers but it was helping me by controlling outgoing connections.
5 Cups of Ubuntu
It seems that removing Geoclue will break google chrome (on Arch), here:
'I have geoclue required by libwebkit, so if it's not directly from chrome, you won't be able to use chrome without it (but AUR might have a patched version)'
from:
http://bbs.archbang.org/viewtopic.php?id=3455
First Cup of Ubuntu
Okay, so I didn't go quite this far, but after a lot of reading, I did write a little script to get rid of zeitgeist and whoopsie, harden the OS against external attack, make sure we aren't allowed to do IP forwarding and restrict access to the geo-ip servers that sit behind geoip.ubuntu.com (mulberry.canonical.com and mistletoe.canonical.com). You can see what I did here and why: http://foxtrot7security.blogspot.com...ivacy-and.html
And you can pickup the script at:
http://code.google.com/p/pangolin-lockdown-utility/
First Cup of Ubuntu
Here's the obscure automatic connections guide i made (because it's so big, i thought it would be better to start a new thread):
http://ubuntuforums.org/showthread.php?t=2144464
First Cup of Ubuntu
Re: Disabling privacy-invasive Zeitgeist, Geoclue, Whoopsie (and NTPD)
While I don't subscribe to the OP's assumption that Ubuntu phoning home automatically equals a concerted effort to track our computer use... I am very concerned about how Ubuntu 12.04 works, to the point of having to not use it.
I've run through pretty much all the possible means of removing/disabling things like ntpdate, zeitgeist, whoopsie, apport, ubuntuone and geoclue (the method on this post doesn't keep the clock now but can still remove execute permissions).
However, even after disabling auto-update, on every boot it keeps trying to connect to the repositories. Maybe the traffic is harmless, I'm not experienced in things like reading through packets to check, perhaps it's encrypted/encoded anyway but that's not the point.
Whatever your angle or approach to security, performance and privacy, the common assumption seems to be that Linux is secure and configurable, you can throw out what you don't need and it's untainted by talk of PRISM tracking built into the (mainly) US supplied commercial operating systems. Yet I can't seem to prove this with Ubuntu (or Mint which is worse, loading a google page every 15 mins even after telling it to "ping" elsewhere); I can install Debian an watch it sit there like it should, not trying to phone home but my compromise is Flash video on websites and Debian doesn't seem to do that so well
Anyway, I'm not going to steam in accusing Canonical of a conspiracy theory but I what I would ask is that controls are provided for what security minded folk would see as an attack vector, what performance freaks call crap and what paranoid folk see as tracking:
- Not including Geoclue in Privacy settings could be seen as more than an oversight, as could be making it a dependency for indicator-datetime.
- Having dash connect to the internet for various things should be easily configurable, rather than heavy reading for new users. It should definitely not require you to grab packages to resolve it (and therefore go online before you can disable it).
- Removing UbuntuOne should mean removing UbuntuOne, removing it in software centre doesn't do it, even after cleaning up the remainder in synaptic leaves the dependency tied oneconf-service which eats 30MB of RAM.
- Disabling automatic updates should mean not connecting to the repos on boot with no intervention, WTF!
- From a more personal point of view I'd do something about Rhythmbox connecting to it's various enabled plugins before you can disable them, although you can at least disconnect beforehand (although I doubt most even realise it makes these unnecessary connections). I have similar feelings about Firefox's default config, setting a permanent cookie with Google and sending them your browser fingerprint when loading the default home page as one of many possible examples.
I really want to use Ubuntu but I can't use something I don't trust. Maybe if I were more technical and a masochist I could read through all the source code and be sure but I've already spent far too much time watching traffic out of so many OS's and applications. In an ideal world there'd be sensible defaults or prompts before being potentially compromised, I suppose a few easily discoverable settings would suffice and even at a stretch with no other option I butcher the install to meet my ends but even that isn't available.
Anyway, despite the negative nature of this message, I really like how much works out of the box in Ubuntu, things like the top of windows integrating into the UI is great even if I’m not keen on the vertical launcher, I was willing to use Unity over Gnome even with the differing preference but sadly this all becomes irrelevant for someone who wants control over their computer. I sincerely hope you make it possible to market yourselves to the general public as a genuine alternative to the OS's with hidden tracking built in; I think an educated public would want that if they knew what they're exposing themselves to but with a tired heart and mind I give up for now and look elsewhere.
First Cup of Ubuntu
What happened to the Privacy settings that were existent on 12.04 under System Settings but are no longer available in 13.10?
First Cup of Ubuntu
I have a clean install of Saucy, and all the settings for privacy are there:
-Turn on/off file and application usage
-clear usage data...
-turn off web search
-turn off error reporting
Adv Reply
Bookmarks