Page 1 of 2 12 LastLast
Results 1 to 10 of 32

Thread: Disabling privacy-invasive Zeitgeist, Geoclue, Whoopsie (and NTPD)

Hybrid View

  1. #1
    Join Date
    Jun 2012
    Beans
    1

    Lightbulb Disabling privacy-invasive Zeitgeist, Geoclue, Whoopsie (and NTPD)

    Background
    Release after release, Canonical's Ubuntu is increasingly turning YOUR personal computer into a personal surveillance machine enabling ad companies, intelligence and law enforcement agencies, curious spouses and the occasional Google wifi war driver to harvest personal information on YOU. Aside from that, these processes also waste processing power, memory and internet bandwhich. A couple of weeks ago, a colleague installed Ubuntu for the first time complaining to me how slow it was running on his older computer. The reason offcourse were processes like Zeitgeist and Geoclue.
    Below some guidelines on how to remove some of these programs and still maintaining some basic OS functionality.

    Commands
    The commands below remove:
    Zeitgeist: Zeitgeist is a service which logs the user's activities and events (files opened, websites visited, conversations hold with other people, etc.) and makes the information available to other applications.
    Geoclue: GeoClue is a software framework that enables geospatial awareness in applications. In human language: physical location tracking software.
    Whoopsie-daisy: Daemon that submits (sensitive?) crash data to the Ubuntu server.

    Code:
    sudo apt-get remove zeitgeist zeitgeist-core zeitgeist-datahub python-zeitgeist rhythmbox-plugin-zeitgeist geoclue geoclue-ubuntu-geoip geoip-database whoopsie
    GeoClue
    Because geoclue has been intertwined with indicator-datetime, you won't be able to see the time in Ubuntu anymore. To overcome this, you can download the original sources (https://launchpad.net/indicator-date...-0.3.94.tar.gz) of indicator-datetime, replace "src/datetime-service.c", "configure.ac" and "configure.ac" by the ones located in the archive here: http://www13.zippyshare.com/v/18551510/file.html. Then offcourse, recompile it and install it. All references to GeoClue have been removed. For the lazy people, a deb "executable" is also included. Installing deb files downloaded from the internet is a very bad practice as they can contain rootkits!

    The SHA1 checksum of indicator-datetime_0.3.94.0.1.zip is "42962afcfd56ec8277ae007c90f740f6b99388c0"
    To compare the checksum:
    Code:
    sha1sum indicator-datetime_0.3.94.0.1.zip
    Zeitgeist
    Removing Zeitgeist will cause Unity to malfunction. As I've never been a fan of Unity I didn't care. Installing Gnome3 goes as follows:
    Code:
    sudo add-apt-repository ppa:gnome3-team/gnome3
    sudo apt-get update
    sudo apt-get install gnome-shell gnome-tweak-tool
    sudo reboot
    NTPD
    To disable NTP call home requests on every Ubuntu boot, the following can be performed
    Code:
    sudo gedit /etc/default/ntpdate
    On the first line, insert a new line containing:
    Code:
    exit 0
    Note that your system time won't be updated automatically anymore from now on so you'll have to do this manually.

    Result
    After all the above has been performed, only the occasional connection to the following server domains will occur, mainly for keeping your Ubuntu version secure and up to date:
    • extras.ubuntu.com
    • ppa.launchpad.net
    • changelog.ubuntu.com
    • security.ubuntu.com
    • ubuntu.mirrors server
    • archive.ubuntu.com


    The following domains won't be contacted anymore
    • ntp.ubuntu.com (only once at boot time)
    • daisy.ubuntu.com (sporadically called during user session)
    • geoip.ubuntu.com (sporadically called during user session)
    • videasearch.ubuntu.com (Sporadically called during user session, don't know why it's even used let alone by which process. If someone can enlighten me, I'd be happy to learn.)
    Last edited by besouro; June 9th, 2012 at 08:59 AM.

  2. #2
    Join Date
    Jan 2011
    Location
    Mumbai
    Beans
    4
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Smile Re: Disabling privacy-invasive Zeitgeist, Geoclue, Whoopsie (and NTPD)

    That was really Helpful , thanks for In-depth Info on disabling them.

  3. #3
    Join Date
    Jun 2006
    Location
    Nux Jam
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Disabling privacy-invasive Zeitgeist, Geoclue, Whoopsie (and NTPD)

    no needs to fail into paranoia, removing zeitzeist is enough, and whoopsie is really for the best

  4. #4
    Join Date
    Nov 2006
    Beans
    23

    Re: Disabling privacy-invasive Zeitgeist, Geoclue, Whoopsie (and NTPD)

    For Whoopsie, you can set the /etc/default/whoopsie configuration file to 'false'

  5. #5
    Join Date
    Apr 2005
    Beans
    10

    Re: Disabling privacy-invasive Zeitgeist, Geoclue, Whoopsie (and NTPD)

    On the subject of ntp here for those who are truly concerned about this but would still like to actually have their time updated there are plenty of public NTP servers around you could install the NTP package and use those, or there is always the ntp pool if you don't feel like selecting servers independently yourself http://www.pool.ntp.org/

    The latter are all volunteer servers which donate their services to the pool which has some several million users, I actually run two pool servers myself and it is not unusual to see 100,000 active clients on each of those on their own.

    Here is a basic NTP config file which will suffice for using the pool those you might want to change the addresses to your local country zone, there is more information on the pool website

    Code:
    # --- GENERAL CONFIGURATION ---
    server pool.ntp.org
    server 1.pool.ntp.org
    server 2.pool.ntp.org
    server 3.pool.ntp.org
    
    # Drift file.
    
    driftfile /etc/ntp/drift
    If you want to restrict access to your NTP server then you will want to add some restrict statements, I'll include a few examples but you should change the addresses to match your own setup. Note: If you are behind NAT then this is not necessary unless you are running on a machine configured as DMZ or with port 123 UDP forwarded to it.

    Code:
    # If you only have the one computer and NTP is running on the same machine then you can just have a default ignore statement.
    
    restrict default igonre
    Code:
    # If you have several machines on a LAN then I'd suggest the following:
    
    restrict default ignore
    
    # Permit hosts on network 192.168.0.0 with netmask 255.255.255.0 change these if your network is different.
    restrict 192.168.0.0 mask 255.255.255.0 nomodify
    Then just change the pool server addresses in the configuration files of your other machines to server <your main server ip>

    IPv6 address ranges can be permitted the same way, if anyone has any issues I am on the pool mailing list as are a bunch of other helpful people.

    Hope that helps.

  6. #6
    Join Date
    Jan 2011
    Location
    UK
    Beans
    69
    Distro
    Ubuntu

    Re: Disabling privacy-invasive Zeitgeist, Geoclue, Whoopsie (and NTPD)

    Yes, a little on the paranoid side, OP, but i really appreciate the post because i was getting sick of geoclue-ubuntu-geoip showing up and pinging out all the time, when i've always set the time settings to manual.

    As far as i'm concerned, trimming the excess is a good thing towards efficiency.

    I was just perusing the code on launchpad for mentionings of 'geo' in indicator-datetime (geoclue seriously needs to stop being a dependency already - i did read somewhere that it was going to be dropped for quantal?) So your files are a big time saver

    As far as privacy goes - zeitgeist isn't evil. Have a quick look at the omgubuntu article for some good points: http://www.omgubuntu.co.uk/2012/08/i...-spying-on-you

    Nothing wrong with your suggestions at all, OP, i hope these tweaks do eventually become simply checkboxes or something, so the user has full say in what is going on behind the scenes - it's a vital part of the linux ethos to have the OS exactly as you want it.

    Thanks
    Disco ut intelligam. I learn, so that i may understand.
    https://launchpad.net/~untaintableangel
    Linux, Windows, Mac and BSD deserve an opensource, encrypted audio/video skype replacement: That's qTox. https://github.com/tux3/qTox

  7. #7
    Join Date
    Mar 2013
    Beans
    1

    Exclamation Re: Disabling privacy-invasive Zeitgeist, Geoclue, Whoopsie (and NTPD)

    Thank you very much for your post!

    Quote Originally Posted by besouro View Post
    The SHA1 checksum of indicator-datetime_0.3.94.0.1.zip is "42962afcfd56ec8277ae007c90f740f6b99388c0"
    I downloaded the File "indicator-datetime_0.3.94.0.1.zip" and it has a different checksum (sha1sum: da39a3ee5e6b4b0d3255bfef95601890afd80709). That is why i did not complete the last steps. I am very new to Ubuntu and Terminal and i am no native english speaker. Maybe you can upload the original File for me and others in a post?


    Btw, i am trying out Linux because i care about privacy and read Linux would be the most privacy friendly system. It is sad that Ubuntu is also establishing connections in the background without asking. At least they could give you a choice. I do not think the most people do not care. I think the most people accept it because they do not know about the dimensions of data different companies are collecting or about the possible abuses coming with it. Maybe they simply think there was no other way or they just do not care. If Ubuntu was asking me if it could connect to this or that server for this and that reason i probably would allow it. But it seems to become as a matter of course to collect data of us and our behavior without any transparency or moderation, just with a hidden link to some instructable privacy policy.

    If software is sending data off a computer or a device it should ask the owner before. The question is not if the data is useful or not, the question is why should i trust in a system, which is using my line without asking me? Without letting me know even?
    (i.e. Maybe i feel secure by surfing the web via VPN in a open W-Lan Hotspot with many other strangers and than Linux is connecting to its servers, letting possible cracker know which system and what software i am using, maybe other information's i do not even know about.)

    Under OS X the snake oil "little snitch" gave me at least the feeling i had the control over outgoing connections. I never caught the system or any software connecting to the internet without "litte snitch" were asking my before if i want to allow it or not. And nearly every software is using the internet without asking. Is there a tool like that for Linux? I know it will not help against real spyware or hackers but it was helping me by controlling outgoing connections.

  8. #8
    Join Date
    Aug 2012
    Beans
    31

    Re: Disabling privacy-invasive Zeitgeist, Geoclue, Whoopsie (and NTPD)

    It seems that removing Geoclue will break google chrome (on Arch), here:

    'I have geoclue required by libwebkit, so if it's not directly from chrome, you won't be able to use chrome without it (but AUR might have a patched version)'

    from:

    http://bbs.archbang.org/viewtopic.php?id=3455

  9. #9
    Join Date
    Apr 2013
    Beans
    1

    Re: Disabling privacy-invasive Zeitgeist, Geoclue, Whoopsie (and NTPD)

    Okay, so I didn't go quite this far, but after a lot of reading, I did write a little script to get rid of zeitgeist and whoopsie, harden the OS against external attack, make sure we aren't allowed to do IP forwarding and restrict access to the geo-ip servers that sit behind geoip.ubuntu.com (mulberry.canonical.com and mistletoe.canonical.com). You can see what I did here and why: http://foxtrot7security.blogspot.com...ivacy-and.html

    And you can pickup the script at:
    http://code.google.com/p/pangolin-lockdown-utility/

  10. #10
    Join Date
    May 2013
    Beans
    7

    Re: Disabling privacy-invasive Zeitgeist, Geoclue, Whoopsie (and NTPD)

    Here's the obscure automatic connections guide i made (because it's so big, i thought it would be better to start a new thread):
    http://ubuntuforums.org/showthread.php?t=2144464

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •