[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#442180: d-i preseed method allows for remote cmd exec. in combination with DNS hijacking

[ This part doesn't really concern the Debian package or the security bug, so
  dropping CC to the BTS ]

On Thu, Sep 13, 2007 at 11:00:23PM +0200, Moritz Naumann wrote:
> On a side note, a default setting making users take part in a statistic
> analysis and gathering users' requests in a single location can be
> considered a privacy risk or issue. (This is the same for suggesting to
> install Firefox with the Google toolbar but that's a complete different
> story.)

It doesn't affect users privacy any further than what it would already be by
clicking the download link, which causes my apache logs to inmediately record
they have clicked that link (btw I gather weekly statistics about the number of
hits in each individual page, just like any webmaster is able to do).

It doesn't tell me anything about the users' activities or any potentially
sensible information.  I'm merely being told that they have succesfuly completed
the install on i386 or amd64.

Btw, they aren't telling that information just to _me_.  Their Debian mirror of
choice can extrapolate that, and even get to know the details of their tasksel

> I'm looking forward to see this software mature (even further).

Thank you :-)

Robert Millan

<GPLv2> I know my rights; I want my phone call!
<DRM> What use is a phone call, if you are unable to speak?
(as seen on /.)

Reply to: