[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The Spirit of Free Software, or The Reality

* Paul Wise <pabs@debian.org>, 2015-07-06, 14:10:
#786909 was absolutely not acceptable, and was treated as such. Social contract #1 remains in effect and will continue to do so in spite of day to day bugs that violate its spirit.

It might be interesting to think about ways we can automatically discover such problems in future.

lintian has privacy checks but this kind of problem doesn't seem statically detectable to me.

Perhaps we could run everything in $PATH in virtual machines and log all network beyond localhost.

So I made this experiment with Iceweasel. These are the requests it makes with a fresh profile, before you even type an URL:
POST https://location.services.mozilla.com/v1/country?key=no-mozilla-api-key
GET http://www.ebay.com/favicon.ico
GET http://en.wikipedia.org/favicon.ico
GET http://www.yahoo.com/favicon.ico
GET http://www.google.com/favicon.ico
GET http://www.amazon.com/favicon.ico
GET http://www.yahoo.com/favicon.ico
GET https://tiles.services.mozilla.com/v2/links/fetch/en-US
GET http://www.yahoo.com/favicon.ico
GET https://en.wikipedia.org/favicon.ico
GET https://en.wikipedia.org/favicon.ico
GET https://www.yahoo.com/favicon.ico
GET https://tiles.cdn.mozilla.net/desktop/PL/en-US.dd461b9cdf65d101f61b5dddac1ce4996e8d91ca.json
GET https://en.wikipedia.org/favicon.ico
POST https://safebrowsing.google.com/safebrowsing/downloads?client=Iceweasel&appver=38.1.0&pver=2.2&key=no-google-api-key
+ a few dozens of GET requests to https://safebrowsing.google.com/

So nothing serious here. It's just casually violating your privacy.

Jakub Wilk

Reply to: