[Popcon-developers] Bug#632438: popcon wrongly claims to be anonymous
On Sun, May 05, 2013 at 02:57:12PM +0200, Bill Allombert wrote:
> I agree with the risk of deanonymization, however you have to look at the
> consequence: we only publish agregated results, not individual reports, so this
> is only leaking whether someone is reporting or not, this does not leak the
> full list of packages, or the popcon UUID.
You are missing a few pieces. There is a general principle of not
collecting data that you don't need.
Believe it or not, the popcon server may be compromised at a future
time. We can defend now by not even collecting data that is not needed.
What about the actual data transfer? It usually works via http or smtp.
Anyone sniffing the traffic can learn a lot from those little extra
packages not to be found in the archive. Of course the traffic could be
encrypted. Turning it harmless is another viable option though.
Finally I did find a number of corporate packages in popcon already.
Packages that clearly belong to a particular institution or company. Now
you learn that said institution uses Debian and popcon from the publicly
visible popcon reports.
Sorry, but given these issues I currently recommend not using popcon to
people who ask me.
Helmut
Reply to: