[nycbug-talk] Scary Ubuntu privacy junk
edlinuxguru at gmail.com
Thu Nov 1 23:48:31 EDT 2012
I was surprised to learn that libraries like the quartz scheduler have
phone home code built in. We had it running on a server with no outbound
and saw activity.
On Thursday, November 1, 2012, Fabian Keil <freebsd-listen at fabiankeil.de>
> Pete Wright <pete at nomadlogic.org> wrote:
>> On 10/31/12 10:10 PM, George Rosamond wrote:
>> > On 11/01/12 00:42, David Lawson wrote:
>> >> The Quantal release version of the Amazon lens encrypts the queries,
>> >> though the beta version did not. It also anonymizes the queries
>> >> prior to Amazon seeing them, which has always been the case to the
>> >> best of my knowledge. Mark has addressed both of those points on his
>> >> blog.
>> > Oh, he certainly does address it.
>> > markshuttleworth.com/archives/1182
>> > I especially like replies to "Why are you telling Amazon what I am
>> > searching for?"
>> > ..."Ern, we have root."
>> > Great way to inspire people to use OSS, aint it? "I have root on your
>> > box so screw you."
>> > "Preserving anonymity" by trusting that project is laughable, at best.
>> > Anonymity is not preserved by trust or policy, it's preserved *by
>> > design*. Look at Tor, GPG, etc.
>> > And it takes little statistical hacking to deanonymize data like that.
>> > Give an Amazon your IP and queries, and it's not anonymous. Remember
>> > the "anonymized" AOL data a few years back?
>> this whole debacle was pretty interesting to me - esp the initial
>> reaction/disregard for privacy from shuttleworth.
>> regarding anonymizing data that is actively being mined - it really is a
>> loaded term. In Germany for example, you can't store IP addresses and
>> associate them with cookies(1) if the user requests so.
> Actually you (legally) need the user's consent. Of course you are also
> obligated to allow users who consented to the data mining in the past
> to opt-out again, but users who never gave consent in the first place
> do not have to request anything (§4 I BDSG).
> The referenced article is grossly misleading, probably because they didn't
> get their information from the actual law, but trusted a (ridiculous)
> press release of the "data protection authority of the German federal
> state of Hamburg", which has no authority to decide under which conditions
> the use of "Google Analytics" is lawful in Germany.
>> Yet once an
>> adnetwork has dropped a cookie on your system the IP is almost a moot
>> point, they can deduce your geolocation and mine your browsing habbits
>> w/o a full IP address.
> This isn't really a loop hole, though, because it requires consent as
> The main problem with the German (and European) privacy laws is that they
> are rarely enforced and thus there's no strong incentive to respect them.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the talk