[nycbug-talk] Scary Ubuntu privacy junk

Edward Capriolo edlinuxguru at gmail.com
Thu Nov 1 23:48:31 EDT 2012


I was surprised to learn that libraries like the quartz scheduler have
phone home code built in. We had it running on a server with no outbound
and saw activity.


On Thursday, November 1, 2012, Fabian Keil <freebsd-listen at fabiankeil.de>
wrote:
> Pete Wright <pete at nomadlogic.org> wrote:
>
>> On 10/31/12 10:10 PM, George Rosamond wrote:
>> > On 11/01/12 00:42, David Lawson wrote:
>
>> >> The Quantal release version of the Amazon lens encrypts the queries,
>> >> though the beta version did not.  It also anonymizes the queries
>> >> prior to Amazon seeing them, which has always been the case to the
>> >> best of my knowledge.  Mark has addressed both of those points on his
>> >> blog.
>> > Oh, he certainly does address it.
>> >
>> > markshuttleworth.com/archives/1182
>> >
>> > I especially like replies to "Why are you telling Amazon what I am
>> > searching for?"
>> >
>> > ..."Ern, we have root."
>> >
>> > Great way to inspire people to use OSS, aint it?  "I have root on your
>> > box so screw you."
>> >
>> > "Preserving anonymity" by trusting that project is laughable, at best.
>> > Anonymity is not preserved by trust or policy, it's preserved *by
>> > design*.  Look at Tor, GPG, etc.
>> >
>> > And it takes little statistical hacking to deanonymize data like that.
>> > Give an Amazon your IP and queries, and it's not anonymous.  Remember
>> > the "anonymized" AOL data a few years back?
>>
>> this whole debacle was pretty interesting to me - esp the initial
>> reaction/disregard for privacy from shuttleworth.
>>
>> regarding anonymizing data that is actively being mined - it really is a
>> loaded term.  In Germany for example, you can't store IP addresses and
>> associate them with cookies(1) if the user requests so.
>
> Actually you (legally) need the user's consent. Of course you are also
> obligated to allow users who consented to the data mining in the past
> to opt-out again, but users who never gave consent in the first place
> do not have to request anything (§4 I BDSG).
>
> The referenced article is grossly misleading, probably because they didn't
> get their information from the actual law, but trusted a (ridiculous)
> press release of the "data protection authority of the German federal
> state of Hamburg", which has no authority to decide under which conditions
> the use of "Google Analytics" is lawful in Germany.
>
>>                                                          Yet once an
>> adnetwork has dropped a cookie on your system the IP is almost a moot
>> point, they can deduce your geolocation and mine your browsing habbits
>> w/o a full IP address.
>
> This isn't really a loop hole, though, because it requires consent as
well.
>
> The main problem with the German (and European) privacy laws is that they
> are rarely enforced and thus there's no strong incentive to respect them.
>
> Fabian
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20121101/db16efe5/attachment.htm>


More information about the talk mailing list