[ubuntu-studio-devel] How wide spread is Linux spyware?

lukefromdc at hushmail.com lukefromdc at hushmail.com
Fri Jul 10 17:46:29 UTC 2015

ALL software that reports back to its authors (phones home) can place users
in certain categories in physical danger. Here's an example: UbuntuStudio or
any other Linux media distro is likely to be used by social activists media makers
like myself.  

Suppose while you are uploading a video about police brutality via Torbrowser the
package updater contacts the Ubuntu repos.  Let's also assume the same computer
has ever been used with the same operating system to run a Facebook account. Data
from Facebook might give police enough information about the computer to connect
the access to Ubuntu's servers plus the timestamp to the time the post was sent plus
the IP address the computer was connecting from. Since the computer could not have
been in two places at one time, this timing attack defeats Tor and identifies the poster.
Even worse, the timestamp and IP address from the Ubuntu server may be enough for a 
direct "confirmation attack" against Tor itself to directly trace the packets from source
to destination. Examination of security camera footage may then identify the poster 
himself for arrest or worse.

To secure that situation would require that the poster either use the computer for 
nothing else and certainly never commerical social networking sites, find and disable
every last "phone home" option, or preferably both. One thing we do not have in any
Linux distro I have tried is a privacy/security manager that will show a user in one 
place every possible program that phones home and enable or disable all of these 
options from a single place.

On 7/10/2015 at 5:33 AM, "Ralf Mardorf" <ralf.mardorf at alice-dsl.net> wrote:
>You might be interested in a discussion about Linux spyware, so I
>opened a thread in an open mailing list. IOW you don't need to be
>subscribed to send to this list and could read replies using the
>list's archive.
>The thread starts with:
>How wide spread is Linux spyware?
>This is the list:
>About D-community-offtopic 	
>English (USA)
>This list is meant to strengthen the community around Debian by
>providing a place for both users and developers to talk about
>non-technical stuff (but technical stuff is not prohibited).
>PS: Send to Ubuntu Studio users, Ubuntu Studio devel, Xubuntu 
>users and
>perhaps Bcc to one ore the other.
>ubuntu-studio-devel mailing list
>ubuntu-studio-devel at lists.ubuntu.com
>Modify settings or unsubscribe at: 

More information about the ubuntu-studio-devel mailing list