[ubuntu-studio-devel] How wide spread is Linux spyware?

lukefromdc at hushmail.com lukefromdc at hushmail.com
Sun Jul 12 18:21:21 UTC 2015


One of the first things to do is install Wireshark, get it running, and then engage
in a variety of offline actions with no browser running but connected to the network.
Trap every IP address you see, then open a browser and enter each IP address and
find out what it is.

This is how I found that Ubuntu's flashplugin-installer has a dependency that phones 
home, namely the cron job in update-notifier-common. After getting rid of that, I can
now run the system at idle, even with the browser open, and the only way any IP 
addresses external to my setup show up in Wireshark is if a web page is open in 
browser that updates itself. Otherwise no traffic.

In short, every system is different, and Wireshark will find everything except anything
that starts and finishes before you can get Wireshark running. I have not yet used 
wireshark from one machine to monitor another but that would be the way to check
the whole boot process.

Here is a partial list of known problems that I have found:

Unity remote lenses (all of them)

Any kind of desktop remote search service 

Mate-panel clock applet if and only if configured with a location to show weather

Popularity-contest (obvious)]

Whoopsie (never had it installed but saw it on this list)

Apport

Update-notifier and update-notifier-common (chron job needs disabling if IP addresses require concealment)

Flashplugin-installer (depends on update-notifier-common)

Ardour (reported to phone home)

Lightworks (nonfree, has phone-home activation)

Chromium (requires disabling Google services)

Chrome (closed, cannot disable all the Google spyware)

Firefox, details below:

        Google "prefs" cookie-disable all "safebrowsing" then delete all cookies to disable
        Google "safebrowsing" service itself
        Cisco H264 codec in Firefox (auto-updates) disable in "plugins" and remove URL's in about: config





On 7/12/2015 at 7:29 AM, "Ralf Mardorf" <ralf.mardorf at alice-dsl.net> wrote:
>
>On Sun, 12 Jul 2015 12:11:37 +0200, Jimmy Sjölund wrote:
>> However a good guideline or tutorial on how to set up your system
>> like for instance with Luke's experience would be great.
>
>A Wiki is a good idea, OTOH there is already much information
>available. Users need to consider if a secure computer makes sense
>when they "Add to an Amzone Cart" and publish their diary at 
>Facebook
>and they 24/365 carry a turned on mobile.
>To become a rocket scientists, we can't simply switch from watching
>"The Bold And The Beautiful" to watching "Into the Universe with
>Stephen Hawking". We need to dig deeper and perhaps change our
>lifestyle.
>
>
>Oops, I should subscribe with several email accounts and set up 
>mailman
>to send list mail to just one account.
>
>Begin forwarded message:
>
>Date: Sun, 12 Jul 2015 12:50:43 +0200
>From: Ralf Mardorf <... at rocketmail.com>
>To: ubuntu-studio-devel at lists.ubuntu.com
>Subject: Re: [ubuntu-studio-devel] How wide spread is Linux 
>spyware?
>
>
>On Sun, 12 Jul 2015 10:21:34 +0200, Set Hallstrom wrote:
>>Perhaps Ralf and lukefromdc wants to search through the packages 
>to
>>establish a list of homecry software, vs. cool software?
>
>No-go: Apport, Whoopsie, all that stuff from Canonical that 
>recommends
>Amazone or similar https://stallman.org/amazon.html, that spies if 
>a
>user runs desktop searches etc..
>
>Within the next days or weeks I plan to tidy up my hard disk 
>drives [1],
>to replace my Arch Linux's VirtualBox Win XP with a KVM, QEMU,
>virt-manager Win 7 and then to install an Ubuntu Studio 15.10 (Wily
>Werewolf) Daily Build [2], perhaps Alpha 2 on July 30th [3].
>
>However, regarding the default browser I wonder if Firefox should 
>be
>replaced.
>
>Most of the times I'm using Firefox, Pale Moon and QupZilla. I 
>can't
>say much about differences regarding security, but all three are a
>PITA because they ignore environment font sizes, the menu fonts 
>are much
>to small, only QupZilla has a usable history, but regarding 
>security
>users perhaps don't want a history at all and QupZilla can't use 
>Firefox
>add-on. Most important seems to be the user's browser preferences.
>
>I wonder that Firefox still is that much used, since QupZill and 
>Pale
>Moon likely perform better than Firefox. Perhaps QupZilla less 
>often
>gets unresponsive when waiting for action of a website, than 
>Firefox
>and Pale Moon do, but I didn't really test this.
>
>Since Paul Davis calls me names, for claims that were not made by 
>me,
>but e.g. by Len and others or when Paul Davis simply is mistaken 
>and
>because he bans my mails, just sometimes replies without reading 
>them,
>it's hard for me to e.g. find out how risky Ardour update checks 
>are.
>Since Len was mentioned at the last Ardour release's "special thanx
>too"-list he might could find out easier, if Ardour is an app that 
>could
>be recommended regarding security needs.
>
>Personally I seldom care about security for my computer usage, I 
>just
>dislike myth about security.
>
>Btw. some links that were posted in a FreeBSD mailing list within 
>the
>last days:
>
>OpenSSH
>
>http://undeadly.org/cgi?action=article&sid=20150708134520&mode=expa
>nded&count=27
>http://undeadly.org/cgi?action=article&sid=20150603090420
>
>And this one
>
>http://slashdot.org/story/10/12/15/004235/FBI-Alleged-To-Have-
>Backdoored-OpenBSDs-IPSEC-Stack
>
>Regards,
>Ralf
>
>[1]
>$ grep menuentry /mnt/debi386/boot/grub/grub.cfg | cut -f2 -d"'"
>Debian,                Linux 3.8.13-rt14-pae-rocketmouse-2
>Debian,                Linux 3.12-0.bpo.1-rt-686-pae
>Debian,                Linux 3.8.13.14-rt30-pae-rocketmouse-1
>Debian GNU/Linux, with Linux 3.2.0-4-rt-686-pae
>Debian GNU/Linux, with Linux 3.2.0-4-rt-686-pae (recovery mode)
>Kubuntu Saucy,         kernel 3.8.13-rt14-1-rt
>Kubuntu Saucy,         kernel 3.6.5-rt14
>Kubuntu Saucy,         kernel 3.11.0-19-lowlatency threadirqs
>Kubuntu Saucy,         kernel 3.11.0-14-lowlatency threadirqs
>Kubuntu Saucy,         kernel 3.11.0-14-lowlatency single
>Arch Linux Rt
>Arch Linux Rt LTS
>Arch Linux Rt nohz=off
>Arch Linux
>Arch Linux threadirqs
>Arch Linux Fallback
>openSUSE 11.2,         Kernel 2.6.31.6-rt19
>menuentry "FreeBSD"{
>menuentry "XP"{
>Ubuntu Quantal,        kernel 3.6.5-rt14
>Ubuntu Quantal,        kernel 3.10.9-rt5 experimental
>Ubuntu Quantal,        kernel 3.5.0-18-lowlatency threadirqs
>Ubuntu Quantal,        kernel 3.5.0-18-lowlatency (recovery mode)
>Ubuntu Studio Quantal, Kernel 3.6.5-rt14
>Ubuntu Studio Quantal, Kernel 3.5.0-18-lowlatency threadirqs
>Ubuntu Studio Precise, Kernel 3.0.30 threadirqs
>Ubuntu Studio Precise, Kernel 3.2.0-23-lowlatency threadirqs
>Edubuntu 10.10,        Kernel 2.6.33.9-rt31
>Ubuntu Studio Oz,      Kernel 3.0.0-17-generic
>Ubuntu Studio Oz,      Kernel 3.0.0-20-generic
>
>[2]
>http://cdimage.ubuntu.com/ubuntustudio/dvd/pending/
>
>[3]
>https://wiki.ubuntu.com/WilyWerewolf/ReleaseSchedule
>
>-- 
>ubuntu-studio-devel mailing list
>ubuntu-studio-devel at lists.ubuntu.com
>Modify settings or unsubscribe at: 
>https://lists.ubuntu.com/mailman/listinfo/ubuntu-studio-devel




More information about the ubuntu-studio-devel mailing list