[ubuntu-studio-devel] How wide spread is Linux spyware?

lukefromdc at hushmail.com lukefromdc at hushmail.com
Sun Jul 12 18:31:04 UTC 2015


This email wasn't finished and get sent by accident before I could finish the Firefox details.  I'm sure others can add to the
overall list of applications, as there are thousands I have never tested or run.



Firefox, details below:

        Google "prefs" cookie-disable all "safebrowsing" then 
        delete all cookies to disable
        Google "safebrowsing" service itself
        Cisco H264 codec in Firefox (auto-updates) disable in about: config. Use gstreamer H264 codec for video playback instead
        "plugins" and remove URL's in about: config
        Firefox crash reporter
        Firefox health report
        Firefox "heartbeat" survey (disable by removing "self-support" url in about: config
        "Prefetch"and  "Keyword" should be disabled to prevent sending every keystroke in the URL bar to your DNS provider instead of just finished URL's
        Be sure to disable "geo" services 

        I recommend removing all URLs in about: config except the one used to get extensions

As I type this email, the only IP addresses to come up in Wireshark in at least 15 minutes are Hushmail's and my own, so I must be doing 
something right.

On 7/12/2015 at 2:21 PM, lukefromdc at hushmail.com wrote:
>
>One of the first things to do is install Wireshark, get it 
>running, and then engage
>in a variety of offline actions with no browser running but 
>connected to the network.
>Trap every IP address you see, then open a browser and enter each 
>IP address and
>find out what it is.
>
>This is how I found that Ubuntu's flashplugin-installer has a 
>dependency that phones 
>home, namely the cron job in update-notifier-common. After getting 
>rid of that, I can
>now run the system at idle, even with the browser open, and the 
>only way any IP 
>addresses external to my setup show up in Wireshark is if a web 
>page is open in 
>browser that updates itself. Otherwise no traffic.
>
>In short, every system is different, and Wireshark will find 
>everything except anything
>that starts and finishes before you can get Wireshark running. I 
>have not yet used 
>wireshark from one machine to monitor another but that would be 
>the way to check
>the whole boot process.
>
>Here is a partial list of known problems that I have found:
>
>Unity remote lenses (all of them)
>
>Any kind of desktop remote search service 
>
>Mate-panel clock applet if and only if configured with a location 
>to show weather
>
>Popularity-contest (obvious)]
>
>Whoopsie (never had it installed but saw it on this list)
>
>Apport
>
>Update-notifier and update-notifier-common (chron job needs 
>disabling if IP addresses require concealment)
>
>Flashplugin-installer (depends on update-notifier-common)
>
>Ardour (reported to phone home)
>
>Lightworks (nonfree, has phone-home activation)
>
>Chromium (requires disabling Google services)
>
>Chrome (closed, cannot disable all the Google spyware)
>
>Firefox, details below:
>
>        Google "prefs" cookie-disable all "safebrowsing" then 
>delete all cookies to disable
>        Google "safebrowsing" service itself
>        Cisco H264 codec in Firefox (auto-updates) disable in 
>"plugins" and remove URL's in about: config
>
>
>
>
>
>On 7/12/2015 at 7:29 AM, "Ralf Mardorf" <ralf.mardorf at alice-
>dsl.net> wrote:
>>
>>On Sun, 12 Jul 2015 12:11:37 +0200, Jimmy Sjölund wrote:
>>> However a good guideline or tutorial on how to set up your 
>system
>>> like for instance with Luke's experience would be great.
>>
>>A Wiki is a good idea, OTOH there is already much information
>>available. Users need to consider if a secure computer makes sense
>>when they "Add to an Amzone Cart" and publish their diary at 
>>Facebook
>>and they 24/365 carry a turned on mobile.
>>To become a rocket scientists, we can't simply switch from 
>watching
>>"The Bold And The Beautiful" to watching "Into the Universe with
>>Stephen Hawking". We need to dig deeper and perhaps change our
>>lifestyle.
>>
>>
>>Oops, I should subscribe with several email accounts and set up 
>>mailman
>>to send list mail to just one account.
>>
>>Begin forwarded message:
>>
>>Date: Sun, 12 Jul 2015 12:50:43 +0200
>>From: Ralf Mardorf <... at rocketmail.com>
>>To: ubuntu-studio-devel at lists.ubuntu.com
>>Subject: Re: [ubuntu-studio-devel] How wide spread is Linux 
>>spyware?
>>
>>
>>On Sun, 12 Jul 2015 10:21:34 +0200, Set Hallstrom wrote:
>>>Perhaps Ralf and lukefromdc wants to search through the packages 
>>to
>>>establish a list of homecry software, vs. cool software?
>>
>>No-go: Apport, Whoopsie, all that stuff from Canonical that 
>>recommends
>>Amazone or similar https://stallman.org/amazon.html, that spies 
>if 
>>a
>>user runs desktop searches etc..
>>
>>Within the next days or weeks I plan to tidy up my hard disk 
>>drives [1],
>>to replace my Arch Linux's VirtualBox Win XP with a KVM, QEMU,
>>virt-manager Win 7 and then to install an Ubuntu Studio 15.10 
>(Wily
>>Werewolf) Daily Build [2], perhaps Alpha 2 on July 30th [3].
>>
>>However, regarding the default browser I wonder if Firefox should 
>>be
>>replaced.
>>
>>Most of the times I'm using Firefox, Pale Moon and QupZilla. I 
>>can't
>>say much about differences regarding security, but all three are a
>>PITA because they ignore environment font sizes, the menu fonts 
>>are much
>>to small, only QupZilla has a usable history, but regarding 
>>security
>>users perhaps don't want a history at all and QupZilla can't use 
>>Firefox
>>add-on. Most important seems to be the user's browser preferences.
>>
>>I wonder that Firefox still is that much used, since QupZill and 
>>Pale
>>Moon likely perform better than Firefox. Perhaps QupZilla less 
>>often
>>gets unresponsive when waiting for action of a website, than 
>>Firefox
>>and Pale Moon do, but I didn't really test this.
>>
>>Since Paul Davis calls me names, for claims that were not made by 
>>me,
>>but e.g. by Len and others or when Paul Davis simply is mistaken 
>>and
>>because he bans my mails, just sometimes replies without reading 
>>them,
>>it's hard for me to e.g. find out how risky Ardour update checks 
>>are.
>>Since Len was mentioned at the last Ardour release's "special 
>thanx
>>too"-list he might could find out easier, if Ardour is an app 
>that 
>>could
>>be recommended regarding security needs.
>>
>>Personally I seldom care about security for my computer usage, I 
>>just
>>dislike myth about security.
>>
>>Btw. some links that were posted in a FreeBSD mailing list within 
>>the
>>last days:
>>
>>OpenSSH
>>
>>http://undeadly.org/cgi?action=article&sid=20150708134520&mode=exp
>a
>>nded&count=27
>>http://undeadly.org/cgi?action=article&sid=20150603090420
>>
>>And this one
>>
>>http://slashdot.org/story/10/12/15/004235/FBI-Alleged-To-Have-
>>Backdoored-OpenBSDs-IPSEC-Stack
>>
>>Regards,
>>Ralf
>>
>>[1]
>>$ grep menuentry /mnt/debi386/boot/grub/grub.cfg | cut -f2 -d"'"
>>Debian,                Linux 3.8.13-rt14-pae-rocketmouse-2
>>Debian,                Linux 3.12-0.bpo.1-rt-686-pae
>>Debian,                Linux 3.8.13.14-rt30-pae-rocketmouse-1
>>Debian GNU/Linux, with Linux 3.2.0-4-rt-686-pae
>>Debian GNU/Linux, with Linux 3.2.0-4-rt-686-pae (recovery mode)
>>Kubuntu Saucy,         kernel 3.8.13-rt14-1-rt
>>Kubuntu Saucy,         kernel 3.6.5-rt14
>>Kubuntu Saucy,         kernel 3.11.0-19-lowlatency threadirqs
>>Kubuntu Saucy,         kernel 3.11.0-14-lowlatency threadirqs
>>Kubuntu Saucy,         kernel 3.11.0-14-lowlatency single
>>Arch Linux Rt
>>Arch Linux Rt LTS
>>Arch Linux Rt nohz=off
>>Arch Linux
>>Arch Linux threadirqs
>>Arch Linux Fallback
>>openSUSE 11.2,         Kernel 2.6.31.6-rt19
>>menuentry "FreeBSD"{
>>menuentry "XP"{
>>Ubuntu Quantal,        kernel 3.6.5-rt14
>>Ubuntu Quantal,        kernel 3.10.9-rt5 experimental
>>Ubuntu Quantal,        kernel 3.5.0-18-lowlatency threadirqs
>>Ubuntu Quantal,        kernel 3.5.0-18-lowlatency (recovery mode)
>>Ubuntu Studio Quantal, Kernel 3.6.5-rt14
>>Ubuntu Studio Quantal, Kernel 3.5.0-18-lowlatency threadirqs
>>Ubuntu Studio Precise, Kernel 3.0.30 threadirqs
>>Ubuntu Studio Precise, Kernel 3.2.0-23-lowlatency threadirqs
>>Edubuntu 10.10,        Kernel 2.6.33.9-rt31
>>Ubuntu Studio Oz,      Kernel 3.0.0-17-generic
>>Ubuntu Studio Oz,      Kernel 3.0.0-20-generic
>>
>>[2]
>>http://cdimage.ubuntu.com/ubuntustudio/dvd/pending/
>>
>>[3]
>>https://wiki.ubuntu.com/WilyWerewolf/ReleaseSchedule
>>
>>-- 
>>ubuntu-studio-devel mailing list
>>ubuntu-studio-devel at lists.ubuntu.com
>>Modify settings or unsubscribe at: 
>>https://lists.ubuntu.com/mailman/listinfo/ubuntu-studio-devel




More information about the ubuntu-studio-devel mailing list