On Sat, Mar 09, 2019 at 11:16:51AM +0100, marc wrote:

[cut]

>
> I also agree with your sentiment that free and open source
> software is necessary to track down information leakage. But it
> seems it may be necessary but not sufficient - what one also
> needs is a distribution which makes it clear when this information
> is disclosed. Sadly it turns out there are also opensource
> developers (often corporate) who want to know when and where and by
> whom their code is run. The way I think about it is that such code
> isn't quite free either - one pays for it in personal data.
>

Dear marc,

unwanted "calls-home" are normally found and disclosed if the software
is free, so I really don't think this is a problem. Asking the
development team of a distribution with 50k+ packages to guarantee
that nothing ever uses user information for unwanted means is just
plain impossible. Not even Debian can do that. This is done,
indirectly, by all the people who look at the code, and contribute to
the packages.

If you want a true "secure" system, you should use Linux From Scratch,
auditing the code of all the packages you install *before* compiling
them, and patch all of them as needed. And then maintain your own DNS
servers, disable cookies, javascript, and browser cache, use tor,
avoid any clear-text connection, and do not use "free" software
developed by the companies who are spearheading the exploitation of
user data (yes, I am talking of Google here, and of whatever comes
form Google, including the touch keyboard on your smartphones).

My2Cents

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[     "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[       @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[     @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]