On Sat, Mar 09, 2019 at 01:11:31PM +0100, marc wrote:

[cut]

>
> B) I am more concerned about the other part, where code is
> known to phone home, but the developers or packagers
> have decided that this is fine. The examples range from popcon
> to systemd's resolver (which I am told falls back on to google
> at 8.8.8.8) to chromium or firefox/iceweasel. For the time
> being these designed-in phone home packages are few, so it
> should not be a hardship to label them with a "leaking::"
> tag.
>

I am sorry marc, but that's incorrect. popcon does not ever 'call
home' in either Debian or Devuan, unless you have *explicitly* agreed
to allow it to do that. And the reasons for popcon "calling-home" are
well stated and fully disclosed: it's a package to collect anonymous
statistics about package usage, and it sends such stats to the popcon
server once a week. popcon submissions are maintained encrypted and
stored only for the time necessary to process them. I can guarantee
this is the case in Devuan, since I am in charge of popcon.

Please let us avoid to make confusion with Ubuntu here, which has
always had popcon enabled by default, and is another case of a
corporation which has all the interests to track their users, to the
point of selling that data (and its users) to third-party vendors (see
the infamous Amazon app...).

systemd is not in Devuan. Chromium comes from Google, and I would
never trust it anyway, notwhitstanding what Google promises to do
about it (but I have not seen the code, so my position might be proven
to be wrong). AFAIK Firefox comes with "calling-home" disabled by
default anyway.

Please do not put everything in the same basket ;)

HND

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[     "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[       @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[     @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]