spyware, the new normal [was Re: tracking what files are being accessed by a process?]

Tue Jan 8 00:07:06 UTC 2013

On 7 January 2013 14:08, D. Hugh Redelmeier <hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org> wrote:
> | From: Matt Price <moptop99-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>
>
> | > huh, that does seem intresting.  In particular, skype seems to be
> | > going through all the files in my .mozilla/firefox profile, espeially
> | > the zotero storage directory, which is rather large.  hmm. I don't
> | > really like that at all!  not sure though what  I can do to stop it,
> | > or why it would ever happen in the first place!
> |
> | just for the archive:  I solved this using the apparmor profile pasted here:
> | http://pastebin.com/raw.php?i=b1dicunW
> |
> | now skype startup is much faster and my system far more responsive
> | when skype is up.  and skype/microsoft are no longer tracking my
> | internet usage, or whatever it was they were doing before.
>
> I'm shocked and appalled.
>
> There is a convention on Linux, and to a lesser extent, all desktop
> OSes, that programs only do what you want them to.  They don't spy on
> you and feed back information.  If they do, they ask specific
> permission.
>
> The web doesn't work like that.  It's almost a given that a website
> will try to squeeze as much out of you as possible.  But generally we
> try to keep that circumscribed.
>
> General rule: what's on your device stays there; what's on the web
> goes anywhere.
>
> Smart phones have blown big holes in this.  They are devices but act
> like web sites but have an enormously greater amount of what I would
> want to be private.  Starting with tracking where I am physically and
> where I've been.
>
> Almost by default, "apps" spy on you.
>
> Bad news: apps are arriving on everyones desktop.  Win8 is all about
> apps.  Ubuntu's Unity Desktop search, by default, sends your queries
> to Canonical and thence to Amazon.
>
> Skype on Linux has just shown that it too is as evil as a web site but
> has more powers.
>
> Matt blocked a bunch of files
>   deny @{HOME}/.mozilla/ r,
>   deny @{HOME}/.mozilla/*/ r,
>   deny @{HOME}/.mozilla/*/*/ r,
>   deny @{HOME}/.mozilla/*/*/bookmarkbackups/ r,
>   deny @{HOME}/.mozilla/*/*/chrome/ r,
>   deny @{HOME}/.mozilla/*/*/extensions/ r,
>   deny @{HOME}/.mozilla/*/*/prefs.js r,
>   deny /etc/passwd r,
> (I think that I understand the first and last; why are the others not
> redundant?)
>
> Could you not turn it around and list what you are OK with having it
> access?  Like: its own dotfiles and the dynamicaly linked libraries.
>
> Maybe we need a branding, like GPL or CC*, one that designates "only works
> on your behalf, not someone elses".

Hand in hand with all of this is the standard bypassing of Android's
privacy controls.  Android has a bunch of access controls (ie. "Can
access GPS" or "Can modify all files on filesystem"), but the vast
majority of app authors ask for every permission they could
conceivably use in any future permutation of the software right from
the start, and the vast majority of Android users either pay no
attention at all (think End User License Agreements on Windows) or
need the app badly enough that they install it anyway.  Android's
privacy controls weren't a bad idea, but it was kind of a poor
implementation.  We should be telling the app whether or not it can
have that permission rather than it telling us.  I think it would be
reasonable for a map app to have to say "You haven't given me GPS
permission so I can't tell you where you are," rather than the app
saying "I can't install without this permission."

It's becoming clear that most people really don't give a damn about
their privacy.  I suspect that in five to ten years they're going to
discover just how much they regret totally giving away their privacy.
"What do you mean there's a betting pool in Shenzhen on whether or not
I recover from my oral cancer?!   How did they even know that?!"
After all, they already know all your other mitigating medical
conditions, your drinking habits, your marital status ...  By which
time it'll be far too late to shut the barn door ...

-- 
Giles
http://www.gilesorr.com/
gilesorr-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists