[Popcon-developers] Bug#632438: popcon wrongly claims to be anonymous
Bill Allombert
Bill.Allombert at math.u-bordeaux1.fr
Thu May 9 10:10:23 UTC 2013
On Wed, May 08, 2013 at 06:07:36PM +0200, Helmut Grohne wrote:
> On Sun, May 05, 2013 at 02:57:12PM +0200, Bill Allombert wrote:
> > I agree with the risk of deanonymization, however you have to look at the
> > consequence: we only publish agregated results, not individual reports, so this
> > is only leaking whether someone is reporting or not, this does not leak the
> > full list of packages, or the popcon UUID.
>
> You are missing a few pieces. There is a general principle of not
> collecting data that you don't need.
>
> Believe it or not, the popcon server may be compromised at a future
> time. We can defend now by not even collecting data that is not needed.
I completly agree with that, but if you look at the list of bug report, you
will see half of them ask for more information to be reported, and the other
half to report less information. So my only viable option is to keep the status
quo. This at least has the benefit of providing consistency and do not require
users to make new security/privacy deicision with each new popcon release.
> What about the actual data transfer? It usually works via http or smtp.
> Anyone sniffing the traffic can learn a lot from those little extra
> packages not to be found in the archive. Of course the traffic could be
> encrypted. Turning it harmless is another viable option though.
Yes there is plan to encrypt traffic. Mainly now it depends whether Debian is
willing to "pay" for the extra CPU time decrypting the reports.
> Finally I did find a number of corporate packages in popcon already.
> Packages that clearly belong to a particular institution or company. Now
> you learn that said institution uses Debian and popcon from the publicly
> visible popcon reports.
Could you give me some pointer to such packages (even privately if you prefer) ?
I have been considering allowing some packages to opt-out of popcon.
> Sorry, but given these issues I currently recommend not using popcon to
> people who ask me.
If you deal with people with strict security/privacy requirement, you are correct
to do so. I would do the same.
Cheers,
--
Bill. <ballombe at debian.org>
Imagine a large red swirl here.
More information about the Popcon-developers
mailing list