Privacy in Trisquel
- Inicie sesión ou rexístrese para enviar comentarios
I found something disturbing today.
I wanted to delete a list of packages which can be used to track location of the user (geolocation). So I did this :
sudo apt-get purge zeitgeist zeitgeist-core zeitgeist-datahub python-zeitgeist rhythmbox-plugin-zeitgeist geoclue geoclue-ubuntu-geoip geoip-database whoopsie libgeoclue0 libzeitgeist-1.0-1
When I looked in the list with packages that will be removed I see GIMP.
So I removed all. After that I reinstated Gimp. But it was an surprise for my because Gimp required "libgeoclue0" (library for geolocation ) and "libwebkitgtk-1.0-0" "libwebkitgtk-1.0-common" (library for google chrome.
I think all the package from above must to be removed from Trisquel repo and we must to clarify why GIMP want geolocation and google library because I don't understand.
hum.... that is actually a very important question. I don't have any answer but I also want to know that.
One of the reasons (maybe the main reason) I chose trisquel was because I wanted to use a system that would respect me as a user (don't give my personal info away for example!). It could be said that it's GIMP that uses those and not Trisquel, but if so, we should know WHAT exacty happens when we use GIMP and if it DOES provide some kind of information that it SHOUDLN'T, we should maybe stop using it until it is fixed by the GIMP team.
One side question, do you know how to clean "metadata" on a file, on trisquel? I will take a look in the repository and try to find somehting.
If you think GIMP might be reporting geolocation data to someone, the source code is available; just read it.
I would have to read through ALL the code to be able to understand it... I am not a programmer specialized in GIMP libraries... I agree that would be the BEST way to do it, but I can't unfortunately.
You wouldn't need to read through all the code -- just look at the parts that use the libraries you're interested in investigating.
For example, if you want to search for instances of 'libgeo' in the source, you might try running the following inside the root of the GIMP source directory.
grep -Rl 'libgeo' *
I did this, and got no results, so I tried searching for 'geo' instead, and that gave me a bunch of results, most of which appeard to be files containing strings like 'geometry' or 'pageopacity'. But I found no instances of anything related to geo location.
Here is MAT, (Metadata Anonymisation Toolkit) I never tried it out, and I don't think it's in the Trisquel repos, but I'm pretty sure it's free[0].
[0] http://trisquel.info/en/forum/free-software-bitcoin-mining#comment-37845
THANKS!! =D This is the same as I used to have in TAILS. Sweet.
Too bad I can't make the program run, lol, but I am sure I will get around that in time xD
Sorry, I can't get it to work. The only thing it did at least for now, was taking a snapshot of the window I was at.
Could you please try to run it in your Trisquel and tell me if you did so successfully? THANKS
Geolocation data is an optional feature of some image formats (JPEG, in particular; I don't know of any others) which tells where a photo was taken.
I'm not familiar with GIMP, but the libraries you're worried about sound to me like libraries that GIMP uses to read this geolocation data. This isn't spyware.
You also seem to have a fear of using libraries for little reason than "some proprietary software uses it". Using that logic, you would also avoid OpenGL, which is often used for proprietary game engines. Heck, you would have to avoid just about anything, because C and C++ are popular for proprietary programs too, not just free programs. Just because some proprietary software uses a library doesn't mean the library is malicious or proprietary. WebKit is a free layout engine for web browsers, with Google Chrome and Safari being the most well-known examples of browsers that use it; I think Arora and Midori are other examples of browsers that use it.
That article fails to mention something important when you're using only free software: it's free software running on your computer, so you can find out exactly what is happening by checking the source code. There is no window of opportunity for data to be sent somewhere else without your knowledge unless you're running proprietary software. Of course, this doesn't apply to proprietary software, but Trisquel doesn't have any of that.
Well, it all depends on WHY one uses Trisquel. Some people actually want to follow the latest fashions and have social networking, apps integrated that know everything about them, all the whistles and bells, they just want to do that with free software. For those people there is nothing wrong with some spying (or logging as the article mentioned above calls it) as long as it's useful.
For me however (and aparently Dadix too) Trisquel is one step in the direction of a FREE operating system. You can't have freedom if you can't have freedom from surveilance, and one man's tool is another man's weapon. So, I use Trisquel because being only free software, there are less chances of backdoors being in place (windows and mac have those of course, and some linux distros might have too). Now, I don't think Trisquel has back doors, but it might have some libraries that I might prefer to remove to further protect myself. And being free software, it's my right to do so =)
I thank Dadix for providing the info that he did, it actually helped me. I am however unable to run MAT =(
> Now, I don't think Trisquel has back doors, but it might have some libraries that I might prefer to remove to further protect myself. And being free software, it's my right to do so =)
You don't have to protect yourself from these libraries;
many independent developers have read the code. If it's free software
(and it is, since it is included in trisquel) you can almost be sure
that it doesn't contain malicious features.
And what's so special about those libs?
As someone said before, webkit is used by many free browsers; it's not a
proprietary google technology.
You can give the code of the geo lib to a friend of yours who knows how
to program, but I'm sure it isn't necessary.
Gimp is one damn popular program, thousands of people are using it;
if it uses a lib which spies on you, someone finds out and removes it.
Of course you are free to remove those libs; but in my opinion, it's not
sensible.
I get the impression that you are fearfully assuming that the free software in Trisquel is doing something malicious. This is a perfectly legitimate concern with proprietary software because you can't know what exactly it is doing, but you can know exactly what free software is doing.
If you act paranoid about a free system which hasn't been shown to be doing something malicious, people may assume that the concern is just as valid for both proprietary and free software, which just isn't true. But people who are given that impression might be stopped from using Trisquel because you make them think it's spying on them, when in reality you're just making unjust assumptions about programs you haven't investigated.
I can't see any geo dependancy for GIMP.
The indicator-datetime package does depend on geo however. This is the time/date applet on the panel. I believe this dependency has to do with the weather info functionality.
The dependency is indirect: GIMP depends on libwebkitgtk-1.0-0 that depends on libgeoclue0.
The Web content engine actually is optional, i.e., GIMP can be compiled without it but will then not have any "Help Browser". That is the way to go for somebody who insists on not having GIMP using libgeoclue0... but as you write, many other components of Trisquel's default install depend on libgeoclue0... and, as other users said, the fear of being spied just because libgeoclue0 is installed is irrational because it is free software and a spying function in it would certainly be known.
>The dependency is indirect: GIMP depends on libwebkitgtk-1.0-0 that depends on libgeoclue0.
Ah! I didn't even consider that. Thanks for the explanation!
Thanks for all the explanations.
Truth is, I am not saying that GIMP has malicious features built in. I just thought that it might have a feature (not an evil one) of saving some kind of metadata into the files that it exported (including geolocation). Which is why I want to use MAT (it doesn't work =< can anyone help??) and I made sure to delete some geolocation libraries from my system (not the ones related to GIMP, but other that were there). I know Trisquel is not spying on me, but sometimes a useful feature could be used to locate me against my will, so I prefer to remove those libraries (mainly because I don't use them anyway lol).
Still, I trust free software, specially the ones that came from GNU project (which GIMP is an example of in some ways).
Ok, thanks for the clarification =)
As I said, I don't think either GIMP or Trisquel are doing anything suspicious, but I am willing to give up some "geographic relevant information" in order to make sure no one is able to locate my computer by using, for example, a Weather aplication. So I am happy to remove some libraries from the system =)
ONce again thanks for the clarification, I re-state I was in no way implying anything about GIMP or Trisquel.
It's good to question things, keep it up!
Only dead fish always go with the flow.
Thanks! So kind of you.
Yep, I don't want to turn fried fish, eheh.
- Inicie sesión ou rexístrese para enviar comentarios