Gnome shell privacy issue : Auto answering voice and video calls
- Login o registrati per inviare commenti
I just sumbled upon a very disturbing privacy issue in the gnome shell 3 version provided with Trisquel 6. Gnome 3 has instant messaging and voice calls intergrated with the desktop. And I found (to my horror) that it auto answers incoming voice/video calls!
The only way I have found to disable this is starting empathy manually. Have you come across this issue? If so is there a better way to disable suto answering?
Try replicating the issue simply by logging into Gnome shell and call yourself from some other computer. (I used a google account in my case. I think any xmpp or jabber account will do.)
Given the critical nature of the problem I reported it as a bug
https://trisquel.info/en/issues/10724
I would hardly classify this as a "critical" bug...
Well, it auto answers and starts broadcasting your video/audio to whoever that calls you (without your consent). I thought it's a critical issue.
On 15/12/13 12:59, anandawardhana wrote:
> Well, it auto answers and start broadcasting your video to whoever
> that calls you. I thought it's a critical issue.
I completely agree. If you can, I would recommend sending a bug report
upstream (to GNOME), as a bug report here will most likely go nowhere
unless someone steps up to fix it.
Andrew.
to replicate the bug:
1) Install gnome shell on !trisquel 6.
2) Add your xmpp/jabber/google account to the default IM client (empathy). This starts operating in the background. Your status can be set from the desktop.
3) Log out from the desktop and log in. Your online status is now shown without starting empathy.
4) Call yourself (call the account you added to empathy) from another computer, another account.
5) Your desktop will auto-answer the audio/video call.
I am a member!
......How is that a bug? It's a feature, which I presume you asked for by installing gnome shell and empathy and not setting them up properly.
I got a solution for ye. Use a proper desktop and a proper IM client. Like MATE and Pidgin. It'll be good.
Even if it's not a bug, it's an antifeature, and it should be removed.
@dudeski, Mate doesn't appear to be in the Trisquel repo (or did i miss it?). I don't think suggesting an out-of-repo DE is a very good suggestion...
I'm NOT defending gnome3 in any way! I wouldn't touch it with a 30 foot pole myself.
I am a member!
True true. It's just a ppa, I see no problem with that.
But if you're worried about such things, there are other good DE's too, XFCE, LXDE, or even just a simple WM like openbox or ratpoison. So far as I'm concerned they're all better than Gnome Shell. MATE just happens to be my personal preference. =p
..Although in fairness, the new Gnome 3.8 classic mode is kinda neat. =x
I quote "......How is that a bug? It's a feature, which I presume you asked for by installing gnome shell and empathy and not setting them up properly.
I got a solution for ye. Use a proper desktop and a proper IM client. Like MATE and Pidgin. It'll be good.
"
@dudeski This is not my line of thinking. How about trying this out before calling it a feature? I have checked each and every setting in Empathy too. I found no option to enable or disable auto-answering.
1) I am a KDE user myself. But I would like to see gnomeshell bugs fixed because it is very likely to be the default desktop of next Trisquel. You cannot expect every new user to find some other DE that works, after installing Trisquel. This is not my personal problem.
2) Yes, Gnome shell is made this way. IM is closely integrated with the desktop. This integration seems to be a part of the desktop and IM works from inside the DE. And Empathy is part of gnome. That is how it works. I don't know how to replace pidgin with Empathy in THIS CASE. (Pidgin cannot replace Empathy here. That's another topic by the way... )
3) It auto answers by default. It doesn't even ring or make any notification to prepare the user for a call. The call simply begins.
I appreciate if you could actually USE the desktop and see. If you don't want to replicate the issue, please don't assume things. This is a serious privacy issue.
I am a member!
Based on what I knew at the time of writing that comment I'll stand by it being a feature. A feature that the user would has to implicitly ask for by installing Gnome Shell and Epiphany, and then explicitly ask for by setting them up with an IM account.
Much like asking for a bullet by pointing a gun at your head and pulling the trigger. An analogy I find highly relevant to the subject at hand, which is after all Gnome Shell. =x
1) Well yes, it's obviously not a particularly sane default, I agree. And yeah, if the Trisquel devs wanna shoot people in the foot with the bullshit that is Gnome Shell, that's their right of course. At least in later versions it's not quite as ridiciously hungry for RAM as, say, KDE's silly widget desktop monstrosity was last I tried it.. xD
2) You don't have to let gnome / epiphany / whatever handle your IM accounts. It's an opt-in by definition. It's not like Gnome Shell goes into your pidgin settings, takes the information, and then sets up it's own system with them.
3) Yeah, not a sane default, but that doesn't mean it's a bug.
I see no reason to, as I have no desire to use Gnome Shell, nor would it run particularly well on a netbook, which is currently the only place I still run Trisquel.
This is not a "serious privacy issue", it's a poorly implemented feature, nothing more. Even if there's no option to disable this behaviour, that's not a bug either, just a missing feature.
So call the subject of this thread what it is, a feature request, not a critical bug.
For the record, I completely agree with adding a toggle for this behaviour and disabling it by default.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2013-12-16 12:18, name at domain wrote:
> And yeah, if the Trisquel devs wanna shoot people in the foot with the bullshit that is Gnome Shell,
that's their right of course.
Let's all keep in mind the particular setup that leads to this is not
the default in Trisquel nor is it the result of "Trisquel devs" decisions.
F.
- --
Fabián Rodríguez
http://fsf.magicfab.ca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: PGP/Mime available upon request
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlKwKz4ACgkQfUcTXFrypNX1IgCeMt3k9+qxOiBAetSHxhVsdnap
tzAAoLsKMxOGI8fbYAdDu020s16eRUSI
=ro4F
-----END PGP SIGNATURE-----
I am a member!
I meant if they wanted to make Gnome Shell the default desktop in the future.
You mean, in the future, when they use a current version that doesn't have this bug? Since it's already been pointed out that this doesn't happen in GNOME 3.8?
Anandawardhana, can you check in the settings if this "feature" can be disabled?
Then it's not a bug, but I agree; it should be disabled by default.
I am a member!
i have not tried to replicate it but from my conversation on gnusocial: http://micro.fragdev.com/notice/945147
in context:
http://micro.fragdev.com/conversation/585016#notice-945147
it is a bug. you can only disable it manually but running in desktop it just connects.
frankly I would not like that anybody with my email address can listen or see what is going on the house.
it is the equivalent of someone ringing your phone and just opening the line directly, without ringing or you acepting the call.
it should not do it by default and should not be offered as an easy option to have.
"Anandawardhana, can you check in the settings if this "feature" can be disabled?"
@ssdclickofdeath , I am unable to find any "setting" that allows disabling this. This appears to me as a bug. If the Desktop environment auto answers to calls without even letting me know there's an incoming call, it is a bug.
Ok, for a moment let us assume this is a feature. How am I to know that I am getting an incoming call? It should (at least) start ringing and notify me before the call begins.
@Anandawardhana, I've haven't been able to find anything online that might help in this matter (I'm CERTAINLY not saying there isn't anything, just that I haven't been able to find anything). If you happen to use IRC, i'd suggest asking in Empathy's IRC channel #empathy on irc://irc.gimp.org/empathy best of luck!
From what I see, it has very little to do with Empathy. If I start Empathy auto-answering stops.
Le 2013-12-15 22:17, name at domain a écrit :
> "Anandawardhana, can you check in the settings if this "feature" can
> be disabled?"
>
> @ssdclickofdeath , I am unable to find any "setting" that allows
> disabling this. This appears to me as a bug.
[..]
Point taken, can you now share the bug report links upstream (Ubuntu /
Gnome)? That would be useful.
F.
--
Fabián Rodríguez - XMPP/Jabber+OTR: name at domain
http://fsf.magicfab.ca
I am a KDE user. I use Triskel. I can conveniently say why don't everyone use a proper desktop ;-)
But from what I see, Gnome Shell is very likely to be the default desktop of next Trisquel. And current Trisquel will continue till 2017! We have to get this fixed. :)
It is not Empathy that auto answers. (When you start Empathy, auto answering stops) It is the desktop environment that enforces auto-answering. It doesn't even notify the incoming call. It doesn't even ring. What if I am not paying attention to the screen? This is a bug.
I am a member!
Never has GNOME Shell forced me to enter settings into the online accounts preferences! The esktop cannot autoanswer when no settings provided. I use pidgin and have auto-answering turned off. Problem solved. I agree with others who say this is a badly-written opt-in.
If it isn't in versions of GNOME currently supported by the GNOME developers, this is an old bug that was already fixed, not a feature. To quote a commenter on the bug report at the GNOME bug tracker:
> 3.4.x is very old and
> is no longer supported upstream (and hasn't been for more than a year
> actually).
Damn... that's almost like "bringing NSA to the masses".
It doesn't matter if it's a bug, an anti-feature, or even a "bad feature" inserted on purpose, it has to be REMOVED NOW!
Too bad we don't have good old gnome 2 anymore =(
I have been thinking what DE to use in my Debian machine. LXDE and XFCE don't really do what I want, and Gnome and KDE are too heavy for my machine (no graphics due to requiring non-free firmware). So I am stuck with Gnome 3 in "classic mode" (which does not work at 100%). Mate was the best I had so far, but it is not in the repos, and I really hate to use PPAs =/
I am a member!
We DO have Gnome2, it's just called MATE now. What's wrong with getting it via a ppa?
First, by running only repository software, at least in Debian, there is a lot less chance something will crash or cause conflicts with other software (that's why they call it stable).
Second, when you run only software from the repositories, you are trusting only ONE source. Whenever you add a PPA you are trusting more and more sources, opening door for attacks (let's say an attacker can't get into Trisquel or Debian repositories, but they get to invade a PPA, and add an update with anti-features in it). I read that maybe when next stable comes out, Debian will also ship with Mate, but until then we are left with PPA.
- Login o registrati per inviare commenti