Bug#570021: Browser privacy compromised by librhythmbox-itms-detection-plugin.so

Juergen Stuber juergen at jstuber.net
Mon Feb 15 21:57:04 UTC 2010 

Package: rhythmbox
Version: 0.11.6-1
Severity: normal

Rhythmbox installs librhythmbox-itms-detection-plugin.so for Iceape.
According to http://panopticlick.eff.org/ this is rare and provides
almost enough information to uniquely identify the web browser:

Browser Characteristic: Browser Plugin Details	  
bits of identifying information: 14.68
one in x browsers have this value: 26286.29
value: Plugin 0: iTunes Application Detector; This plug-in detects the presence of iTunes when opening iTunes Store URLs in a web page with Firefox.; librhythmbox-itms-detection-plugin.so; (; application/itunes-plugin; ).

Please provide a means to use Rhythmbox without this plugin,
for example by putting it in a separate package.


Juergen


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages rhythmbox depends on:
ii  dbus                1.2.1-5+lenny1       simple interprocess messaging syst
ii  gconf2              2.22.0-1             GNOME configuration database syste
ii  gnome-icon-theme    2.22.0-1             GNOME Desktop icon theme
ii  gstreamer0.10-alsa  0.10.19-2            GStreamer plugin for ALSA
ii  gstreamer0.10-esd [ 0.10.8-4.1~lenny2    GStreamer plugin for ESD
ii  gstreamer0.10-gnome 0.10.19-2            GStreamer plugin for GnomeVFS
ii  gstreamer0.10-plugi 0.10.23-3            GStreamer plugins from the "base" 
ii  gstreamer0.10-plugi 0.10.8-4.1~lenny2    GStreamer plugins from the "good" 
ii  gstreamer0.10-x     0.10.19-2            GStreamer plugins for X11 and Pang
ii  libart-2.0-2        2.3.20-2             Library of functions for 2D graphi
ii  libatk1.0-0         1.22.0-1             The ATK accessibility toolkit
ii  libavahi-client3    0.6.23-3lenny1       Avahi client library
ii  libavahi-common3    0.6.23-3lenny1       Avahi common library
ii  libavahi-glib1      0.6.23-3lenny1       Avahi glib integration library
ii  libbonobo2-0        2.22.0-1             Bonobo CORBA interfaces library
ii  libbonoboui2-0      2.22.0-1             The Bonobo UI library
ii  libc6               2.7-18lenny2         GNU C Library: Shared libraries
ii  libcairo2           1.6.4-7              The Cairo 2D vector graphics libra
ii  libdbus-1-3         1.2.1-5+lenny1       simple interprocess messaging syst
ii  libdbus-glib-1-2    0.76-1               simple interprocess messaging syst
ii  libexpat1           2.0.1-4+lenny3       XML parsing C library - runtime li
ii  libfontconfig1      2.6.0-3              generic font configuration library
ii  libfreetype6        2.3.7-2+lenny1       FreeType 2 font engine, shared lib
ii  libgconf2-4         2.22.0-1             GNOME configuration database syste
ii  libglade2-0         1:2.6.2-1            library to load .glade files at ru
ii  libglib2.0-0        2.16.6-3             The GLib library of C routines
ii  libgnome-keyring0   2.22.3-2             GNOME keyring services library
ii  libgnome-media0     2.22.0-3             runtime libraries for the GNOME me
ii  libgnome2-0         2.20.1.1-1           The GNOME 2 library - runtime file
ii  libgnomecanvas2-0   2.20.1.1-1           A powerful object-oriented display
ii  libgnomeui-0        2.20.1.1-2           The GNOME 2 libraries (User Interf
ii  libgnomevfs2-0      1:2.22.0-5           GNOME Virtual File System (runtime
ii  libgpod3            0.6.0-6              library to read and write songs an
ii  libgstreamer-plugin 0.10.23-3            GStreamer libraries from the "base
ii  libgstreamer0.10-0  0.10.23-2            Core GStreamer libraries and eleme
ii  libgtk2.0-0         2.12.12-1~lenny1     The GTK+ graphical user interface 
ii  libhal1             0.5.11-8             Hardware Abstraction Layer - share
ii  libice6             2:1.0.4-1            X11 Inter-Client Exchange library
ii  liblircclient0      0.8.3-3              infra-red remote control support -
ii  libmtp7             0.2.6.1-3            Media Transfer Protocol (MTP) libr
ii  libmusicbrainz4c2a  2.1.5-2              Second generation incarnation of t
ii  libnautilus-burn4   2.20.0-1             Nautilus Burn Library - runtime ve
ii  libnotify1 [libnoti 0.4.4-3              sends desktop notifications to a n
ii  libnspr4-0d         4.7.1-5              NetScape Portable Runtime Library
ii  liborbit2           1:2.14.13-0.1        libraries for ORBit2 - a CORBA ORB
ii  libpango1.0-0       1.20.5-5             Layout and rendering of internatio
ii  libpixman-1-0       0.10.0-2             pixel-manipulation library for X a
ii  libpng12-0          1.2.27-2+lenny2      PNG library - runtime
ii  libpopt0            1.14-4               lib for parsing cmdline parameters
ii  libsexy2            0.1.11-2+b1          collection of additional GTK+ widg
ii  libsm6              2:1.0.3-2            X11 Session Management library
ii  libsoup2.4-1        2.4.1-2              an HTTP library implementation in 
ii  libtotem-plparser10 2.22.3-1             Totem Playlist Parser library - ru
ii  libusb-0.1-4        2:0.1.12-13          userspace USB programming library
ii  libx11-6            2:1.1.5-2            X11 client-side library
ii  libxcb-render-util0 0.2.1+git1-1         utility libraries for X C Binding 
ii  libxcb-render0      1.1-1.2              X C Binding, render extension
ii  libxcb1             1.1-1.2              X C Binding
ii  libxcursor1         1:1.1.9-1            X cursor management library
ii  libxext6            2:1.0.4-1            X11 miscellaneous extension librar
ii  libxfixes3          1:4.0.3-2            X11 miscellaneous 'fixes' extensio
ii  libxi6              2:1.1.4-1            X11 Input extension library
ii  libxinerama1        2:1.0.3-2            X11 Xinerama extension library
ii  libxml2             2.6.32.dfsg-5+lenny1 GNOME XML library
ii  libxrandr2          2:1.2.3-1            X11 RandR extension library
ii  libxrender1         1:0.9.4-2            X Rendering Extension client libra
ii  python              2.5.2-3              An interactive high-level object-o
ii  python-gnome2       2.22.0-1             Python bindings for the GNOME desk
ii  python-gtk2         2.12.1-6             Python bindings for the GTK+ widge
ii  python-support      1.0.3                automated rebuilding support for P
ii  python2.5           2.5.2-15+lenny1      An interactive high-level object-o
ii  zlib1g              1:1.2.3.3.dfsg-12    compression library - runtime

Versions of packages rhythmbox recommends:
pn  avahi-daemon                <none>       (no description available)
ii  gnome-app-install           0.5.5.1-1    GNOME Application Installer
ii  gnome-control-center        1:2.22.2.1-2 utilities to configure the GNOME d
ii  gnome-volume-manager        2.22.1-1     GNOME daemon to auto-mount and man
pn  gstreamer0.10-plugins-ugly  <none>       (no description available)
ii  hal                         0.5.11-8     Hardware Abstraction Layer
ii  libgnomevfs2-extra          1:2.22.0-5   GNOME Virtual File System (extra m
ii  notification-daemon         0.3.7-1+b1   a daemon that displays passive pop
ii  python-gst0.10              0.10.14-2    generic media-playing framework (P
ii  scrollkeeper                0.3.14-16    A free electronic cataloging syste
ii  sound-juicer                2.22.0-3     GNOME 2 CD Ripper
ii  yelp                        2.22.1-8+b1  Help browser for GNOME 2

Versions of packages rhythmbox suggests:
pn  gstreamer0.10-plugins-bad     <none>     (no description available)
ii  python-coherence              0.5.8-1    Python UPnP framework

-- no debconf information

More information about the pkg-gnome-maintainers mailing list