Bug#898479: [gnome] gnome-software should detach fwupd as a dependency
kardan
kardan at riseup.net
Sat May 12 13:00:07 BST 2018
Package: gnome
Severity: normal
gnome-software depends on fwupd which triggers web requests containing
"client user-agent, IP address, timestamp, OS distribution name and OS
version to fwupd.org upon each firmware downloading process (or
checking for firmware updates manually by the user)" without the
knowledge of the user. The metadata is downloaded from a CDN hosted by amazon.
https://fosspost.org/analytics/privacy-security-concern-regarding-gnome-software
Please follow the suggestions of above article:
"We believe the following should be taken into consideration to solve
the issues above:
GNOME Software should detach fwupd as a dependency. Because if
fwupd package is installed, it will auto-check for updates in the
background (fwupd daemon will autostart after boot) and it will
send the data to fwupd.org automatically.
GNOME Software should disable the service of using fwupd.org for
firmware updates by default. Users wishing to subscribe to such
service should opt-in their selves.
Upon activation of fwupd service, a privacy policy dialog should be
displayed telling users about what’s going to be collected and why."
Thanks!
More information about the pkg-gnome-maintainers
mailing list