Bug#931892: gnome: Gnome GUI Privacy settings are ignored.
Damien
skyguide.base at protonmail.com
Fri Jul 12 00:34:32 BST 2019
Package: gnome
Version: 1:3.30+1
Severity: serious
Tags: security
Justification: 5
Dear Maintainer,
It became apparent that despite explicit settings of gnome desktop environment "Settings -> All Settings -> Privacy -> Location Services" set to "OFF", package 'geoclue-2.0' along with packages depending on it, such as 'gnome-clocks' ignore settings and continue to send requests via networking stack to identify hosts geographical location.
Could some one from Debian security team review this bug and hopefully provide a work around to stop gnome desktop environment along with packages 'gnome-clocks' & 'geoclue-2.0' from contacting remote services over the network, tracing the hosts geo-location?
Any help to stop geo-location tracing/checking/calculating/guestimating - would be greatly appreciated.
PS: Debian Dev Team, please note, nether package 'gnome-clocks' or 'geoclue-2.0' have NO man pages available, and therefore there is no way for a user of the host to find out how to disable geo-tracing functionality.
Per Debian regulations:
https://release.debian.org/testing/rc_policy.txt
... Section 5(o) - 'Packages must have a useful extended description.' there should be some sort of a documentation that would informed a user of the host what options are available to modify unwanted, and this case, privacy related behavior to be changes or stopped.
At the same time, while explicit settings for privacy gui element of a GNOME environment exist, they appear to be meaningless in terms geo location tracing of the host.
Damien.
-- System Information:
Debian Release: 10.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages gnome depends on:
ii avahi-daemon 0.7-4+b1
ii cheese 3.31.90-1
ii cups-pk-helper 0.2.6-1+b1
ii desktop-base 10.0.2
ii evolution 3.30.5-1.1
ii evolution-plugins 3.30.5-1.1
ii file-roller 3.30.1-2
ii gedit-plugins 3.30.1-3
ii gnome-calendar 3.30.1-2
ii gnome-clocks 3.30.1-2
ii gnome-color-manager 3.30.0-2
ii gnome-core 1:3.30+1
ii gnome-documents 3.31.92-1
ii gnome-getting-started-docs 3.30.0-1
ii gnome-maps 3.30.3-1
ii gnome-music 3.30.2-1
ii gnome-screenshot 3.30.0-2
ii gnome-sound-recorder 3.28.2-1
ii gnome-todo 3.28.1-2
ii gnome-tweaks 3.30.2-1
ii gnome-weather 3.26.0-5
ii gstreamer1.0-libav 1.15.0.1+git20180723+db823502-2
ii gstreamer1.0-plugins-ugly 1.14.4-1
ii libgsf-bin 1.14.45-1
ii libproxy1-plugin-networkmanager 0.4.15-5
ii libreoffice-calc 1:6.1.5-3
ii libreoffice-gnome 1:6.1.5-3
ii libreoffice-impress 1:6.1.5-3
ii libreoffice-writer 1:6.1.5-3
ii nautilus-sendto 3.8.6-3
ii network-manager-gnome 1.8.20-1.1
ii orca 3.30.1-1
ii rhythmbox 3.4.3-2
ii rhythmbox-plugin-cdrecorder 3.4.3-2
ii rhythmbox-plugins 3.4.3-2
ii rygel-playbin 0.36.2-4
ii rygel-tracker 0.36.2-4
ii seahorse 3.30.1.1-1
ii shotwell 0.30.1-1
ii simple-scan 3.30.1.1-1+b1
ii totem-plugins 3.30.0-4
ii vinagre 3.22.0-6
ii vino 3.22.0-5
ii xdg-user-dirs-gtk 0.10-3
Versions of packages gnome recommends:
ii gnome-games 1:3.30+1
ii nautilus-extension-brasero 3.12.2-5
ii transmission-gtk 2.94-2
Versions of packages gnome suggests:
pn alacarte <none>
pn empathy <none>
pn firefox-esr-l10n-all | firefox-l10n-all <none>
pn gnome-remote-desktop <none>
pn goobox | sound-juicer <none>
pn polari <none>
pn webext-ublock-origin <none>
Versions of packages gnome-core depends on:
ii adwaita-icon-theme 3.30.1-1
ii at-spi2-core 2.30.0-7
ii baobab 3.30.0-2
ii caribou 0.4.21-7
ii dconf-cli 0.30.1-2
ii dconf-gsettings-backend 0.30.1-2
ii eog 3.28.4-2+b1
ii evince 3.30.2-3
ii evolution-data-server 3.30.5-1
ii firefox-esr 60.7.2esr-1
ii fonts-cantarell 0.111-2
ii gdm3 3.30.2-3
ii gedit 3.30.2-2
ii gkbd-capplet 3.26.1-1
ii glib-networking 2.58.0-2
ii gnome-backgrounds 3.30.0-1
ii gnome-bluetooth 3.28.2-3
ii gnome-calculator 3.30.1-2
ii gnome-characters 3.30.0-2
ii gnome-contacts 3.30.2-1
ii gnome-control-center 1:3.30.3-1
ii gnome-disk-utility 3.30.2-3
ii gnome-font-viewer 3.30.0-2
ii gnome-keyring 3.28.2-5
ii gnome-logs 3.30.0-2
ii gnome-menus 3.31.4-3
ii gnome-online-accounts 3.30.1-2
ii gnome-online-miners 3.30.0-2
ii gnome-session 3.30.1-2
ii gnome-settings-daemon 3.30.2-3
ii gnome-shell 3.30.2-9
ii gnome-shell-extensions 3.30.1-1
ii gnome-software 3.30.6-5
ii gnome-sushi 3.30.0-2
ii gnome-system-monitor 3.30.0-2
ii gnome-terminal 3.30.2-2
ii gnome-themes-extra 3.28-1
ii gnome-user-docs 3.30.2-1
ii gnome-user-share 3.28.0-2
ii gsettings-desktop-schemas 3.28.1-1
ii gstreamer1.0-packagekit 1.1.12-5
ii gstreamer1.0-plugins-base 1.14.4-2
ii gstreamer1.0-plugins-good 1.14.4-1
ii gstreamer1.0-pulseaudio 1.14.4-1
ii gvfs-backends 1.38.1-5
ii gvfs-fuse 1.38.1-5
ii libatk-adaptor 2.30.0-5
ii libcanberra-pulse 0.30-7
ii libglib2.0-bin 2.58.3-2
ii libpam-gnome-keyring 3.28.2-5
ii libproxy1-plugin-gsettings 0.4.15-5
ii libproxy1-plugin-webkit 0.4.15-5
ii nautilus 3.30.5-2
ii pulseaudio 12.2-4
ii pulseaudio-module-bluetooth 12.2-4
ii sound-theme-freedesktop 0.8-2
ii system-config-printer-common 1.5.11-4
ii system-config-printer-udev 1.5.11-4
ii totem 3.30.0-4
ii tracker 2.1.8-2
ii yelp 3.31.90-1
ii zenity 3.30.0-2
Versions of packages gnome-core recommends:
ii libproxy1-plugin-networkmanager 0.4.15-5
ii network-manager-gnome 1.8.20-1.1
gnome-core suggests no packages.
-- no debconf information
More information about the pkg-gnome-maintainers
mailing list