On 10/2/20 2:16 PM, Michael Catanzaro wrote: > On Fri, Oct 2, 2020 at 12:34 am, Marius Schwarz <fedoradev@xxxxxxxxxxxx> > wrote: >> If you send a DNS REQUEST to a US DNS server from within a company >> network, and with ipv6 the internal ip is sent out i learned lately, you >> have sent personal data which is protected under the GDRP. It's not >> unlikely to use company pcs for private webvisits while having a meal >> break. > > Hm, thanks for the explanation. I guess the DNS request would indeed be > the *first* way you lose, because you have to do DNS before you do > anything else. But you are going to lose immediately after anyway: > > * Immediately after you connect to the network, Fedora connects to > http://fedoraproject.org/static/hotspot.txt to see if you're behind a > captive portal Fedora is contacting fedora server, seems predictable. > * Next, GNOME Software starts checking for updates in the background. > You've leaked "personal data" to fedoraproject.org again, and also fwupd. It checks also to Fedora servers, right? > * You open Firefox, it downloads Safe Browsing data from Google. > (Admittedly this one is probably only behind a European CDN, but maybe > Google is having a bad day, or maybe IP address logs are sent to the > US.) Oh yeah, it also displays news from Pocket. Probably it does more > connections to the US that I don't know about. > * You switch to Financial Mode in Calculator, it downloads exchange rate > data. Might ask question to user, whether that is okay. Can you please fill a RFE bug? > * Anything crashes. A truncated stack trace gets sent to Fedora. > > I'm sure my list is missing quite a lot. If your interpretation is > correct, then I suppose German companies should immediately discontinue > use of Fedora, and also most other computer operating systems.... I think you are missing one important detail. When you choose to install Fedora, you are likely to accept it sends something to its servers. Anyway, they would usually have your IP somewhere, when you downloaded system image. However, forwarding queries to every name you visit online to some party, which you never agreed to or maybe heard its name, is something different. It just provides your site history to company never mentioned even in configuration files. It is only mentioned by resolvectl, which normal user would never hear about. It seems this should be easily configurable on installation (kickstart default or something), but by default should be empty. Prepared commented out FallbackDNS=8.8.8.8,... would work well. -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemensik@xxxxxxxxxx PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx