On Fri, 2 Oct 2020, Michael Catanzaro wrote:
Hm, thanks for the explanation. I guess the DNS request would indeed be the
*first* way you lose, because you have to do DNS before you do anything else.
But you are going to lose immediately after anyway:
* Immediately after you connect to the network, Fedora connects to
http://fedoraproject.org/static/hotspot.txt to see if you're behind a captive
portal
* Next, GNOME Software starts checking for updates in the background. You've
leaked "personal data" to fedoraproject.org again, and also fwupd.
If the locally configured DNS server supports Query Minimalization as
per RFC 7816, at this point you would have only revealed "." or ".org"
If it further supports DNS-over-TLS, and more TLDs will start to support
this, then nothing would be leaked. The world is steadilly moving
towards this. Add encrypted SNI, and you see this improves even more.
That is why governments are actually afraid of the opposite of GDPR
right now. The fear of missing out of seeing DNS/SNI data.
* You open Firefox, it downloads Safe Browsing data from Google. (Admittedly
this one is probably only behind a European CDN, but maybe Google is having a
bad day, or maybe IP address logs are sent to the US.)
This argument is that any browsing is a GDPR violation of every browser
and OS. It is not a helpfull discussion, and if worth discussing, it
should be discussed by laywers, not software engineers.
I'm sure my list is missing quite a lot. If your interpretation is correct,
then I suppose German companies should immediately discontinue use of Fedora,
and also most other computer operating systems....
The goal should always be to do the least amount of personal information
gathering or leaking. Stating "but it leaks over there too" is not a
very strong argument to leak data yourself.
Paul
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx