Wonderful World of OS Privacy Disclosure
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Wonderful World of OS Privacy Disclosure

  1. #1
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914

    Wonderful World of OS Privacy Disclosure

    Hey Hey,

    So recently on these forums we've seen people attack Microsoft for "phoning home" and relaying personal info... Then we saw the same thing for Apple... even though all apple did was download the latest list of "Approved" widgets (similar to your AV might do, or a PC on automatic update)...

    So I just finished instally SuSE 10.1 on my primary desktop (Decided it was time for a change.... I've got an XP VM for all my Windows world things still) and while the install took waaaaaaaaaaaaaaaaaaay to long I was impressed with the software list (although for 6 CDs / 1 DVD I should be) and the hardware support... Let's give a quick rundown on that before I mention this article...

    Server 2003 Native Support: 1 NIC, CD-RW/DVD Rom, ZIP Disk, Keyboard and Mouse
    SuSE 10.1 Native Support: 2 NICs, CD-RW/DVD Rom, Zip Disk, Keyboard and Mouse.... oh yeah and Sound Card, Video Card, TV Tuner and Recognized my Monitor....

    btw nothing on my computer is "new": GeForce FX 5200 (128 MB), SB Live 5.1, Generic NICs, ATI TV Wonder...

    Anyways... the reason for this thread...

    The opening line of the SuSE release notes "Personal information will be relayed back to Novel for the most user-friendly experience possible" "This information includes data returned from the commands: hwinfo and uname".... So for all you linux zealots that were attacking Apple and MS... SuSE is returning my personal information as well... and if I disable that it will provide me with a less than desired user experience..

    I just found this rather interesting.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  2. #2
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    I've noticed the same thing ... Albeit Suse having great hardware support, I find it way to bloated, and the fact it "needs to phone home" ...Well ... I've installed another distro ... But I think future wise, most "Big" distros (Microsoft, Suse and maybe Redhat) Will be having a "phone home feature" built in ... Afterall ... There's money involved, being it opensource or not.

    .C.
    Back when I was a boy, we carved our own IC's out of wood.

  3. #3
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    How is SUSE "Bloated" ? It's a distro on top of the GUI World yet it can be installed on machine from almost 10 years ago and you can install ii on partitions smaller than even Debian..... Errr.... Well something like that, a minimum install is usually 400 MBs.... Anyway, one thing, since this is part of the topic:

    How can Windows kids complain about installing SUSE and Linux being hard when Microsoft STILL uses a text mode installer until you get to the configuration part of the install? The installation of Windows looks the sam as it did for Windows 98; You're at a text mode installation tool setting up partitions and then you get a GUI to tell it your time zone, where SUSE uses a GUI the entire time unless you're installing on an old machine where you don't want a GUI or a machine for a server where you don't need one.

    And a packet sniffer would most likely show no actual personal info is being sent. It's showing what Hardware you're using and the Kernel. I don't find a problem with this. It allows them to support my hardware better. And I know no one is attacking SUSE. Just wanted to get a few things in here.

    HT I know personally has talked to people from Novell and they actually didn't try to screw him out of more money than he needed to spend.

    How many people can say they have EVER talked on the phone with a Microsoft sales person and the person said "You actually don't HAVE to buy that, you can buy just one" ?

    By the way I didn't attack Apple. I don't see a threat in them collecting info to tell you about GUI stuff.... Anyone who does needs a huge dose of Thorezine.

    HT, I haven't messed with the new version enough yet but I have noticed HUGE differences. You can tell they worked hard on it. And things seem to really just work.

    And I know personally from talking to the SUSE team that the reason the box itself is different and th books and CD holder are different, is because Novell wanted SUSE to sell for a cheaper price.

    The price is 59.99 and I get mine at my door the next day (They know me ).
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  4. #4
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Hmmmm,

    I have to say that HT~ raises an interesting topic here, so I will have a go at it from a different direction?

    If you look at these sorts of discussions on this and other forums, there is always this "personal privacy" thingy............... well all machines that I own and build belong to "P C User" who happens to live at "Home"

    Yet we repeatedly complain about the ignorance of the average home user?

    1. If the user is ignorant then I will set their machine up so that nothing unnecessary runs, and that as much as possible is automated. I give them a checklist of what to expect to happen, and when. I actually set up the phoning home DELIBERATELY. You CANNOT have the best of both Worlds, if the user is ignorant then the solution HAS to be automation and phoning home?

    2. I have no problems with stuff phoning home so long as it is in the overall interests of the user community. I don't mind an applications provider knowing that my machine crashed and enough detail to find out why. Hey! how in hell can we expect them to improve their product without any feedback?.................... doesn't anybody remember the Full Development Lifecycle? the last bit is the Post Implementation Review ( and before you have a dig, HT~ , I have over 20 year's field experience of full lifecycle developments ). IMO, a lot of this phoning home is to check for updates, or an automated form of the Post Implementation Review.

    3. What I would complain about would be:

    [A] Applications that phoned home with uneccessary detail about my environment.
    [B] Applications that did not let me turn off the phoning home, or at least schedule it. They cannot be tested in all scenarios, and two things trying to phone home at the same time might be a cause of systems instability; which of course would be blamed on the windows OS

    My views.........................
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #5
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I definately have no problem with the phoning home... Like nihil I think it's an improvement... I'm probably one of the few people who clicks the submit details to <vendor> button on crashes... It's cool with me.. I just wanted to point this out for the Linux zealots who've trashed MS and Apple about it

    It makes you think about the extra traffic being used..

    I've got 3 Ubuntu Machines, 1 SuSE, 1 XP and 1 OS X (Plus multiple VMs) checking for updates on a regular basis...All with AV that also checks on a regular basis for updates.. My Mac also checks for "authorized" widgets. MSN, Firefox both check for updates regularly... it's almost inspiring me to define a hosts file for all of these sites... DNS Poisoning and Site redirection are getting too big..

    Hell even google bombing when checking for updates... One of the guys at work today noticed the first site that comes up when you search for MS06-022... Instead of being Microsoft.com it's thesource.ofallevil.com redirecting to the Microsoft advisory... there are several advisories that this occurs for.. How safe are we from malicious files being received during these phone home udpates... If google can be poluted why not my DNS servers?

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  6. #6
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    Hell even google bombing when checking for updates... One of the guys at work today noticed the first site that comes up when you search for MS06-022... Instead of being Microsoft.com it's thesource.ofallevil.com redirecting to the Microsoft advisory... there are several advisories that this occurs for.. How safe are we from malicious files being received during these phone home udpates... If google can be poluted why not my DNS servers?
    Well that's exactly my point ... With all these OS's and AV and whatnot "calling home" it's easy to loose track of which, what where ... It's a good idea to create a hosts file HTRegz ... But it would be one you'll need to keep an eye on ...As maybe some of the DNS entries for the sites change ...Microsoft for instance ... you'll need to update it ... It won't happen too often probably but it's another overhead ... at home it's no problem ... Another way I see to reduce the phoning home bit on a Windows XP client is to install WSUS (Windows Server Update Service) ... This way you'll keep the "phoning home" bit for the update inside for the client computers ...and you'll only need to keep an eye on 1 machine.

    I don't really have a problem with companies gathering info about my hardware and stuff ... But it's like you said ... it holds certain risks doesn't it.

    [edit] off topic -- gore ...easy there buddy ... I wasn't attacking SUSE ... I was just stating an opnion, my opinion ... If I find SUSE too bloated, well then that's my prerogative. You should not take opinions as attacks to SUSE or any other distro you like ...jeezzz ... Offcourse I know you can install SUSE with minimum software or whatnot ...But that was not my point... I could take everything you say about Microsoft or any other distro or OS the same way ... But then I would need an extra life to answer all those posts ... Anyway ... never mind [/edit]

    .C.
    Back when I was a boy, we carved our own IC's out of wood.

  7. #7
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Originally posted here by gore
    And I know no one is attacking SUSE. Just wanted to get a few things in here.
    And I need to take it easy?
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  8. #8
    Senior Member
    Join Date
    Feb 2002
    Posts
    856
    It seems (correct me if I am wrong) that this is a voluntary thing. You can say "no." I don't have a problem with a voluntary program like this.
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  9. #9
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by preacherman481
    It seems (correct me if I am wrong) that this is a voluntary thing. You can say "no." I don't have a problem with a voluntary program like this.
    It's voluntary... but you lose functionality and "user-friendliness"... That's only semi-voluntary in my books..
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  10. #10
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    I think that there is way too much paranoia in this area. And also a certain amount of double standards being applied?

    We have plenty of people come to this site for help. We ask them all sorts of questions about what hardware and software they have, what the did just before, and were doing when the problem started. That information is essential to suggesting a solution.

    Again people buy or get free software and have to register it to use it.............. that requires supplying "personal information" and they quite cheerfully do that.

    I am personally in favour of software that looks after itself, particularly for non-savvy home users ..................you generally find that commercial versions have the ability to switch off phoning home, as it is expected that updating will take place centrally, and the information will generally have been collected as part of obtaining the group licence.

    I sometimes wonder how these people who complain about information regarding their hardware and software can bring themselves to drive an automobile where a lot of "personal information" is immediately visible to anyone who cares to look?

    I do believe that you should have the option to schedule things or at least have the option to do them manually. My only reason for this is to avoid potential conflicts, or resolve them when they happen.

    If you are really concerned, then set up an "anonymous" e-mail account, use a generic User Name and lie regarding anything else. Set your firewall to ask about outgoing connections, and schedule everything to run on February 29th.

    Like HT~ I have no problem with a provider knowing what hardware and operating system I have, what language I use, and what country I live in.

    I think that it is good that providers care about this, because it gives them information about their user base that can be taken into account in future releases. As a wild example, do you think that MS would be developing Vista if they thought that 95% of users were running 486's and had no intention of upgrading?

    Also like HT~ I have no problems with sending automatic error logs................how else can the guys make their products more robust if they don't get feedback regarding problems?

    The only problem I would have would be with software that reported private information such as my personal data files, pictures, documents, music and so on............that IS spyware.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides