Debian popcon as a vulnerability?

Hello all! I am wondering whether to force-uninstall Debian's popularity-contest package as part of Stormy's installation process. It would be good to have an idea how popular Stormy is, but on the other hand, I'm not sure how anonymous the reporting is on Debian's end. This is also relevant for users of the tor package, who might also be at mild risk (though far less so because the number of users is so high, and doesn't reveal location of location-hidden services). Anyone have opinions on this? I'm leaning towards checking if popularity-contest is installed and then asking if the user would like it to be removed. If y'all have other recommendations, please comment here or on the ticket. Ticket: https://trac.torproject.org/projects/tor/ticket/13154 thanks! Griffin -- "I believe that usability is a security concern; systems that do not pay close attention to the human interaction factors involved risk failing to provide security by failing to attract users." ~Len Sassaman

On 2014-09-14 01:17, Griffin Boyce wrote:
Hello all!
I am wondering whether to force-uninstall Debian's popularity-contest package as part of Stormy's installation process. It would be good to have an idea how popular Stormy is, but on the other hand, I'm not sure how anonymous the reporting is on Debian's end.
If you report through Tor then it is okay-ish as then nobody knows the IP. They could though make a fingerprint of the set of packages+versions installed and thus know that at least you are a Tor user through that. Thus for them who have access to that DB, there is some power. Personally, I don't see the point of popcon though, it is not that the owner of the package will fix things quicker when the package is more popular, they are mostly doing it in their free time anyway. Greets, Jeroen

Hi, Griffin Boyce wrote (13 Sep 2014 23:17:11 GMT) :
I'm not sure how anonymous the reporting is on Debian's end.
Recent versions of popcon report via encrypted email. (I'm aware that it doesn't fully answer your question, but without a minimal explanation of the threat model, it's unclear to me what the actual potential problem is for the usecase you're working on.) Cheers, -- intrigeri
participants (3)
-
Griffin Boyce
-
intrigeri
-
Jeroen Massar