[LAU] How to disable Ardour's phone home option?

Brent Busby brent at keycorner.org
Mon Jul 13 18:01:02 UTC 2015


Ralf Mardorf <ralf.mardorf at alice-dsl.net> writes:

> On Mon, 13 Jul 2015 11:54:55 -0500, Brent Busby wrote:
>>Robin Gareus <robin at gareus.org> writes:
>>[...]
>>> Heck, if you're worried about this, you can't even surf the web to
>>> begin with. A simple firefox http request sends a lot more private
>>> information about the user. See https://panopticlick.eff.org/
>>
>>True
>
> Not really true. It's possible to make an averaged Firefox, Pale Moon
> etc. secure, however, the best bet would be to use
> https://www.torproject.org/projects/torbrowser.html.en . As already
> pointed out, for some computer usage, of some people, in some regions of
> the planet, it's better to disable every phone home option. The uname
> request from Ardour + the full opened Windows size reported by a web
> browser + geolocation send by your weather applet and even the most
> trustworthy VPN service becomes useless.

There's no securing any monolithic app of that size.  You can audit the
code, you can get assurances of good faith from Mozilla or whoever makes
it, you can enable all the safety features, and in the end, you've still
got a big slab of code that would make Bill Gates proud.  The NSA has
already said in one of their published documents that they don't even
need to have known exploits for Firefox to accomplish a given arbitrary
purpose -- the code base is so big that when they need something, they
can simply find it.  Just describe what you want the exploit to do and
the targetted version of Firefox -- we'll find you an attack vector that
does what you need from the existing code.  It's simply too big and
heavy to be secured by anyone, even with good intentions.

> Firefox is a web browser, we expect that it's connected to the
> Internet.

Well, yeah.  It'd be nice to be able to control the specifics of that though.

> Ardour is a DAW, the distros package management informs about
> upgrades without asking what kernel a user has got installed. While I
> agree that Ardour's phone home isn't a serious issue for most of us,
> it's still grotesque to compare Ardour with Firefox. There's no good
> reason for Ardour to phone home by default. Distro independent upgrades
> could be announced by a news letter.

Actually that digression is my fault.  Robin mentioned that one has more
to worry about as far as personal information exposure from Firefox's
HTTP traffic than one does from Ardour.  No one has said Ardour is like
Firefox.  It's my fault for digressing the subject into a general rant
about browser security anyway, but that is a concern of mine, however
tangentially related to the conversation.

-- 
+ Brent A. Busby	 + "We've all heard that a million monkeys
+ Sr. UNIX Systems Admin +  banging on a million typewriters will
+ University of Chicago	 +  eventually reproduce the entire works of
+ James Franck Institute +  Shakespeare.  Now, thanks to the Internet,
+ Materials Research Ctr +  we know this is not true." -Robert Wilensky


More information about the Linux-audio-user mailing list