13 Jul
2015
13 Jul
'15
8:29 p.m.
On Mon, 13 Jul 2015 13:01:02 -0500, Brent Busby wrote:
Ralf Mardorf <ralf.mardorf(a)alice-dsl.net>
writes:
However, since we know how to disable phone home, assumed we want to
disable it, we don't need to worry about it.
Temporarily we could disable it by editing the URL.
$ grep ardour ~/.config/ardour4/config /etc/ardour4/config
To completely disable it, we could configure with --no-phone-home when
building Ardour.
I already marked the thread as "[Solved]", before this discussion
started :).
On Mon, 13 Jul 2015 11:54:55 -0500, Brent Busby
wrote:
There's no securing any monolithic app of that size. You can audit the
code, you can get assurances of good faith from Mozilla or whoever
makes it, you can enable all the safety features, and in the end,
you've still got a big slab of code that would make Bill Gates proud.
The NSA has already said in one of their published documents that they
don't even need to have known exploits for Firefox to accomplish a
given arbitrary purpose -- the code base is so big that when they need
something, they can simply find it. Just describe what you want the
exploit to do and the targetted version of Firefox -- we'll find you
an attack vector that does what you need from the existing code. It's
simply too big and heavy to be secured by anyone, even with good
intentions.
Robin Gareus <robin(a)gareus.org> writes:
[...]
Not really true. It's possible to make an averaged Firefox, Pale Moon
etc. secure, however, the best bet would be to use
https://www.torproject.org/projects/torbrowser.html.en . As already
pointed out, for some computer usage, of some people, in some
regions of the planet, it's better to disable every phone home
option. The uname request from Ardour + the full opened Windows size
reported by a web browser + geolocation send by your weather applet
and even the most trustworthy VPN service becomes useless. Heck, if you're worried about this, you
can't even surf the web to
begin with. A simple firefox http request sends a lot more private
information about the user. See https://panopticlick.eff.org/
True Firefox is a web browser, we expect that it's
connected to the
Internet.
Well, yeah. It'd be nice to be able to control the specifics of that
though.
Ardour is a DAW, the distros package management
informs about
upgrades without asking what kernel a user has got installed. While I
agree that Ardour's phone home isn't a serious issue for most of us,
it's still grotesque to compare Ardour with Firefox. There's no good
reason for Ardour to phone home by default. Distro independent
upgrades could be announced by a news letter.
Actually that digression is my fault. Robin mentioned that one has
more to worry about as far as personal information exposure from
Firefox's HTTP traffic than one does from Ardour. No one has said
Ardour is like Firefox. It's my fault for digressing the subject into
a general rant about browser security anyway, but that is a concern of
mine, however tangentially related to the conversation.