Hi All,
I’m running Ubuntu 14.04.5 LTS, Trusty Tahr with TDE as my only desktop installed. I do have some Gnome (and probably KDE) odds and ends programs installed as well.
I’ll also agree I’m pretty much a Luddite and have no desire for anything on my box talking to anyone on the Internet without my knowledge and express permission.
tl:dr Q1: How do you find phone home services? Q2: How do you remove them? Q3: If Ubuntu isn’t it, what is?
apt-get upgrade reported this morning that it wants to update “evolution-data-server-online-accounts.”
Minor digging into wtf is this evolution thing (and why does it think it can phone home without me knowing it?) shows it’s a Gnome component that’s apparently very hard to remove. [a]
In that digging I find several other services that seem to phone home without my knowledge or permission?
michael@local [~]# ls -1 /usr/share/dbus-1/services {full list at [b]}
com.google.code.AccountsSSO.SingleSignOn.service com.nokia.SingleSignOn.Backup.service com.nokia.singlesignonui.service
and ??? musicstore-scope.service unity-scope-facebook.service unity-scope-flickr.service unity-scope-openclipart.service unity-scope-video-remote.service unity-scope-yelp.service
Also in that digging, it seems that basically the only true way to get evolution (and its ilk) to stop bothering you is to:
sudo mv /usr/lib/evolution /usr/lib/evolution-fu
(see [a], Answer, “None of the above helped me”), which is a bit non-intuitive. Very cute though...
I’m left with questions...
Q1) With our resorting to something like Wireshark, how does one find all the packages that have phone home capabilities?
Q2) As ‘apt-get --purge remove’ doesn’t seem to work all the time, what’s the safest way to remove/disable them?
I went to Ubuntu (from CentOS) a couple years ago because it’s suppose to be ‘easier’ and it does do multimedia much better, but it doesn’t really seem to concern itself with customer ‘privacy.’
Q3) In the event this can’t be done in Ubuntu, is there a TDE supported *nix variation that may be ‘harder,’ but doesn’t just add a bunch of anti-privacy crap willy nilly?
I guess I don’t really mind going back to (re)compiling things on each OS up-rev (libre, gimp, etc...), but it is a bit of a pita if there’s an alternative...
Best and Thanks, Michael
[a] https://askubuntu.com/questions/315640/how-do-i-completely-remove-evolution
[b] michael@local [~]# ls -1 /usr/share/dbus-1/services ca.desrt.dconf.service com.canonical.certification.PlainBox1.service com.canonical.Friends.Dispatcher.service com.canonical.Friends.Service.service com.canonical.hud.service com.canonical.indicators.webcredentials.service com.canonical.Unity.Voice.service com.canonical.Unity.Webapps.Service.service com.canonical.webcredentials.capture.service com.google.code.AccountsSSO.SingleSignOn.service com.nokia.SingleSignOn.Backup.service com.nokia.singlesignonui.service com.ubuntu.OneConf.service com.ubuntu.SoftwareCenterDataProvider.service com.ubuntu.sso.service gnome-vfs-daemon.service gvfs-daemon.service gvfs-metadata.service indicator-keyboard.service music-preview-player.service musicstore-scope.service obex-client.service obex-data-server.service org.a11y.atspi.Registry.service org.a11y.Bus.service org.ayatana.bamf.service org.fedoraproject.Config.Printing.service org.freedesktop.ColorHelper.service org.freedesktop.FileManager1.service org.freedesktop.Geoclue.Master.service org.freedesktop.Geoclue.Providers.UbuntuGeoIP.service org.freedesktop.Notifications.service org.freedesktop.secrets.service org.freedesktop.Telepathy.AccountManager.service org.freedesktop.Telepathy.Client.Empathy.Auth.service org.freedesktop.Telepathy.Client.Empathy.Call.service org.freedesktop.Telepathy.Client.Empathy.Chat.service org.freedesktop.Telepathy.Client.Empathy.FileTransfer.service org.freedesktop.Telepathy.Client.Logger.service org.freedesktop.Telepathy.Client.Vino.service org.freedesktop.Telepathy.ConnectionManager.gabble.service org.freedesktop.Telepathy.ConnectionManager.haze.service org.freedesktop.Telepathy.ConnectionManager.idle.service org.freedesktop.Telepathy.ConnectionManager.salut.service org.freedesktop.Telepathy.Logger.service org.freedesktop.Telepathy.MissionControl5.service org.freedesktop.xesam.searcher.service org.gnome.Contacts.SearchProvider.service org.gnome.evince.Daemon.service org.gnome.evolution.dataserver.AddressBook.service org.gnome.evolution.dataserver.Calendar.service org.gnome.evolution.dataserver.Sources.service org.gnome.evolution.dataserver.UserPrompter.service org.gnome.FileRoller.service org.gnome.GConf.service org.gnome.gedit.service org.gnome.keyring.PrivatePrompter.service org.gnome.keyring.service org.gnome.keyring.SystemPrompter.service org.gnome.Nautilus.SearchProvider.service org.gnome.Nautilus.service org.gnome.Rhythmbox3.service org.gnome.ScreenSaver.service org.gnome.seahorse.Application.service org.gnome.zeitgeist.fts.service org.gnome.zeitgeist.service org.gtk.GLib.PACRunner.service org.gtk.Private.AfcVolumeMonitor.service org.gtk.Private.GPhoto2VolumeMonitor.service org.gtk.Private.MTPVolumeMonitor.service org.gtk.Private.UDisks2VolumeMonitor.service org.kde.knotify.service org.kde.kuiserver.service org.onboard-prediction.service sessioninstaller.service unity-lens-friends.service unity-scope-applications.service unity-scope-audacious.service unity-scope-calculator.service unity-scope-chromiumbookmarks.service unity-scope-clementine.service unity-scope-colourlovers.service unity-scope-devhelp.service unity-scope-facebook.service unity-scope-files-local.service unity-scope-firefoxbookmarks.service unity-scope-flickr.service unity-scope-gdrive.service unity-scope-gmusicbrowser.service unity-scope-gourmet.service unity-scope-guayadeque.service unity-scope-home.service unity-scope-manpages.service unity-scope-music.service unity-scope-musique.service unity-scope-openclipart.service unity-scope-picasa.service unity-scope-shotwell.service unity-scope-texdoc.service unity-scope-tomboy.service unity-scope-video-local.service unity-scope-video-remote.service unity-scope-virtualbox.service unity-scope-yelp.service unity-scope-zotero.service vandenoever.strigi.service
This seems to be a suitable occasion for top-posting.
$ ls -1 /usr/share/dbus-1/services/ blueman-applet.service ca.desrt.dconf.service org.bluez.obex.service org.gnome.GConf.service org.gtk.GLib.PACRunner.service
That's on a Trinity/Devuan box with some Gnome and also Wine and Steam.
Your problem seems to be Unity and Evolution etc, not Trinity.
To find what might be "phoning home" you could use a firewall such as iptables to log and optionally block outbound connections, and then start adding exceptions for everything you need to work. But how do you know that something isn't phoning home through UDP or DNS even a non-standard protocol? Best to only install software you trust.
--Mike
On Sat July 28 2018 09:56:12 Michael wrote:
michael@local [~]# ls -1 /usr/share/dbus-1/services ca.desrt.dconf.service com.canonical.certification.PlainBox1.service com.canonical.Friends.Dispatcher.service com.canonical.Friends.Service.service com.canonical.hud.service com.canonical.indicators.webcredentials.service com.canonical.Unity.Voice.service com.canonical.Unity.Webapps.Service.service com.canonical.webcredentials.capture.service com.google.code.AccountsSSO.SingleSignOn.service com.nokia.SingleSignOn.Backup.service com.nokia.singlesignonui.service com.ubuntu.OneConf.service com.ubuntu.SoftwareCenterDataProvider.service com.ubuntu.sso.service gnome-vfs-daemon.service gvfs-daemon.service gvfs-metadata.service indicator-keyboard.service music-preview-player.service musicstore-scope.service obex-client.service obex-data-server.service org.a11y.atspi.Registry.service org.a11y.Bus.service org.ayatana.bamf.service org.fedoraproject.Config.Printing.service org.freedesktop.ColorHelper.service org.freedesktop.FileManager1.service org.freedesktop.Geoclue.Master.service org.freedesktop.Geoclue.Providers.UbuntuGeoIP.service org.freedesktop.Notifications.service org.freedesktop.secrets.service org.freedesktop.Telepathy.AccountManager.service org.freedesktop.Telepathy.Client.Empathy.Auth.service org.freedesktop.Telepathy.Client.Empathy.Call.service org.freedesktop.Telepathy.Client.Empathy.Chat.service org.freedesktop.Telepathy.Client.Empathy.FileTransfer.service org.freedesktop.Telepathy.Client.Logger.service org.freedesktop.Telepathy.Client.Vino.service org.freedesktop.Telepathy.ConnectionManager.gabble.service org.freedesktop.Telepathy.ConnectionManager.haze.service org.freedesktop.Telepathy.ConnectionManager.idle.service org.freedesktop.Telepathy.ConnectionManager.salut.service org.freedesktop.Telepathy.Logger.service org.freedesktop.Telepathy.MissionControl5.service org.freedesktop.xesam.searcher.service org.gnome.Contacts.SearchProvider.service org.gnome.evince.Daemon.service org.gnome.evolution.dataserver.AddressBook.service org.gnome.evolution.dataserver.Calendar.service org.gnome.evolution.dataserver.Sources.service org.gnome.evolution.dataserver.UserPrompter.service org.gnome.FileRoller.service org.gnome.GConf.service org.gnome.gedit.service org.gnome.keyring.PrivatePrompter.service org.gnome.keyring.service org.gnome.keyring.SystemPrompter.service org.gnome.Nautilus.SearchProvider.service org.gnome.Nautilus.service org.gnome.Rhythmbox3.service org.gnome.ScreenSaver.service org.gnome.seahorse.Application.service org.gnome.zeitgeist.fts.service org.gnome.zeitgeist.service org.gtk.GLib.PACRunner.service org.gtk.Private.AfcVolumeMonitor.service org.gtk.Private.GPhoto2VolumeMonitor.service org.gtk.Private.MTPVolumeMonitor.service org.gtk.Private.UDisks2VolumeMonitor.service org.kde.knotify.service org.kde.kuiserver.service org.onboard-prediction.service sessioninstaller.service unity-lens-friends.service unity-scope-applications.service unity-scope-audacious.service unity-scope-calculator.service unity-scope-chromiumbookmarks.service unity-scope-clementine.service unity-scope-colourlovers.service unity-scope-devhelp.service unity-scope-facebook.service unity-scope-files-local.service unity-scope-firefoxbookmarks.service unity-scope-flickr.service unity-scope-gdrive.service unity-scope-gmusicbrowser.service unity-scope-gourmet.service unity-scope-guayadeque.service unity-scope-home.service unity-scope-manpages.service unity-scope-music.service unity-scope-musique.service unity-scope-openclipart.service unity-scope-picasa.service unity-scope-shotwell.service unity-scope-texdoc.service unity-scope-tomboy.service unity-scope-video-local.service unity-scope-video-remote.service unity-scope-virtualbox.service unity-scope-yelp.service unity-scope-zotero.service vandenoever.strigi.service
Hi Michael,
Am Samstag 28 Juli 2018 schrieb Michael:
Hi All,
I’m running Ubuntu 14.04.5 LTS, Trusty Tahr with TDE as my only desktop installed. I do have some Gnome (and probably KDE) odds and ends programs installed as well.
I’ll also agree I’m pretty much a Luddite and have no desire for anything on my box talking to anyone on the Internet without my knowledge and express permission.
tl:dr Q1: How do you find phone home services? Q2: How do you remove them? Q3: If Ubuntu isn’t it, what is?
apt-get upgrade reported this morning that it wants to update “evolution-data-server-online-accounts.”
Minor digging into wtf is this evolution thing (and why does it think it can phone home without me knowing it?) shows it’s a Gnome component that’s apparently very hard to remove. [a]
In that digging I find several other services that seem to phone home without my knowledge or permission?
How do you know? .service files are, AFAICT, config files for systemd, or dbus, in this case, maybe. These services may or may not be activated. To check their status or stop them refer to the (systemd/dbus/service) documentation.
To find out to which package one of these belongs you can do this in a shell:
$ dkpg -S /usr/share/dbus-1/services/com.nokia.SingleSignOn.Backup.service
Seems to belong to a package named "signond" whatever that is. I just gave it a quick shot at my favorite search engine.
https://gitlab.com/accounts-sso/signond says:
"SignOn daemon
The SignOn daemon is a D-Bus service which performs user authentication on behalf of its clients. There are currently authentication plugins for OAuth 1.0 and 2.0, SASL, Digest-MD5, and plain username/password combination."
So this doesn't look like a phone home service but rather like a service for the user which I'd expect to require to be activated by the user. OTOH, some distros or programs come with undesirable defaults which you are not aware of until you start looking for them, like firefox for example.
But, that'd be a lot of work for all of these "suspicious" files, generally, I'd rather choose software which I believe I can trust, or at least trust more than the ones of which I know that they *are* data collecting and user behavior tracking etc.
michael@local [~]# ls -1 /usr/share/dbus-1/services {full list at [b]}
com.google.code.AccountsSSO.SingleSignOn.service com.nokia.SingleSignOn.Backup.service com.nokia.singlesignonui.service
and ??? musicstore-scope.service unity-scope-facebook.service unity-scope-flickr.service unity-scope-openclipart.service unity-scope-video-remote.service unity-scope-yelp.service
Also in that digging, it seems that basically the only true way to get evolution (and its ilk) to stop bothering you is to:
sudo mv /usr/lib/evolution /usr/lib/evolution-fu
(see [a], Answer, “None of the above helped me”), which is a bit non-intuitive. Very cute though...
I’m left with questions...
Q1) With our resorting to something like Wireshark, how does one find all the packages that have phone home capabilities?
Q2) As ‘apt-get --purge remove’ doesn’t seem to work all the time, what’s the safest way to remove/disable them?
Why do you think it doesn't work? What output/error message do you get? I think that should always work, may remove a couple of dependencies, though, which should be indicated beforehand and asked for normally.
I went to Ubuntu (from CentOS) a couple years ago because it’s suppose to be ‘easier’ and it does do multimedia much better, but it doesn’t really seem to concern itself with customer ‘privacy.’
Q3) In the event this can’t be done in Ubuntu, is there a TDE supported *nix variation that may be ‘harder,’ but doesn’t just add a bunch of anti-privacy crap willy nilly?
TDE runs fine on Debian, Devuan, Arch Linux, SuseLinux and more, AFAIK. I'm running Devuan and I'm pretty sure there's no "anti-privacy crap willy nilly" which I haven't installed by myself ;)
Kind regards, Stefan
On Sat, 28 Jul 2018 11:56:12 -0500 Michael mb_trinity_desktop@inet-design.com wrote:
Hi All,
I’m running Ubuntu 14.04.5 LTS, Trusty Tahr with TDE as my only desktop installed. I do have some Gnome (and probably KDE) odds and ends programs installed as well.
I’ll also agree I’m pretty much a Luddite and have no desire for anything on my box talking to anyone on the Internet without my knowledge and express permission.
tl:dr Q1: How do you find phone home services? Q2: How do you remove them? Q3: If Ubuntu isn’t it, what is?
I went to Ubuntu (from CentOS) a couple years ago because it’s suppose to be ‘easier’ and it does do multimedia much better, but it doesn’t really seem to concern itself with customer ‘privacy.’
And that is where you shot yourself in the foot. Greater ease-of-use always ends up meaning less control of what's installed when it comes to Linux, and Ubuntu is notorious for its relative lack of concern with privacy.
You would be better off with almost any other distribution--baseline Debian (or Devuan) would probably be easiest to transition to, because it uses the same package management tools. Also, there are a lot of people on here using those distros, which means you have an excellent source of advice at your fingertips.
Q3) In the event this can’t be done in Ubuntu, is there a TDE supported *nix variation that may be ‘harder,’ but doesn’t just add a bunch of anti-privacy crap willy nilly?
I guess I don’t really mind going back to (re)compiling things on each OS up-rev (libre, gimp, etc...), but it is a bit of a pita if there’s an alternative...
How much control do you need? How much work are you willing to deal with? In order of increasing control (but also increasing work), you could move to:
1. Debian, Devuan, or any other *non-commercial* mainstream binary distro that the TDE website lists as having appropriate packages. Install from a server disk image if you can, then layer TDE and whatever else you want on top, to reduce the number of vestigial packages from other desktop environments.
2. Arch Linux is a rolling-update distro (so you shouldn't have to reinstall everything ever, unless you really screw something up) that offers a higher level of customization at the cost of requiring more command-line use. I'm not sure of the current status of TDE on Arch, but there used to be packages for it.
3. Gentoo Linux is also a rolling-update distro, but it distributes source code rather than precompiled packages. This allows an even higher level of configurability—all optional package features can be turned off—at the cost of having to manage everything from the command line. The package manager takes care of the compile-install cycle for you once it knows what it needs to do (I generally let it run overnight). Not all TDE packages are available for Gentoo (and none of those that are, are official), but user-made packages for the base desktop plus several of the other programs do exist.
4. Linux From Scratch. Enough said. Even I'm not that crazy.
E. Liddell
I've started a new thread for my part at the end, because I get into stuff that may not be strictly relevant to immediate question.
On Sunday 29 July 2018 05:11:57 E. Liddell wrote:
On Sat, 28 Jul 2018 11:56:12 -0500
Michael mb_trinity_desktop@inet-design.com wrote:
Hi All,
I’m running Ubuntu 14.04.5 LTS, Trusty Tahr with TDE as my only desktop installed. I do have some Gnome (and probably KDE) odds and ends programs installed as well.
I’ll also agree I’m pretty much a Luddite and have no desire for anything on my box talking to anyone on the Internet without my knowledge and express permission.
tl:dr Q1: How do you find phone home services? Q2: How do you remove them? Q3: If Ubuntu isn’t it, what is?
I went to Ubuntu (from CentOS) a couple years ago because it’s suppose to be ‘easier’ and it does do multimedia much better, but it doesn’t really seem to concern itself with customer ‘privacy.’
And that is where you shot yourself in the foot. Greater ease-of-use always ends up meaning less control of what's installed when it comes to Linux, and Ubuntu is notorious for its relative lack of concern with privacy.
Agreed here. I was using the 'Buntus up until about a year or two ago, then made the transition to Debian, and now to Devuan. I might eventually make it into Slackware, Gentoo, ArchLinux, or something like that; but I do want to have a life outside my computer, and time enough left to complete a few big projects before I die.
You would be better off with almost any other distribution--baseline Debian (or Devuan) would probably be easiest to transition to, because it uses the same package management tools. Also, there are a lot of people on here using those distros, which means you have an excellent source of advice at your fingertips.
Q3) In the event this can’t be done in Ubuntu, is there a TDE supported *nix variation that may be ‘harder,’ but doesn’t just add a bunch of anti-privacy crap willy nilly?
I guess I don’t really mind going back to (re)compiling things on each OS up-rev (libre, gimp, etc...), but it is a bit of a pita if there’s an alternative...
How much control do you need? How much work are you willing to deal with? In order of increasing control (but also increasing work), you could move to:
- Debian, Devuan, or any other *non-commercial* mainstream binary distro
that the TDE website lists as having appropriate packages. Install from a server disk image if you can, then layer TDE and whatever else you want on top, to reduce the number of vestigial packages from other desktop environments.
- Arch Linux is a rolling-update distro (so you shouldn't have to
reinstall everything ever, unless you really screw something up) that offers a higher level of customization at the cost of requiring more command-line use. I'm not sure of the current status of TDE on Arch, but there used to be packages for it.
- Gentoo Linux is also a rolling-update distro, but it distributes source
code rather than precompiled packages. This allows an even higher level of configurability—all optional package features can be turned off—at the cost of having to manage everything from the command line. The package manager takes care of the compile-install cycle for you once it knows what it needs to do (I generally let it run overnight). Not all TDE packages are available for Gentoo (and none of those that are, are official), but user-made packages for the base desktop plus several of the other programs do exist.
- Linux From Scratch. Enough said. Even I'm not that crazy.
E. Liddell
Amen! Preach!
Evolution is one of those crappy packages that will not go away. Even in a Debian/Devuan system, it sometimes gets installed with other packages if you're not keeping a close watch, but it's easier to get rid of, once you get out of the Ubuntu family.
If you want control over your own system, then it means more work on your part. Running a system like this can be sort of like taking care of a pet, and demanding a little more attention than a cat or dog. I, too, would recommend Debian to start (which is *almost* like Ubuntu), then move onto harder stuff.
This is not specific to the question of the thread, but you can block "call home" software by taking a few steps:
1. Disable ipv6. (I'll give links and instructions, if anybody is interested.) Enable it again once you learn how to get more control over those connections, and a firewall that can deal with it. 2. Use a firewall that allows you to disable unnecessary outbound ports. (I only enable 443, 465, 995, 8118, 9050 and 9051.) 3. Watch for strange connections, and when you see them, get their IP address, track down its owner, then block all IP addresses belonging to that entity. 4. Route everything possible over Tor. (The package tork-trinity makes this much easier.) Disable DNS requests by using Socks 5; get your settings right for Tor and Privoxy, and save the config files.
After awhile, I don't see these connections any more, except after a fresh system reinstallation. I try to save all my settings, though, so that I can keep my system clean of crappy "call-home" software.
You still need to track down those packages in your system (which can be a lot like prying off leeches); but by taking such steps as these, you can at least minimize their effect.
Bill
-
E. Liddell -
Michael -
Mike Bird -
Stefan Krusche -
William Morder