28 Jul
2018
28 Jul
'18
4:56 p.m.
Hi All,
I’m running Ubuntu 14.04.5 LTS, Trusty Tahr with TDE as my only desktop
installed. I do have some Gnome (and probably KDE) odds and ends programs
installed as well.
I’ll also agree I’m pretty much a Luddite and have no desire for anything on
my box talking to anyone on the Internet without my knowledge and express
permission.
tl:dr
Q1: How do you find phone home services?
Q2: How do you remove them?
Q3: If Ubuntu isn’t it, what is?
apt-get upgrade reported this morning that it wants to
update “evolution-data-server-online-accounts.”
Minor digging into wtf is this evolution thing (and why does it think it can
phone home without me knowing it?) shows it’s a Gnome component that’s
apparently very hard to remove. [a]
In that digging I find several other services that seem to phone home without
my knowledge or permission?
michael@local [~]# ls -1 /usr/share/dbus-1/services
{full list at [b]}
com.google.code.AccountsSSO.SingleSignOn.service
com.nokia.SingleSignOn.Backup.service
com.nokia.singlesignonui.service
and ???
musicstore-scope.service
unity-scope-facebook.service
unity-scope-flickr.service
unity-scope-openclipart.service
unity-scope-video-remote.service
unity-scope-yelp.service
Also in that digging, it seems that basically the only true way to get
evolution (and its ilk) to stop bothering you is to:
sudo mv /usr/lib/evolution /usr/lib/evolution-fu
(see [a], Answer, “None of the above helped me”), which is a bit
non-intuitive. Very cute though...
I’m left with questions...
Q1) With our resorting to something like Wireshark, how does one find all the
packages that have phone home capabilities?
Q2) As ‘apt-get --purge remove’ doesn’t seem to work all the time, what’s the
safest way to remove/disable them?
I went to Ubuntu (from CentOS) a couple years ago because it’s suppose to
be ‘easier’ and it does do multimedia much better, but it doesn’t really seem
to concern itself with customer ‘privacy.’
Q3) In the event this can’t be done in Ubuntu, is there a TDE supported *nix
variation that may be ‘harder,’ but doesn’t just add a bunch of anti-privacy
crap willy nilly?
I guess I don’t really mind going back to (re)compiling things on each OS
up-rev (libre, gimp, etc...), but it is a bit of a pita if there’s an
alternative...
Best and Thanks,
Michael
[a]
https://askubuntu.com/questions/315640/how-do-i-completely-remove-evolution
[b]
michael@local [~]# ls -1 /usr/share/dbus-1/services
ca.desrt.dconf.service
com.canonical.certification.PlainBox1.service
com.canonical.Friends.Dispatcher.service
com.canonical.Friends.Service.service
com.canonical.hud.service
com.canonical.indicators.webcredentials.service
com.canonical.Unity.Voice.service
com.canonical.Unity.Webapps.Service.service
com.canonical.webcredentials.capture.service
com.google.code.AccountsSSO.SingleSignOn.service
com.nokia.SingleSignOn.Backup.service
com.nokia.singlesignonui.service
com.ubuntu.OneConf.service
com.ubuntu.SoftwareCenterDataProvider.service
com.ubuntu.sso.service
gnome-vfs-daemon.service
gvfs-daemon.service
gvfs-metadata.service
indicator-keyboard.service
music-preview-player.service
musicstore-scope.service
obex-client.service
obex-data-server.service
org.a11y.atspi.Registry.service
org.a11y.Bus.service
org.ayatana.bamf.service
org.fedoraproject.Config.Printing.service
org.freedesktop.ColorHelper.service
org.freedesktop.FileManager1.service
org.freedesktop.Geoclue.Master.service
org.freedesktop.Geoclue.Providers.UbuntuGeoIP.service
org.freedesktop.Notifications.service
org.freedesktop.secrets.service
org.freedesktop.Telepathy.AccountManager.service
org.freedesktop.Telepathy.Client.Empathy.Auth.service
org.freedesktop.Telepathy.Client.Empathy.Call.service
org.freedesktop.Telepathy.Client.Empathy.Chat.service
org.freedesktop.Telepathy.Client.Empathy.FileTransfer.service
org.freedesktop.Telepathy.Client.Logger.service
org.freedesktop.Telepathy.Client.Vino.service
org.freedesktop.Telepathy.ConnectionManager.gabble.service
org.freedesktop.Telepathy.ConnectionManager.haze.service
org.freedesktop.Telepathy.ConnectionManager.idle.service
org.freedesktop.Telepathy.ConnectionManager.salut.service
org.freedesktop.Telepathy.Logger.service
org.freedesktop.Telepathy.MissionControl5.service
org.freedesktop.xesam.searcher.service
org.gnome.Contacts.SearchProvider.service
org.gnome.evince.Daemon.service
org.gnome.evolution.dataserver.AddressBook.service
org.gnome.evolution.dataserver.Calendar.service
org.gnome.evolution.dataserver.Sources.service
org.gnome.evolution.dataserver.UserPrompter.service
org.gnome.FileRoller.service
org.gnome.GConf.service
org.gnome.gedit.service
org.gnome.keyring.PrivatePrompter.service
org.gnome.keyring.service
org.gnome.keyring.SystemPrompter.service
org.gnome.Nautilus.SearchProvider.service
org.gnome.Nautilus.service
org.gnome.Rhythmbox3.service
org.gnome.ScreenSaver.service
org.gnome.seahorse.Application.service
org.gnome.zeitgeist.fts.service
org.gnome.zeitgeist.service
org.gtk.GLib.PACRunner.service
org.gtk.Private.AfcVolumeMonitor.service
org.gtk.Private.GPhoto2VolumeMonitor.service
org.gtk.Private.MTPVolumeMonitor.service
org.gtk.Private.UDisks2VolumeMonitor.service
org.kde.knotify.service
org.kde.kuiserver.service
org.onboard-prediction.service
sessioninstaller.service
unity-lens-friends.service
unity-scope-applications.service
unity-scope-audacious.service
unity-scope-calculator.service
unity-scope-chromiumbookmarks.service
unity-scope-clementine.service
unity-scope-colourlovers.service
unity-scope-devhelp.service
unity-scope-facebook.service
unity-scope-files-local.service
unity-scope-firefoxbookmarks.service
unity-scope-flickr.service
unity-scope-gdrive.service
unity-scope-gmusicbrowser.service
unity-scope-gourmet.service
unity-scope-guayadeque.service
unity-scope-home.service
unity-scope-manpages.service
unity-scope-music.service
unity-scope-musique.service
unity-scope-openclipart.service
unity-scope-picasa.service
unity-scope-shotwell.service
unity-scope-texdoc.service
unity-scope-tomboy.service
unity-scope-video-local.service
unity-scope-video-remote.service
unity-scope-virtualbox.service
unity-scope-yelp.service
unity-scope-zotero.service
vandenoever.strigi.service
28 Jul
28 Jul
7:25 p.m.
New subject: [trinity-users] Remove Evolution? (and any other stealth installed phone home services)
This seems to be a suitable occasion for top-posting.
$ ls -1 /usr/share/dbus-1/services/
blueman-applet.service
ca.desrt.dconf.service
org.bluez.obex.service
org.gnome.GConf.service
org.gtk.GLib.PACRunner.service
That's on a Trinity/Devuan box with some Gnome and also Wine and Steam.
Your problem seems to be Unity and Evolution etc, not Trinity.
To find what might be "phoning home" you could use a firewall such as
iptables to log and optionally block outbound connections, and then
start adding exceptions for everything you need to work. But how do
you know that something isn't phoning home through UDP or DNS even a
non-standard protocol? Best to only install software you trust.
--Mike
On Sat July 28 2018 09:56:12 Michael wrote:
michael@local [~]# ls -1 /usr/share/dbus-1/services
ca.desrt.dconf.service
com.canonical.certification.PlainBox1.service
com.canonical.Friends.Dispatcher.service
com.canonical.Friends.Service.service
com.canonical.hud.service
com.canonical.indicators.webcredentials.service
com.canonical.Unity.Voice.service
com.canonical.Unity.Webapps.Service.service
com.canonical.webcredentials.capture.service
com.google.code.AccountsSSO.SingleSignOn.service
com.nokia.SingleSignOn.Backup.service
com.nokia.singlesignonui.service
com.ubuntu.OneConf.service
com.ubuntu.SoftwareCenterDataProvider.service
com.ubuntu.sso.service
gnome-vfs-daemon.service
gvfs-daemon.service
gvfs-metadata.service
indicator-keyboard.service
music-preview-player.service
musicstore-scope.service
obex-client.service
obex-data-server.service
org.a11y.atspi.Registry.service
org.a11y.Bus.service
org.ayatana.bamf.service
org.fedoraproject.Config.Printing.service
org.freedesktop.ColorHelper.service
org.freedesktop.FileManager1.service
org.freedesktop.Geoclue.Master.service
org.freedesktop.Geoclue.Providers.UbuntuGeoIP.service
org.freedesktop.Notifications.service
org.freedesktop.secrets.service
org.freedesktop.Telepathy.AccountManager.service
org.freedesktop.Telepathy.Client.Empathy.Auth.service
org.freedesktop.Telepathy.Client.Empathy.Call.service
org.freedesktop.Telepathy.Client.Empathy.Chat.service
org.freedesktop.Telepathy.Client.Empathy.FileTransfer.service
org.freedesktop.Telepathy.Client.Logger.service
org.freedesktop.Telepathy.Client.Vino.service
org.freedesktop.Telepathy.ConnectionManager.gabble.service
org.freedesktop.Telepathy.ConnectionManager.haze.service
org.freedesktop.Telepathy.ConnectionManager.idle.service
org.freedesktop.Telepathy.ConnectionManager.salut.service
org.freedesktop.Telepathy.Logger.service
org.freedesktop.Telepathy.MissionControl5.service
org.freedesktop.xesam.searcher.service
org.gnome.Contacts.SearchProvider.service
org.gnome.evince.Daemon.service
org.gnome.evolution.dataserver.AddressBook.service
org.gnome.evolution.dataserver.Calendar.service
org.gnome.evolution.dataserver.Sources.service
org.gnome.evolution.dataserver.UserPrompter.service
org.gnome.FileRoller.service
org.gnome.GConf.service
org.gnome.gedit.service
org.gnome.keyring.PrivatePrompter.service
org.gnome.keyring.service
org.gnome.keyring.SystemPrompter.service
org.gnome.Nautilus.SearchProvider.service
org.gnome.Nautilus.service
org.gnome.Rhythmbox3.service
org.gnome.ScreenSaver.service
org.gnome.seahorse.Application.service
org.gnome.zeitgeist.fts.service
org.gnome.zeitgeist.service
org.gtk.GLib.PACRunner.service
org.gtk.Private.AfcVolumeMonitor.service
org.gtk.Private.GPhoto2VolumeMonitor.service
org.gtk.Private.MTPVolumeMonitor.service
org.gtk.Private.UDisks2VolumeMonitor.service
org.kde.knotify.service
org.kde.kuiserver.service
org.onboard-prediction.service
sessioninstaller.service
unity-lens-friends.service
unity-scope-applications.service
unity-scope-audacious.service
unity-scope-calculator.service
unity-scope-chromiumbookmarks.service
unity-scope-clementine.service
unity-scope-colourlovers.service
unity-scope-devhelp.service
unity-scope-facebook.service
unity-scope-files-local.service
unity-scope-firefoxbookmarks.service
unity-scope-flickr.service
unity-scope-gdrive.service
unity-scope-gmusicbrowser.service
unity-scope-gourmet.service
unity-scope-guayadeque.service
unity-scope-home.service
unity-scope-manpages.service
unity-scope-music.service
unity-scope-musique.service
unity-scope-openclipart.service
unity-scope-picasa.service
unity-scope-shotwell.service
unity-scope-texdoc.service
unity-scope-tomboy.service
unity-scope-video-local.service
unity-scope-video-remote.service
unity-scope-virtualbox.service
unity-scope-yelp.service
unity-scope-zotero.service
vandenoever.strigi.service
8:02 p.m.
New subject: [trinity-users] Remove Evolution? (and any other stealth installed phone home services)
Hi Michael,
Am Samstag 28 Juli 2018 schrieb Michael:
Hi All,
I’m running Ubuntu 14.04.5 LTS, Trusty Tahr with TDE as my only desktop
installed. I do have some Gnome (and probably KDE) odds and ends programs
installed as well.
I’ll also agree I’m pretty much a Luddite and have no desire for anything
on my box talking to anyone on the Internet without my knowledge and
express permission.
tl:dr
Q1: How do you find phone home services?
Q2: How do you remove them?
Q3: If Ubuntu isn’t it, what is?
apt-get upgrade reported this morning that it wants to
update “evolution-data-server-online-accounts.”
Minor digging into wtf is this evolution thing (and why does it think it
can phone home without me knowing it?) shows it’s a Gnome component that’s
apparently very hard to remove. [a]
In that digging I find several other services that seem to phone home
without my knowledge or permission?
How do you know? .service files are, AFAICT, config files for systemd, or dbus,
in this case, maybe. These services may or may not be activated. To check their
status or stop them refer to the (systemd/dbus/service) documentation.
To find out to which package one of these belongs you can do this in a shell:
$ dkpg -S /usr/share/dbus-1/services/com.nokia.SingleSignOn.Backup.service
Seems to belong to a package named "signond" whatever that is. I just gave it a
quick shot at my favorite search engine.
https://gitlab.com/accounts-sso/signond says:
"SignOn daemon
The SignOn daemon is a D-Bus service which performs user authentication on
behalf of its clients. There are currently authentication plugins for OAuth 1.0
and 2.0, SASL, Digest-MD5, and plain username/password combination."
So this doesn't look like a phone home service but rather like a service for the
user which I'd expect to require to be activated by the user. OTOH, some
distros or programs come with undesirable defaults which you are not aware of
until you start looking for them, like firefox for example.
But, that'd be a lot of work for all of these "suspicious" files, generally,
I'd
rather choose software which I believe I can trust, or at least trust more than
the ones of which I know that they *are* data collecting and user behavior
tracking etc.
michael@local [~]# ls -1 /usr/share/dbus-1/services
{full list at [b]}
com.google.code.AccountsSSO.SingleSignOn.service
com.nokia.SingleSignOn.Backup.service
com.nokia.singlesignonui.service
and ???
musicstore-scope.service
unity-scope-facebook.service
unity-scope-flickr.service
unity-scope-openclipart.service
unity-scope-video-remote.service
unity-scope-yelp.service
Also in that digging, it seems that basically the only true way to get
evolution (and its ilk) to stop bothering you is to:
sudo mv /usr/lib/evolution /usr/lib/evolution-fu
(see [a], Answer, “None of the above helped me”), which is a bit
non-intuitive. Very cute though...
I’m left with questions...
Q1) With our resorting to something like Wireshark, how does one find all
the packages that have phone home capabilities?
Q2) As ‘apt-get --purge remove’ doesn’t seem to work all the time, what’s
the safest way to remove/disable them?
Why do you think it doesn't work? What output/error message do you get? I think
that should always work, may remove a couple of dependencies, though, which
should be indicated beforehand and asked for normally.
I went to Ubuntu (from CentOS) a couple years ago
because it’s suppose to
be ‘easier’ and it does do multimedia much better, but it doesn’t really
seem to concern itself with customer ‘privacy.’
Q3) In the event this can’t be done in Ubuntu, is there a TDE supported
*nix variation that may be ‘harder,’ but doesn’t just add a bunch of
anti-privacy crap willy nilly?
TDE runs fine on Debian, Devuan, Arch Linux, SuseLinux and more, AFAIK. I'm
running Devuan and I'm pretty sure there's no "anti-privacy crap willy
nilly"
which I haven't installed by myself ;)
Kind regards,
Stefan
29 Jul
29 Jul
12:11 p.m.
New subject: [trinity-users] Remove Evolution? (and any other stealth installed phone home services)
On Sat, 28 Jul 2018 11:56:12 -0500
Michael <mb_trinity_desktop(a)inet-design.com> wrote:
Hi All,
I’m running Ubuntu 14.04.5 LTS, Trusty Tahr with TDE as my only desktop
installed. I do have some Gnome (and probably KDE) odds and ends programs
installed as well.
I’ll also agree I’m pretty much a Luddite and have no desire for anything on
my box talking to anyone on the Internet without my knowledge and express
permission.
tl:dr
Q1: How do you find phone home services?
Q2: How do you remove them?
Q3: If Ubuntu isn’t it, what is?
I went to Ubuntu (from CentOS) a couple years ago
because it’s suppose to
be ‘easier’ and it does do multimedia much better, but it doesn’t really seem
to concern itself with customer ‘privacy.’
And that is where you shot yourself in the foot. Greater ease-of-use always
ends up meaning less control of what's installed when it comes to Linux,
and Ubuntu is notorious for its relative lack of concern with privacy.
You would be better off with almost any other distribution--baseline Debian
(or Devuan) would probably be easiest to transition to, because it uses the
same package management tools. Also, there are a lot of people on here
using those distros, which means you have an excellent source of advice at
your fingertips.
Q3) In the event this can’t be done in Ubuntu, is
there a TDE supported *nix
variation that may be ‘harder,’ but doesn’t just add a bunch of anti-privacy
crap willy nilly?
I guess I don’t really mind going back to (re)compiling things on each OS
up-rev (libre, gimp, etc...), but it is a bit of a pita if there’s an
alternative...
How much control do you need? How much work are you willing to deal with?
In order of increasing control (but also increasing work), you could move to:
1. Debian, Devuan, or any other *non-commercial* mainstream binary distro
that the TDE website lists as having appropriate packages. Install from a
server disk image if you can, then layer TDE and whatever else you want on top,
to reduce the number of vestigial packages from other desktop environments.
2. Arch Linux is a rolling-update distro (so you shouldn't have to reinstall
everything
ever, unless you really screw something up) that offers a higher level of customization
at the cost of requiring more command-line use. I'm not sure of the current status
of TDE on Arch, but there used to be packages for it.
3. Gentoo Linux is also a rolling-update distro, but it distributes source code
rather than precompiled packages. This allows an even higher level of
configurability—all optional package features can be turned off—at the cost
of having to manage everything from the command line. The package manager
takes care of the compile-install cycle for you once it knows what it needs to do
(I generally let it run overnight). Not all TDE packages are available for Gentoo
(and none of those that are, are official), but user-made packages for the base
desktop plus several of the other programs do exist.
4. Linux From Scratch. Enough said. Even I'm not that crazy.
E. Liddell
3:25 p.m.
New subject: stealth installed phone home services - privacy options
I've started a new thread for my part at the end, because I get into stuff
that may not be strictly relevant to immediate question.
On Sunday 29 July 2018 05:11:57 E. Liddell wrote:
On Sat, 28 Jul 2018 11:56:12 -0500
Michael <mb_trinity_desktop(a)inet-design.com> wrote:
Agreed here. I was using the 'Buntus up until about a year or two ago, then
made the transition to Debian, and now to Devuan. I might eventually make it
into Slackware, Gentoo, ArchLinux, or something like that; but I do want to
have a life outside my computer, and time enough left to complete a few big
projects before I die.
Hi All,
I’m running Ubuntu 14.04.5 LTS, Trusty Tahr with TDE as my only desktop
installed. I do have some Gnome (and probably KDE) odds and ends
programs installed as well.
I’ll also agree I’m pretty much a Luddite and have no desire for anything
on my box talking to anyone on the Internet without my knowledge and
express permission.
tl:dr
Q1: How do you find phone home services?
Q2: How do you remove them?
Q3: If Ubuntu isn’t it, what is?
I went to Ubuntu (from CentOS) a couple years ago because it’s suppose to
be ‘easier’ and it does do multimedia much better, but it doesn’t really
seem to concern itself with customer ‘privacy.’
And that is where you shot yourself in the foot. Greater ease-of-use
always ends up meaning less control of what's installed when it comes to
Linux, and Ubuntu is notorious for its relative lack of concern with
privacy.
You would be better off with almost any other distribution--baseline Debian
(or Devuan) would probably be easiest to transition to, because it uses the
same package management tools. Also, there are a lot of people on here
using those distros, which means you have an excellent source of advice at
your fingertips.
Amen! Preach!
Evolution is one of those crappy packages that will not go away. Even in a
Debian/Devuan system, it sometimes gets installed with other packages if
you're not keeping a close watch, but it's easier to get rid of, once you get
out of the Ubuntu family.
If you want control over your own system, then it means more work on your
part. Running a system like this can be sort of like taking care of a pet,
and demanding a little more attention than a cat or dog. I, too, would
recommend Debian to start (which is *almost* like Ubuntu), then move onto
harder stuff.
This is not specific to the question of the thread, but you can block "call
home" software by taking a few steps:
1. Disable ipv6. (I'll give links and instructions, if anybody is interested.)
Enable it again once you learn how to get more control over those
connections, and a firewall that can deal with it.
2. Use a firewall that allows you to disable unnecessary outbound ports. (I
only enable 443, 465, 995, 8118, 9050 and 9051.)
3. Watch for strange connections, and when you see them, get their IP address,
track down its owner, then block all IP addresses belonging to that entity.
4. Route everything possible over Tor. (The package tork-trinity makes this
much easier.) Disable DNS requests by using Socks 5; get your settings right
for Tor and Privoxy, and save the config files.
After awhile, I don't see these connections any more, except after a fresh
system reinstallation. I try to save all my settings, though, so that I can
keep my system clean of crappy "call-home" software.
You still need to track down those packages in your system (which can be a lot
like prying off leeches); but by taking such steps as these, you can at least
minimize their effect.
Bill
Q3) In the event this can’t be done in Ubuntu,
is there a TDE supported
*nix variation that may be ‘harder,’ but doesn’t just add a bunch of
anti-privacy crap willy nilly?
I guess I don’t really mind going back to (re)compiling things on each OS
up-rev (libre, gimp, etc...), but it is a bit of a pita if there’s an
alternative...
How much control do you need? How much work are you willing to deal with?
In order of increasing control (but also increasing work), you could move
to:
1. Debian, Devuan, or any other *non-commercial* mainstream binary distro
that the TDE website lists as having appropriate packages. Install from a
server disk image if you can, then layer TDE and whatever else you want on
top, to reduce the number of vestigial packages from other desktop
environments.
2. Arch Linux is a rolling-update distro (so you shouldn't have to
reinstall everything ever, unless you really screw something up) that
offers a higher level of customization at the cost of requiring more
command-line use. I'm not sure of the current status of TDE on Arch, but
there used to be packages for it.
3. Gentoo Linux is also a rolling-update distro, but it distributes source
code rather than precompiled packages. This allows an even higher level of
configurability—all optional package features can be turned off—at the cost
of having to manage everything from the command line. The package manager
takes care of the compile-install cycle for you once it knows what it needs
to do (I generally let it run overnight). Not all TDE packages are
available for Gentoo (and none of those that are, are official), but
user-made packages for the base desktop plus several of the other programs
do exist.
4. Linux From Scratch. Enough said. Even I'm not that crazy.
E. Liddell
2337
days inactive
2338
days old
4 comments
5 participants
participants (5)
-
E. Liddell -
Michael -
Mike Bird -
Stefan Krusche -
William Morder