Re: Deepin Desktop Environment
Posted: Sun Oct 04, 2020 7:39 am
I agree that software shouldn't phone home. The more we know the better position we are in. But why the double standards? Firefox sends a lot of data including a unique hardware identifier which means your browsing habits can be tracked. It also has the capability to change your settings remotely.asqwerth wrote: Sun Oct 04, 2020 12:10 am Like I said previously in this thread , Deepin as packaged in arch repos was certainly at one stage reporting home, though it could just be for commercial data analytics rather than any political reasons (which comments like "another way for the CCP to..." would imply) . Probably hardware specs and what programs were installed on your system, per their UOS licence.
Still not good but it would make them no different from Google or MS or other commercial entities anywhere in the world if they could get away with it depending on their country's privacy laws and public perception.
https://archived.forum.manjaro.org/t/ma ... 106251/316
Extract:UOS licence which has since been removed from version in arch (though you might still get it if you install direct from deepin repos). It's certainly broader than most privacy permission documents out there.I installed XFCE just to have a comparison and ran Wireshark directly after login (with sudo).
With XFCE traffic was normal without any suspicious destination even as I started the XFCE settings.
Unfortunately Deepin behaved differently. Every time I opened the Control Panel there was the same amount of Traffic to www.wshifen.com 3 (103.235.46.39).
DNSDBLookup.com tells me that the corresponding IP belongs to Baidu Cloud and is located in Hong Kong.
It looks like, it is always the same amount of data that gets sent and it happens each and every time I open the Control Panel. Changing settings or starting Deepin programs does not seem to generate any other traffic.
https://archived.forum.manjaro.org/t/ma ... 106251/321
Extract:
Would be interesting for those who enable the deepin repos and install from there report on whether the UOS is still there, and if the distro still reports home when you open the control centre.reading trough the UOS Privacy Policy document and it states that the "User Experience Program" collects the following information:
1.1.1. Equipment and system information
Device information includes your device motherboard information, BIOS information, CPU information, memory information, hard disk information, partition information, network card information, etc .; system information includes system software version, system last update time, system language, daily users, each download Use source information.
1.1.2. Application software information
For example, the version of each application you installed in the system, and the start / exit time information of each application.
That would be a lot of data. In my test there was only a couple of hundred Bytes of data after the hand shake that was sent. Seems to me too small to fit all that data.
It doesn't matter anyway because the destination IP address (103.235.46.39) is currently hard coded. I simply blocked this IP in my firewall and this way Deepin could no longer phone home. There seem to be no advanced function built in currently to overcome such a simple road block.
https://www.mozilla.org/en-US/privacy/firefox/
https://www.scss.tcd.ie/Doug.Leith/pubs ... rivacy.pdf
I'm not here to defend Deepin, just to point out that MX ships a piece of software by default that does exactly what people blame Deepin for. Instead of applications Firefox tracks your extensions and can disable them remotely if needed.
The big lesson here is probably that when there is a corporation involved whether it is UOS or Mozilla, then data will be collected and likely shared with governments and/or third party partners.
We could of course decide that this discussion is nonsense as long as we continue to use iOS and Android devices.