Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.

Linux Package Zeitgeist

posted by janrinok on Monday January 30 2023, @07:39PM   Printer-friendly
from the Security dept.

hendrikboom writes:

I found this on one of Devuan's forums

There's a software package called Zeitgeist that's been finding its way into nearly every Linux and BSD package repository. It's also on Devuan. Be sure to read the note at the bottom of this post even if you are not impacted by this.

It reads your emails, it monitors the websites you visit, listens to private conversations, and logs the files on your computer. and then it shares this information freely over D-Bus to any application that wishes to use it. You are given no warning and have no option to say which software can access it, and which can't. Any software can access D-bus, including closed-source software like Discord or Telegram (whether they do or not, who knows).

From the description, it looks as if it is designed to make spyware's job easy. Do you have it on your system? Do you want it on your system?

[Editor's Comment: The package has been around for quite some time (since at least 2012) without any security problems being reported. Ubuntu's repo describes it as:

Zeitgeist is a service which logs the user's activities and events (files opened, websites visited, conversations held with other people, etc.) and makes the relevant information available to other applications.

It does not appear to be installed as default on the small number of distros that I have looked at but it might be installed on others.]

Original Submission

 
This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Linux Package Zeitgeist | Log In/Create an Account | Top | 28 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Interesting) by darkfeline on Tuesday January 31 2023, @12:33AM (1 child)

    by darkfeline (1030) on Tuesday January 31 2023, @12:33AM (#1289402) Homepage

    Every process on your machine running as your user already has access to all of your data. Providing an accessible API for that data only makes it easier to track what's accessing that data (assuming that you're running untrusted spyware (in which case try stop doing that) that switch to this new API over what they're already doing).

    With all due respect to the Devuan folks, they seem to have a habit of shrieking about the campfire with their backs turned toward the forest fire, so to speak.

    --
    Join the SDF Public Access UNIX System today!
    Starting Score:    1  point
    Moderation   +3  
       Interesting=2, Underrated=1, Total=3
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5  

  • (Score: 3, Insightful) by aafcac on Tuesday January 31 2023, @05:24AM

    by aafcac (17646) on Tuesday January 31 2023, @05:24AM (#1289435)

    Perhaps better permissions are in order. You shouldn't be seeing processes by other users if you care about privacy. There's little point in informed users seeing all those other processes anyways.