I found this on one of Devuan's forums
There's a software package called Zeitgeist that's been finding its way into nearly every Linux and BSD package repository. It's also on Devuan. Be sure to read the note at the bottom of this post even if you are not impacted by this.
It reads your emails, it monitors the websites you visit, listens to private conversations, and logs the files on your computer. and then it shares this information freely over D-Bus to any application that wishes to use it. You are given no warning and have no option to say which software can access it, and which can't. Any software can access D-bus, including closed-source software like Discord or Telegram (whether they do or not, who knows).
From the description, it looks as if it is designed to make spyware's job easy. Do you have it on your system? Do you want it on your system?
[Editor's Comment: The package has been around for quite some time (since at least 2012) without any security problems being reported. Ubuntu's repo describes it as:
Zeitgeist is a service which logs the user's activities and events (files opened, websites visited, conversations held with other people, etc.) and makes the relevant information available to other applications.
It does not appear to be installed as default on the small number of distros that I have looked at but it might be installed on others.]
(Score: 5, Interesting) by darkfeline on Tuesday January 31 2023, @12:33AM (1 child)
Every process on your machine running as your user already has access to all of your data. Providing an accessible API for that data only makes it easier to track what's accessing that data (assuming that you're running untrusted spyware (in which case try stop doing that) that switch to this new API over what they're already doing).
With all due respect to the Devuan folks, they seem to have a habit of shrieking about the campfire with their backs turned toward the forest fire, so to speak.
Join the SDF Public Access UNIX System today!
(Score: 3, Insightful) by aafcac on Tuesday January 31 2023, @05:24AM
Perhaps better permissions are in order. You shouldn't be seeing processes by other users if you care about privacy. There's little point in informed users seeing all those other processes anyways.