Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Monday January 30 2023, @07:39PM   Printer-friendly
from the Security dept.

I found this on one of Devuan's forums

There's a software package called Zeitgeist that's been finding its way into nearly every Linux and BSD package repository. It's also on Devuan. Be sure to read the note at the bottom of this post even if you are not impacted by this.

It reads your emails, it monitors the websites you visit, listens to private conversations, and logs the files on your computer. and then it shares this information freely over D-Bus to any application that wishes to use it. You are given no warning and have no option to say which software can access it, and which can't. Any software can access D-bus, including closed-source software like Discord or Telegram (whether they do or not, who knows).

From the description, it looks as if it is designed to make spyware's job easy. Do you have it on your system? Do you want it on your system?

[Editor's Comment: The package has been around for quite some time (since at least 2012) without any security problems being reported. Ubuntu's repo describes it as:

Zeitgeist is a service which logs the user's activities and events (files opened, websites visited, conversations held with other people, etc.) and makes the relevant information available to other applications.

It does not appear to be installed as default on the small number of distros that I have looked at but it might be installed on others.]


Original Submission

 
This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by Reziac on Tuesday January 31 2023, @03:23AM (1 child)

    by Reziac (2489) on Tuesday January 31 2023, @03:23AM (#1289424) Homepage

    It doesn't have to be for worker surveillance, tho. It can be documentation, which is to say ass-covering, to assure a client that a given action is or is not performed. Employees can be entirely aware, and have a stake in their actions being properly recorded. It can be total internal monitoring of, say, a police department, or a congresscritter's communications, where transparency and complete records are required for public trust.

    That assholes abuse a tool doesn't mean it can't have a perfectly honest function, or that it doesn't fill a legit need.

    However, I would certainly not install it on my personal PCs.

    --
    And there is no Alkibiades to come back and save us from ourselves.
    Starting Score:    1  point
    Moderation   +3  
       Insightful=1, Interesting=1, Underrated=1, Total=3
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 1, Informative) by Anonymous Coward on Tuesday January 31 2023, @08:22AM

    by Anonymous Coward on Tuesday January 31 2023, @08:22AM (#1289442)

    which is to say ass-covering, to assure a client that a given action is or is not performed

    Yeah. "Here's proof that I was not responsible for the screw up. You can see that everything I did on that VM was 100% according to SOP, company guidelines and perfectly reasonable for the task at hand."

    For similar reasons I often do video recordings of my screen while I do a task. Then later on the recordings and screenshots can be evidence of what I did and what happened.