- Status Closed
- Percent Complete
- Task Type Privacy Issue
- Category Any
-
Assigned To
Emulatorman - Operating System All
- Severity Critical
- Priority High
- Reported Version Any
- Due in Version Starfix
-
Due Date
Undecided
-
Votes
1
- zapper (28/10/2018)
- Private
FS#695 - [deepin-desktop-base] Check for CNZZ Spyware
As per a recent discovery, we should check if our deepin is affected by the CNZZ spyware in the AppStore.
https://www.youtube.com/watch?v=v25Dy66AtNI
We also shouldn’t use the AppStore if it exists, due to non-free apps.
Known files:
> usr/share/dbus-1/system-services/com.deepin.daemon.Apps.service
> etc/appstore.json
Closed by Emulatorman
11.08.2019 22:35
Reason for closing: Fixed
Additional comments about closing:
11.08.2019 22:35
Reason for closing: Fixed
Additional comments about closing:
Blacklisted
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task
Yeah, I heard about this, I thought you guys had looked into this already to be honest. But yeah, glad you are now.
I actually forgot about this issue due to more pressing issues and me not using this desktop. Thanks for bumping.
It is a major issue and should be blacklisted in short order. Afterwards we can see if it can be patched.
1) Has appstore.json
https://github.com/linuxdeepin/deepin-desktop-base/blob/a0f52f3223a1779ee3c8ce71371237c2ed7a552d/files/appstore.json
2) Recommends anti-privacy social networks:
https://github.com/linuxdeepin/deepin-social-sharing/tree/master/src/accounts
Due to the stability issue of blacklisting an entire desktop, this will have to be due in the next LTS release.
Shouldn't you at least be warning users who have installed it by, sending them a warning when they upgrade next if that package is in the repo? Just my thoughts on that.