Packages

  • Status Closed
  • Percent Complete
    100%
  • Task Type Privacy Issue
  • Category Any
  • Assigned To
    Emulatorman
  • Operating System All
  • Severity Critical
  • Priority High
  • Reported Version Any
  • Due in Version Starfix
  • Due Date Undecided
  • Votes 1
  • Private
Attached to Project: Packages
Opened by g4jc - 13/04/2018
Last edited by Emulatorman - 11/08/2019

FS#695 - [deepin-desktop-base] Check for CNZZ Spyware

As per a recent discovery, we should check if our deepin is affected by the CNZZ spyware in the AppStore.
https://www.youtube.com/watch?v=v25Dy66AtNI

We also shouldn’t use the AppStore if it exists, due to non-free apps.

Known files:
> usr/share/dbus-1/system-services/com.deepin.daemon.Apps.service
> etc/appstore.json

Closed by  Emulatorman
11.08.2019 22:35
Reason for closing:  Fixed
Additional comments about closing:  

Blacklisted

Yeah, I heard about this, I thought you guys had looked into this already to be honest. But yeah, glad you are now.

Admin
g4jc commented on 29.10.2018 22:39

I actually forgot about this issue due to more pressing issues and me not using this desktop. Thanks for bumping.

It is a major issue and should be blacklisted in short order. Afterwards we can see if it can be patched.

1) Has appstore.json
https://github.com/linuxdeepin/deepin-desktop-base/blob/a0f52f3223a1779ee3c8ce71371237c2ed7a552d/files/appstore.json

2) Recommends anti-privacy social networks:
https://github.com/linuxdeepin/deepin-social-sharing/tree/master/src/accounts

Admin
g4jc commented on 27.11.2018 02:55

Due to the stability issue of blacklisting an entire desktop, this will have to be due in the next LTS release.

Shouldn't you at least be warning users who have installed it by, sending them a warning when they upgrade next if that package is in the repo? Just my thoughts on that.

Date User Effort (H:M)
watch my effort tracking timers

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing