Packages

  • Status In Progress
  • Percent Complete
    60%
  • Task Type Privacy Issue
  • Category Any
  • Assigned To
    André Silva
  • Operating System All
  • Severity Critical
  • Priority High
  • Reported Version Any
  • Due in Version Starfix
  • Due Date Undecided
  • Votes 1
  • Private
Attached to Project: Packages
Opened by Luke - 13/04/2018
Last edited by André Silva - 27/12/2018

FS#695 - [deepin-desktop-base] Check for CNZZ Spyware

As per a recent discovery, we should check if our deepin is affected by the CNZZ spyware in the AppStore.
https://www.youtube.com/watch?v=v25Dy66AtNI

We also shouldn’t use the AppStore if it exists, due to non-free apps.

Known files:
> usr/share/dbus-1/system-services/com.deepin.daemon.Apps.service
> etc/appstore.json

winter commented on 28.10.2018 23:00

Yeah, I heard about this, I thought you guys had looked into this already to be honest. But yeah, glad you are now.

Admin
Luke commented on 29.10.2018 22:39

I actually forgot about this issue due to more pressing issues and me not using this desktop. Thanks for bumping.

It is a major issue and should be blacklisted in short order. Afterwards we can see if it can be patched.

1) Has appstore.json
https://github.com/linuxdeepin/deepin-desktop-base/blob/a0f52f3223a1779ee3c8ce71371237c2ed7a552d/files/appstore.json

2) Recommends anti-privacy social networks:
https://github.com/linuxdeepin/deepin-social-sharing/tree/master/src/accounts

Admin
Luke commented on 27.11.2018 02:55

Due to the stability issue of blacklisting an entire desktop, this will have to be due in the next LTS release.

winter commented on 04.02.2019 03:08

Shouldn't you at least be warning users who have installed it by, sending them a warning when they upgrade next if that package is in the repo? Just my thoughts on that.

Date User Effort (H:M)

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing