Hello All, Per the last consensus there was the recommendation to keep nonprism "secure", and to split the iceweasel package into two packages to avoid impacting users with less "features".[1]
Since your-privacy enforces the iceweasel-nonprism upgrade, many users did not like it. So the package that is built now was renamed to iceweasel-hardened. This causes it to not conflict with iceweasel and hence not bother users any more. Since it is a community package it also ended up in [pcr]. The problem I see with this is, people are using nonprism thinking they are getting the most secure setup - and are not. However, it is still technically in line with the current purpose of nonprism which is "not using insecure/privacy invasive protocols". The nonprism repo's descriptive purpose is not very well defined on our wiki, so there is no statement as to how secure it should be. [2] To fix this issue I propose the following two proposals for consensus, and two questions: 1) Re-define or rename [nonprism] so that it also includes packages for hardened, secure defaults, and less metadata/fingerprinting. 2) Provide a "meta package" that installs your-privacy-*hardened/options* rather than just your-privacy. It can recommend packages, but they will not be mandatory and should not conflict with other software, so that users can comfortably have "iceweasel"(insecure) and "iceweasel-hardened" both voluntarily installed on the same system. 3) Should we just remove iceweasel/icedove-nonprism instead of further complicating things by keeping 3 packages? e.g. icedove/iceweasel (insecure), icedove/iceweasel(nonprism/non-free protocols facebook and crapware removed), and iceweasel/icedove-hardened (which contain actual hardening and some resistance against fingerprinting.) 4) Should iceweasel/icedove-hardened be kept in [pcr] or moved back to [nonprism] when/if nonprism is re-defined to include hardening? Why?: As we now know, PRISM was only a very small portion of global mass surveillance. [3] Even if you are not using privacy invasive protocols/apps, it doesn't really help you at all. Most of the attacks are done from insecure defaults, (such as WebRTC, WebSockets, et. all) and browser fingerprinting.[4] I think it is the expectation of Parabola's privacy repo to provide the most secure/privacy respecting packages, even if that means breaking some features. However, for a reasonable compromise a voluntary meta package seems like the best option. Thanks for your input! Luke 1. https://lists.parabola.nu/pipermail/dev/2016-October/004539.html 2. https://wiki.parabola.nu/Nonprism 3. https://www.privacytools.io/#ukusa 4. https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
