On Thu, 21 Nov 2024 23:23:04 -0500 Richard wrote: > Is there a real disagreement about whether some specific kind > of misfeature counts as malware here?
unattended networking in general - i dont think there is any controversy about this - most people in the free software community believe that anti-features such as phone-home, unattended bug reporting, and other "telemetry" should be removed, simply because they are anti-features and they _could_be_ used for spying On Thu, 21 Nov 2024 23:23:04 -0500 Richard wrote: > You present a very narrow interpretation of "malware", so narrow that > it would not include DRM or spyware. "malware" would include DRM, if DRM is considered to be inherently malicious - but most features of distro software that people consider to be "spyware" are not inherently malicious - the alternative term: "anti-features" includes all three without conflating them On Thu, 21 Nov 2024 23:23:04 -0500 Richard wrote: > Clearly that is not what we intend the word to mean. if "we" includes "me", that some of us want words to mean only what they literally imply, especially to non-native english readers - "mal" means malicious - malice must be demonstrated as such - it should not be assumed * did the culprit intend to cause harm? * was any actual harm done? if "no", then no act of malice occurred most forms of spyware do not meet either of those criteria - spying causes no damage; and in most real cases of distro software, there is no mal-intent of the authors - in their minds, it is a legitimate tool for improving the software quality for the users; and that may truly be what the feature actually accomplishes in short, malware is a security concern and spyware is a privacy concern - for the sake of cultivating an informed user-base, we should not conflate those concerns as one and the same - spyware should not be classified as a form of malware - the only relation is that most users do not want those features - "anti-features" is the more correct and useful classification - an anti-feature does not need to be malicious - it only needs to be generally undesirable to most users anything that has the potential to spy is not necessarily spying on anyone - as i understand, most such data is collected anonymously - obviously, an IP address is associated with the transmission; but is not likely to be present in the data payload or interesting to the receiver - yet many people believe that any unattended networking constitutes spying, if only because it exposes the user's IP address - so the only way to forbid spyware (to the satisfaction of everyone), is to forbid all unattended networking - that has been parabola's opinion; but the FSDG does not forbid "unattended networking" only "spyware", which is inherently contentious, because it is not demonstrable in most cases - but "unattended networking" is unambiguous and easier to demonstrate, so is therefore much less contentious my narrow definition of malware is precise and defensible: "software which causes some objectively verifiable tangible damage, and did so with malicious intent of it's author" - the FSDG currently leaves it undefined, which equates to "whatever the present reader believes that GNU believes that programs should not do" - that is fine; but lets call those "anti-features" instead; because most people hold features which are not demonstrably malicious to also be in that category, and the FSDG already some has in that section such vague guidelines guarantee a disconnect between the FSDG's intention and the community's interpretation of it - each reader is forced to perceive the requirements according to their personal opinion of, for example , what is "mal" and what is not, only to discover that GNU has a different opinion than what the reader perceived and their distro has yet another opinion if malware is defined so broadly as to include spyware, then malware is a synonym for "anti-feature" - but that shadows the only term we have to indicate software which does tangible damage (viruses, rootkits, etc) - that is why i propose re-wording the "no malware" section such that "malware" and "spyware" are presented as the distinct and unrelated sub-classes of "anti-feature" that they are > Anti-features > > The distro must contain no DRM, no back doors, no spyware, and no malware. then we could define those terms accordingly, so to avoid conflating privacy concerns with security concerns - neither should be conflated with freedom concerns; because they are not - that also should be noted for the sake of education - eg: > Although malware and spyware do not impeded software freedom, > we believe that such anti-features are rather nasty, > and should not be present in any GNU package or FSDG distro. then we could debate specific forms of each class of anti-feature - eg: are all unattended communications, or any specific forms (eg: phone-home) always spyware? - or is there enough justification to remove all examples, eg: because most known example have been shown to be spying, or is there no justification, eg: because it is impossible to determine what the remote admin does with the collected information
