Re: [Trisquel-users] Better Website Privacy Policies
Android has some sort of bizarre security model where applications are permanently given permission to do a certain subset of things. In pretty much any other sensible system, programs that need elevated permissions are given them when they're run, after typing an administrator password. Anything else just runs with the privileges the user running it has, which of course gives it access to all your personal, unencrypted files. In any case, this really doesn't matter for libre programs; you can check the source code of a program if you want to, and malicious features are extremely rare. Trying to sandbox everything to protect yourself from malicious features is a much weaker defense.
Re: [Trisquel-users] Better Website Privacy Policies
Yes, unlike Android, most programs running on an unmodified Trisquel system are not sandboxed. I think Abrowser is sandboxed using apparmor.
Re: [Trisquel-users] Better Website Privacy Policies
Perhaps this has to do with application sandboxing - maybe SELinux or somewhat.
Re: [Trisquel-users] Better Website Privacy Policies
Sort of. In android phones there is a feature that tells you what permissions an app can have when it is installed - almost becoming like a EULA. You can see more pictures of this in action here: http://www.androidcentral.com/android-permissions-privacy-security. However when you install apps from synaptic manager, none of this information is given, like this app can have access to your storage, tools, etc. Or maybe we don't have to worry about this in gnu/linux?
Re: [Trisquel-users] Better Website Privacy Policies
There is a project called Terms of Service; Didn't Read that rates website Terms of Service on a scale of Class A to Class E. There is a TOS;DR Browser Add-on that can get the ratings for a site you are on (Affero GPLv3 Licensed.) https://tosdr.org/
Re: [Trisquel-users] Better Website Privacy Policies
Thanks SSD. This seems really interesting. Is there something like this for apps like how smartphones detail what power they have over your computer?
Re: [Trisquel-users] Better Website Privacy Policies
I am having a hard time understanding your question. Are you asking if there is a database of how trustworthy programs are?
[Trisquel-users] Better Website Privacy Policies
Hi is there a campaign to document how privacy friendly websites are, like privacy safe? kind of like how some websites have a privacy policy that documents how much information is collected? I know that sites like eff catalogue some of the differences as a third party and there are things like the web of trust which tells you about a browser before you see it or while you see it, but we need a better implementation, unless that already exists. Then We have spyblock/privacy badger which blocks or lets you see 3rd party trackers and librejs that blocks non free js code. For Librejs, there is a popup that can link you to the pages contact page to contact them, but maybe there could be a link to the privacy policy page from the main page. There is the do not track security feature of firefox browsers. There is also certificate patrol which notifies certificate changes. Does this make sense? There is also things like lightbeam which show websites you've visited.
Re: [Trisquel-users] Better Website Privacy Policies
There is the Fossology project which aims to distinguish between proprietary and free software projects which may be of relevance: http://www.fossology.org/projects/fossology And most particularly, in F-Droid in application details before installing it says whether an app invades your privacy and while you install something to your android or cyanogenmod or replicant smartphone it tells you what exact features it has access too: history, passwords, downloads, contacts, gps, etc.
Re: [Trisquel-users] Better Website Privacy Policies
Of course, there should be a warning that no system is 100% privacy friendly like tor and tails warns on their pages, and that blindly trusting an extension can have its problems and having a critical mind and being willing to look things up on DDG, starpage, YaCy, wikipedia (not google!) is important. Or maybe we shouldn't make things easier for the end-user, but instead implement a internet's drivers liscense like many have proposed including jacob appelbaum that like a drivers liscense tests whether you understand what privacy, anonymity is, what SSL, HTTPs, and other protocols are before using something that you interface in daily life that is so powerful. I hope this wasn't too much for a post.
