Re: [gnome.org #14530] HTTPS caching proxy for weather information

[Frederic Peters <fpeters gnome org>]

Andrea Veri via RT wrote:

> 1. this is probably going to fix the problem half way as the
> coordinates between the GNOME servers and the provider themselves
> will still be unencrypted.
>
> 2. the only way to have the issue completely fixed would be looking
> for providers offering TLS by default.

I believe this will nevertheless quite improve the situation as the
results can be cached.


> 3. reverse proxying all the requests by having the GNOME proxies as
> intermediary machines will result in the GNOME Sysadmin Team to be
> responsible for the whole set of information that are transmitted
> between the GNOME servers and the providers themselves which is
> something we'd love not to do. As you may be aware we don't have a
> privacy policy as of today and that makes things even harder.

It's in the pending action items for the board so I hope it can be
resolved in the coming months. (no hurry here, it's for next cycle)


> 4. Am I correct that the coordinates transmitted between the user pc
> and the provider are the ones of the city the user can select from
> the app's menu and are not precisely referred to the user's
> home/work location?

I believe this is correct.


> if that's the case then the gnome-weather app is
> just going to transmit the coordinates of a specific city and not
> the home/work location itself. (which would be the case for me to
> start worrying about my location being sniffed, and additionally if
> someone is able to sniff my location it means it sits on the same
> network as I do (like for the GUADEC example mentioned on the bug
> report [1]) and that just means that I know where that person is
> already)

You would sniff the locations that have been set, most likely this
will not contain only the GUADEC host city, but also the user home
town or previous holiday spot (to use an example from the locations I
have in mine).


        Fred