Re: Leaking data over HTTP
- From: Tobias Mueller <muelli cryptobitch de>
- To: Elad Alfassa <elad fedoraproject org>
- Cc: safety-list gnome org
- Subject: Re: Leaking data over HTTP
- Date: Thu, 16 Apr 2015 00:08:07 +0200
Hi!
On Sat, Jan 24, 2015 at 08:31:03PM +0200, Elad Alfassa wrote:
The first one is GNOME Weather (or rather, libgweather): the weather
APIs it uses are not available over HTTPS. This means every time you
open this app, the recent locations you viewed in it will be sent to
various weather services and anyone listening on your wifi network
(for example) can get that list.
Since these weather services are not available over https, there's not
much we can do about it, unless gnome (or another trusted party) sets
up an https reverse proxy server for these services.
FTR: There is bug 734048: <https://bugzilla.gnome.org/show_bug.cgi?id=734048>
Another app that suffers from this problem is GNOME Music[1]. Every
time you open GNOME Music, it will query last.fm for data about your
albums in plain text. Since each of us has a unique taste in music and
a different set of albums, this data can be used to identify you on
the network.
I've filed bug 747953: <https://bugzilla.gnome.org/show_bug.cgi?id=747953>
Cheers,
Tobi
[Date Prev][Date Next] [Thread Prev][Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
