Debian feature request: A system-wide switch to disable all telemetry and "cloud integration" features that make any network connection to the developers' or developers' partners' servers, applied to all software distributed in the official repositories.
If Debian could just stick to free software that'd be grand. It is a good ideology and there is no need to change it. Introducing ideological confusion is one of the paths to organisational rot.
Debian already doesn't just stick to free software. Let's say I have a program in debain's main repos. Suppose tomorrow I release a new version that uploads all your data (including shitcoin vallets ant passwords) to my server. All fully open source of course. Do you think Debian should include this update? Does rejecting it cause ideological confusion?
# apt install librewolf
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package librewolf
If the thing that doesn't suck isn't the thing that comes with the OS, it's time to fix the OS.
Also, that feature should exist. The next time I see a story about MS training ChatGPT on your nude selfies, I want to be able to show people the big red switch that says "All Telemetry: OFF" as an example of something Microsoft will never give them.
But you first have to provide it in order to show to them that you provide it.
The suggestion is not for all distributions to support all applications, it's for Debian to support system-wide disabling of telemetry in the software it does support.
They could compile Firefox with telemetry disabled however i would not trust those settings since even with that Firefox does plenty of unsolicited phoning home and has a lot of bloat.
I prefer to have a trusted third party (the distro) vetting updates to the software I install. But if you have the time and capability to vet all patches yourself then sure, you can use flatpak.
But I do agree, it's hard to find these alternatives, and have them be "just works". Librewolf still sometimes have weird issues (for good reasons!), but it means I don't recommend it to "normies". I just tell them to use firefox and most importantly adblock, giving up ads is a huge ROI both in terms of quality of life and data privacy. Everything else is almost marginal in comparison.
because I don't think a tiny browser fork that moves too far from the original is maintainable and secure long term. even someone of microsofts size seems to think so. librewolf is mostly config changes and couple small patches removing superficial anti-feature like pocket.
User explicitly requests connection to a specific server (e.g. navigates to debian.org), so browser makes a connection to debian.org: Not telemetry.
User explicitly requests a connection to a specific server (e.g. navigates debian.org), then browser makes a connection to mozilla.org to upload metadata: Telemetry.
In general telemetry is when the software connects to a server chosen by the developers and not telemetry is when the software connects to a server chosen by the user.
When I open Slack, to which servers am I explicitly requesting a connection?
I see your point, but my point is that implementing this is either impossible or would require changing how networks are used by programs at a fundamental level.
A middle ground might be to create a distro that uses something like SELinux to prevent all network access to non-system processes. Then each package would have to be audited to determine which addresses it can bind to, and/or which name lookups it can do, and how those capabilities are connected to actions performed by the user. Then there is still the question of what to do about software that accesses the network independent of the user, but maybe you can argue that shouldn't exist. How do updates work? Besides, if I allow Slack to connect to mychats.slack.com, nothing prevents the software from sending telemetry to that endpoint. You would need an army of manual enforcers, and that's not to mention non-free software.
> When I open Slack, to which servers am I explicitly requesting a connection?
Debian only supplies open source software. Proprietary apps that only support the vendor's service aren't included as it is. Open source apps using standard protocols like Matrix or similar do allow the user to choose the server.
> A middle ground might be to create a distro that uses something like SELinux to prevent all network access to non-system processes.
We're talking about open source software in the official repositories. You're not putting it in a jail to thwart it from defecting on you, you're modifying the code so that it doesn't even try.
> How do updates work?
When you install Debian it asks you which mirror you want to use for updates. Several of them are provided by universities etc. You can also make your own and some large organizations do that.
You're referring to requests from the same page as the one the user requested, rather than requests by the browser at the behest of the browser developer. Loading it is presumably what the user intended by navigating to the page and if it isn't then at that point it's in the bailiwick of uBlock etc.
