Is Linux Mint Spyware/Prism proof?

[js3915]

Even when you turn the PC off, the USB circuit stays powered. If BIOS is set to WOL (wake on LAN) it also remains powered. It could conceivably be woken up by hit on the LAN port, access be gained, then shut back down and you never be the wiser, unless you checked the activity logs later.

Yeah Ive seen on some NICs the light remains lit even after the PC is off. And i know there is POE or power over ethernet and reminds me i need to look into how WOL works again I need to make a poormans solution to a problem of a pc that occasionally powers off..

[Orbmiser]

Can't WoL be disabled in Bios?
As think I saw it in there at one point?
.

[js3915]

Can't WoL be disabled in Bios?
As think I saw it in there at one point?
.

Yes its a bios setting usually its disabled by default or least the bios's ive looked at they were disabled. But i built my pcs for the past 6 years from scratch

[Jessey Lawson]

kc1di and TBABill are correct; the online searches some people are worried about with Ubuntu are part of the Unity desktop only. You could install that on Linux Mint if you wanted, but by default Linux Mint offers only four other desktops which don't have this online search feature of Unity. To be fair, you can easily disable the online search on Unity in its Privacy settings, or just remove the lens that does these searches. It should perhaps have been made opt-in instead of opt-out, but it is easily disabled.

Prism-break (good pun for those that watched the similar called TV series ) is a good website for suggestions for those concerned about it: http://prism-break.org/. You'll note Linux Mint comes with Firefox as default browser, has DuckDuckGo as a search engine, accepts Bitcoins from donors and sponsors, has Thunderbird as default email client and has Pidgin as default chat client. All matching recommendations on prism-break. So it is a good starting point if you are concerned about these things.

This site is fake. You can tell if you scholl down to the mobil section. Ios and OSX have open source componets released under the Apple Public Source Linsce 2 witch is been confirmed by the Open Source Foundation. If you hate IOS, just jail break it and install Pure Darwin, DarwinBSD, or make a disro you self for the phone and add a new member to the Darwin family. They also forgot to put Ubuntu touch on there as whell,PC-BSD, GhostBSD, MidnightBSD, DarwinBSD,chromium, midori, double, songbird, , seamonkey, no Hiaku progorams or the OS how about AROS? Yeah alll these red flags easly point to it being fake, or at least not trustfull.

[mike acker]

ya unless a person wants to head for the hills and live off the land, it's pretty impossible to escape big brother, even then they got satellites that can probably find heat sources, well at least in the movies in they do .
There are some steps to cut it down some, but no way to stop the madness, where mankind becomes a product code.
Didn't all dictatorships start this way?
we doing it for your safety and your own good?

Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
William Pitt
Speech in the House of Commons (18 November, 1783).

[MishaSherpa]

Apologies for posting to an old thread, but this is probably important!

As I understand it, Mint-KDE, by default installs openssh-server. This could, potentially, allow someone to remotely administer your computer via port 22

https://en.wikipedia.org/wiki/Secure_Shell

If you use a weak, lame, password, then I would recommend going to the software center and UNINSTALLING openssh-server!

If you want to see if anyone has already tried to get into your PC, go to /var/log/auth.log open it with Kate, and look for any lines like this:

Sep 15 23:08:34 mypc sshd[5772]: Failed password for invalid user asterisk from 91.205.189.01 port 38864 ssh2

The important words are sshd and Failed password

[mike acker]

Apologies for posting to an old thread, but this is probably important!

As I understand it, Mint-KDE, by default installs openssh-server. This could, potentially, allow someone to remotely administer your computer via port 22

https://en.wikipedia.org/wiki/Secure_Shell

If you use a weak, lame, password, then I would recommend going to the software center and UNINSTALLING openssh-server!

If you want to see if anyone has already tried to get into your PC, go to /var/log/auth.log open it with Kate, and look for any lines like this:

Sep 15 23:08:34 mypc sshd[5772]: Failed password for invalid user asterisk from 91.205.189.01 port 38864 ssh2

The important words are sshd and Failed password

i just ran steve gibson's stealth test -- all common ports were reported in stealth mode including 22
i have made no uninstall for openssh-server

[altair4]

I installed Mint-KDE in a VBox VM so I could answer KDE specific Samba questions and it does in fact install openssh-server by default. At least I don't remember installing it - but I don't remember where I left my car keys at the moment either so ....

Be careful with the gibson port tester thingy. If you access that tester through a router it's testing the router not your machine.

[mike acker]

I installed Mint-KDE in a VBox VM so I could answer KDE specific Samba questions and it does in fact install openssh-server by default. At least I don't remember installing it - but I don't remember where I left my car keys at the moment either so ....

Be careful with the gibson port tester thingy. If you access that tester through a router it's testing the router not your machine.

i am using a router ( Cisco Linksys ) .

my software manager shows openssh-server not installed; openssh-client - installed .

interestingly, my Charter AUP states that I am NOT to put a server online

[Socman]

Birds fly in flocks and bait fish swim in large schools for protection from predators. Did you know how lion tamers control a 700 pound killing machine? It's not the whip - that's for show - but it's actually the chair they hold up in the lion's face. The four legs confuse the beast who can't find a single point of focus, and who otherwise would crush both the chair and the tamer.

Those who seek (unneeded) 100% protection should simply withdraw from society. In truth and in accord with the old 80/20 rule, 80% protection is more than enough as captured or not, there simply aren't enough humint analysers to review untold billions of minor hits.

Be satisfied swimming in a school of prismbreak afficianados.

[Crewp]

Birds fly in flocks and bait fish swim in large schools for protection from predators. Did you know how lion tamers control a 700 pound killing machine? It's not the whip - that's for show - but it's actually the chair they hold up in the lion's face. The four legs confuse the beast who can't find a single point of focus, and who otherwise would crush both the chair and the tamer.

Those who seek (unneeded) 100% protection should simply withdraw from society. In truth and in accord with the old 80/20 rule, 80% protection is more than enough as captured or not, there simply aren't enough humint analysers to review untold billions of minor hits.

Be satisfied swimming in a school of prismbreak afficianados.

I agree,

[Epicurean]

I am curious why Linux Mint is considered so bad by Prismbreak, but LMDE is not. I understand that Linux Mint is based off Ubuntu, but I do not see how Ubuntu's Amazon Ware could effect Linux Mint. I assume that it is thought that anything based off Ubuntu could have leftover unreviewed code?

[xenopeek]

I am curious why Linux Mint is considered so bad by Prismbreak, but LMDE is not.

Where does it says that Linux Mint is considered bad? You are interpreting things that aren't there They have made a small (tiny) selection of GNU and BSD distros to recommend to users, for those new to the concept of there being alternatives to Windows/OSX and not being tied to the operating system that came with your computer purchase. Ubuntu and Arch Linux are both not on the list either, though their FSF endorsed derivatives gNewSense and Parabola are. Probably the list authors didn't want to include more Ubuntu derivatives, as those are generally all less free (in FSF terms) than gNewSense.

There's a long discussion about why all Ubuntu derivatives are "bad": https://github.com/nylira/prism-break/issues/334. Has nothing to do with Linux Mint (as there is no Unity edition) and there is mostly FUD in there. But hey, at least LMDE made the very short list of suggestions

[MishaSherpa]

http://forums.linuxmint.com/viewtopic.php?f=29&t=148021

I think this is related. Maybe people could vote on a Security Forum

[mintuser]

This thread is relevent: http://forums.linuxmint.com/viewtopic.php?f=157&t=148124

[samriggs]

For all the paranoia ones out there Mozilla came out with a tracker add on that allows you to see what sites you visit link to, sort of lets you know what your dealing with on a site, so it may help curb some fears out there.
You can get it or check it out and read up on it here: https://addons.mozilla.org/en-US/firefo ... lightbeam/
Thought it might be useful to some, who knows
At least you'll know where some of the info goes to at least.
Plus it might be fun just to fool around with, kind of a cool add on by the looks of it.
Sam

[linuxviolin]

About privacy and security, people always talk about things like cookies, flash... and they should not forget about the hosts file, but there is now something much more dangerous and it's DOM storage. DOM storage has become a much bigger threat to our privacy than the dreaded cookies were. Unfortunately this technology is certainly set to leave cookies in the dust. I strongly advise you in Firefox to change the default value of this configuration to false , if you make no other about:config edits in Firefox, please make this one:


Turn off DOM Storage (please?):


about:config Name: dom.storage.enabled

Default value: true

Modified value: false


The following is quoted from [url]http://www.w3.org/DOM/[/url] though they have moved it for whatever reason, this link now points to their main page on DOM:

HTML5 web storage, a better local storage than cookies. What is HTML5 Web Storage?

With HTML5, web pages can store data locally within the user's browser.

Earlier, this was done with cookies. However, Web Storage is more secure and faster. The data is not included with every server request, but used ONLY when asked for. It is also possible to store large amounts of data, without affecting the website's performance.

The data is stored in key/value pairs, and a web page can only access data stored by itself.


Also, you could make these:



Referrer Control:

about:config Name: network.http.sendRefererHeader

Default Value: 1

Modified Value: 0


By setting network.http.sendRefererHeader in about:config to 0, whenever you visit a link from one site, the destination site doesn't know the original site you were referred from.

This in effect makes the Firefox add-on RefControl (& others) redundant.


There is a caveat:

If you find that you can't get into a site that you want to use it can be due to this setting. Under such circumstances you would be better off using the likes of RefControl as you can use whatever options you choose for your normal surfing & then choose a specific option that works with specific troublesome sites.

I am very rarely blocked from a site (for whatever reason) & under such circumstances I don't want to use the site anyway!



Turn off default Send Secure Referrer:

about:config Name: network.http.sendSecureXSiteReferrer

Default Value: true

Modified Value: false


I found technical info' on [url=http://kb.mozillazine.org/Network.http.sendSecureXSiteReferrer]sendSecureXSiteReffer[/url].

I've been running with this setting for at least 6 months, it gives no trouble on my sytems & I'm running https Everywhere too.


Oh and about Lightbeam for Firefox:

When I first installed this software (roughly 8 months ago as of this writing) I ran the add-on for days & never had one computer show up on my screen. Even when I turned all my security add-ons off. The reason being I don't have any cookies on my machine unless I chose them.

After having been lulled into a false sense of security by that experience, I've found that my security had been compromised & that it is not so much cookies as DOM storage which is the newish but extremely widely used culprit. The screenshot to the left excludes the cookies that were shown in the previous screenshot shown above & shows only the DOM storage type connections. This is pretty scary. (More to come.)

(in the screenshot and with no cookies in the computer, we can see many connected sites... thanks to DOM storage)

[MishaSherpa]

Hi Violin. Interesting info! They never give up. First it was LSO, now it's dom. Thanks for the about:config

[samriggs]

Thanks Violin
I don't know much about lightbeam, just thought it was a fun toy to play with, and decided to share with anyone else that wanted to fool around with. I seen it on the video that showed cinnamon 2 on the Linux Action Show and it sounded interesting.
Thanks also for the dom config, I just changed it on mine.
Sam

[mintuser]

Apologies for posting to an old thread, but this is probably important!

As I understand it, Mint-KDE, by default installs openssh-server. This could, potentially, allow someone to remotely administer your computer via port 22

https://en.wikipedia.org/wiki/Secure_Shell

If you use a weak, lame, password, then I would recommend going to the software center and UNINSTALLING openssh-server!

If you want to see if anyone has already tried to get into your PC, go to /var/log/auth.log open it with Kate, and look for any lines like this:

Sep 15 23:08:34 mypc sshd[5772]: Failed password for invalid user asterisk from 91.205.189.01 port 38864 ssh2

The important words are sshd and Failed password

It's an unnecessary exposed service hence a security risk.