Is Linux Mint Spyware/Prism proof?

Chat about anything related to Linux Mint
User avatar
js3915
Level 3
Level 3
Posts: 176
Joined: Fri Jul 05, 2013 5:35 pm

Re: Is Linux Mint Spyware/Prism proof?

Post by js3915 »

Spearmint2 wrote:Even when you turn the PC off, the USB circuit stays powered. If BIOS is set to WOL (wake on LAN) it also remains powered. It could conceivably be woken up by hit on the LAN port, access be gained, then shut back down and you never be the wiser, unless you checked the activity logs later.
Yeah Ive seen on some NICs the light remains lit even after the PC is off. And i know there is POE or power over ethernet and reminds me i need to look into how WOL works again I need to make a poormans solution to a problem of a pc that occasionally powers off..
Orbmiser
Level 6
Level 6
Posts: 1485
Joined: Thu Oct 18, 2012 5:16 pm
Location: Portland,Oregon
Contact:

Re: Is Linux Mint Spyware/Prism proof?

Post by Orbmiser »

Can't WoL be disabled in Bios?
As think I saw it in there at one point?
.
User avatar
js3915
Level 3
Level 3
Posts: 176
Joined: Fri Jul 05, 2013 5:35 pm

Re: Is Linux Mint Spyware/Prism proof?

Post by js3915 »

Orbmiser wrote:Can't WoL be disabled in Bios?
As think I saw it in there at one point?
.
Yes its a bios setting usually its disabled by default or least the bios's ive looked at they were disabled. But i built my pcs for the past 6 years from scratch
Jessey Lawson
Level 3
Level 3
Posts: 105
Joined: Sat Oct 06, 2012 10:42 pm

Re: Is Linux Mint Spyware/Prism proof?

Post by Jessey Lawson »

xenopeek wrote:kc1di and TBABill are correct; the online searches some people are worried about with Ubuntu are part of the Unity desktop only. You could install that on Linux Mint if you wanted, but by default Linux Mint offers only four other desktops which don't have this online search feature of Unity. To be fair, you can easily disable the online search on Unity in its Privacy settings, or just remove the lens that does these searches. It should perhaps have been made opt-in instead of opt-out, but it is easily disabled.

Prism-break (good pun for those that watched the similar called TV series :wink:) is a good website for suggestions for those concerned about it: http://prism-break.org/. You'll note Linux Mint comes with Firefox as default browser, has DuckDuckGo as a search engine, accepts Bitcoins from donors and sponsors, has Thunderbird as default email client and has Pidgin as default chat client. All matching recommendations on prism-break. So it is a good starting point if you are concerned about these things.
This site is fake. You can tell if you scholl down to the mobil section. Ios and OSX have open source componets released under the Apple Public Source Linsce 2 witch is been confirmed by the Open Source Foundation. If you hate IOS, just jail break it and install Pure Darwin, DarwinBSD, or make a disro you self for the phone and add a new member to the Darwin family. They also forgot to put Ubuntu touch on there as whell,PC-BSD, GhostBSD, MidnightBSD, DarwinBSD,chromium, midori, double, songbird, , seamonkey, no Hiaku progorams or the OS how about AROS? Yeah alll these red flags easly point to it being fake, or at least not trustfull.
mike acker
Level 7
Level 7
Posts: 1516
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Re: Is Linux Mint Spyware/Prism proof?

Post by mike acker »

samriggs wrote:ya unless a person wants to head for the hills and live off the land, it's pretty impossible to escape big brother, even then they got satellites that can probably find heat sources, well at least in the movies in they do :shock: .
There are some steps to cut it down some, but no way to stop the madness, where mankind becomes a product code.
Didn't all dictatorships start this way?
we doing it for your safety and your own good?
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
William Pitt
Speech in the House of Commons (18 November, 1783).
Last edited by mike acker on Sun Sep 15, 2013 3:45 pm, edited 1 time in total.
¡Viva la Resistencia!
MishaSherpa

Re: Is Linux Mint Spyware/Prism proof?

Post by MishaSherpa »

Apologies for posting to an old thread, but this is probably important!

As I understand it, Mint-KDE, by default installs openssh-server. This could, potentially, allow someone to remotely administer your computer via port 22

https://en.wikipedia.org/wiki/Secure_Shell

If you use a weak, lame, password, then I would recommend going to the software center and UNINSTALLING openssh-server!

If you want to see if anyone has already tried to get into your PC, go to /var/log/auth.log open it with Kate, and look for any lines like this:

Sep 15 23:08:34 mypc sshd[5772]: Failed password for invalid user asterisk from 91.205.189.01 port 38864 ssh2

The important words are sshd and Failed password
mike acker
Level 7
Level 7
Posts: 1516
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Re: Is Linux Mint Spyware/Prism proof?

Post by mike acker »

MishaSherpa wrote:Apologies for posting to an old thread, but this is probably important!

As I understand it, Mint-KDE, by default installs openssh-server. This could, potentially, allow someone to remotely administer your computer via port 22

https://en.wikipedia.org/wiki/Secure_Shell

If you use a weak, lame, password, then I would recommend going to the software center and UNINSTALLING openssh-server!

If you want to see if anyone has already tried to get into your PC, go to /var/log/auth.log open it with Kate, and look for any lines like this:

Sep 15 23:08:34 mypc sshd[5772]: Failed password for invalid user asterisk from 91.205.189.01 port 38864 ssh2

The important words are sshd and Failed password
i just ran steve gibson's stealth test -- all common ports were reported in stealth mode including 22
i have made no uninstall for openssh-server
¡Viva la Resistencia!
altair4
Level 20
Level 20
Posts: 10396
Joined: Tue Feb 03, 2009 10:27 am

Re: Is Linux Mint Spyware/Prism proof?

Post by altair4 »

I installed Mint-KDE in a VBox VM so I could answer KDE specific Samba questions and it does in fact install openssh-server by default. At least I don't remember installing it - but I don't remember where I left my car keys at the moment either so ....

Be careful with the gibson port tester thingy. If you access that tester through a router it's testing the router not your machine.
Please add a [SOLVED] at the end of your original subject header if your question has been answered and solved.
mike acker
Level 7
Level 7
Posts: 1516
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Re: Is Linux Mint Spyware/Prism proof?

Post by mike acker »

altair4 wrote:I installed Mint-KDE in a VBox VM so I could answer KDE specific Samba questions and it does in fact install openssh-server by default. At least I don't remember installing it - but I don't remember where I left my car keys at the moment either so ....

Be careful with the gibson port tester thingy. If you access that tester through a router it's testing the router not your machine.
i am using a router ( Cisco Linksys ) .

my software manager shows openssh-server not installed; openssh-client - installed .

interestingly, my Charter AUP states that I am NOT to put a server online
¡Viva la Resistencia!
Socman
Level 1
Level 1
Posts: 18
Joined: Thu Sep 05, 2013 12:47 pm

Re: Is Linux Mint Spyware/Prism proof?

Post by Socman »

Birds fly in flocks and bait fish swim in large schools for protection from predators. Did you know how lion tamers control a 700 pound killing machine? It's not the whip - that's for show - but it's actually the chair they hold up in the lion's face. The four legs confuse the beast who can't find a single point of focus, and who otherwise would crush both the chair and the tamer.

Those who seek (unneeded) 100% protection should simply withdraw from society. In truth and in accord with the old 80/20 rule, 80% protection is more than enough as captured or not, there simply aren't enough humint analysers to review untold billions of minor hits.

Be satisfied swimming in a school of prismbreak afficianados.
User avatar
Crewp
Level 9
Level 9
Posts: 2510
Joined: Sat Dec 01, 2012 8:36 pm
Location: Connecticut,USA

Re: Is Linux Mint Spyware/Prism proof?

Post by Crewp »

Socman wrote:Birds fly in flocks and bait fish swim in large schools for protection from predators. Did you know how lion tamers control a 700 pound killing machine? It's not the whip - that's for show - but it's actually the chair they hold up in the lion's face. The four legs confuse the beast who can't find a single point of focus, and who otherwise would crush both the chair and the tamer.

Those who seek (unneeded) 100% protection should simply withdraw from society. In truth and in accord with the old 80/20 rule, 80% protection is more than enough as captured or not, there simply aren't enough humint analysers to review untold billions of minor hits.

Be satisfied swimming in a school of prismbreak afficianados.

I agree, 8)
Image
User avatar
Epicurean
Level 1
Level 1
Posts: 12
Joined: Sun Sep 08, 2013 10:04 pm

Re: Is Linux Mint Spyware/Prism proof?

Post by Epicurean »

I am curious why Linux Mint is considered so bad by Prismbreak, but LMDE is not. I understand that Linux Mint is based off Ubuntu, but I do not see how Ubuntu's Amazon Ware could effect Linux Mint. I assume that it is thought that anything based off Ubuntu could have leftover unreviewed code?
User avatar
xenopeek
Level 25
Level 25
Posts: 25248
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Is Linux Mint Spyware/Prism proof?

Post by xenopeek »

Epicurean wrote:I am curious why Linux Mint is considered so bad by Prismbreak, but LMDE is not.
Where does it says that Linux Mint is considered bad? You are interpreting things that aren't there :) They have made a small (tiny) selection of GNU and BSD distros to recommend to users, for those new to the concept of there being alternatives to Windows/OSX and not being tied to the operating system that came with your computer purchase. Ubuntu and Arch Linux are both not on the list either, though their FSF endorsed derivatives gNewSense and Parabola are. Probably the list authors didn't want to include more Ubuntu derivatives, as those are generally all less free (in FSF terms) than gNewSense.

There's a long discussion about why all Ubuntu derivatives are "bad": https://github.com/nylira/prism-break/issues/334. Has nothing to do with Linux Mint (as there is no Unity edition) and there is mostly FUD in there. But hey, at least LMDE made the very short list of suggestions :)
Image
MishaSherpa

Re: Is Linux Mint Spyware/Prism proof?

Post by MishaSherpa »

http://forums.linuxmint.com/viewtopic.php?f=29&t=148021

I think this is related. Maybe people could vote on a Security Forum
mintuser

Re: Is Linux Mint Spyware/Prism proof?

Post by mintuser »

This thread is relevent: http://forums.linuxmint.com/viewtopic.php?f=157&t=148124
User avatar
samriggs
Level 6
Level 6
Posts: 1201
Joined: Sun Apr 24, 2011 6:09 pm
Location: Canada
Contact:

Re: Is Linux Mint Spyware/Prism proof?

Post by samriggs »

For all the paranoia ones out there Mozilla came out with a tracker add on that allows you to see what sites you visit link to, sort of lets you know what your dealing with on a site, so it may help curb some fears out there.
You can get it or check it out and read up on it here: https://addons.mozilla.org/en-US/firefo ... lightbeam/
Thought it might be useful to some, who knows :wink:
At least you'll know where some of the info goes to at least.
Plus it might be fun just to fool around with, kind of a cool add on by the looks of it.
Sam
"Windows: the worst system for the most money, Linux: the best system for free"
Registered Linux User #545430
Manjaro XFCE / Mint Cinnamon
asus X751LX and an acer and a toshiba and another asus
User avatar
linuxviolin
Level 8
Level 8
Posts: 2083
Joined: Tue Feb 27, 2007 6:55 pm
Location: France

Re: Is Linux Mint Spyware/Prism proof?

Post by linuxviolin »

About privacy and security, people always talk about things like cookies, flash... and they should not forget about the hosts file, but there is now something much more dangerous and it's DOM storage. DOM storage has become a much bigger threat to our privacy than the dreaded cookies were. Unfortunately this technology is certainly set to leave cookies in the dust. I strongly advise you in Firefox to change the default value of this configuration to false , if you make no other about:config edits in Firefox, please make this one:


Turn off DOM Storage (please?):


about:config Name: dom.storage.enabled

Default value: true

Modified value: false


The following is quoted from [url]http://www.w3.org/DOM/[/url] though they have moved it for whatever reason, this link now points to their main page on DOM:

HTML5 web storage, a better local storage than cookies. What is HTML5 Web Storage?

With HTML5, web pages can store data locally within the user's browser.

Earlier, this was done with cookies. However, Web Storage is more secure and faster. The data is not included with every server request, but used ONLY when asked for. It is also possible to store large amounts of data, without affecting the website's performance.

The data is stored in key/value pairs, and a web page can only access data stored by itself.


Also, you could make these:



Referrer Control:

about:config Name: network.http.sendRefererHeader

Default Value: 1

Modified Value: 0


By setting network.http.sendRefererHeader in about:config to 0, whenever you visit a link from one site, the destination site doesn't know the original site you were referred from.

This in effect makes the Firefox add-on RefControl (& others) redundant.


There is a caveat:

If you find that you can't get into a site that you want to use it can be due to this setting. Under such circumstances you would be better off using the likes of RefControl as you can use whatever options you choose for your normal surfing & then choose a specific option that works with specific troublesome sites.

I am very rarely blocked from a site (for whatever reason) & under such circumstances I don't want to use the site anyway!



Turn off default Send Secure Referrer:

about:config Name: network.http.sendSecureXSiteReferrer

Default Value: true

Modified Value: false


I found technical info' on [url=http://kb.mozillazine.org/Network.http.sendSecureXSiteReferrer]sendSecureXSiteReffer[/url].

I've been running with this setting for at least 6 months, it gives no trouble on my sytems & I'm running https Everywhere too.


Oh and about Lightbeam for Firefox:
When I first installed this software (roughly 8 months ago as of this writing) I ran the add-on for days & never had one computer show up on my screen. Even when I turned all my security add-ons off. The reason being I don't have any cookies on my machine unless I chose them.

After having been lulled into a false sense of security by that experience, I've found that my security had been compromised & that it is not so much cookies as DOM storage which is the newish but extremely widely used culprit. The screenshot to the left excludes the cookies that were shown in the previous screenshot shown above & shows only the DOM storage type connections. This is pretty scary. (More to come.)
(in the screenshot and with no cookies in the computer, we can see many connected sites... thanks to DOM storage)
Last edited by linuxviolin on Fri Nov 01, 2013 9:29 am, edited 1 time in total.
K.I.S.S. ===> "Keep It Simple, Stupid"
"Simplicity is the ultimate sophistication." (Leonardo da Vinci)
"Everything should be made as simple as possible, but no simpler." (Albert Einstein)
MishaSherpa

Re: Is Linux Mint Spyware/Prism proof?

Post by MishaSherpa »

Hi Violin. Interesting info! They never give up. First it was LSO, now it's dom. Thanks for the about:config
User avatar
samriggs
Level 6
Level 6
Posts: 1201
Joined: Sun Apr 24, 2011 6:09 pm
Location: Canada
Contact:

Re: Is Linux Mint Spyware/Prism proof?

Post by samriggs »

Thanks Violin
I don't know much about lightbeam, just thought it was a fun toy to play with, and decided to share with anyone else that wanted to fool around with. I seen it on the video that showed cinnamon 2 on the Linux Action Show and it sounded interesting.
Thanks also for the dom config, I just changed it on mine.
Sam
"Windows: the worst system for the most money, Linux: the best system for free"
Registered Linux User #545430
Manjaro XFCE / Mint Cinnamon
asus X751LX and an acer and a toshiba and another asus
mintuser

Re: Is Linux Mint Spyware/Prism proof?

Post by mintuser »

MishaSherpa wrote:Apologies for posting to an old thread, but this is probably important!

As I understand it, Mint-KDE, by default installs openssh-server. This could, potentially, allow someone to remotely administer your computer via port 22

https://en.wikipedia.org/wiki/Secure_Shell

If you use a weak, lame, password, then I would recommend going to the software center and UNINSTALLING openssh-server!

If you want to see if anyone has already tried to get into your PC, go to /var/log/auth.log open it with Kate, and look for any lines like this:

Sep 15 23:08:34 mypc sshd[5772]: Failed password for invalid user asterisk from 91.205.189.01 port 38864 ssh2

The important words are sshd and Failed password
It's an unnecessary exposed service hence a security risk.
Post Reply

Return to “Chat about Linux Mint”