[Replicant] [PATCH] Disable phone number lookup by default for privacy

[Fil]

On 12/30/2018 04:01 PM, Denis 'GNUtoo' Carikli wrote:
>> When applied, the patch causes the following behaviour:
>>
>> - A fresh new replicant installation with my patch has lookup services
>> disabled by default (and I detected no dns query to lookup services).
> How did you test that? I think it does DNS querries only for new phone
> numbers, but I didn't have the time to validate that hypothesis.

I used the setup you suggested at [1], by making the phone connect to my
laptop and logging dns queries.
To avoid false negatives due to dns caching, I first tried with a clear
installation, with the lookup settings disabled, typing "0102030405" in
the dialer's search bar.
This resulted in *no* dns query to whitepages.com being logged.
Then I switched lookup settings to enabled and retried, typing
"0102030405" in the dialer's searchbar again: this time dnsmasq logged a
DNS trace for whitepages.com
The ultimate way of testing this would be to find the exact function
that makes lookup calls to whitepages and see how it behaves when the
lookup features are disabled in the settings. This would be the only
sure confirmation that the settings actually disable the lookup calls.
It should be quite a trivial task, and I can appoint myself to do that
in some days.

> However I wonder how to deal with that issue when the new Replicant 4.2
> image will be released, as most users probably have the old defaults,
> and as I understand, the old settings will be kept during the upgrade.
>
> I think we should at least write a blog post about it when the new
> image is released. If nobody does it I could do it as well.

You're right. I think the default settings are only reset when a /data
wipe is performed.
A blog post is a good idea, or even a paragraph in the release
announcement will do.
I can write that when the release is ready. I created feature request
#1904 to keep track of this.

> We may want to find a way to update the settings during the first run
> of the new image. This could be implemented in a subsequent patch, as
> this patch looks good as-is and is already a huge improvement as it
> fixes part of the issue.

This shouldn't be too hard either..
It should be enough to change the dialer's app to make it reset the
default value to "false" for all lookup anti-features.
It could be done by setting a flag on the SQLite database to only reset
the settings once (i.e. the first time the app is run after the
upgrade), so that subsequent settings manually done by the user will
remain untouched.
I created feature request #1903 to keep track of this.
I think I can complete that too in a couple of weeks.

> If no one has time to work on modifying the current settings values, or
> if it's too complicated to do, we could at least warn people and
> point to an explanation on how to update the current settings that
> could be added to the wiki. I could do it too if nobody does it.

I think I can solve that, but it could still be a good idea to inform
users about the issue in the wiki..

Cheers,

Fil

[1] https://redmine.replicant.us/issues/1827#note-5


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20181231/c3bb3a9b/attachment.asc>