Bug#829494: marked as done (chirpw phones home without informed consent)

[Debian Bug Tracking System]

Your message dated Mon, 25 Jul 2016 18:48:46 +0000
with message-id <e1brkvm-0006vn...@franck.debian.org>
and subject line Bug#829494: fixed in chirp 1:20160717-1
has caused the Debian Bug report #829494,
regarding chirpw phones home without informed consent
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
829494: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829494
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: chirp
Version: 0.4.0-1
Severity: serious

A pop-up dialog from the "chirpw" program says that it reports some kind of usage information to some external party, and describes how to opt-out of this. There are at least two privacy problems:

1. It appears that some phoning home happens before the user has given informed consent. For example, when I received the pop-up dialogue, I immediately disabled reporting, but I found that "chirpw" had already contacted some server and informed me that I was not using the latest version. Therefore, the suggestion that one can opt-out of phoning-home is misleading, since some phoning-home has already occurred.

2. Also, the text suggests that this is anonymous, but that is misleading (due, e.g., to IP address traceability), so any consent would not be informed, even were it given prior to phoning-home occurring.

Note that I have not looked at what information is transmitted, so there might be a third problem, but I believe these two identified problems alone require action.

I recommend and request that this reporting and any other "phoning home" either be disabled completely in the Debian "chirp" package, or changed to be an express *opt-in* (like opt-in is long used elsewhere in Debian, such as for package "popularity contest"). Thank you.
--- End Message ---

--- Begin Message ---

Source: chirp
Source-Version: 1:20160717-1

We believe that the bug you reported is fixed in the latest version of
chirp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 829...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Iain R. Learmonth <i...@debian.org> (supplier of updated chirp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 25 Jul 2016 19:38:03 +0100
Source: chirp
Binary: chirp
Architecture: source amd64
Version: 1:20160717-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Hamradio Maintainers <debian-h...@lists.debian.org>
Changed-By: Iain R. Learmonth <i...@debian.org>
Description:
 chirp      - Configuration tool for amateur radios
Closes: 817237 829494
Changes:
 chirp (1:20160717-1) unstable; urgency=medium
 .
   * New upstream version (Closes: #817237)
   * Phoning home has been disabled (Closes: #829494)
Checksums-Sha1:
 7bdd6c4022af2555c4c3dec7b809ab8062e92359 1635 chirp_20160717-1.dsc
 bf20f60e63fb91158528bdea5a919be49da450a1 595641 chirp_20160717.orig.tar.gz
 aaa8e840bb99cf327fad619e0314243c9299b5bf 5452 chirp_20160717-1.debian.tar.xz
 331faf8988e42d3b100692e6c8aa2e58501135fe 373112 chirp_20160717-1_amd64.deb
Checksums-Sha256:
 44958df89367e38a80607b72ef1d0fee6d19f157f085a8016de78c306855da52 1635 
chirp_20160717-1.dsc
 de7e89d554cd88bcf754a4c7ccb9e3fcde25cd90bc06317889dbda05e1f5ad56 595641 
chirp_20160717.orig.tar.gz
 19721ba71ee01bb352fec84c063b05633c20d4db54829b2d5e017a63958caded 5452 
chirp_20160717-1.debian.tar.xz
 fdee07712a3f1537df60af9935e25e2006c771d74e4889b3e68dfa5451d106a7 373112 
chirp_20160717-1_amd64.deb
Files:
 b3aa6d19f7e388831d4941d5202a28e5 1635 hamradio optional chirp_20160717-1.dsc
 a6026338ae301995666fa4bd54ce5517 595641 hamradio optional 
chirp_20160717.orig.tar.gz
 f1a2574cb2e6dbb3955538b0a41c7800 5452 hamradio optional 
chirp_20160717-1.debian.tar.xz
 37b4fc71130da79aa1ca29b19589baca 373112 hamradio optional 
chirp_20160717-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJXll00AAoJEMx+J398PcNNkhIH/iGLewpoWbkYT8x/hd/TfjFS
NIwxZkMF3T6J8labultRwzscXHKyfkIUi8v8ayd5CRjl9HEdyLQrkaE17mbrhq7j
gkkJZST/sc3/LGtwU5U3MwK6GNz7Yd842s3IDXbKFc4gQ6A+TRyBF4d8ifUcFVfy
INYVYUP75iyv0MhDiMgR6/JwAZRXogz3Rv3k6YVN++SQ7rY3SYiPyyIne0PE/NF1
04XlBL2Ta1G0UQblJj37liayWKhdVjNLZAHcxwzzgasGWa1amT9DOgLLvVsma2o1
6RC2iqj43S+K9QrL88CsEy9MC3VbtXO53pn+unKWDNHxM+42+DiISX7uzWtzhUY=
=F5k7
-----END PGP SIGNATURE-----

--- End Message ---