The Privacy Project 2015 goal is to fund work on GNOME privacy features.
This is the summary based on Foundation/PrivacyCampaign2013, SafetyTeam/MeetingDocumentation and some other feedback.
Please don't add anything here, this page is used to actually track the work, not submit ideas. Submit ideas at Foundation/PrivacyCampaign2013.
Tasks
Web, the Gnome browser
Web, aka Epiphany is the Gnome web browser.
- HTTPS-everywhere by default
- See the EFF plugin for Firefox, we need that functionality by default.
- Optional: refuse mixed-page content (https site loading http content) with chrome/warning or similar (needs to be able to override it, or we break the web).
- Suggested bounty size: USD 500. May need to check with Epiphany devs to adjust difficulty.
Certificate management and TLS issues. See Bug 721283.
- Suggesting a bounty of USD ~2500 split on the most important parts
- Interesting suggestions would be:
Untrusted certificate (self-signed or untrusted issuer: https://ca.modio.se/)
- Cert changed / authority changed between visits (mcatanzaro comment: I would reject patches for this, recommend running Epiphany stuff past me first)
- import client cert
- certificate overview / Details about trust
- Good error messages and dialogues
- Inspect or export certificate
Telepathy
- OTR (off the record messaging) support for Empathy/Telepathy
See https://blogs.gnome.org/xclaesse/2014/05/04/otr-in-empathy/ and https://bugs.freedesktop.org/show_bug.cgi?id=16891
- Suggested bounty: USD 50 for merging, USD 150 for the developer
Gnome Apps
Various Gnome apps connect to network services. We noticed several of them don't use TLS or use TLS improperly causing privacy issues.
- gnome-music: - Always fetching music metadata at start, cleartext (SSL available)
- Grilo plugin
- gnome-maps:
Tiles / GPS => mapquest, cleartext (SSL available)
- gnome-weather:
- Data lookup over SSL (currently in cleartext)
- May require a gnome.org driven SSL proxy.
Gravatars (commonly used by many apps, has SSL support available, cleartext, leaks address book & email addresses of others)
GDM & Lockscreen
- Disable USB on lockscreen
USB offers a large attack surface. We could reduce the risk of malicious USB devices by telling Linux to not accept new USB devices if the screen is locked. A reference is here: http://seclists.org/oss-sec/2014/q3/329
- Needs careful thinking, blocking new keyboards may break tablets and other hardware. (Unless On ssreen keyboard?) Blocking Smart-card readers or 2Factor tokens WILL break login.
- USB mounts and others should be blocked (already?)
- Needs careful consideration of all usecases.
Also see: https://github.com/adamcaudill/Psychson regard malicious USB devices.
- Suggested bounty: TBD
Identify USB devices
- When a user plugs in a device, it might not actually be what the user expects. Show the user an icon and text (notification) describing what the computer thinks the user has plugged in. See "USB rubber ducky" and "Psychson" for examples of bad actors.
- Requires some icons/texts and integration work.
- Suggested bounty: USD 100
Bounty FAQ
Task bounties will be posted next to each task once decided. The payment will be made by bank transfer, PayPal or check once the task has been verified as completed by the FoundationBoard.
Who can participate?
How is completion verified?