The Privacy Project 2015 goal is to fund work on GNOME privacy features.

This is the summary based on Foundation/PrivacyCampaign2013, SafetyTeam/MeetingDocumentation and some other feedback.

Please don't add anything here, this page is used to actually track the work, not submit ideas. Submit ideas at Foundation/PrivacyCampaign2013.


Web, the Gnome browser

Web, aka Epiphany is the Gnome web browser.

  • HTTPS-everywhere by default
    • See the EFF plugin for Firefox, we need that functionality by default.
    • Optional: refuse mixed-page content (https site loading http content) with chrome/warning or similar (needs to be able to override it, or we break the web).
    • Suggested bounty size: USD 500. May need to check with Epiphany devs to adjust difficulty.
  • Certificate management and TLS issues. See Bug 721283.

    • Suggesting a bounty of USD ~2500 split on the most important parts
    • Interesting suggestions would be:
      • Untrusted certificate (self-signed or untrusted issuer:

      • Cert changed / authority changed between visits (mcatanzaro comment: I would reject patches for this, recommend running Epiphany stuff past me first)
      • import client cert
      • certificate overview / Details about trust
      • Good error messages and dialogues
      • Inspect or export certificate


Gnome Apps

Various Gnome apps connect to network services. We noticed several of them don't use TLS or use TLS improperly causing privacy issues.

  • gnome-music: - Always fetching music metadata at start, cleartext (SSL available)
    • Grilo plugin
  • gnome-maps:
    • Tiles / GPS => mapquest, cleartext (SSL available)

  • gnome-weather:
    • Data lookup over SSL (currently in cleartext)
    • May require a driven SSL proxy.
  • Gravatars (commonly used by many apps, has SSL support available, cleartext, leaks address book & email addresses of others)

GDM & Lockscreen

  • Disable USB on lockscreen
    • USB offers a large attack surface. We could reduce the risk of malicious USB devices by telling Linux to not accept new USB devices if the screen is locked. A reference is here:

    • Needs careful thinking, blocking new keyboards may break tablets and other hardware. (Unless On ssreen keyboard?) Blocking Smart-card readers or 2Factor tokens WILL break login.
    • USB mounts and others should be blocked (already?)
    • Needs careful consideration of all usecases.
    • Also see: regard malicious USB devices.

    • Suggested bounty: TBD

Identify USB devices

  • When a user plugs in a device, it might not actually be what the user expects. Show the user an icon and text (notification) describing what the computer thinks the user has plugged in. See "USB rubber ducky" and "Psychson" for examples of bad actors.
    • Requires some icons/texts and integration work.
    • Suggested bounty: USD 100

Bounty FAQ

Task bounties will be posted next to each task once decided. The payment will be made by bank transfer, PayPal or check once the task has been verified as completed by the FoundationBoard.

Who can participate?

How is completion verified?

How will the bounty be sent?

Foundation/PrivacyProject2015 (last edited 2016-08-23 14:45:16 by MichaelCatanzaro)