Prevent gweather from disclosing customized location
When one adds a custom location in the GNOME Clock applet, and "Set"’s it, a request for weather information is made to weather.noaa.gov, that presumably discloses the custom location chosen by the user.
/apps/gweather/prefs/auto_update GConf key to false does not help.
A workaround that was suggested to us is to add
weather.noaa.gov to the "Ignore Host" list in the GNOME Network Proxy preferences: without a proxy configured, these requests cannot go out. At first glance, it looks a bit hackish, and it would be nicer to disable this feature in a way that works even if the hostname in use changes some day, but in last resort, we might end up doing that.
We should research a (probably GConf -based) way to disable that feature.
Next thing to do:
- If we stop using the GNOME clock applet (Feature #6284), verify this fixes this issue, and be done with it.
- test the
Note that the connection is apparently done by
gnome-panel, through the configured HTTP proxy (Polipo). It ignores SOCKS proxy settings.
#3 Updated by BitingBird 2014-09-26 11:49:58
GNOME’s new safety and privacy team seems to be on it :) https://people.gnome.org/~federico/news-2014-08.html#the-safety-and-privacy-team
#4 Updated by intrigeri 2014-09-26 12:30:41
> GNOME’s new safety and privacy team seems to be on it :)
My understanding is that they aim at protecting against a network attacker, while this ticket is about protecting against the remote server as well (by not querying it at all, I suppose). Sorry, didn’t read the ticket again, so I may be off-topic or fully wrong.
#11 Updated by intrigeri 2015-08-08 02:07:28
- Status changed from Confirmed to In Progress
- Assignee changed from kytv to hybridwipe
- % Done changed from 0 to 10
> Using tails-1.4.1, I added a location, and the local time appears, but I do not get local weather.
I’ve confirmed this: after setting a custom location, I see in the logs that our firewall rejects connections to some hosts on port 80; I don’t see any such thing if I don’t customize location, so I guess those are the servers used to query weather information.
I was tempted to call this resolved in the version of Tails that removed Polipo (1.3), but now I’m in doubt. This problem is currently fixed only because gweather (or the library it uses for HTTP requests) doesn’t honor
HTTP_PROXY and friends: we still have “Show weather” and “Show temperature” enabled. So I think we should set these two GConf keys to false:
hybridwipe, would you want to try coming up with a tested patch (or a branch) that implements this? It requires a Tails ISO build environment, not sure if you have one yet. And I guess one will need to add a file to
… and then, we’ll need find out how to do the same on the
feature/jessie branch (probably these settings have been moved to dconf, and the custom ones will go to
#12 Updated by intrigeri 2015-08-08 02:11:19
- Status changed from In Progress to Resolved
- Assignee deleted (
- % Done changed from 10 to 100
Well, actually I see the firewall rejects that traffic even when “Show weather” and “Show temperature” are disabled, so I guess that weather information is unconditionally retrieved (rather: attempted to be retrieved), and these settings only affect the display. So, it feels useless to change these settings. Calling this done!