Feature #5306

Prevent gweather from disclosing customized location

Added by Tails 2013-07-18 07:38:52 . Updated 2015-08-08 07:21:13 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
Due date:
% Done:

100%

Feature Branch:
Type of work:
Test
Blueprint:

Starter:
0
Affected tool:
Deliverable for:

Description

When one adds a custom location in the GNOME Clock applet, and "Set"’s it, a request for weather information is made to weather.noaa.gov, that presumably discloses the custom location chosen by the user.

Setting the /apps/gweather/prefs/auto_update GConf key to false does not help.

A workaround that was suggested to us is to add weather.noaa.gov to the "Ignore Host" list in the GNOME Network Proxy preferences: without a proxy configured, these requests cannot go out. At first glance, it looks a bit hackish, and it would be nicer to disable this feature in a way that works even if the hostname in use changes some day, but in last resort, we might end up doing that.

We should research a (probably GConf -based) way to disable that feature.

Next thing to do:

  • If we stop using the GNOME clock applet (Feature #6284), verify this fixes this issue, and be done with it.
  • test the /schemas/apps/clock_applet/prefs/show_weather and /schemas/apps/clock_applet/prefs/show_temperature GConf options.

Note that the connection is apparently done by gnome-panel, through the configured HTTP proxy (Polipo). It ignores SOCKS proxy settings.

Files

tails-1.png (111409 B) hybridwipe, 2015-08-07 10:16:19

Subtasks

Related issues

Related to Tails - Feature #6284: Display time in local timezone Confirmed 2015-10-27
Related to Tails - Bug #7949: Disable GNOME 3.14's geolocation framework Resolved 2014-09-26

History

#1 Updated by intrigeri 2013-10-04 09:10:59

  • Starter set to No

#2 Updated by BitingBird 2014-06-09 10:43:40

  • Subject changed from prevent gweather from disclosing customized location to Prevent gweather from disclosing customized location

#3 Updated by BitingBird 2014-09-26 11:49:58

GNOME’s new safety and privacy team seems to be on it :) https://people.gnome.org/~federico/news-2014-08.html#the-safety-and-privacy-team

#4 Updated by intrigeri 2014-09-26 12:30:41

> GNOME’s new safety and privacy team seems to be on it :)
> https://people.gnome.org/~federico/news-2014-08.html#the-safety-and-privacy-team

My understanding is that they aim at protecting against a network attacker, while this ticket is about protecting against the remote server as well (by not querying it at all, I suppose). Sorry, didn’t read the ticket again, so I may be off-topic or fully wrong.

#5 Updated by intrigeri 2014-09-26 15:53:20

  • related to Bug #7949: Disable GNOME 3.14's geolocation framework added

#6 Updated by BitingBird 2014-11-27 04:44:31

Is this fixed like Bug #7949 ?

#7 Updated by intrigeri 2014-11-27 09:20:34

> Is this fixed like Bug #7949 ?

I don’t think so: Bug #7949 is about a new GNOME 3.14 feature, while this ticket is about Wheezy (GNOME 3.4).

#8 Updated by intrigeri 2015-03-02 18:57:48

This should be tested again with Tails 1.3 or later: since we’ve removed Polipo, it may very well be that gweather cannot connect to Internet anymore.

#9 Updated by kytv 2015-04-07 19:21:50

  • Assignee set to kytv

Assigning to myself to test once the high priority CI work is done.

#10 Updated by hybridwipe 2015-08-07 10:16:24

Using tails-1.4.1, I added a location, and the local time appears, but I do not get local weather.

#11 Updated by intrigeri 2015-08-08 02:07:28

  • Status changed from Confirmed to In Progress
  • Assignee changed from kytv to hybridwipe
  • % Done changed from 0 to 10

> Using tails-1.4.1, I added a location, and the local time appears, but I do not get local weather.

Thanks!

I’ve confirmed this: after setting a custom location, I see in the logs that our firewall rejects connections to some hosts on port 80; I don’t see any such thing if I don’t customize location, so I guess those are the servers used to query weather information.

I was tempted to call this resolved in the version of Tails that removed Polipo (1.3), but now I’m in doubt. This problem is currently fixed only because gweather (or the library it uses for HTTP requests) doesn’t honor HTTP_PROXY and friends: we still have “Show weather” and “Show temperature” enabled. So I think we should set these two GConf keys to false:

/apps/panel3-applets/clock/show_weather
/apps/panel3-applets/clock/show_temperature

hybridwipe, would you want to try coming up with a tested patch (or a branch) that implements this? It requires a Tails ISO build environment, not sure if you have one yet. And I guess one will need to add a file to config/chroot_local-includes/usr/share/amnesia/gconf/.

… and then, we’ll need find out how to do the same on the feature/jessie branch (probably these settings have been moved to dconf, and the custom ones will go to config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults).

#12 Updated by intrigeri 2015-08-08 02:11:19

  • Status changed from In Progress to Resolved
  • Assignee deleted (hybridwipe)
  • % Done changed from 10 to 100

Well, actually I see the firewall rejects that traffic even when “Show weather” and “Show temperature” are disabled, so I guess that weather information is unconditionally retrieved (rather: attempted to be retrieved), and these settings only affect the display. So, it feels useless to change these settings. Calling this done!

#13 Updated by BitingBird 2015-08-08 07:21:13

  • Target version deleted (Hole in the Roof)

Removing “hole in the roof” since it’s resolved :)