A System and Service Manager
14b2fafb36
DNS questions (which necessarilly include IP addresses) are personally indentifying information in the sense of GDPR (https://gdpr.eu/eu-gdpr-personal-data/ explicitly lists IP address as PII). Sending those packets to Google or Cloudflare is "forwarding" this PII to them. GDPR says that information which is not enough to identify individuals still needs to be protected because it may be combined with other information or processed with improved technology later. So even though the information in DNS alone it not very big, it may be interpreted as protected information in various scenarios. When Fedora is installed by an end-user, they must have the reasonable expectation that Fedora will contant Fedora servers for updates and status checks and such. But the case of DNS packets is different, because the dns servers are not under our control. While most of the time the information leak through DNS is negligible, we can't rule out scenarios where it could be considered more important. Another thing to consider is that ISP and other local internet access mechanisms are probably worse overall for privacy compared to google and cloudflare dns servers. Nevertheless, they are more obvious to users and fit better in the regulatory framework, because there are local laws that govern them and implicitic or explicit agreements for their use. Whereas US-based servers are foreign and are covered by different rules. The fallback DNS servers don't matter most of the time because NetworkManager will include the servers from a DHCP lease. So hopefully users will not see any effect from the change done in this patch. Right now I think it is better to avoid the legal and privacy risk. If it turns out this change causes noticable problems, we might want to reconsider. In particular we could use the fallback servers only in containers and such which are not "personal" machines and there is no particular person attached to them. https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/3C4KESHIMZDB6XCFO4EOBEDV4Q2AVVQ5/ I think we could provide a default dns server list more reasonably if there was some kind of privacy policy published by Fedora and users could at least learn about those defaults. Sadly, we don't have any relevant privacy policy (https://pagure.io/Fedora-Council/tickets/issue/53). |
||
|---|---|---|
| tests | ||
| .gitignore | ||
| 20-grubby.install | ||
| 20-yama-ptrace.conf | ||
| 0001-Do-not-assert-in-test_add_acls_for_user.patch | ||
| 0001-Document-some-reasonable-DNS-servers-in-the-example-.patch | ||
| 0001-Revert-test-path-increase-timeout.patch | ||
| 0001-test-acl-util-output-more-debug-info.patch | ||
| 0002-test-path-more-debugging-information.patch | ||
| 0003-test-path-do-not-fail-the-test-if-we-fail-to-start-s.patch | ||
| 0004-test-path-use-Type-exec.patch | ||
| f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch | ||
| inittab | ||
| libsystemd-shared.abignore | ||
| macros.sysusers | ||
| purge-nobody-user | ||
| sources | ||
| split-files.py | ||
| sysctl.conf.README | ||
| systemd-journal-gatewayd.xml | ||
| systemd-journal-remote.xml | ||
| systemd-udev-trigger-no-reload.conf | ||
| systemd-user | ||
| systemd.rpmlintrc | ||
| systemd.spec | ||
| sysusers.attr | ||
| sysusers.generate-pre.sh | ||
| sysusers.prov | ||
| triggers.systemd | ||
| use-bfq-scheduler.patch | ||
| yum-protect-systemd.conf | ||