The app sys-apps/hw-probe in gentoo has this description: "A tool to probe for hardware, check it's operability and find drivers" Grammatical error aside, that doesn't tell you that YOUR DATA WILL BE UPLOADED IN THE DEFAULT CONFIGURATION. This is decidedly NOT ok. Fortunately I was paying attention when I ran it to see this: # hw-probe Executing hw-probe -all -upload I smashed CTRL-C and then re-ran it without upload permission to find the report it created (and presumably uploads) has service tags and serial #s in it! This is a grave error and should absolutely NOT be the default without the user explicitly opting in.
When you emerge that package for the first time, you are getting a note, that by default all data is being uploaded? https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-apps/hw-probe/files/README.gentoo Wasn't that the case for you? (In reply to Justin W from comment #0) > I has service tags and serial #s in it! I would also recommend to report that to upstream.
Yes, the warning is there; however, that's not good enough. Someone who's installing this amongst a bunch of other packages, or is just going based off of description and misses it shouldn't be expected to find a single line in the emerge output. This looks too much like the direction so many other companies are going this day disregarding users' privacy. There is no excuse whatsoever to have an application upload a user's information without them explicitly opting in.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=faa876cc70a5314333bf8b1df056a865e752ffb3 commit faa876cc70a5314333bf8b1df056a865e752ffb3 Author: Conrad Kostecki <conikost@gentoo.org> AuthorDate: 2020-09-23 20:46:10 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2020-09-23 21:53:52 +0000 sys-apps/hw-probe: disable automatic data upload Closes: https://bugs.gentoo.org/727034 Package-Manager: Portage-3.0.6, Repoman-3.0.1 Signed-off-by: Conrad Kostecki <conikost@gentoo.org> .../hw-probe-1.5-disable-automatic-upload.patch | 36 +++++++++++ sys-apps/hw-probe/hw-probe-1.5-r1.ebuild | 64 ++++++++++++++++++++ sys-apps/hw-probe/hw-probe-1.6_beta2-r1.ebuild | 70 ++++++++++++++++++++++ 3 files changed, 170 insertions(+)
For future reference, upstream merged my patch and running hw-probe shell will now only print help and do nothing.