[kwlug disc.] trixbox as spyware - and worse?
Lori Paniak
ldpaniak at fourpisolutions.com
Mon Dec 17 13:51:20 EST 2007
Hi all,
I know there are a few trixbox users around here and this certainly
something that each user needs to be aware of:
The current beta versions of trixbox CE (2.3.x) include a perl script
(/var/adm/bin/registry.pl) which "phones home" to a fonality (trixbox's
owners) server via a cronjob at 3:38AM each morning. This is the
default (and unannounced) configuration of the system when installing
from CD iso.
The script downloads a list of commands to executed on the local machine
(typically with root privileges) and uploads the encrypted results back
to the server.
Apparently this masterpiece of programming is intended to collect data
on the configuration of the trixbox system, including numbers and types
of phones/ATAs, dialplans and MAC addresses. The claim is that this
data is used to gain financial support from the hardware manufacturers
for trixbox CE development.
A discussion can be found at:
http://www.trixbox.org/forums/trixbox-forums/open-discussion/trixbox-phones-home
Too bad "open-source" is not always a synonym for "ethical".
Cheers,
Lori
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://listserv.ccjclearline.com/pipermail/kwlug-disc/attachments/20071217/5c5e71f8/signature.bin
More information about the KWLUG-Disc
mailing list