Pi OS repositories


 

JKalchik

TVWBB Wizard
For those of you who use RPis, keep your eyes on your repository lists & sources. Apparently, a Microsoft repository is being silently added. After, every time you do an update, at a minimum, it'll download a repository contents list, even if it doesn't have to pull content. Horrible data mining opportunity.
 

Steve_M

TVWBB Guru
It's an apt repo for VS Code. There's no data mining on you other than the MS repo server knows the IP that made the request.

Care to expand upon the data mining opportunity? The repo server knows your IP address if you connect to it. What other data mining is happening?

I would classify this as pretty innocuous, but this poster sure has their tinfoil hat on a little too tight.
 

JKalchik

TVWBB Wizard
Care to expand upon the data mining opportunity?

At a minimum..... a catalog of PiOS devices with that dependency. That includes both address and total number, update frequency, and this is just off the top of my head. This repository was silently installed as part of a package dependency, and IMO, this should be an install failure, until the repository is explicitly added by the administrator.
 

Steve_M

TVWBB Guru
Sorry, this is just silly. You leak so much more data about yourself visiting websites via cookies and browser data than a zillion RasPi units making calls to a repo.

There’s a lot to be worried about when it comes to computer and information security. This repo add is not a data leak risk.
 
I have to agree with Steve_M. I think this is being blown out of proportion by an extremely vocal group of anti-Microsoft Linux bigots.
 

Top